Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client

education/get-started/change-history-ms-edu-get-started.md

@@ -2,8 +2,7 @@
 title: Change history for Microsoft Education Get Started
 description: New and changed topics in the Microsoft Education get started guide.
 keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history
-ms.prod: w10
-ms.technology: Windows
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu

education/get-started/configure-microsoft-store-for-education.md

@@ -3,7 +3,6 @@ title: Configure Microsoft Store for Education
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/get-started/enable-microsoft-teams.md

@@ -3,7 +3,6 @@ title: Enable Microsoft Teams for your school
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/get-started/finish-setup-and-other-tasks.md

@@ -3,7 +3,6 @@ title: Finish Windows 10 device setup and other tasks
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/get-started/get-started-with-microsoft-education.md

@@ -3,7 +3,6 @@ title: Deploy and manage a full cloud IT solution with Microsoft Education
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: hero-article

education/get-started/set-up-office365-edu-tenant.md

@@ -3,7 +3,6 @@ title: Set up an Office 365 Education tenant
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/get-started/set-up-windows-10-education-devices.md

@@ -3,7 +3,6 @@ title: Set up Windows 10 education devices
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/get-started/set-up-windows-education-devices.md

@@ -3,7 +3,6 @@ title: Set up Windows 10 devices using Windows OOBE
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/get-started/use-intune-for-education.md

@@ -3,7 +3,6 @@ title: Use Intune for Education to manage groups, apps, and settings
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/get-started/use-school-data-sync.md

@@ -3,7 +3,6 @@ title: Use School Data Sync to import student data
 description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/images/M365-education.svg

@@ -1,4 +1,4 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
   <defs>
     <style>
       .cls-1 {

education/images/education-ms-teams.svg

@@ -1,4 +1,4 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
   <defs>
     <style>
       .cls-1 {

education/images/education-partner-aep-2.svg

@@ -1,4 +1,4 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
   <defs>
     <style>
       .cls-1 {

education/images/education-partner-directory-3.svg

@@ -1,4 +1,4 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
   <defs>
     <style>
       .cls-1 {

education/images/education-partner-mepn-1.svg

@@ -1,4 +1,4 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
   <defs>
     <style>
       .cls-1 {

education/images/education-partner-yammer.svg

@@ -1,4 +1,4 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
   <defs>
     <style>
       .cls-1 {

education/images/education-pro-usb.svg

@@ -1,4 +1,4 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
   <defs>
     <style>
       .cls-1 {

education/index.md

@@ -8,6 +8,7 @@ ms.topic: hub-page
 ms.author: celested
 ms.collection: ITAdminEDU
 ms.date: 10/30/2017
+ms.prod: w10
 ---
 <div id="main" class="v2">
     <div class="container">
@@ -44,7 +45,7 @@ ms.date: 10/30/2017
                                 </a>
                             </li>
                             <li>
-                                <a href="/microsoft-365/education/get-started" target="_blank">
+                                <a href="/microsoft-365/education/deploy/" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">

education/trial-in-a-box/educator-tib-get-started.md

@@ -3,7 +3,6 @@ title: Educator Trial in a Box Guide
 description: Need help or have a question about using Microsoft Education? Start here.
 keywords: support, troubleshooting, education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: article
@@ -162,7 +161,7 @@ Use video to create a project summary.
 
 1. Check you have the latest version of Microsoft Photos. Open the **Start** menu and search for **Store**. Select the **See more** button (**…**) and select **Downloads and updates**. Select **Get updates**.
 
-2. Open Microsoft Edge and visit <a href="https://aka.ms/PhotosTIB" target="_blank">http://aka.ms/PhotosTIB</a> to download a zip file of the project media.
+2. Open Microsoft Edge and visit <a href="https://aka.ms/PhotosTIB" target="_blank">https://aka.ms/PhotosTIB</a> to download a zip file of the project media.
 
 3. Once the download has completed, open the zip file and select **Extract** > **Extract all**.  Select **Browse** and choose the **Pictures** folder as the destination, and then select **Extract**.
 

education/trial-in-a-box/images/it-admin1.svg

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "https://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <!-- Generated by Microsoft Visio, SVG Export it-admin1.svg Page-1 -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="2.26061in" height="2.60731in"
+<svg xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" xmlns:ev="https://www.w3.org/2001/xml-events"
+		xmlns:v="https://schemas.microsoft.com/visio/2003/SVGExtensions/" width="2.26061in" height="2.60731in"
 		viewBox="0 0 162.764 187.727" xml:space="preserve" color-interpolation-filters="sRGB" class="st2">
 	<v:documentProperties v:langID="1033" v:viewMarkup="false"/>
 

education/trial-in-a-box/images/student1.svg

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "https://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <!-- Generated by Microsoft Visio, SVG Export student1.svg Page-1 -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="1.80729in" height="2.11374in"
+<svg xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" xmlns:ev="https://www.w3.org/2001/xml-events"
+		xmlns:v="https://schemas.microsoft.com/visio/2003/SVGExtensions/" width="1.80729in" height="2.11374in"
 		viewBox="0 0 130.125 152.189" xml:space="preserve" color-interpolation-filters="sRGB" class="st2">
 	<v:documentProperties v:langID="1033" v:viewMarkup="false"/>
 

education/trial-in-a-box/images/student2.svg

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "https://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <!-- Generated by Microsoft Visio, SVG Export student2.svg Page-1 -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="2.25353in" height="2.60023in"
+<svg xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" xmlns:ev="https://www.w3.org/2001/xml-events"
+		xmlns:v="https://schemas.microsoft.com/visio/2003/SVGExtensions/" width="2.25353in" height="2.60023in"
 		viewBox="0 0 162.254 187.217" xml:space="preserve" color-interpolation-filters="sRGB" class="st3">
 	<v:documentProperties v:langID="1033" v:viewMarkup="false"/>
 

education/trial-in-a-box/images/teacher1.svg

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "https://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <!-- Generated by Microsoft Visio, SVG Export teacher1.svg Page-1 -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="1.80729in" height="2.45295in"
+<svg xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" xmlns:ev="https://www.w3.org/2001/xml-events"
+		xmlns:v="https://schemas.microsoft.com/visio/2003/SVGExtensions/" width="1.80729in" height="2.45295in"
 		viewBox="0 0 130.125 176.612" xml:space="preserve" color-interpolation-filters="sRGB" class="st2">
 	<v:documentProperties v:langID="1033" v:viewMarkup="false"/>
 

education/trial-in-a-box/images/teacher2.svg

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "https://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <!-- Generated by Microsoft Visio, SVG Export teacher2.svg Page-1 -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="2.25353in" height="2.60023in"
+<svg xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" xmlns:ev="https://www.w3.org/2001/xml-events"
+		xmlns:v="https://schemas.microsoft.com/visio/2003/SVGExtensions/" width="2.25353in" height="2.60023in"
 		viewBox="0 0 162.254 187.217" xml:space="preserve" color-interpolation-filters="sRGB" class="st3">
 	<v:documentProperties v:langID="1033" v:viewMarkup="false"/>
 

education/trial-in-a-box/index.md

@@ -3,7 +3,6 @@ title: Microsoft Education Trial in a Box
 description: For IT admins, educators, and students, discover what you can do with Microsoft 365 Education. Try it out with our Trial in a Box program. 
 keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, IT admin, educator, student, explore, Trial in a Box
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: article

education/trial-in-a-box/itadmin-tib-get-started.md

@@ -3,7 +3,6 @@ title: IT Admin Trial in a Box Guide
 description: Try out Microsoft 365 Education to implement a full cloud infrastructure for your school, manage devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: get-started

education/trial-in-a-box/support-options.md

@@ -3,7 +3,6 @@ title: Microsoft Education Trial in a Box Support
 description: Need help or have a question about using Microsoft Education Trial in a Box? Start here. 
 keywords: support, troubleshooting, education, Microsoft 365 Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.topic: article

education/windows/autopilot-reset.md

@@ -3,7 +3,6 @@ title: Reset devices with Autopilot Reset
 description: Gives an overview of Autopilot Reset and how you can enable and use it in your schools.
 keywords: Autopilot Reset, Windows 10, education
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu

education/windows/change-history-edu.md

@@ -3,7 +3,6 @@ title: Change history for Windows 10 for Education (Windows 10)
 description: New and changed topics in Windows 10 for Education
 keywords: Windows 10 education documentation, change history
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu

education/windows/change-to-pro-education.md

@@ -3,7 +3,6 @@ title: Change to Windows 10 Education from Windows 10 Pro
 description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro.
 keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu

education/windows/chromebook-migration-guide.md

@@ -4,7 +4,6 @@ description: In this guide you will learn how to migrate a Google Chromebook-bas
 ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
 keywords: migrate, automate, device, Chromebook migration
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu, devices

education/windows/configure-windows-for-education.md

@@ -5,7 +5,6 @@ keywords: Windows 10 deployment, recommendations, privacy settings, school, educ
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.prod: w10
-ms.technology: Windows
 ms.pagetype: edu
 ms.localizationpriority: medium
 author: CelesteDG
@@ -149,7 +148,7 @@ For example:
         ![Set SetEduPolicies to True in Windows Configuration Designer](images/setedupolicies_wcd.png)
 
 ## Ad-free search with Bing
-Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States. Additional information is available at http://www.bing.com/classroom/about-us.
+Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States. Additional information is available at https://www.bing.com/classroom/about-us.
 
