Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

devices/surface-hub/surface-hub-2s-connect.md

@@ -9,7 +9,7 @@ ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/13/2019
 ms.localizationpriority: Medium
 ---
 
@@ -28,7 +28,7 @@ In general, it’s recommended to use native cable connections whenever possible
 | **Connection** | **Functionality** | **Description**|
 | --- | --- | ---|
 | HDMI + USB-C | HDMI-in for audio and video<br><br>USB-C for TouchBack and InkBack | USB-C supports TouchBack and InkBack with the HDMI A/V connection.<br><br>Use USB-C to USB-A to connect to legacy computers.<br><br>**NOTE:** For best results, connect HDMI before connecting a USB-C cable. If the computer you're using for HDMI is not compatible with TouchBack and InkBack, you won't need a USB-C cable. |
-| USB-C <br> (via compute module) | Video-in <br>Audio-in | Single cable needed for A/V<br><br>TouchBack and InkBack not supported<br><br>HDCP enabled |
+| USB-C <br> (via compute module) | Video-in <br>Audio-in | Single cable needed for A/V<br><br>TouchBack and InkBack is supported<br><br>HDCP enabled |
 | HDMI (in port) | Video, Audio into Surface Hub 2S | Single cable needed for A/V<br><br>TouchBack and InkBack not supported<br><br>HDCP enabled |
 | MiniDP 1.2 output | Video-out such as mirroring to a larger projector. | Single cable needed for A/V |
 

devices/surface/surface-dock-firmware-update.md

@@ -94,10 +94,8 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
 | Windows Device Install log       | %windir%\inf\setupapi.dev.log         | For more information about using Device Install Log, refer to [SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-). |
 
  
-**Table 2. Event log IDs for Surface Dock Firmware Update**
-Events are logged in the Application Event Log. 
-> [!NOTE]
-> Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater.
+**Table 2. Event log IDs for Surface Dock Firmware Update**<br>
+Events are logged in the Application Event Log.  Note:  Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater.
 
 | Event ID | Event type                                                           |
 | -------- | -------------------------------------------------------------------- |

devices/surface/surface-manage-dfci-guide.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/20/2019
+ms.date: 11/13/2019
 ms.reviewer: jesko
 manager: dansimp
 ms.audience: itpro
@@ -89,9 +89,8 @@ Before configuring DFCI policy settings, first create a DFCI profile and assign
 
     ![Create Autopilot profile](images/df3b.png)
 
-5. On the Scope tags page, select **Next**.
-6. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**.
-7. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group.
+5. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**.
+6. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group.
 
 ## Configure Enrollment Status Page
 

education/developers.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Hub
 
-title: M365 Education Documentation for developers
+title: Microsoft 365 Education Documentation for developers
 summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
 
 metadata:
-  title: M365 Education Documentation for developers
+  title: Microsoft 365 Education Documentation for developers
   description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
   ms.service: help
   ms.topic: hub-page

education/index.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Hub
 
-title: M365 Education Documentation
+title: Microsoft 365 Education Documentation
 summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education.
 
 metadata:
-  title: M365 Education Documentation
+  title: Microsoft 365 Education Documentation
   description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
   ms.service: help
   ms.topic: hub-page

education/itadmins.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Hub
 
-title: M365 Education Documentation for IT admins
-summary: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
+title: Microsoft 365 Education Documentation for IT admins
+summary: Microsoft 365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
 
 metadata:
-  title: M365 Education Documentation for IT admins
+  title: Microsoft 365 Education Documentation for IT admins
   description: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
   ms.service: help
   ms.topic: hub-page

education/partners.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Hub
 
-title: M365 Education Documentation for partners
+title: Microsoft 365 Education Documentation for partners
 summary: Looking for resources available to Microsoft Education partners? Start here.
 
 metadata:
-  title: M365 Education Documentation for partners
+  title: Microsoft 365 Education Documentation for partners
   description: Looking for resources available to Microsoft Education partners? Start here.
   ms.service: help
   ms.topic: hub-page

windows/deployment/windows-autopilot/TOC.md

@@ -19,6 +19,7 @@
 ## [Configuring device profiles](profiles.md)
 ## [Enrollment Status Page](enrollment-status.md)
 ## [BitLocker encryption](bitlocker.md)
+## [DFCI management](dfci-management.md)
 ## [Troubleshooting](troubleshooting.md)
 ## [Known issues](known-issues.md)
 

