From 718efd3aeba5196fdd53796da6b3a39f7a4c2f67 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Wed, 9 Jan 2019 01:48:26 +0000
Subject: [PATCH 1/3] Merged PR 13647: Add notes about UAC and RDP to kiosk

---
 windows/configuration/kiosk-methods.md                     | 5 ++++-
 windows/configuration/kiosk-prepare.md                     | 7 ++++++-
 windows/configuration/kiosk-single-app.md                  | 7 ++++++-
 .../configuration/lock-down-windows-10-to-specific-apps.md | 7 ++++++-
 4 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 8f2904b128..9450b8c75c 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: jdeckerms
-ms.date: 07/30/2018
+ms.date: 01/09/2019
 ---
 
 # Configure kiosks and digital signs on Windows desktop editions
@@ -30,6 +30,9 @@ There are several kiosk configuration methods that you can choose from, dependin
 ![icon that represents Windows](images/windows.png) | **Which edition of Windows 10 will the kiosk run?** All of the configuration methods work for Windows 10 Enterprise and Education; some of the methods work for Windows 10 Pro. Kiosk mode is not available on Windows 10 Home. 
 ![icon that represents a user account](images/user.png) | **Which type of user account will be the kiosk account?** The kiosk account can be a local standard user account, a local administrator account, a domain account, or an Azure Active Directory (Azure AD) account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.     
 
+
+>[!IMPORTANT]
+>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
  
 <span id="uwp" />
 ## Methods for a single-app kiosk running a UWP app
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 986da71577..4cef49132c 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 10/02/2018
+ms.date: 01/09/2019
 ---
 
 # Prepare a device for kiosk configuration
@@ -23,6 +23,11 @@ ms.date: 10/02/2018
 >
 >Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
 
+>[!IMPORTANT]
+>[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
+>
+>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
 
 For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk:
 
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 4af964b132..7c3e7243b9 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 10/09/2018
+ms.date: 01/09/2019
 ---
 
 # Set up a single-app kiosk
@@ -24,6 +24,11 @@ ms.date: 10/09/2018
 --- | ---
 A single-app kiosk uses the Assigned Access feature to run a single app above the lockscreen.<br><br> When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app. | ![Illustration of a single-app kiosk experience](images/kiosk-fullscreen-sm.png)
 
+>[!IMPORTANT]
+>[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
+>
+>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
 You have several options for configuring your single-app kiosk. 
 
 Method | Description
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index eb93365fca..086d328b47 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 01/04/2019
+ms.date: 01/09/2019
 ms.author: jdecker
 ms.topic: article
 ---
@@ -39,6 +39,11 @@ New features and improvements | In update
 
 You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
 
+>[!IMPORTANT]
+>[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
+>
+>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
 <span id="intune"/>
 ## Configure a kiosk in Microsoft Intune
 

From ceda805393665fe5a4d16edae314846067aeb1df Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Wed, 9 Jan 2019 18:20:49 +0000
Subject: [PATCH 2/3] Merged PR 13662: add UAC to kiosk, add download link for
 Surface Studio 2

---
 devices/surface/change-history-for-surface.md              | 7 ++++++-
 ...-the-latest-firmware-and-drivers-for-surface-devices.md | 7 ++++++-
 windows/configuration/kiosk-methods.md                     | 2 +-
 .../configuration/lock-down-windows-10-to-specific-apps.md | 6 ++----
 windows/configuration/multi-app-kiosk-troubleshoot.md      | 6 +++++-
 5 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index 5c34d22900..5e2329f8c0 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -7,13 +7,18 @@ ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 11/15/2018
 ---
 
 # Change history for Surface documentation
 
 This topic lists new and updated topics in the Surface documentation library.
 
+## January 2019
+
+New or changed topic | Description
+--- | ---
+|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Studio 2  |
+
 ## November 2018
 
 New or changed topic | Description
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index 52a92a6ef7..1d736b1ece 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -9,7 +9,6 @@ ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: brecords
-ms.date: 11/15/2018
 ms.author: jdecker
 ms.topic: article
 ---
@@ -89,6 +88,12 @@ Download the following updates for [Surface Studio from the Microsoft Download C
 
 * SurfaceStudio_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
+## Surface Studio 2
+
+Download the following updates for [Surface Studio 2 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=57593).
+
+* SurfaceStudio2_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
+
 ## Surface Book
 
 
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 9450b8c75c..da6e2cdceb 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -32,7 +32,7 @@ There are several kiosk configuration methods that you can choose from, dependin
 
 
 >[!IMPORTANT]
->Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+>Single-app kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
  
 <span id="uwp" />
 ## Methods for a single-app kiosk running a UWP app
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 086d328b47..caa9d860ab 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -39,10 +39,8 @@ New features and improvements | In update
 
 You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
 
->[!IMPORTANT]
->[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
->
->Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
+
 
 <span id="intune"/>
 ## Configure a kiosk in Microsoft Intune
diff --git a/windows/configuration/multi-app-kiosk-troubleshoot.md b/windows/configuration/multi-app-kiosk-troubleshoot.md
index d724cae559..0ffbada35e 100644
--- a/windows/configuration/multi-app-kiosk-troubleshoot.md
+++ b/windows/configuration/multi-app-kiosk-troubleshoot.md
@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 10/09/2018
 ms.author: jdecker
 ms.topic: article
 ---
@@ -21,6 +20,11 @@ ms.topic: article
 
 -   Windows 10
 
+## Sign-in issues
+
+1. Verify that User Account Control (UAC) is turned on. 
+2. Check the Event Viewer logs for sign-in issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**.
+
 ## Unexpected results
 
 For example:

From 0334c9613b5a2bc000ebb90cc180f6fb6bc5272e Mon Sep 17 00:00:00 2001
From: Greg Lindsay <Greg.Lindsay@microsoft.com>
Date: Wed, 9 Jan 2019 18:22:57 +0000
Subject: [PATCH 3/3] Merged PR 13670: Remove reg key

The key is a insider build thing for testing, doesn't need to be documented.
---
 windows/whats-new/ltsc/whats-new-windows-10-2019.md    | 3 ---
 windows/whats-new/whats-new-windows-10-version-1809.md | 1 -
 2 files changed, 4 deletions(-)

diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 09120bb2ec..d9c630f7f0 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -6,7 +6,6 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
-ms.date: 01/08/2019
 ms.localizationpriority: low
 ---
 
@@ -144,8 +143,6 @@ We’re continuing to work on how other security apps you’ve installed show up
 
 This also means you’ll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you’ll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks).
 
-<pre>HKLM\SOFTWARE\Microsoft\Security Center\Feature DisableAvCheck (DWORD) = 1 </pre>
-
 You can read more about ransomware mitigations and detection capability at:  
 - [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/)
 - [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf)
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index 729a404ce5..04956b3138 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -6,7 +6,6 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
-ms.date: 01/08/2019
 ms.localizationpriority: high
 ---