 > [!NOTE]  
 > If you enable the guest account in shared PC mode, students using the guest account will not have an ad-free experience searching with Bing in Microsoft Edge unless the PC is connected to your school network and your school network has been configured as described in [IP registration for entire school network using Microsoft Edge](#ip-registration-for-entire-school-network-using-microsoft-edge).

education/windows/create-tests-using-microsoft-forms.md

@@ -2,8 +2,7 @@
 title: Create tests using Microsoft Forms
 description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.
 keywords: school, Take a Test, Microsoft Forms
-ms.prod: w10
-ms.technology: Windows
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu

education/windows/deploy-windows-10-in-a-school-district.md

@@ -3,7 +3,6 @@ title: Deploy Windows 10 in a school district (Windows 10)
 description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use System Center Configuration Manager, Intune, and Group Policy to manage devices.
 keywords: configure, tools, device, school district, deploy Windows 10
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.pagetype: edu
 ms.sitesec: library

education/windows/deploy-windows-10-in-a-school.md

@@ -3,7 +3,6 @@ title: Deploy Windows 10 in a school (Windows 10)
 description: Learn how to integrate your school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD). Deploy Windows 10 and apps to new devices or upgrade existing devices to Windows 10. Manage faculty, students, and devices by using Microsoft Intune and Group Policy.
 keywords: configure, tools, device, school, deploy Windows 10
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.pagetype: edu
 ms.sitesec: library

education/windows/edu-deployment-recommendations.md

@@ -8,8 +8,7 @@ ms.localizationpriority: medium
 author: CelesteDG
 ms.author: celested
 ms.date: 10/13/2017
-ms.prod: W10
-ms.technology: Windows
+ms.prod: w10
 ---
 
 # Deployment recommendations for school IT administrators

education/windows/education-scenarios-store-for-business.md

@@ -2,7 +2,7 @@
 title: Education scenarios Microsoft Store for Education
 description: Learn how IT admins and teachers can use Microsoft Store for Education to acquire and manage apps in schools.
 keywords: school, Microsoft Store for Education, Microsoft education store
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -10,8 +10,7 @@ searchScope:
   - Store
 author: trudyha
 ms.author: trudyha
-ms.date: 3/30/2018
-ms.technology: Windows
+ms.date: 03/30/2018
 ---
 
 # Working with Microsoft Store for Education

education/windows/enable-s-mode-on-surface-go-devices.md

@@ -3,13 +3,12 @@ title: Enable S mode on Surface Go devices for Education
 description: Steps that an education customer can perform to enable S mode on Surface Go devices
 keywords: Surface Go for Education, S mode
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
 author: kaushika-msft
-ms.author:
+ms.author: kaushik
 ms.date: 07/30/2018
 ---
 
@@ -54,8 +53,8 @@ process](https://docs.microsoft.com/windows/deployment/windows-10-deployment-sce
               publicKeyToken="31bf3856ad364e35"
               language="neutral"
               versionScope="nonSxS"
-              xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
-              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+              xmlns:wcm="https://schemas.microsoft.com/WMIConfig/2002/State"
+              xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance">
          <SkuPolicyRequired>1</SkuPolicyRequired>
       </component>
      </settings>
@@ -100,8 +99,8 @@ Education customers who wish to avoid the additional overhead associated with Wi
               publicKeyToken="31bf3856ad364e35"
               language="neutral"
               versionScope="nonSxS"
-              xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
-              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+              xmlns:wcm="https://schemas.microsoft.com/WMIConfig/2002/State"
+              xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance">
          <SkuPolicyRequired>1</SkuPolicyRequired>
      </component>
    </settings>

education/windows/get-minecraft-device-promotion.md

@@ -2,7 +2,7 @@
 title: Get Minecraft Education Edition with your Windows 10 device promotion
 description: Windows 10 device promotion for Minecraft Education Edition licenses
 keywords: school, Minecraft, education edition
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,7 +11,6 @@ searchScope:
   - Store
 ms.author: trudyha
 ms.date: 06/05/2018
-ms.technology: Windows
 ---
 
 # Get Minecraft: Education Edition with Windows 10 device promotion

education/windows/get-minecraft-for-education.md

@@ -2,7 +2,7 @@
 title: Get Minecraft Education Edition
 description: Learn how to get and distribute Minecraft Education Edition.
 keywords: school, Minecraft, education edition
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,7 +11,6 @@ searchScope:
   - Store
 ms.author: trudyha
 ms.date: 07/27/2017
-ms.technology: Windows
 ms.topic: conceptual
 ---
 
@@ -22,7 +21,7 @@ ms.topic: conceptual
 -   Windows 10  
 
 
-[Minecraft: Education Edition](http://education.minecraft.net/) is built for learning. Watch this video to learn more about Minecraft.
+[Minecraft: Education Edition](https://education.minecraft.net/) is built for learning. Watch this video to learn more about Minecraft.
 
 <iframe width="501" height="282" src="https://www.youtube-nocookie.com/embed/hl9ZQiektJE" frameborder="0" allowfullscreen></iframe>
 

education/windows/index.md

@@ -3,7 +3,6 @@ title: Windows 10 for Education (Windows 10)
 description: Learn how to use Windows 10 in schools.
 keywords: Windows 10, education
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu

education/windows/s-mode-switch-to-edu.md

@@ -5,7 +5,6 @@ keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, W
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.prod: w10
-ms.technology: Windows
 ms.sitesec: library
 ms.pagetype: edu
 ms.date: 12/03/2018

education/windows/school-get-minecraft.md

@@ -2,7 +2,7 @@
 title: For IT administrators get Minecraft Education Edition
 description: Learn how IT admins can get and distribute Minecraft in their schools.
 keywords: Minecraft, Education Edition, IT admins, acquire
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -10,8 +10,7 @@ author: trudyha
 searchScope:
   - Store
 ms.author: trudyha
-ms.date: 1/5/2018
-ms.technology: Windows
+ms.date: 01/05/2018
 ms.topic: conceptual
 ---
 
@@ -21,7 +20,7 @@ ms.topic: conceptual
 
 -   Windows 10  
 
-When you sign up for a [Minecraft: Education Edition](http://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](http://education.minecraft.net) subscription. Minecraft will be added to the inventory in your Microsoft Store for Education which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Store for Education is only displayed to members of your organization.
+When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription. Minecraft will be added to the inventory in your Microsoft Store for Education which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Store for Education is only displayed to members of your organization.
 
 >[!Note]
 >If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you request Minecraft: Education Edition. For more information see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
@@ -34,7 +33,7 @@ If you’ve been approved and are part of the Enrollment for Education Solutions
 
 ### <a href="" id="individual-copies"></a>Minecraft: Education Edition - direct purchase
 
-1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **GET STARTED**.
+1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **GET STARTED**.
 
     <!-- ![Click Get the app](images/it-get-app.png) --> 
 

education/windows/set-up-school-pcs-azure-ad-join.md

@@ -3,7 +3,6 @@ title: Azure AD Join with Setup School PCs app
 description: Describes how Azure AD Join is configured in the Set up School PCs app.  
 keywords: shared cart, shared PC, school, set up school pcs  
 ms.prod: w10  
-ms.technology: Windows  
 ms.mktglfcycl: plan  
 ms.sitesec: library  
 ms.pagetype: edu  

education/windows/set-up-school-pcs-provisioning-package.md

@@ -3,7 +3,6 @@ title: What's in Set up School PCs provisioning package
 description: Lists the provisioning package settings that are configured in the Set up School PCs app.  
 keywords: shared cart, shared PC, school, set up school pcs  
 ms.prod: w10  
-ms.technology: Windows  
 ms.mktglfcycl: plan  
 ms.sitesec: library  
 ms.pagetype: edu  

education/windows/set-up-school-pcs-shared-pc-mode.md

@@ -3,7 +3,6 @@ title: Shared PC mode for school devices
 description: Describes how shared PC mode is set for devices set up with the Set up School PCs app.  
 keywords: shared cart, shared PC, school, set up school pcs  
 ms.prod: w10  
-ms.technology: Windows  
 ms.mktglfcycl: plan  
 ms.sitesec: library  
 ms.pagetype: edu  

education/windows/set-up-school-pcs-technical.md

@@ -3,7 +3,6 @@ title: Set up School PCs app technical reference overview
 description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
 keywords: shared cart, shared PC, school, set up school pcs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu

education/windows/set-up-school-pcs-whats-new.md

@@ -3,7 +3,6 @@ title: What's new in the Windows Set up School PCs app
 description: Find out about app updates and new features in Set up School PCs.  
 keywords: shared cart, shared PC, school, set up school pcs  
 ms.prod: w10  
-ms.technology: Windows  
 ms.mktglfcycl: plan  
 ms.sitesec: library  
 ms.pagetype: edu  

education/windows/set-up-students-pcs-to-join-domain.md

@@ -2,8 +2,7 @@
 title: Set up student PCs to join domain
 description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory.
 keywords: school, student PC setup, Windows Configuration Designer
-ms.prod: W10
-ms.technology: Windows
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium

education/windows/set-up-students-pcs-with-apps.md

@@ -3,7 +3,6 @@ title: Provision student PCs with apps
 description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory.
 keywords: shared cart, shared PC, school, provision PCs with apps, Windows Configuration Designer
 ms.prod: w10
-ms.technology: Windows
 ms.pagetype: edu
 ms.mktglfcycl: plan
 ms.sitesec: library

education/windows/set-up-windows-10.md

@@ -3,7 +3,6 @@ title: Set up Windows devices for education
 description: Decide which option for setting up Windows 10 is right for you.
 keywords: school, Windows device setup, education device setup
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu

education/windows/take-a-test-app-technical.md

@@ -3,7 +3,6 @@ title: Take a Test app technical reference
 description: The policies and settings applied by the Take a Test app.
 keywords: take a test, test taking, school, policies
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
@@ -24,7 +23,7 @@ Take a Test is an app that locks down the PC and displays an online assessment w
 
 Whether you are a teacher or IT administrator, you can easily configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment for more secure online assessments. This means that students taking the tests that don’t have copy/paste privileges, can’t access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher’s preferred assessment website to deliver digital assessments
 
-Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](http://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test Javascript API](https://docs.microsoft.com/windows/uwp/apps-for-education/take-a-test-api).
+Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](https://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test Javascript API](https://docs.microsoft.com/windows/uwp/apps-for-education/take-a-test-api).
 