windows/deployment/windows-autopilot/dfci-management.md

@@ -0,0 +1,68 @@
+---
+title: DFCI Management
+ms.reviewer: 
+manager: laurawi
+description: With Windows Autopilot Deployment and Intune, you can manage UEFI (BIOS) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI) 
+keywords: Autopilot, DFCI, UEFI, Windows 10
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+ms.localizationpriority: medium
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# DFCI Management
+
+**Applies to**
+
+-   Windows 10
+
+With Windows Autopilot Deployment and Intune, you can manage Unified Extensible Firmware Interface (UEFI) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI).  DFCI [enables Windows to pass management commands](https://docs.microsoft.com/windows/client-management/mdm/uefi-csp) from Intune to UEFI to Autopilot Deployed devices. This allows you to limit end users control over BIOS settings, lock down the boot options to prevent users from booting up another OS, or an older version of Windows that doesn't have the same security features. When you reinstall an older Windows version, install a separate OS, or format the hard drive, you can't override DFCI management. This feature can prevent malware from communicating with OS processes, including elevated OS processes. DFCI’s trust chain uses public key cryptography, and doesn't depend on local UEFI password security. This layer of security blocks local users from accessing managed settings from the device’s UEFI menus.
+
+For an overview of DFCI benefits, scenarios, and prerequisites, see [Device Firmware Configuration Interface (DFCI) Introduction](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/).
+
+## DFCI management lifecycle
+
+The DFCI management lifecycle can be viewed as UEFI integration, device registration, profile creation, enrollment, management, retirement, and recovery. See the following figure.
+
+   ![Lifecycle](images/dfci.png)
+
+## Requirements
+
+- Windows 10, version 1809 or later and a supported UEFI is required.
+- The device manufacturer must have DFCI added to their UEFI firmware in the manufacturing process, or as a firmware update that you install. Work with your device vendors to determine the [manufacturers that support DFCI](#oems-that-support-dfci), or the firmware version needed to use DFCI.
+- The device must be managed with Microsoft Intune. For more information, see [Enroll Windows devices in Intune using Windows Autopilot](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
+- The device must be registered for Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider), or registered directly by the OEM. 
+
+>[!IMPORTANT]
+>Devices manually registered for Autopilot (such as by [importing from a csv file](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot#add-devices)) are not allowed to use DFCI. By design, DFCI management requires external attestation of the device’s commercial acquisition through an OEM or a Microsoft CSP partner registration to Windows Autopilot. When your device is registered, its serial number is displayed in the list of Windows Autopilot devices.
+
+## Managing DFCI profile with Windows Autopilot
+
+There are four basic steps in managing DFCI profile with Windows Autopilot:
+
+1. Create an Autopilot Profile
+2. Create an Enrollment status page profile
+3. Create a DFCI profile
+4. Assign the profiles
+
+See [Create the profiles](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#create-the-profiles) and [Assign the profiles, and reboot](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#assign-the-profiles-and-reboot) for details.
+
+You can also [change existing DFCI settings](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#update-existing-dfci-settings) on devices that are in use. In your existing DFCI profile, change the settings and save your changes. Since the profile is already assigned, the new DFCI settings take effect when next time the device syncs or the device reboots.
+
+## OEMs that support DFCI
+
+- [Microsoft Surface](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
+
+Additional OEMs are pending.
+
+## See also
+
+[Microsoft DFCI Scenarios](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Scenarios/DfciScenarios/)<br>
+[Windows Autopilot and Surface devices](https://docs.microsoft.com/surface/windows-autopilot-and-surface-devices)<br>

windows/deployment/windows-autopilot/index.md

@@ -30,14 +30,14 @@ This guide is intended for use by an IT-specialist, system architect, or busines
 ## In this guide
 
 <table border="0">
-<tr><td><a href="windows-autopilot-whats-new.md">What's new</a> <td>Windows Autopilot is always being updated with new features! Check this topic to read about the latests capabilities.
+<tr><td><a href="windows-autopilot-whats-new.md">What's new</a> <td>Windows Autopilot is always being updated with new features! Check this topic to read about the latest capabilities.
 </table>
 
 ### Understanding Windows Autopilot
 
 <table>
 <tr><td><a href="windows-autopilot.md">Overview of Windows Autopilot</a><td>A review of Windows Autopilot is provided with a video walkthrough. Benefits and general requirements are discussed.
-<tr><td><a href="windows-autopilot-requirements.md">Requirements</a><td>Detailed software, network, licensiing, and configuration requirments are provided.
+<tr><td><a href="windows-autopilot-requirements.md">Requirements</a><td>Detailed software, network, licensing, and configuration requirements are provided.
 <tr><td><a href="windows-autopilot-scenarios.md">Scenarios and Capabilities</a><td>A summary of Windows Autopilot deployment scenarios and capabilities.
 <tr><td><a href="demonstrate-deployment-on-vm.md">Get started</a><td>Interested in trying out Autopilot? See this step-by-step walkthrough to test Windows Autopilot on a virtual machine or physical device with a free 30-day trial premium Intune account.
 </table>
@@ -56,10 +56,11 @@ This guide is intended for use by an IT-specialist, system architect, or busines
 
 <table>
 <tr><td><a href="add-devices.md">Registering devices</a><td>The process of registering a device with the Windows Autopilot deployment service is described.
-<tr><td><a href="profiles.md">Configuring device profiles</a><td>The device profile settings that specifie its behavior when it is deployed are described.
+<tr><td><a href="profiles.md">Configuring device profiles</a><td>The device profile settings that specific its behavior when it is deployed are described.
 <tr><td><a href="enrollment-status.md">Enrollment status page</a><td>Settings that are available on the Enrollment Status Page are described.
 <tr><td><a href="bitlocker.md">BitLocker encryption</a><td> Available options for configuring BitLocker on Windows Autopilot devices are described.
-<tr><td><a href="troubleshooting.md">Troubleshooting Windows Autopilot</a><td>Diagnotic event information and troubleshooting procedures are provided.
+<tr><td><a href="dfci-management.md">DFCI management</a><td> Manage UEFI settings using the Device Firmware Configuration Interface (DFCI) with Windows Autopilot and Intune.
+<tr><td><a href="troubleshooting.md">Troubleshooting Windows Autopilot</a><td>Diagnostic event information and troubleshooting procedures are provided.
 <tr><td><a href="known-issues.md">Known issues</a><td>A list of current known issues and solutions is provided.
 </table>