 ## PC lockdown for assessment
 

education/windows/take-a-test-multiple-pcs.md

@@ -3,7 +3,6 @@ title: Set up Take a Test on multiple PCs
 description: Learn how to set up and use the Take a Test app on multiple PCs.
 keywords: take a test, test taking, school, set up on multiple PCs
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
@@ -29,7 +28,7 @@ To configure a dedicated test account on multiple PCs, select any of the followi
 - [Configuration in Intune for Education](#set-up-a-test-account-in-intune-for-education)
 - [Mobile device management (MDM) or Microsoft System Center Configuration Manager](#set-up-a-test-account-in-mdm-or-configuration-manager)
 - [Provisioning package created through Windows Configuration Designer](#set-up-a-test-account-through-windows-configuration-designer)
-- [Group Policy to deploy a scheduled task that runs a Powershell script](#set-up-a-test-account-in-group-policy) 
+- [Group Policy to deploy a scheduled task that runs a Powershell script](https://docs.microsoft.com/education/windows/take-a-test-multiple-pcs#create-a-scheduled-task-in-group-policy) 
 
 ### Set up a test account in the Set up School PCs app 
 If you want to set up a test account using the Set up School PCs app, configure the settings in the **Set up the Take a Test app** page in the Set up School PCs app. Follow the instructions in [Use the Set up School PCs app](use-set-up-school-pcs-app.md) to configure the test-taking account and create a provisioning package. 
@@ -169,7 +168,7 @@ This sample PowerShell script configures the tester account and the assessment U
 
 ```
 $obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'";
-$obj.LaunchURI='http://www.foo.com';
+$obj.LaunchURI='https://www.foo.com';
 $obj.TesterAccount='TestAccount';
 $obj.put()
 Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App -UserName TestAccount
@@ -266,7 +265,7 @@ Once the shortcut is created, you can copy it and distribute it to students.
 
 ## Assessment URLs
 This assessment URL uses our lockdown API:
-- SBAC/AIR:  [http://mobile.tds.airast.org/launchpad/](http://mobile.tds.airast.org/launchpad/).
+- SBAC/AIR:  [https://mobile.tds.airast.org/launchpad/](https://mobile.tds.airast.org/launchpad/).
 
 
 ## Related topics

education/windows/take-a-test-single-pc.md

@@ -3,7 +3,6 @@ title: Set up Take a Test on a single PC
 description: Learn how to set up and use the Take a Test app on a single PC.
 keywords: take a test, test taking, school, set up on single PC
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu

education/windows/take-tests-in-windows-10.md

@@ -3,7 +3,6 @@ title: Take tests in Windows 10
 description: Learn how to set up and use the Take a Test app.
 keywords: take a test, test taking, school, how to, use Take a Test
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu

education/windows/teacher-get-minecraft.md

@@ -2,8 +2,7 @@
 title: For teachers get Minecraft Education Edition
 description: Learn how teachers can get and distribute Minecraft.
 keywords: school, Minecraft, Education Edition, educators, teachers, acquire, distribute
-ms.prod: W10
-ms.technology: Windows
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,7 +10,7 @@ author: trudyha
 searchScope:
   - Store
 ms.author: trudyha
-ms.date: 1/5/2018
+ms.date: 01/05/2018
 ms.topic: conceptual
 ---
 
@@ -24,13 +23,13 @@ ms.topic: conceptual
 The following article describes how teachers can get and distribute Minecraft: Education Edition. 
 Minecraft: Education Edition is available for anyone to trial, and subscriptions can be purchased by qualified educational institutions directly in the Microsoft Store for Education, via volume licensing agreements and through partner resellers.
 
-To get started, go to http://education.minecraft.net/ and select **GET STARTED**.
+To get started, go to https://education.minecraft.net/ and select **GET STARTED**.
 
 ## Try Minecraft: Education Edition for Free 
 
 Minecraft: Education Edition is available for anyone to try for free! The free trial is fully-functional but limited by the number of logins (25 for teachers and 10 for students) before a paid license will be required to continue playing.
 
-To learn more and get started, go to http://education.minecraft.net/ and select **GET STARTED**.
+To learn more and get started, go to https://education.minecraft.net/ and select **GET STARTED**.
 
 ## Purchase Minecraft: Education Edition for Teachers and Students
 

education/windows/test-windows10s-for-edu.md

@@ -4,7 +4,6 @@ description: Provides guidance on downloading and testing Windows 10 in S mode f
 keywords: Windows 10 in S mode, try, download, school, education, Windows 10 in S mode installer, existing Windows 10 education devices
 ms.mktglfcycl: deploy
 ms.prod: w10
-ms.technology: Windows
 ms.pagetype: edu
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -80,21 +79,21 @@ Check with your device manufacturer before trying Windows 10 in S mode on your d
 
 |   |   |   |
 | - | - | - |
-| <a href="https://www.acer.com/ac/en/US/content/windows10s-compatible-list" target="_blank">Acer</a> | <a href="http://www.51cube.com/ch/win10s-help.php" target="_blank">Alldocube</a> | <a href="https://www.ibuypower.com/site/computer/windows-10-s" target="_blank">American Future Tech</a> | 
-| <a href="http://www.prestigio.com/support/compatibility-with-windows-10-s/" target="_blank">ASBISC</a> | <a href="https://www.asus.com/event/2017/win10S/" target="_blank">Asus</a> | <a href="http://www.atec.kr/contents/ms_info.html" target="_blank">Atec</a> | 
-| <a href="https://www.odys.de/web/web_lan_en_hmp_1_win10s_ja.html" target="_blank">Axdia</a> | <a href="http://www.casper.com.tr/window10sdestegi" target="_blank">Casper</a> | <a href="https://www.cyberpowerpc.com/page/Windows-10-S/" target="_blank">Cyberpower</a> | 
-| <a href="http://www.lucoms.com/v2/cs/cs_windows10.asp" target="_blank">Daewoo</a> | <a href="http://www.daten.com.br/suportes/windows10s/" target="_blank">Daten</a> | <a href="http://www.dell.com/support/article/us/en/19/sln307174/dell-computers-tested-for-windows-10-s?lang=en" target="_blank">Dell</a> | 
-| <a href="http://www.epson.jp/support/misc/windows10s.htm" target="_blank">Epson</a> | <a href="http://exo.com.ar/actualizaciones-de-windows-10" target="_blank">EXO</a> | <a href="http://www.fujitsu.com/au/products/computing/pc/microsoft/s-compatible/" target="_blank">Fujitsu</a> |
-| <a href="http://apac.getac.com/support/windows10s.html" target="_blank">Getac</a> | <a href="http://compaq.com.br/sistemas-compativeis-com-windows-10-s.html" target="_blank">Global K</a> | <a href="http://www.onda.cn/SearchDetails.aspx?id=1654" target="_blank">Guangzhou</a> |
-| <a href="https://support.hp.com/us-en/document/c05588871" target="_blank">HP</a> | <a href="http://consumer.huawei.com/cn/support/notice/detail/index.htm?id=1541" target="_blank">Huawei</a> | <a href="https://www.i-life.us/not-available/" target="_blank">I Life</a> |
-| <a href="http://www.inet-tek.com/en/product-qadetail-86.html" target="_blank">iNET</a> | <a href="https://www.intel.com/content/www/us/en/support/boards-and-kits/000025096.html" target="_blank">Intel</a> | <a href="http://irbis-digital.ru/support/podderzhka-windows-10-s/" target="_blank">LANIT Trading</a> |
-| <a href="https://support.lenovo.com/us/en/solutions/ht504589" target="_blank">Lenovo</a> | <a href="http://www.lg.com/us/content/html/hq/windows10update/Win10S_UpdateInfo.html" target="_blank">LG</a> | <a href="https://www2.mouse-jp.co.jp/ssl/user_support2/info.asp?N_ID=361" target="_blank">MCJ</a> | 
-| <a href="http://support.linxtablets.com/WindowsSupport/Articles/Windows_10_S_Supported_Devices.aspx" target="_blank">Micro P/Exertis</a> | <a href="https://www.microsoft.com/surface/en-us/support/windows-and-office/surface-devices-that-work-with-windows-10-s" target="_blank">Microsoft</a> | <a href="https://www.msi.com/Landing/Win10S" target="_blank">MSI</a> | 
-| <a href="https://panasonic.net/cns/pc/Windows10S/" target="_blank">Panasonic</a> | <a href="http://www.bangho.com.ar/windows10s" target="_blank">PC Arts</a> | <a href="http://www.positivoinformatica.com.br/atualizacao-windows-10" target="_blank">Positivo SA</a> | 
-| <a href="http://www.br.vaio.com/atualizacao-windows-10/" target="_blank">Positivo da Bahia</a> | <a href="http://www.samsung.com/us/support/windows10s/" target="_blank">Samsung</a> | <a href="http://www.teclast.com/zt/aboutwin10s/" target="_blank">Teclast</a> | 
-| <a href="http://www.dospara.co.jp/support/share.php?contents=about_windows10s" target="_blank">Thirdwave</a> | <a href="http://www.tongfangpc.com/service/win10.aspx" target="_blank">Tongfang</a> | <a href="http://win10upgrade.toshiba.com/win10s/information?region=TAIS&country=US&lang=en" target="_blank">Toshiba</a> | 
-| <a href="http://www.trekstor.de/windows-10-s-en.html" target="_blank">Trekstor</a> | <a href="http://www.trigem.co.kr/windows/win10S.html" target="_blank">Trigem</a> | <a href="http://us.vaio.com/support/knowledge-base/windows-10-s-compatibility-information/" target="_blank">Vaio</a> | 
-| <a href="https://www.wortmann.de/en-gb/content/+windows-10-s-supportinformation/windows-10-s-supportinformation.aspx" target="_blank">Wortmann</a> | <a href="http://www.yifangdigital.com/Customerservice/win10s.aspx" target="_blank">Yifang</a> |  | 
+| <a href="https://www.acer.com/ac/en/US/content/windows10s-compatible-list" target="_blank">Acer</a> | <a href="https://www.51cube.com/ch/win10s-help.php" target="_blank">Alldocube</a> | <a href="https://www.ibuypower.com/site/computer/windows-10-s" target="_blank">American Future Tech</a> | 
+| <a href="https://www.prestigio.com/support/compatibility-with-windows-10-s/" target="_blank">ASBISC</a> | <a href="https://www.asus.com/event/2017/win10S/" target="_blank">Asus</a> | <a href="https://www.atec.kr/contents/ms_info.html" target="_blank">Atec</a> | 
+| <a href="https://www.odys.de/web/web_lan_en_hmp_1_win10s_ja.html" target="_blank">Axdia</a> | <a href="https://www.casper.com.tr/window10sdestegi" target="_blank">Casper</a> | <a href="https://www.cyberpowerpc.com/page/Windows-10-S/" target="_blank">Cyberpower</a> | 
+| <a href="https://www.lucoms.com/v2/cs/cs_windows10.asp" target="_blank">Daewoo</a> | <a href="https://www.daten.com.br/suportes/windows10s/" target="_blank">Daten</a> | <a href="https://www.dell.com/support/article/us/en/19/sln307174/dell-computers-tested-for-windows-10-s?lang=en" target="_blank">Dell</a> | 
+| <a href="https://www.epson.jp/support/misc/windows10s.htm" target="_blank">Epson</a> | <a href="https://exo.com.ar/actualizaciones-de-windows-10" target="_blank">EXO</a> | <a href="https://www.fujitsu.com/au/products/computing/pc/microsoft/s-compatible/" target="_blank">Fujitsu</a> |
+| <a href="https://apac.getac.com/support/windows10s.html" target="_blank">Getac</a> | <a href="https://compaq.com.br/sistemas-compativeis-com-windows-10-s.html" target="_blank">Global K</a> | <a href="https://www.onda.cn/SearchDetails.aspx?id=1654" target="_blank">Guangzhou</a> |
+| <a href="https://support.hp.com/us-en/document/c05588871" target="_blank">HP</a> | <a href="https://consumer.huawei.com/cn/support/notice/detail/index.htm?id=1541" target="_blank">Huawei</a> | <a href="https://www.i-life.us/not-available/" target="_blank">I Life</a> |
+| <a href="https://www.inet-tek.com/en/product-qadetail-86.html" target="_blank">iNET</a> | <a href="https://www.intel.com/content/www/us/en/support/boards-and-kits/000025096.html" target="_blank">Intel</a> | <a href="https://irbis-digital.ru/support/podderzhka-windows-10-s/" target="_blank">LANIT Trading</a> |
+| <a href="https://support.lenovo.com/us/en/solutions/ht504589" target="_blank">Lenovo</a> | <a href="https://www.lg.com/us/content/html/hq/windows10update/Win10S_UpdateInfo.html" target="_blank">LG</a> | <a href="https://www2.mouse-jp.co.jp/ssl/user_support2/info.asp?N_ID=361" target="_blank">MCJ</a> | 
+| <a href="https://support.linxtablets.com/WindowsSupport/Articles/Windows_10_S_Supported_Devices.aspx" target="_blank">Micro P/Exertis</a> | <a href="https://www.microsoft.com/surface/en-us/support/windows-and-office/surface-devices-that-work-with-windows-10-s" target="_blank">Microsoft</a> | <a href="https://www.msi.com/Landing/Win10S" target="_blank">MSI</a> | 
+| <a href="https://panasonic.net/cns/pc/Windows10S/" target="_blank">Panasonic</a> | <a href="https://www.bangho.com.ar/windows10s" target="_blank">PC Arts</a> | <a href="https://www.positivoinformatica.com.br/atualizacao-windows-10" target="_blank">Positivo SA</a> | 
+| <a href="https://www.br.vaio.com/atualizacao-windows-10/" target="_blank">Positivo da Bahia</a> | <a href="https://www.samsung.com/us/support/windows10s/" target="_blank">Samsung</a> | <a href="https://www.teclast.com/zt/aboutwin10s/" target="_blank">Teclast</a> | 
+| <a href="https://www.dospara.co.jp/support/share.php?contents=about_windows10s" target="_blank">Thirdwave</a> | <a href="https://www.tongfangpc.com/service/win10.aspx" target="_blank">Tongfang</a> | <a href="https://win10upgrade.toshiba.com/win10s/information?region=TAIS&country=US&lang=en" target="_blank">Toshiba</a> | 
+| <a href="https://www.trekstor.de/windows-10-s-en.html" target="_blank">Trekstor</a> | <a href="https://www.trigem.co.kr/windows/win10S.html" target="_blank">Trigem</a> | <a href="https://us.vaio.com/support/knowledge-base/windows-10-s-compatibility-information/" target="_blank">Vaio</a> | 
+| <a href="https://www.wortmann.de/en-gb/content/+windows-10-s-supportinformation/windows-10-s-supportinformation.aspx" target="_blank">Wortmann</a> | <a href="https://www.yifangdigital.com/Customerservice/win10s.aspx" target="_blank">Yifang</a> |  | 
 
 > [!NOTE]
 > If you don't see any device listed on the manufacturer's web site, check back again later as more devices get added in the future.

education/windows/use-set-up-school-pcs-app.md

@@ -3,7 +3,6 @@ title: Use Set up School PCs app
 description: Learn how to use the Set up School PCs app and apply the provisioning package.
 keywords: shared cart, shared PC, school, Set up School PCs, overview, how to use
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu

education/windows/windows-editions-for-education-customers.md

@@ -3,7 +3,6 @@ title: Windows 10 editions for education customers
 description: Provides an overview of the two Windows 10 editions that are designed for the needs of K-12 institutions.
 keywords: Windows 10 Pro Education, Windows 10 Education, Windows 10 editions, education customers
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
@@ -21,7 +20,7 @@ ms.date: 10/13/2017
 
 Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](https://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
 
-Beginning with version 1607, Windows 10 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Configuration Designer](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](http://www.windows.com/).
+Beginning with version 1607, Windows 10 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Configuration Designer](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
 
 Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
 

mdop/mbam-v25/mbam-25-security-considerations.md

@@ -32,7 +32,7 @@ This topic contains the following information about how to secure Microsoft BitL
 
 ## <a href="" id="bkmk-tpm"></a>Configure MBAM to escrow the TPM and store OwnerAuth passwords
 
-**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addition, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
+**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addition, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/information-protection/tpm/change-the-tpm-owner-password) for further details.
 
 Depending on its configuration, the Trusted Platform Module (TPM) will lock itself in certain situations ─ such as when too many incorrect passwords are entered ─ and can remain locked for a period of time. During TPM lockout, BitLocker cannot access the encryption keys to perform unlock or decryption operations, requiring the user to enter their BitLocker recovery key to access the operating system drive. To reset TPM lockout, you must provide the TPM OwnerAuth password.
 
@@ -40,7 +40,7 @@ MBAM can store the TPM OwnerAuth password in the MBAM database if it owns the TP
 
 ### Escrowing TPM OwnerAuth in Windows 8 and higher
 
-**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
+**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/information-protection/tpm/change-the-tpm-owner-password) for further details.
 
 In Windows 8 or higher, MBAM no longer must own the TPM to store the OwnerAuth password, as long as the OwnerAuth is available on the local machine.
 

windows/client-management/mdm/policy-csp-applicationmanagement.md

@@ -1046,7 +1046,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-authentication.md

@@ -497,6 +497,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->

windows/client-management/mdm/policy-csp-bits.md

@@ -498,7 +498,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-defender.md

@@ -2760,7 +2760,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-deliveryoptimization.md

@@ -1566,7 +1566,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-deviceguard.md

@@ -289,7 +289,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-deviceinstallation.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/01/2018
+ms.date: 12/14/2018
 ---
 
 # Policy CSP - DeviceInstallation
@@ -86,11 +86,8 @@ If you enable this policy setting, Windows is allowed to install or update any d
 
 If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
-For more information about hardware IDs and compatible IDs, see [Device Identification Strings](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings).
+Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
-To get the hardware ID for a device, open Device Manager, right-click the name of the device and click **Properties**. On the **Details** tab, select **Hardware Ids** from the **Property** menu:
-
-![Hardware IDs](images/hardware-ids.png)
 
 <!--/Description-->
 > [!TIP]
@@ -200,11 +197,8 @@ This setting allows device installation based on the serial number of a removabl
 
 If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
-For a list of Class and ClassGUID entries for device setup classes, see [System-Defined Device Setup Classes Available to Vendors](https://docs.microsoft.com/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors).
+Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
-To get the ClassGUID for a device, open Device Manager, right-click the name of the device and click **Properties**. On the **Details** tab, select **Class GUID** from the **Property** menu:
-
-![Class GUIDs](images/class-guids.png)
 
 <!--/Description-->
 > [!TIP]
@@ -461,15 +455,7 @@ If you enable this policy setting, Windows is prevented from installing a device
 
 If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
 
-For more information about hardware IDs and compatible IDs, see [Device Identification Strings](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings).
-
-You can get the hardware ID in Device Manager. For example, USB drives are listed under Disk drives:
-
-![Disk drives](images/device-manager-disk-drives.png)
-
-Right-click the name of the device, click **Properties** > **Details** and select **Hardware Ids** as the **Property**: 
-
-![Hardware IDs](images/disk-drive-hardware-id.png)
+Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 <!--/Description-->
 > [!TIP]
@@ -564,12 +550,7 @@ If you enable this policy setting, Windows is prevented from installing or updat
 
 If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
 
-For a list of Class and ClassGUID entries for device setup classes, see [System-Defined Device Setup Classes Available to Vendors](https://docs.microsoft.com/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors).
-
-To get the ClassGUID for a device, open Device Manager, right-click the name of the device and click **Properties**. On the **Details** tab, select **Class GUID** from the **Property** menu:
-
-![Class GUIDs](images/class-guids.png)
-
+Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 <!--/Description-->
 > [!TIP]
@@ -634,6 +615,7 @@ Footnote:
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
 -   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-dmaguard.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/29/2018
+ms.date: 12/17/2018
 ---
 
 # Policy CSP - DmaGuard
@@ -65,7 +65,11 @@ ms.date: 06/29/2018
 
 <!--/Scope-->
 <!--Description-->
-This policy is intended to provide additional security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with DMA Remapping/device memory isolation and sandboxing. This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
+This policy is intended to provide additional security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with DMA Remapping/device memory isolation and sandboxing. 
+
+Device memory sandboxing allows the OS to leverage the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
+
+This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
 
 > [!Note]   
 > This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices.
@@ -105,7 +109,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-experience.md

@@ -1577,7 +1577,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-kerberos.md

@@ -420,7 +420,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md

@@ -3588,7 +3588,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-privacy.md

@@ -4859,7 +4859,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-security.md

@@ -747,7 +747,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-start.md

@@ -1846,7 +1846,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-storage.md

@@ -229,7 +229,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-system.md

@@ -1437,7 +1437,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-taskmanager.md

@@ -93,7 +93,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-textinput.md

@@ -1334,7 +1334,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-update.md

@@ -3576,6 +3576,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->

windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md

@@ -1430,7 +1430,8 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
--   5 - Added in the next major release of Windows 10.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-windowslogon.md

@@ -286,7 +286,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
+Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
 
 <!--/Description-->
 <!--ADMXMapped-->

windows/client-management/troubleshoot-stop-errors.md

@@ -8,7 +8,7 @@ ms.topic: troubleshooting
 author: kaushika-msft
 ms.localizationpriority: medium
 ms.author: kaushika
-ms.date: 11/30/2018
+ms.date: 12/19/2018
 ---
 
 # Advanced troubleshooting for Stop error or blue screen error issue
@@ -101,8 +101,7 @@ The memory dump file is saved at the following locations.
 
 You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. For more information, see the following video: 
 
->[!video https://www.youtube.com/watch?v=xN7tOfgNKag&feature=youtu.be]
-
+>[!video https://www.youtube.com/embed/xN7tOfgNKag]
 
 More information on how to use Dumpchk.exe to check your dump files:
 

windows/configuration/wcd/wcd-hotspot.md

@@ -8,121 +8,10 @@ author: jdeckerMS
 ms.localizationpriority: medium
 ms.author: jdecker
 ms.topic: article
-ms.date: 04/30/2018
+ms.date: 12/18/2018
 ---
 
 # HotSpot (Windows Configuration Designer reference)
 
-Use HotSpot settings to configure Internet sharing.
-
-## Applies to
-
-| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |  |  X  |  |  |  |
-
->[!NOTE]
->Although the HotSpot settings are available in advanced editing for multiple editions, the settings are only supported on devices running Windows 10 Mobile.
-
-## DedicatedConnections
-
-(Optional) Set DedicatedConnections to a semicolon-separated list of connections. 
-
-Specifies the list of Connection Manager cellular connections that Internet sharing will use as public connections.
-
-By default, any available connection will be used as a public connection. However, this node allows a mobile operator to specify one or more connection names to use as public connections.
-
-Specified connections will be mapped, by policy, to the Internet sharing service. All attempts to enumerate Connection Manager connections for the Internet sharing service will return only the mapped connections.
-
-The mapping policy will also include the connection specified in the TetheringNAIConnection value as well. 
-
- If the specified connections do not exist, Internet sharing will not start because it will not have any cellular connections available to share.
-
-
-
-## Enabled
-
-Specify **True** to enable Internet sharing on the device or **False** to disable Internet sharing.
-
-If Enabled is initially set to **True**, the feature is turned off and the internet sharing screen is removed from Settings so that the user cannot access it. Configuration changes or connection sharing state changes will not be possible.
-
-When Enabled is set to **False**, the internet sharing screen is added to Settings, although sharing is turned off by default until the user turns it on. 
-
-## EntitlementDll
-
-Enter the path to the entitlement DLL used to make entitlement checks that verify that the device is entitled to use the Internet sharing service on a mobile operator's network.
-
-## EntitlementInterval
-
-Enter the time interval, in seconds, between entitlement checks.
-
-## EntitlementRequired
-
-Specify whether the device requires an entitlement check to determine if Internet sharing should be enabled.
-
-## MaxBluetoothUsers
-
-(Optional) Specify the maximum number of simultaneous Bluetooth users that can be connected to a device while sharing over Bluetooth. Set MaxBluetoothUsers to an integer value between 1 and 7 inclusive. The default value is 7.
-
-
-## MaxUsers
-
-(Optional) Specify the maximum number of simultaneous users that can be connected to a device while sharing. Set MaxUsers to an integer value between 1 and 8 inclusive. The default value is 5.
-
-
-## MOAppLink
-
-(Optional) Enter an application link that points to a pre-installed application, provided by the mobile operator. that will help a user to subscribe to the mobile operator's Internet sharing service when Internet sharing is not provisioned or entitlement fails.
-
-Set MOAppLink to a valid app ID. The general format for the link is *app://MOappGUID*. For example, if your app ID is `12345678-9012-3456-7890-123456789012`, you must set the value to `app://12345678-9012-3456-7890-123456789012`. 
-
-
-## MOHelpMessage
-
-(Optional) Enter a reference to a localized string, provided by the mobile operator, that is displayed when Internet sharing is not enabled due to entitlement failure. The node takes a language-neutral registry value string, which has the following form:
-
-```
-@<res_dll>,-<str_id>
-```
-
-Where `<res_dll>` is the resource dll that contains the string and `<str_id>` is the string identifier. For more information on language-neutral string resource registry values, see [Using Registry String Redirection](https://msdn.microsoft.com/library/windows/desktop/dd374120.aspx).
-
-## MOHelpNumber
-
-(Optional) Enter a mobile operator–specified phone number that is displayed to the user when the Internet sharing service fails to start. The user interface displays a message informing the user that they can call the specified number for help.
-
-
-
-## MOInfoLink
-
-(Optional) Enter a mobile operator–specified HTTP link that is displayed to the user when Internet sharing is disabled or the device is not entitled. The user interface displays a message informing the user that they can visit the specified link for more information about how to enable the feature. 
-
-## PeerlessTimeout
-
-(Optional) Enter the time-out period, in minutes, after which Internet sharing should automatically turn off if there are no active clients. 
-
-Set PeerlessTimeout to any value between 1 and 120 inclusive. A value of 0 is not supported. The default value is 5 minutes.
-
-## PublicConnectionTimeout
-
-(Optional) Enter the time-out value, in minutes, after which Internet sharing is automatically turned off if a cellular connection is not available.
-
-Set PublicConnectionTimeout to any value between 1 and 60 inclusive. The default value is 20 minutes. A value of 0 is not supported.
-
-
-## TetheringNAIConnection
-
-(Optional) Specify the CDMA TetheringNAI Connection Manager cellular connection that Internet sharing will use as a public connection. Set TetheringNAIConnection to the CDMA TetheringNAI Connection Manager cellular connection.
-
-If a CDMA mobile operator requires using a Tethering NAI during Internet sharing, they must configure a TetheringNAI connection and then specify the connection in this node.
-
-Specified connections will be mapped, by policy, to the Internet sharing service. All attempts to enumerate Connection Manager connections for the Internet sharing service will return only the mapped connections.The mapping policy will also include the connection specified in the TetheringNAIConnection value as well. 
-
-If the specified connections do not exist, Internet sharing will not start because it will not have any cellular connections available to share.
-
->[!NOTE]
->CDMA phones are limited to one active data connection at a time. This means any application or service (such as e-mail or MMS) that is bound to another connection may not work while Internet sharing is turned on.
-
-
-
+Do not use. Enterprise admins who want to configure settings for mobile hotspots should use [Policies > Wifi](#wcd-policies.md#wifi). Mobile operators should use the [Country and Operator Settings Asset (COSA) format](https://docs.microsoft.com/windows-hardware/drivers/mobilebroadband/cosa-overview).
 

windows/configuration/wcd/wcd.md

@@ -45,7 +45,7 @@ This section describes the settings that you can configure in [provisioning pack
 | [FirewallConfiguration](wcd-firewallconfiguration.md) |  |  |  |  | X |
 | [FirstExperience](wcd-firstexperience.md) |  |  |  | X |  |
 | [Folders](wcd-folders.md) |X | X | X | X |  |
-| [HotSpot](wcd-hotspot.md) | X | X | X | X | X |
+| [HotSpot](wcd-hotspot.md) |  |  |  |  |  |
 | [InitialSetup](wcd-initialsetup.md) |  | X |  |  |  |
 | [InternetExplorer](wcd-internetexplorer.md) |  | X |  |  |  |
 | [KioskBrowser](wcd-kioskbrowser.md) |  |  |  |  | X |

windows/deployment/deploy-whats-new.md

@@ -7,7 +7,7 @@ ms.localizationpriority: medium
 ms.prod: w10
 ms.sitesec: library
 ms.pagetype: deploy
-ms.date: 12/07/2018
+ms.date: 12/18/2018
 author: greg-lindsay
 ---
 
@@ -23,6 +23,10 @@ This topic provides an overview of new solutions and online content related to d
 - For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index).
 - For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history).
 
+## Recent additions to this page
+
+[SetupDiag](#setupdiag) 1.4 is released.
+
 ## The Modern Desktop Deployment Center
 
 The [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
@@ -56,6 +60,12 @@ Windows Autopilot streamlines and automates the process of setting up and config
 
 Windows Autopilot joins devices to Azure Active Directory (Azure AD), optionally enrolls into MDM services, configures security policies, and sets a custom out-of-box-experience (OOBE) for the end user. For more information, see [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md).
 
+### SetupDiag
+
+[SetupDiag](upgrade/setupdiag.md) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
+
+SetupDiag version 1.4 was released on 12/18/2018.
+
 ### Upgrade Readiness
 
 The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. 

windows/deployment/update/waas-morenews.md

@@ -0,0 +1,19 @@
+---
+title: Windows as a service  
+ms.prod: w10
+ms.topic: article
+ms.manager: elizapo
+author: lizap
+ms.author: elizapo  
+ms.date: 12/19/2018
+ms.localizationpriority: high
+---
+# Windows as a service - More news
+
+Here's more news about [Windows as a service](windows-as-a-service.md):
+
+<ul>
+
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747">Windows 10 and the disappearing SAC-T</a> - May 31, 2018
+<li><a href="https://www.youtube.com/watch?v=EVzFIg_MhaE&t=5s">Manage update download size using Windows as a service</a> - March 30, 2018</li>
+</ul>

windows/deployment/update/windows-as-a-service.md

@@ -6,7 +6,7 @@ ms.topic: landing-page
 ms.manager: elizapo
 author: lizap
 ms.author: elizapo  
-ms.date: 12/12/2018
+ms.date: 12/19/2018
 ms.localizationpriority: high
 ---
 # Windows as a service
@@ -25,6 +25,8 @@ Windows 10 is the most secure version of Windows yet. Learn what updates we rele
 The latest news:
 <ul compact style="list-style: none"> 
 
+<li><a href="https://blogs.windows.com/windowsexperience/2018/12/19/driver-quality-in-the-windows-ecosystem/#ktuodfovWAMAkssM.97">Driver quality in the Windows ecosystem</a> - December 19, 2018</li>
+<li><a href="http://m365mdp.mpsn.libsynpro.com/001-windows-10-monthly-quality-updates">Modern Desktop Podcast - Episode 001 – Windows 10 Monthly Quality Updates</a> - December 18, 2018</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Measuring-Delivery-Optimization-and-its-impact-to-your-network/ba-p/301809#M409">Measuring Delivery Optimization and its impact to your network</a> - December 13, 2018</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181">LTSC: What is it, and when should it be used?</a> - November 29, 2018</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Local-Experience-Packs-What-are-they-and-when-should-you-use/ba-p/286841">Local Experience Packs: What are they and when should you use them?</a> - November 14, 2018</li>
@@ -43,11 +45,9 @@ The latest news:
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426">Windows 10 quality updates explained and the end of delta updates</a> - July 11, 2018
 <li><a href="https://blogs.windows.com/windowsexperience/2018/06/14/ai-powers-windows-10-april-2018-update-rollout/#67LrSyWdwgTyciSG.97">AI Powers Windows 10 April 2018 Update Rollout</a> - June 14, 2018
 <li><a href="https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/">Windows Server 2008 SP2 Servicing Changes</a> - June 12, 2018
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-Enhancements-diagnostics/ba-p/201978">Windows Update for Business - Enhancements, diagnostics, configuration</a> - June 7, 2018
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747">Windows 10 and the disappearing SAC-T</a> - May 31, 2018
-<li><a href="https://www.youtube.com/watch?v=EVzFIg_MhaE&t=5s">Manage update download size using Windows as a service</a> - March 30, 2018</li></ul>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-Enhancements-diagnostics/ba-p/201978">Windows Update for Business - Enhancements, diagnostics, configuration</a> - June 7, 2018</ul>
 
-[See more news](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog)
+[See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog).
 
 ## IT pro champs corner
 Written by IT pros for IT pros, sharing real world examples and scenarios for Windows 10 deployment and servicing.
@@ -134,4 +134,4 @@ Looking to learn more? These informative session replays from Microsoft Ignite 2
 
 [THR2234: Windows servicing and delivery fundamentals](https://myignite.techcommunity.microsoft.com/sessions/66741#ignite-html-anchor)
 
-[THR3006: The pros and cons of LTSC in the enterprise](https://myignite.techcommunity.microsoft.com/sessions/64512#ignite-html-anchor)
+[THR3006: The pros and cons of LTSC in the enterprise](https://myignite.techcommunity.microsoft.com/sessions/64512#ignite-html-anchor)

windows/deployment/upgrade/setupdiag.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 08/16/2018
+ms.date: 12/18/2018
 ms.localizationpriority: medium
 ---
 
@@ -24,7 +24,7 @@ ms.localizationpriority: medium
 
 ## About SetupDiag
 
-<I>Current version of SetupDiag: 1.3.1.0</I>
+<I>Current version of SetupDiag: 1.4.0.0</I>
 
 SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
 
@@ -61,11 +61,14 @@ The [Release notes](#release-notes) section at the bottom of this topic has info
 | --- | --- |
 | /? | <ul><li>Displays interactive help</ul> |
 | /Output:\<path to results file\> | <ul><li>This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine.  Only text format output is supported.  UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path.  If the path has a space in it, you must enclose the entire path in double quotes (see the example section below). <li>Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same  directory where SetupDiag.exe is run.</ul> |
-| /Mode:\<Offline \| Online\>  |  <ul><li>This optional parameter allows you to specify the mode in which SetupDiag will operate: Offline or Online.<li>Offline: tells SetupDiag to run against a set of log files already captured from a failed system.  In this mode you can run anywhere you have access to the log files.  This mode does not require SetupDiag to be run on the computer that failed to update. When you specify offline mode, you must also specify the /LogsPath: parameter.<li>Online: tells SetupDiag that it is being run on the computer that failed to update. SetupDiag will attempt find log files and resources in standard Windows locations, such as the **%SystemDrive%\$Windows.~bt** directory for setup log files.<li>Log file search paths are configurable in the SetupDiag.exe.config file, under the SearchPath key.  Search paths are comma separated.  Note: A large number of search paths will extend the time required for SetupDiag to return results.<li>Default: If not specified, SetupDiag will run in Online mode.</ul> |
-| /LogsPath:\<Path to logs\> | <ul><li>This optional parameter is required only when **/Mode:Offline** is specified.  This tells SetupDiag.exe where to find the log files. These log files can be in a flat folder format, or containing multiple subdirectories.  SetupDiag will recursively search all child directories. This parameter should be omitted when the **/Mode:Online** is specified.</ul> |
+| /LogsPath:\<Path to logs\> | <ul><li>This optional parameter tells SetupDiag.exe where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories.  SetupDiag will recursively search all child directories.</ul> |
 | /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed.  The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
-| /Verbose | <ul><li>This optional parameter will output much more data to the log file produced by SetupDiag.exe.  By default SetupDiag will only produce a log file entry for serious errors.  Using **/Verbose** will cause SetupDiag to always produce a log file with debugging details, which can be useful when reporting a problem with SetupDiag.</ul> |
+| /Verbose | <ul><li>This optional parameter will output much more data to a log file.  By default, SetupDiag will only produce a log file entry for serious errors.  Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.</ul> |
 | /Format:\<xml \| json\> | <ul><li>This optional parameter can be used to output log files in xml or JSON format.  If this parameter is not specified, text format is used by default.</ul> |
+| /NoTel | <ul><li>This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.</ul> |
+
+Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. 
+- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0 when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter is not needed.
 
 ### Examples:
 
@@ -75,10 +78,10 @@ In the following example, SetupDiag is run with default parameters (online mode,
 SetupDiag.exe
 ```
 
-In the following example, SetupDiag is specified to run in Online mode (this is the default).  It will know where to look for logs on the current (failing) system, so there is no need to gather logs ahead of time. A custom location for results is specified.
+In the following example, SetupDiag is run in online mode (this is the default).  It will know where to look for logs on the current (failing) system, so there is no need to gather logs ahead of time. A custom location for results is specified.
 
 ```
-SetupDiag.exe /Output:C:\SetupDiag\Results.log /Mode:Online
+SetupDiag.exe /Output:C:\SetupDiag\Results.log
 ```
 
 The following example uses the /Output parameter to save results to a path name that contains a space:
@@ -90,7 +93,7 @@ SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log"
 The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**.
 
 ```
-SetupDiag.exe /Output:C:\SetupDiag\Results.log /Mode:Offline /LogsPath:D:\Temp\Logs\LogSet1
+SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1
 ```
 
 ## Log files
@@ -111,7 +114,7 @@ When Microsoft Windows encounters a condition that compromises safe system opera
 If crash dumps [are enabled](https://docs.microsoft.com/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup related minidumps.
 
 To debug a setup related bug check, you must:
-- Specify the **/Mode:Offline** and **/LogsPath** parameters. You cannot debug memory dumps in online mode. 
+- Specify the **/LogsPath** parameter. You cannot debug memory dumps in online mode. 
 - Gather the setup memory dump file (setupmem.dmp) from the failing system. 
     - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs.
 - Install the [Windows Debugging Tools](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag.
@@ -119,7 +122,7 @@ To debug a setup related bug check, you must:
 In the following example, the **setupmem.dmp** file is copied to the **D:\Dump** directory and the Windows Debugging Tools are installed prior to running SetupDiag:
 
 ```
-SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /Mode:Offline /LogsPath:D:\Dump
+SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump
 ```
 
 ## Known issues
@@ -135,10 +138,10 @@ The following is an example where SetupDiag is run in offline mode. In this exam
 The output also provides an error code 0xC1900208 - 0x4000C which corresponds to a compatibility issue as documented in the [Upgrade error codes](upgrade-error-codes.md#result-codes) and [Resolution procedures](resolution-procedures.md#modern-setup-errors) topics in this article.
 
 ```
-C:\SetupDiag>SetupDiag.exe /Output:C:\SetupDiag\Results.log /Mode:Offline /LogsPath:C:\Temp\BobMacNeill
+C:\SetupDiag>SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:C:\Temp\BobMacNeill
 
-SetupDiag v1.01
-Copyright (c) Microsoft Corporation. All rights reserved
+SetupDiag v1.4.0.0
+Copyright (c) Microsoft Corporation. All rights reserved.
 
 Searching for setup logs, this can take a minute or more depending on the number and size of the logs...please wait.
         Found 4 setupact.logs.
@@ -365,16 +368,42 @@ Each rule name and its associated unique rule identifier are listed with a descr
 40. UpdateAgentExpanderFailure – 66E496B3-7D19-47FA-B19B-4040B9FD17E2
     - Matches DPX expander failures in the down-level phase of update from WU.  Will output the package name, function, expression and error code.
 41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636
-    - Matches any plug in failure that setupplatform decides is fatal to setup.  Will output the plugin name, operation and error code.
+    - Matches any plug-in failure that setupplatform decides is fatal to setup.  Will output the plugin name, operation and error code.
 42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
     - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes.
 43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9
-    - Indicates a critical failure in a migration plugin that causes setup to abort the migration.  Will provide the setup operation, plug in name, plug in action and error code.
+    - Indicates a critical failure in a migration plugin that causes setup to abort the migration.  Will provide the setup operation, plug-in name, plug-in action and error code.
 44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9
     - Indicates a critical failure during a DISM add package operation.  Will specify the Package Name, DISM error and add package error code.
+45. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 
+    - Detects all compat blocks from Server compliance plug-ins.  Outputs the block information and remediation.
+46. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71 
+    - Triggers on advanced installer failures in a generic sense, outputting the application called, phase, mode, component and error code.
+47. FindMigGatherApplyFailure - A9964E6C-A2A8-45FF-B6B5-25E0BD71428E 
+    - Shows errors when the migration Engine fails out on a gather or apply operation.  Indicates the Migration Object (file or registry path), the Migration
+48. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78 
+    - Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package.  Outputs the package name and error code.
+49. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 
+    - Indicates the optional component migration operation failed to open an optional component Package.  Outputs the package name and error code.
+50. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317 
+    - Indicates corruption in the servicing stack on the down-level system.  Outputs the error code encountered while trying to initialize the servicing component on the existing OS.
+51. DISMproviderFailure - D76EF86F-B3F8-433F-9EBF-B4411F8141F4 
+    - Triggers when a DISM provider (plug-in) fails in a critical operation.  Outputs the file (plug-in name), function called + error code, and error message from the provider.
+52. SysPrepLaunchModuleFailure - 7905655C-F295-45F7-8873-81D6F9149BFD 
+    - Indicates a sysPrep plug-in has failed in a critical operation.  Indicates the plug-in name, operation name and error code.
+53. UserProvidedDriverInjectionFailure - 2247C48A-7EE3-4037-AFAB-95B92DE1D980 
+    - A driver provided to setup (via command line input) has failed in some way.  Outputs the driver install function and error code.
 
 ## Release notes
 
+12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
+   - This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
+       - The FindDownlevelFailure rule is up to 10x faster.
+   - New rules have been added to analyze failures upgrading to Windows 10 version 1809.
+   - A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure.
+   - Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode.
+   - Some functional and output improvements were made for several rules.
+
 07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center.
    - This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed.
 

windows/privacy/Microsoft-DiagnosticDataViewer.md

@@ -32,14 +32,18 @@ You must have administrative privilege on the device in order to use this PowerS
 
 You must install the module before you can use the Diagnostic Data Viewer for PowerShell. 
 
+### Opening an Elevated PowerShell session 
+
+Using the Diagnostic Data Viewer for PowerShell requires administrative (elevated) privilege. There are two ways to open an elevated PowerShell prompt. You can use either method.    
+- Go to **Start** > **Windows PowerShell** > **Run as administrator**
+- Go to **Start** > **Command prompt** > **Run as administrator**, and run the command `C:\> powershell.exe`
+
 ### Install the Diagnostic Data Viewer for PowerShell
 
    >[!IMPORTANT]
    >It is recommended to visit the documentation on [Getting Started](https://docs.microsoft.com/en-us/powershell/gallery/getting-started) with PowerShell Gallery. This page provides more specific details on installing a PowerShell module. 
 
-To install the newest version of the Diagnostic Data Viewer PowerShell module: 
-1. From an elevated Command Prompt, start a PowerShell session by running `C:\> powershell.exe`.  
-2. Install the module by name
+To install the newest version of the Diagnostic Data Viewer PowerShell module, run the following command within an elevated PowerShell session: 
 ```powershell
 PS C:\> Install-Module -Name Microsoft.DiagnosticDataViewer
 ```
@@ -60,10 +64,7 @@ Note that this setting does not control whether your device sends diagnostic dat
 
 **To turn on data viewing through PowerShell**
 
-1. Install the Diagnostic Data Viewer for PowerShell module.
-2. Run the Command prompt **as administrator**. 
-3. Start a PowerShell session by running `C:\> powershell.exe`. 
-4. Run the following commands in the PowerShell session:  
+Run the following command within an elevated PowerShell session:  
 
 ```powershell
 PS C:\> Enable-DiagnosticDataViewing
@@ -74,22 +75,6 @@ Once data viewing is enabled, your Windows machine will begin saving a history o
    >[!IMPORTANT]
    >Turning on data viewing can use up to 1GB (default setting) of disk space on your system drive. We recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
 
-### Start the Diagnostic Data Viewer
-You must start this app from the **Settings** panel.
-
-**To start the Diagnostic Data Viewer**
-1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
-
-2. Under **Diagnostic data**, select the **Diagnostic Data Viewer** button.
-
-    ![Location to turn on the Diagnostic Data Viewer](images/ddv-settings-launch.png)<br><br>-OR-<br><br>
-    
-    Go to **Start** and search for _Diagnostic Data Viewer_.
-
-3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data.
-
-   >[!IMPORTANT]
-   >Turning on data viewing can use up to 1GB of disk space on your system drive. We strongly recommend that your turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
 
 ### Getting Started with Diagnostic Data Viewer for PowerShell
 To see how to use the cmdlet, the parameters it accepts, and examples, run the following command from an elevated PowerShell session: 
@@ -149,9 +134,7 @@ When you're done reviewing your diagnostic data, we recommend turning off data v
 
 **To turn off data viewing through PowerShell** 
 
-1. Run the Command prompt **as administrator**.
-2. Start a PowerShell session by running `C:\> powershell.exe`. 
-3. Run the following commands in the PowerShell session:  
+Within an elevated PowerShell session, run the following command:  
 
 ```powershell
 PS C:\> Disable-DiagnosticDataViewing

windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: aadake
-ms.date: 12/08/2018
+ms.date: 12/20/2018
 ---
 
 # Kernel DMA Protection for Thunderbolt™ 3 
@@ -38,17 +38,17 @@ A simple example would be a PC owner leaves the PC for a quick coffee break, and
 
 ## How Windows protects against DMA drive-by attacks
 
-Windows leverages the system Input/Output Memory Management Unit (IOMMU) to block external devices from starting and performing DMA unless the drivers for these devices support memory isolation (such as DMA-remapping). 
-Devices with compatible drivers will be automatically enumerated, started and allowed to perform DMA to their assigned memory regions. 
-Devices with incompatible drivers will be blocked from starting and performing DMA until an authorized user signs into the system or unlocks the screen.
+Windows leverages the system Input/Output Memory Management Unit (IOMMU) to block external peripherals from starting and performing DMA unless the drivers for these peripherals support memory isolation (such as DMA-remapping). 
+Peripherals with compatible drivers will be automatically enumerated, started and allowed to perform DMA to their assigned memory regions. 
+By default, peripherals with incompatible drivers will be blocked from starting and performing DMA until an authorized user signs into the system or unlocks the screen.
 
 ## User experience
 
 ![Kernel DMA protection user experience](images/kernel-dma-protection-user-experience.png)
 
-A device that is incompatible with DMA-remapping will be blocked from starting if the device was plugged in before an authorized user logs in, or while the screen is locked. 
-Once the system is unlocked, the device driver will be started by the OS, and the device will continue to function normally until the system is rebooted, or the device is unplugged. 
-The devices will continue to function normally if the user locks the screen or logs out of the system.
+A peripheral that is incompatible with DMA-remapping will be blocked from starting if the peripheral was plugged in before an authorized user logs in, or while the screen is locked. 
+Once the system is unlocked, the peripheral driver will be started by the OS, and the peripheral will continue to function normally until the system is rebooted, or the peripheral is unplugged. 
+The peripheral will continue to function normally if the user locks the screen or logs out of the system.
 
 ## System compatibility
 
@@ -88,7 +88,7 @@ For systems that do not support Kernel DMA Protection, please refer to the [BitL
 ## Frequently asked questions
 
 ### Do in-market systems support Kernel DMA Protection for Thunderbolt™ 3?
-In market systems, released with Windows 10 version 1709 or earlier, will not support Kernel DMA Protection for Thunderbolt™ 3 after upgrading to Windows 10 version 1803, as this feature requires the BIOS/platform firmware changes and guarantees. For these systems, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection.
+In-market systems, released with Windows 10 version 1709 or earlier, will not support Kernel DMA Protection for Thunderbolt™ 3 after upgrading to Windows 10 version 1803, as this feature requires the BIOS/platform firmware changes and guarantees that cannot be backported to previously released devices. For these systems, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection.
 
 ### Does Kernel DMA Protection prevent drive-by DMA attacks during Boot?
 No, Kernel DMA Protection only protects against drive-by DMA attacks after the OS is loaded. It is the responsibility of the system firmware/BIOS to protect against attacks via the Thunderbolt™ 3 ports during boot. 
@@ -108,10 +108,13 @@ In Windows 10 1803 and beyond, the Microsoft inbox drivers for USB XHCI (3.x) Co
 ### Do drivers for non-PCI devices need to be compatible with DMA-remapping?
 No. Devices for non-PCI peripherals, such as USB devices, do not perform DMA, thus no need for the driver to be compatible with DMA-remapping.
 
-### How can an enterprise enable the “External device enumeration” policy?
-The “External device enumeration” policy controls whether to enumerate external devices that are not compatible with DMA-remapping. Devices that are compatible with DMA-remapping are always enumerated. The policy can be enabled via Group Policy or Mobile Device Management (MDM):
+### How can an enterprise enable the External device enumeration policy?
+The External device enumeration policy controls whether to enumerate external peripherals that are not compatible with DMA-remapping. Peripherals that are compatible with DMA-remapping are always enumerated. Peripherals that don't can be blocked, allowed, or allowed only after the user signs in (default).
+
+The policy can be enabled by using: 
+
 - Group Policy: Administrative Templates\System\Kernel DMA Protection\Enumeration policy for external devices incompatible with Kernel DMA Protection
-- MDM: [DmaGuard policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-policies) 
+- Mobile Device Management (MDM): [DmaGuard policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-policies) 
 
 ## Related topics
 

windows/security/information-protection/tpm/trusted-platform-module-overview.md

@@ -17,6 +17,7 @@ ms.date: 11/29/2018
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
+-   Windows Server 2019
 
 This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.
 
@@ -38,7 +39,7 @@ Different versions of the TPM are defined in specifications by the Trusted Compu
 
 ### Automatic initialization of the TPM with Windows 10
 
-Starting with Windows 10, the operating system automatically initializes and takes ownership of the TPM. This means that in most cases, we recommend that you avoid configuring the TPM through the TPM management console, **TPM.msc**. There are a few exceptions, mostly related to resetting or performing a clean installation on a PC. For more information, see [Clear all the keys from the TPM](initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm).
+Starting with Windows 10, the operating system automatically initializes and takes ownership of the TPM. This means that in most cases, we recommend that you avoid configuring the TPM through the TPM management console, **TPM.msc**. There are a few exceptions, mostly related to resetting or performing a clean installation on a PC. For more information, see [Clear all the keys from the TPM](initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm). We're [no longer actively developing the TPM management console](https://docs.microsoft.com/windows-server/get-started-19/removed-features-19#features-were-no-longer-developing) beginning with Windows Server 2019 and Windows 10, version 1809.
 
 In certain specific enterprise scenarios limited to Windows 10, versions 1507 and 1511, Group Policy might be used to back up the TPM owner authorization value in Active Directory. Because the TPM state persists across operating system installations, this TPM information is stored in a location in Active Directory that is separate from computer objects.
 
@@ -69,14 +70,14 @@ Some things that you can check on the device are:
 -   Is SecureBoot supported and enabled?
 
 > [!NOTE]
->  Windows 10 and Windows Server 2016 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.
+>  Windows 10, Windows Server 2016 and Windows server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.
 
 ## Supported versions for device health attestation
 
-| TPM version | Windows 10  | Windows Server 2016 |
-|-------------|-------------|---------------------|
-| TPM 1.2     | >= ver 1607 | >= ver 1607         |
-| TPM 2.0     | X           | X                   |
+| TPM version | Windows 10  | Windows Server 2016 | Windows Server 2019 |
+|-------------|-------------|---------------------|---------------------|
+| TPM 1.2     | >= ver 1607 |    >= ver 1607      |       Yes           |
+| TPM 2.0     |    Yes      |        Yes          |       Yes           |
 
 
 ## Related topics

windows/security/information-protection/windows-information-protection/limitations-with-wip.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: justinha
 ms.author: justinha
-ms.date: 05/30/2018
+ms.date: 12/18/2018
 ms.localizationpriority: medium
 ---
 
@@ -104,7 +104,7 @@ This table provides info about the most common problems you might encounter whil
                 <li>SavedGames</li>
             </ul>
         </td>
-        <td>WIP isn’t turned on for employees in your organization.</td>
+        <td>WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using System Center Configuration Manager. </td>
         <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.<br><br>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection).
         </td>
     </tr>

windows/security/threat-protection/auditing/event-4672.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: Mir0sh
-ms.date: 04/19/2017
+ms.date: 12/20/2018
 ---
 
 # 4672(S): Special privileges assigned to new logon.
@@ -18,7 +18,7 @@ ms.date: 04/19/2017
 
 
 <img src="images/event-4672.png" alt="Event 4672 illustration" width="449" height="503" hspace="10" align="left" />
-
+</br>
 ***Subcategory:***&nbsp;[Audit Special Logon](audit-special-logon.md)
 
 ***Event Description:***
@@ -125,7 +125,7 @@ You typically will see many of these events in the event log, because every logo
 | SeAuditPrivilege              | Generate security audits                                       | With this privilege, the user can add entries to the security log.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 | SeBackupPrivilege             | Back up files and directories                                  | -   Required to perform backup operations. <br>With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system.<br>This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](https://msdn.microsoft.com/library/windows/desktop/ms721532(v=vs.85).aspx#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. The following access rights are granted if this privilege is held:<br>READ\_CONTROL<br>ACCESS\_SYSTEM\_SECURITY<br>FILE\_GENERIC\_READ<br>FILE\_TRAVERSE                                                                                                                |
 | SeCreateTokenPrivilege        | Create a token object                                          | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs.<br>When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
-| SeDebugPrivilege              | Debug programs                                                 | Required to debug and adjust the memory of a process owned by another account.<br>With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components.                                                                                                                                                                                                                                                                                                                                                                                                                                |
+| SeDebugPrivilege              | Debug programs                                                 | Required to debug and adjust the memory of a process owned by another account.<br>With this privilege, the user can attach a debugger to any process or to the kernel. We recommend that SeDebugPrivilege always be granted to Administrators, and only to Administrators. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components.                                                                                                                                                                                                                                                                                                                                                                                                                                |
 | SeEnableDelegationPrivilege   | Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation.<br>With this privilege, the user can set the **Trusted for Deleg**ation setting on a user or computer object.<br>The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set.                                                                                                                                                                                                                      |
 | SeImpersonatePrivilege        | Impersonate a client after authentication                      | With this privilege, the user can impersonate other accounts.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
 | SeLoadDriverPrivilege         | Load and unload device drivers                                 | Required to load or unload a device driver.<br>With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |

windows/security/threat-protection/device-control/control-usb-devices-using-intune.md

@@ -8,56 +8,57 @@ ms.pagetype: security
 ms.localizationpriority: medium
 ms.author: justinha
 author: justinha
-ms.date: 11/15/2018
+ms.date: 12/20/2018
 ---
 
-# How to control USB devices and other removable media using Intune
+# How to control USB devices and other removable media using Windows Defender ATP
 
 **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
+Windows Defender ATP provides multiple monitoring and control features for USB peripherals to help prevent threats in unauthorized peripherals from compromising your devices: 
 
-You can configure Intune settings to reduce threats from removable storage such as USB devices, including:   
+1. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: 
+   - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. 
+   - The [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB.  
+   - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access-dma-attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. 
+   
+2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) 
+   - Identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules).  
 
-- [Block unwanted removeable storage](#block-unwanted-removable-storage)
-- [Protect allowed removable storage](#protect-allowed-removable-storage)
+3. [Respond to threats](#respond-to-threats) from peripherals in real-time based on properties reported by each peripheral:
+   - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. 
+   - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. 
 
-Protecting allowed removeable storage requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). 
-We recommend enabling real-time protection for improved scanning performance, especially for large storage devices.  
-If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives.
-You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted.
+>[!NOTE]
+>These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks.
 
-> [!NOTE]
-> These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For data loss prevention on Windows 10 devices, you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device.
+For more information about controlling USB devices, see the [Microsoft Secure blog "WDATP has protections for USB and removable devices"](https://aka.ms/devicecontrolblog).
 
-## Block unwanted removeable storage
+## Prevent threats from removable storage
+  
+Windows Defender ATP can help identify and block malicious files on allowed removable storage peripherals.
 
-1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).
-2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. 
+### Enable Windows Defender Antivirus Scanning 
 
-   ![Create device configuration profile](images/create-device-configuration-profile.png)
+Protecting authorized removable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) or scheduling scans and configuring removable drives for scans. 
 
-3. Use the following settings: 
+- If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Windows Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices.
+- If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting.
 
-   - Name: Windows 10 Device Configuration 
-   - Description: Block removeable storage and USB connections 
-   - Platform: Windows 10 and later 
-   - Profile type: Device restrictions 
+>[!NOTE] 
+>We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Windows Defender Antivirus** > **Real-time monitoring**.
 
-   ![Create profile](images/create-profile.png)
+<!-- Need to build out point in the precedeing note. 
+-->
 
-4. Click **Configure** > **General**.  
+### Block untrusted and unsigned processes on USB peripherals
 
-5. For **Removable storage** and **USB connection (mobile only)**, choose **Block**.
-
-   ![General settings](images/general-settings.png)
-
-6. Click **OK** to close **General** settings and **Device restrictions**.
-
-7. Click **Create** to save the profile.
-
-Alternatively, you can create a custom profile in Intune and configure [DeviceInstallation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) policies.  
-
-## Protect allowed removable storage 
+End-users might plug in removable devices that are infected with malware. 
+To prevent infections, a company can block USB files that are unsigned or untrusted. 
+Alternatively, companies can leverage the audit feature of attack surface reduction rules to monitor the activity of untrusted and unsigned processes that execute on a USB peripheral. 
+This can be done by setting **Untrusted and unsigned processes that run from USB** to either **Block** or **Audit only**, respectively. 
+With this rule, admins can prevent or audit unsigned or untrusted executable files from running from USB removable drives, including SD cards. 
+Affected file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files.
 
 These settings require [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). 
 
@@ -73,7 +74,7 @@ These settings require [enabling real-time protection](https://docs.microsoft.co
    - Platform: Windows 10 or later 
    - Profile type: Endpoint protection 
 
-   ![Create enpoint protection profile](images/create-endpoint-protection-profile.png)
+   ![Create endpoint protection profile](images/create-endpoint-protection-profile.png)
 
 4. Click **Configure** > **Windows Defender Exploit Guard** > **Attack Surface Reduction**. 
 
@@ -83,4 +84,104 @@ These settings require [enabling real-time protection](https://docs.microsoft.co
 
 6. Click **OK** to close **Attack Surface Reduction**, **Windows Defender Exploit Guard**, and **Endpoint protection**.
 
-7. Click **Create** to save the profile.
+7. Click **Create** to save the profile.
+
+### Protect against Direct Memory Access (DMA) attacks
+
+DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks:
+
+1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturers and cannot be turned on or off by users. 
+
+   Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for peripherals that don't support device memory isolation (also known as DMA-remapping). Memory isolation allows the OS to leverage the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral (memory sandboxing). In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
+   
+   Peripherals that support device memory isolation can always connect. Peripherals that don't can be blocked, allowed, or allowed only after the user signs in (default). 
+
+2. On Windows 10 systems that do not suppprt Kernel DMA Protection, you can:
+
+   - [Block DMA until a user signs in](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess)
+   - [Block all connections via the Thunderbolt ports (including USB devices)](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d)
+
+
+## Detect plug and play connected events
+
+You can view plug and play connected events in Windows Defender ATP advanced hunting to identify suspicious usage activity or perform internal investigations. 
+For examples of Windows Defender ATP advanced hunting queries, see the [Windows Defender ATP hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). 
+Based on any Windows Defender ATP event, including the plug and play events, you can create custom alerts using the Windows Defender ATP [custom detection rule feature](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules).
+
+## Respond to threats 
+
+Windows Defender ATP can prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device.
+
+>[!Note] 
+>Always test and refine these settings with a pilot group of users and devices first before applying them in production. 
+
+The following table describes the ways Windows Defender ATP can help prevent installation and usage of USB peripherals. 
+For more information about controlling USB devices, see the [Microsoft Secure blog "WDATP has protections for USB and removable devices"](https://aka.ms/devicecontrolblog).
+
+| Control  | Description |
+|----------|-------------|
+| [Block installation and usage of removable storage](#block-installation-and-usage-of-removable-storage) | Users can't install or use removable storage |
+| [Only allow installation and usage of specifically approved peripherals](#only-allow-installation-and-usage-of-specifically-approved-peripherals)   | Users can only install and use approved peripherals that report specific properties in their firmware |
+| [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | Users can't install or use prohibited peripherals that report specific properties in their firmware |
+
+>[!Note] 
+>Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them.
+
+### Block installation and usage of removable storage
+
+1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).
+2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. 
+
+   ![Create device configuration profile](images/create-device-configuration-profile.png)
+
+3. Use the following settings: 
+
+   - Name: Type a name for the profile 
+   - Description: Type a description 
+   - Platform: Windows 10 and later 
+   - Profile type: Device restrictions 
+
+   ![Create profile](images/create-profile.png)
+
+4. Click **Configure** > **General**.  
+
+5. For **Removable storage** and **USB connection (mobile only)**, choose **Block**. **Removable storage** includes USB drives, where **USB connection (mobile only)** excludes USB charging but includes other USB connections on mobile devices only. 
+
+   ![General settings](images/general-settings.png)
+
+6. Click **OK** to close **General** settings and **Device restrictions**.
+
+7. Click **Create** to save the profile.
+
+### Only allow installation and usage of specifically approved peripherals
+
+Windows Defender ATP allows installation and usage of only specifically approved peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation).
+For example, this custom profile allows installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0".
+
+![Custom profile](images/custom-profile-allow-device-ids.png)
+
+Peripherals that are allowed to be installed can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+
+For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses).
+Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings).
+
+### Prevent installation of specifically prohibited peripherals
+
+Windows Defender ATP also blocks installation and usage of prohibited peripherals with a custom profile in Intune. 
+For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0", and applies to USB devices with matching hardware IDs that are already installed.
+
+![Custom profile](images/custom-profile-prevent-device-ids.png)
+
+For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). 
+
+## Related topics
+
+- [Configure real-time protection for Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus)
+- [Defender/AllowFullScanRemovableDriveScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning)
+- [Policy/DeviceInstallation CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation)
+- [Perform a custom scan of a removable device](https://aka.ms/scanusb)
+- [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) 
+- [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure)
+
+
+

windows/security/threat-protection/intelligence/safety-scanner-download.md

@@ -13,9 +13,9 @@ ms.date: 08/01/2018
 # Microsoft Safety Scanner
 Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.
 
-- [Download 32-bit](https://go.microsoft.com/fwlink/?LinkId=212733) 
+- [Download Microsoft Safety Scanner (32-bit)](https://go.microsoft.com/fwlink/?LinkId=212733) 
 
-- [Download 64-bit](https://go.microsoft.com/fwlink/?LinkId=212732)
+- [Download Microsoft Safety Scanner (64-bit)](https://go.microsoft.com/fwlink/?LinkId=212732)
 
 Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan.