Merge branch 'master' into v-smandalika-5494946-B3

2025-05-12 13:27:23 +00:00 · 2021-12-03 09:54:11 +05:30 · 2021-12-03 09:54:11 +05:30 · 2a96fc14a2
commit 2a96fc14a2
parent dacaa74035 2fe7f44f8f
50 changed files with 2794 additions and 16656 deletions
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@ -34,38 +34,14 @@ manager: dansimp
 <a href="" id="windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork"></a>**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@ -36,38 +36,14 @@ manager: dansimp
 <a href="" id="windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -108,38 +84,14 @@ The following list shows the supported values:
 <a href="" id="windowsinkworkspace-allowwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowWindowsInkWorkspace**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@ -59,38 +59,14 @@ manager: dansimp
 <a href="" id="windowslogon-allowautomaticrestartsignon"></a>**WindowsLogon/AllowAutomaticRestartSignOn**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|Yes|Yes|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -144,38 +120,14 @@ ADMX Info:
 <a href="" id="windowslogon-configautomaticrestartsignon"></a>**WindowsLogon/ConfigAutomaticRestartSignOn**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|Yes|Yes|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -229,38 +181,14 @@ ADMX Info:
 <a href="" id="windowslogon-disablelockscreenappnotifications"></a>**WindowsLogon/DisableLockScreenAppNotifications**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -299,38 +227,14 @@ ADMX Info:
 <a href="" id="windowslogon-dontdisplaynetworkselectionui"></a>**WindowsLogon/DontDisplayNetworkSelectionUI**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -394,38 +298,14 @@ ADMX Info:
 <a href="" id="windowslogon-enablefirstlogonanimation"></a>**WindowsLogon/EnableFirstLogonAnimation**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|Yes|Yes|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -479,38 +359,14 @@ Supported values:
 <a href="" id="windowslogon-enumeratelocalusersondomainjoinedcomputers"></a>**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -549,38 +405,14 @@ ADMX Info:
 <a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@ -34,38 +34,14 @@ manager: dansimp
 <a href="" id="windowspowershell-turnonpowershellscriptblocklogging"></a>**WindowsPowerShell/TurnOnPowerShellScriptBlockLogging**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@ -48,38 +48,14 @@ ms.date: 10/14/2020
 Available in the latest Windows 10 insider preview build.
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|No|No|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -142,38 +118,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|No|No|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -233,38 +185,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|No|No|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -322,38 +250,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|No|No|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -412,38 +316,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|No|No|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -505,38 +385,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|No|No|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@ -53,38 +53,14 @@ manager: dansimp
 <a href="" id="wirelessdisplay-allowmdnsadvertisement"></a>**WirelessDisplay/AllowMdnsAdvertisement**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -117,38 +93,14 @@ The following list shows the supported values:
 <a href="" id="wirelessdisplay-allowmdnsdiscovery"></a>**WirelessDisplay/AllowMdnsDiscovery**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -181,38 +133,14 @@ The following list shows the supported values:
 <a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -245,38 +173,14 @@ The following list shows the supported values:
 <a href="" id="wirelessdisplay-allowprojectionfrompcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -309,38 +213,14 @@ The following list shows the supported values:
 <a href="" id="wirelessdisplay-allowprojectiontopc"></a>**WirelessDisplay/AllowProjectionToPC**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -385,38 +265,14 @@ The following list shows the supported values:
 <a href="" id="wirelessdisplay-allowprojectiontopcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionToPCOverInfrastructure**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -449,38 +305,14 @@ The following list shows the supported values:
 <a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
@ -513,38 +345,14 @@ The following list shows the supported values:
 <a href="" id="wirelessdisplay-requirepinforpairing"></a>**WirelessDisplay/RequirePinForPairing**  
 <!--SupportedSKUs-->
-<table>
+
-<tr>
+|Edition|Windows 10|Windows 11|
-    <th>Edition</th>
+|--- |--- |--- |
-    <th>Windows 10</th>
+|Home|No|No|
-    <th>Windows 11</th>
+|Pro|Yes|Yes|
-</tr>
+|Business|Yes|Yes|
-<tr>
+|Enterprise|Yes|Yes|
-    <td>Home</td>
+|Education|Yes|Yes|
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@ -17,7 +17,8 @@ ms.date: 06/26/2017
 The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques.
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
+> [!NOTE]
 > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
 The following shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for initial bootstrapping of the device. The OMA DM protocol is not supported by this configuration service provider.
@ -151,36 +152,12 @@ The following table shows the Microsoft custom elements that this configuration
 These features are available only for the device technique. In addition, the parameter-query and characteristic-query features are not supported for all PXPHYSICAL proxy parameters for all PXADDR types. All parameters can be queried when the PXPHYSICAL proxy PXADDRType is IPv4. For example, if a mobile operator queries the TO-NAPID parameter of a PXPHYSICAL proxy and the PXADDR Type is E164, a noparm is returned.
-<table>
+|Feature|Available|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|parm-query|Yes|
-<col width="50%" />
+|noparm|Yes|
-</colgroup>
+|nocharacteristic|Yes|
-<thead>
+|characteristic-query|Yes|
 <tr class="header">
 <th>Feature</th>
 <th>Available</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>parm-query</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>noparm</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
 <td><p>nocharacteristic</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>characteristic-query</p></td>
 <td><p>Yes</p></td>
 </tr>
 </tbody>
 </table>
@ -189,12 +166,3 @@ These features are available only for the device technique. In addition, the par
 [Configuration service provider reference](configuration-service-provider-reference.md)
--- a/windows/client-management/mdm/reclaim-seat-from-user.md
+++ b/windows/client-management/mdm/reclaim-seat-from-user.md
@ -18,120 +18,31 @@ The **Reclaim seat from user** operation returns reclaimed seats for a user in t
 ## Request
-<table>
+|Method|Request URI|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|DELETE|`https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}`|
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th>Method</th>
 <th>Request URI</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>DELETE</p></td>
 <td><p>https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}</p></td>
 </tr>
 </tbody>
 </table>
 ### URI parameters
 The following parameters may be specified in the request URI.
-<table>
+|Parameter|Type|Description|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
-<col width="33%" />
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
-<col width="33%" />
+|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|
 </colgroup>
 <thead>
 <tr class="header">
 <th>Parameter</th>
 <th>Type</th>
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>productId</p></td>
 <td><p>string</p></td>
 <td><p>Required. Product identifier for an application that is used by the Store for Business.</p></td>
 </tr>
 <tr class="even">
 <td><p>skuId</p></td>
 <td><p>string</p></td>
 <td><p>Required. Product identifier that specifies a specific SKU of an application.</p></td>
 </tr>
 <tr class="odd">
 <td><p>username</p></td>
 <td><p>string</p></td>
 <td><p>Requires UserPrincipalName (UPN). User name of the target user account.</p></td>
 </tr>
 </tbody>
 </table>
 ## Response
 ### Response body
 The response body contain [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
-<table>
+|Error code|Description|Retry|Data field|Details|
-<colgroup>
+|--- |--- |--- |--- |--- |
-<col width="20%" />
+|400|Invalid parameters|No|Parameter name<br>Reason: Invalid parameter<br>Details: String|Invalid can include productId, skuId or userName|
-<col width="20%" />
+|404|Not found||Item type: Inventory, User, Seat<br>Values: ProductId/SkuId, UserName,<br>ProductId/SkuId/UserName|ItemType: Inventory, User, Seat<br>Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName|
-<col width="20%" />
+|409|Conflict||Reason: Not online||
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th>Error code</th>
 <th>Description</th>
 <th>Retry</th>
 <th>Data field</th>
 <th>Details</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>400</p></td>
 <td><p>Invalid parameters</p></td>
 <td><p>No</p></td>
 <td><p>Parameter name</p>
 <p>Reason: Invalid parameter</p>
 <p>Details: String</p></td>
 <td><p>Invalid can include productId, skuId or userName</p></td>
 </tr>
 <tr class="even">
 <td><p>404</p></td>
 <td><p>Not found</p></td>
 <td></td>
 <td><p>Item type: Inventory, User, Seat</p>
 <p>Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName</p></td>
 <td><p>ItemType: Inventory, User, Seat</p>
 <p>Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName</p></td>
 </tr>
 <tr class="odd">
 <td><p>409</p></td>
 <td><p>Conflict</p></td>
 <td></td>
 <td><p>Reason: Not online</p></td>
 <td></td>
 </tr>
 </tbody>
 </table>
--- a/windows/client-management/mdm/registry-csp.md
+++ b/windows/client-management/mdm/registry-csp.md
@ -33,7 +33,7 @@ For OMA Client Provisioning, the follows notes apply:
 -   This documentation describes the default characteristics. Additional characteristics may be added.
-   Because the **Registry** configuration service provider uses the backslash (\\) character as a separator between key names, backslashes which occur in the name of a registry key must be escaped. Backslashes can be escaped by using two sequential backslashes (\\\\).
+-   Because the **Registry** configuration service provider uses the backslash (\\) character as a separator between key names, backslashes, which occur in the name of a registry key must be escaped. Backslashes can be escaped by using two sequential backslashes (\\\\).
 The default security role maps to each subnode unless specific permission is granted to the subnode. The security role for subnodes is implementation specific, and can be changed by OEMs and mobile operators.
@ -41,38 +41,12 @@ The default security role maps to each subnode unless specific permission is gra
 The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
-<table>
+|Elements|Available|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Parm-query|Yes|
-<col width="50%" />
+|Noparm|Yes|
-</colgroup>
+|Uncharacteristic|Yes|
-<thead>
+|Characteristic-query|Yes<br/><br/>Recursive query: Yes<br/><br/>Top-level query: No|
 <tr class="header">
 <th>Elements</th>
 <th>Available</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>parm-query</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>noparm</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
 <td><p>nocharacteristic</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>characteristic-query</p></td>
 <td><p>Yes</p>
 <p>Recursive query: Yes</p>
 <p>Top level query: No</p></td>
 </tr>
 </tbody>
 </table>
 Use these elements to build standard OMA Client Provisioning configuration XML. For information about specific elements, see MSPROV DTD elements.
@ -82,62 +56,16 @@ Use these elements to build standard OMA Client Provisioning configuration XML.
 The following table shows the data types this configuration service provider supports.
-<table>
+|XML Data Type|Native Registry Type|XML Format|
-<colgroup>
+|--- |--- |--- |
-<col width="15%" />
+|Integer|REG_DWORD|Integer. A query of this parameter returns an integer type.|
-<col width="15%" />
+|Boolean|REG_DWORD|Integer value of 1 or 0. A query of this parameter returns an integer type.|
-<col width="70%" />
+|Float|REG_SZ|Float. A query of this parameter returns a string type.|
-</colgroup>
+|String|REG_SZ|String. A query of this parameter returns a string type.|
-<thead>
+|multiple string|REG_MULTI_SZ|Multiple strings are separated by **&#xF000** and ended with two **&#xF000** - A query of this parameter returns a multi-string type.|
-<tr class="header">
+|Binary|REG_BINARY|Base64 encoded. A query of this parameter returns a binary type.|
-<th>XML Data Type</th>
+|Time|FILETIME in REG_BINARY|The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.|
-<th>Native Registry Type</th>
+|Date|FILETIME in REG_BINARY|The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.|
 <th>XML Format</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>integer</p></td>
 <td><p>REG_DWORD</p></td>
 <td><p>Integer. A query of this parameter returns an integer type.</p></td>
 </tr>
 <tr class="even">
 <td><p>boolean</p></td>
 <td><p>REG_DWORD</p></td>
 <td><p>Integer value of 1 or 0. A query of this parameter returns an integer type.</p></td>
 </tr>
 <tr class="odd">
 <td><p>float</p></td>
 <td><p>REG_SZ</p></td>
 <td><p>Float. A query of this parameter returns a string type.</p></td>
 </tr>
 <tr class="even">
 <td><p>string</p></td>
 <td><p>REG_SZ</p></td>
 <td><p>String. A query of this parameter returns a string type.</p></td>
 </tr>
 <tr class="odd">
 <td><p>multiplestring</p></td>
 <td><p>REG_MULTI_SZ</p></td>
 <td><p>Multiple strings are separated by <strong>&amp;#xF000;</strong> and ended with two <strong>&amp;#xF000;</strong> - A query of this parameter returns a multistring type.</p></td>
 </tr>
 <tr class="even">
 <td><p>binary</p></td>
 <td><p>REG_BINARY</p></td>
 <td><p>Base64 encoded. A query of this parameter returns a binary type.</p></td>
 </tr>
 <tr class="odd">
 <td><p>time</p></td>
 <td><p>FILETIME in REG_BINARY</p></td>
 <td><p>The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the &quot;T&quot; delimiter. A query of this parameter returns a binary type.</p></td>
 </tr>
 <tr class="even">
 <td><p>date</p></td>
 <td><p>FILETIME in REG_BINARY</p></td>
 <td><p>The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the &quot;T&quot; delimiter. A query of this parameter returns a binary type.</p></td>
 </tr>
 </tbody>
 </table>
@ -147,13 +75,3 @@ It is not possible to access registry keys nested under the current path by usin
 [Configuration service provider reference](configuration-service-provider-reference.md)
--- a/windows/client-management/mdm/remotelock-csp.md
+++ b/windows/client-management/mdm/remotelock-csp.md
@ -26,71 +26,21 @@ The RemoteLock CSP supports the ability to lock a device that has a PIN set on t
 <a href="" id="lock"></a>**Lock**
 Required. The setting accepts requests to lock the device screen. The device screen will lock immediately if a PIN has been set. If no PIN is set, the lock request is ignored and the OMA DM (405) Forbidden error is returned over the management channel. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification. The supported operations are Get and Exec.
-<table>
+|Status|Description|Meaning [Standard]|
-<colgroup>
+|--- |--- |--- |
-<col width="20%" />
+|(200) OK|The device was successfully locked.|The command and the associated Alert action are completed successfully.|
-<col width="40%" />
+|(405)|The device could not be locked because there is no PIN currently set on the device.|The requested command is not allowed on the target.|
-<col width="40%" />
+|(500) Command failed|The device was not locked for some unknown reason.|Non-specific errors were created by the recipient while attempting to complete the command.|
 </colgroup>
 <thead>
 <tr class="header">
 <th>Status</th>
 <th>Description</th>
 <th>Meaning [Standard]</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>(200) OK</p></td>
 <td><p>The device was successfully locked.</p></td>
 <td><p>The command and the associated Alert action are completed successfully.</p></td>
 </tr>
 <tr class="even">
 <td><p>(405)</p></td>
 <td><p>The device could not be locked because there is no PIN currently set on the device.</p></td>
 <td><p>The requested command is not allowed on the target.</p></td>
 </tr>
 <tr class="odd">
 <td><p>(500) Command failed</p></td>
 <td><p>The device was not locked for some unknown reason.</p></td>
 <td><p>Non-specific errors were created by the recipient while attempting to complete the command.</p></td>
 </tr>
 </tbody>
 </table>
 <a href="" id="lockandresetpin"></a>**LockAndResetPIN**
 This setting can be used to lock and reset the PIN on the device. It is used in conjunction with the NewPINValue node. After the **Exec** operation is called successfully on this node, the previous PIN will no longer work and cannot be recovered. The supported operation is Exec.
 This node will return the following status. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification.
-<table>
+|Status|Description|Meaning|
-<colgroup>
+|--- |--- |--- |
-<col width="20%" />
+|(200) OK|The device has been locked with a new password which has been reset.|The command and the associated Alert action are completed successfully.|
-<col width="40%" />
+|(500) Command failed|N/A|Non-specific errors were created by the recipient while attempting to complete the command.|
 <col width="<40></40>%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th>Status</th>
 <th>Description</th>
 <th>Meaning</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>(200) OK</p></td>
 <td><p>The device has been locked with a new password which has been reset.</p></td>
 <td><p>The command and the associated Alert action are completed successfully.</p></td>
 </tr>
 <tr class="even">
 <td><p>(500) Command failed</p></td>
 <td><p>N/A</p></td>
 <td><p>Non-specific errors were created by the recipient while attempting to complete the command.</p></td>
 </tr>
 </tbody>
 </table>
 <a href="" id="lockandrecoverpin"></a>**LockAndRecoverPIN**
 Added in Windows 10, version 1703. This setting performs a similar function to the LockAndResetPIN node. With LockAndResetPIN any Windows Hello keys associated with the PIN gets deleted, but with LockAndRecoverPIN those keys are saved. After the Exec operation is called successfully on this setting, the new PIN can be retrieved from the NewPINValue setting. The previous PIN will no longer work.
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@ -17,7 +17,8 @@ ms.date: 06/26/2017
 The SecurityPolicy configuration service provider is used to configure security policy settings for WAP push, OMA Client Provisioning, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
->  **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_SECURITY\_POLICIES capabilities to be accessed from a network configuration application.
+> [!NOTE]
 > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_SECURITY\_POLICIES capabilities to be accessed from a network configuration application.
@ -36,122 +37,78 @@ Defines the security policy identifier as a decimal value.
 The following security policies are supported.
-<table>
+- **PolicyID**: 4104 | Hex: 1008
-<colgroup>
+  - **Policy name**: TPS Policy
-<col width="15%" />
+  - **Policy description**: This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.
-<col width="25%" />
+    - Default value: 1
-<col width="55%" />
+    - Supported values:
-</colgroup>
+      - 0: The TPS role assignment is disabled.
-<thead>
+      - 1: The TPS role assignment is enabled, and can be assigned to mobile operators.
-<tr class="header">
+
-<th>PolicyID</th>
+- **PolicyID**: 4105 | Hex: 1009
-<th>Policy name</th>
+  - **Policy name**: Message Authentication Retry Policy
-<th>Policy description</th>
+  - **Policy description**: This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.
-</tr>
+    - Default value: 3
-</thead>
+    - Supported values: 0 through 256
-<tbody>
+
-<tr class="odd">
+- **PolicyID**: 4108 | Hex: 100c
-<td><p>4104</p>
+  - **Policy name**: Service Loading Policy
-<p>Hex: 1008</p></td>
+  - **Policy description**: This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.
-<td><p>TPS Policy</p></td>
+    - Default value: 256 (SECROLE_KNOWN_PPG)
-<td><p>This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.</p>
+    - Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
-<p>Default value: 1</p>
+
-<p>Supported values:</p>
+- **PolicyID**: 4109 | Hex:100d
-<p>0: The TPS role assignment is disabled.</p>
+  - **Policy name**: Service Indication Policy
-<p>1: The TPS role assignment is enabled, and can be assigned to mobile operators.</p></td>
+  - **Policy description**: This setting indicates whether SI messages are accepted, by specifying the security roles that can accept SI messages. An SI message is sent to the device to notify users of new services, service updates, and provisioning services.
-</tr>
+    - Default value: 256 (SECROLE_KNOWN_PPG)
-<tr class="even">
+    - Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
-<td><p>4105</p>
+
-<p>Hex: 1009</p></td>
+- **PolicyID**: 4111 | Hex:100f
-<td><p>Message Authentication Retry Policy</p></td>
+  - **Policy name**: OTA Provisioning Policy
-<td><p>This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.</p>
+  - **Policy description**: This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for an carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.
-<p>Default value: 3</p>
+    - Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)
-<p>Possible values: 0 through 256.</p></td>
+    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS
-</tr>
+
-<tr class="odd">
+- **PolicyID**: 4113 | Hex:1011
-<td><p>4108</p>
+  - **Policy name**: WSP Push Policy
-<p>Hex: 100c</p></td>
+  - **Policy description**: This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.
-<td><p>Service Loading Policy</p></td>
+    - Default value: 1
-<td><p>This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.</p>
+    - Supported values: 
-<p>Default value: 256 (SECROLE_KNOWN_PPG)</p>
+      - 0: Routing of WSP notifications is not allowed.
-<p>Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG</p>
+      - 1: Routing of WSP notifications is allowed.
-<p></p></td>
+
-</tr>
+- **PolicyID**: 4132 | Hex:1024
-<tr class="even">
+  - **Policy name**: Network PIN signed OTA Provision Message User Prompt Policy
-<td><p>4109</p>
+  - **Policy description**: This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message.
-<p>Hex:100d</p></td>
+    - Default value: 0
-<td><p>Service Indication Policy</p></td>
+    - Supported values: 
-<td><p>This setting indicates whether SI messages are accepted, by specifying the security roles that can accept SI messages. An SI message is sent to the device to notify users of new services, service updates, and provisioning services.</p>
+      - 0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.
-<p>Default value: 256 (SECROLE_KNOWN_PPG)</p>
+      - 1: There is no user prompt.
-<p>Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG</p></td>
+
-</tr>
+- **PolicyID**: 4141 | Hex:102d
-<tr class="odd">
+  - **Policy name**: OMA CP NETWPIN Policy
-<td><p>4111</p>
+  - **Policy description**: This setting determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
-<p>Hex:100f</p></td>
+    - Default value: 0
-<td><p>OTA Provisioning Policy</p></td>
+    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE , SECROLE_OPERATOR_TPS
-<td><p>This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for an carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.</p>
+
-<p>Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)</p>
+- **PolicyID**: 4142 | Hex:102e
-<p>Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS</p>
+  - **Policy name**: OMA CP USERPIN Policy
-<p></p></td>
+  - **Policy description**: This setting determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
-</tr>
+    - Default value: 256
-<tr class="even">
+    - Supported values: SECROLE_OPERATOR_TPS, SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
-<td><p>4113</p>
+
-<p>Hex:1011</p></td>
+- **PolicyID**: 4143 | Hex:102f
-<td><p>WSP Push Policy</p></td>
+  - **Policy name**: OMA CP USERNETWPIN Policy
-<td><p>This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.</p>
+  - **Policy description**: This setting determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
-<p>Default value: 1</p>
+    - Default value: 256
-<p>Supported values:</p>
+    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS
-<p>0: Routing of WSP notifications is not allowed.</p>
+
-<p>1: Routing of WSP notifications is allowed.</p></td>
+- **PolicyID**: 4144 | Hex:1030
-</tr>
+  - **Policy name**: MMS Message Policy
-<tr class="odd">
+  - **Policy description**: This setting determines whether MMS messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the roles in the role mask, then the message is processed.
-<td><p>4132</p>
+    - Default value: 256 (SECROLE_KNOWN_PPG)
-<p>Hex:1024</p></td>
+    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE
 <td><p>Network PIN signed OTA Provision Message User Prompt Policy</p></td>
 <td><p>This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message.</p>
 <p>Default value: 0</p>
 <p>Supported values:</p>
 <p>0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.</p>
 <p>1: There is no user prompt.</p></td>
 </tr>
 <tr class="even">
 <td><p>4141</p>
 <p>Hex:102d</p></td>
 <td><p>OMA CP NETWPIN Policy</p></td>
 <td><p>This setting determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.</p>
 <p>Default value: 0</p>
 <p>Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE , SECROLE_OPERATOR_TPS</p>
 <p></p></td>
 </tr>
 <tr class="odd">
 <td><p>4142</p>
 <p>Hex:102e</p></td>
 <td><p>OMA CP USERPIN Policy</p></td>
 <td><p>This setting determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.</p>
 <p>Default value: 256</p>
 <p>Supported values: SECROLE_OPERATOR_TPS, SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG</p></td>
 </tr>
 <tr class="even">
 <td><p>4143</p>
 <p>Hex:102f</p></td>
 <td><p>OMA CP USERNETWPIN Policy</p></td>
 <td><p>This setting determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.</p>
 <p>Default value: 256</p>
 <p>Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS</p>
 <p></p></td>
 </tr>
 <tr class="odd">
 <td><p>4144</p>
 <p>Hex:1030</p></td>
 <td><p>MMS Message Policy</p></td>
 <td><p>This setting determines whether MMS messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the roles in the role mask, then the message is processed.</p>
 <p>Default value: 256 (SECROLE_KNOWN_PPG)</p>
 <p>Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE</p></td>
 </tr>
 </tbody>
 </table>
 ## Remarks
@ -160,41 +117,11 @@ Security roles allow or restrict access to device resources. The security role i
 The following security roles are supported.
-<table>
+|Security role|Decimal value|Description|
-<colgroup>
+|--- |--- |--- |
-<col width="15%" />
+|SECROLE_OPERATOR_TPS|128|Trusted Provisioning Server.<br>Assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device.<br>The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.|
-<col width="25%" />
+|SECROLE_KNOWN_PPG|256|Known Push Proxy Gateway.<br>Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.|
-<col width="33%" />
+|SECROLE_ANY_PUSH_SOURCE|4096|Push Router.<br>Messages received by the push router will be assigned to this role.|
 </colgroup>
 <thead>
 <tr class="header">
 <th>Security role</th>
 <th>Decimal value</th>
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>SECROLE_OPERATOR_TPS</p></td>
 <td><p>128</p></td>
 <td><p>Trusted Provisioning Server.</p>
 <p>Assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device.</p>
 <p>The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.</p></td>
 </tr>
 <tr class="even">
 <td><p>SECROLE_KNOWN_PPG</p></td>
 <td><p>256</p></td>
 <td><p>Known Push Proxy Gateway.</p>
 <p>Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.</p></td>
 </tr>
 <tr class="odd">
 <td><p>SECROLE_ANY_PUSH_SOURCE</p></td>
 <td><p>4096</p></td>
 <td><p>Push Router.</p>
 <p>Messages received by the push router will be assigned to this role.</p></td>
 </tr>
 </tbody>
 </table>
@ -271,28 +198,10 @@ Querying a security policy:
 The following table shows the Microsoft custom elements that this Configuration Service Provider supports for OMA Client Provisioning.
-<table>
+|Elements|Available|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|parm-query|Yes|
-<col width="50%" />
+|noparm|Yes. If this is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).|
 </colgroup>
 <thead>
 <tr class="header">
 <th>Elements</th>
 <th>Available</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>parm-query</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>noparm</p></td>
 <td><p>Yes. If this is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).</p></td>
 </tr>
 </tbody>
 </table>
@ -300,13 +209,3 @@ The following table shows the Microsoft custom elements that this Configuration
 [Configuration service provider reference](configuration-service-provider-reference.md)
--- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
@ -22,32 +22,10 @@ Each message is composed of a header, specified by the SyncHdr element, and a me
 The following table shows the OMA DM versions that are supported.
-<table>
+|Version|Format|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|OMA DM version 1.1.2|<code>&lt;SyncML xmlns='SYNCML:SYNCML1.1'&gt;</code></p><p><code>&lt;/SyncML&gt;</code>|
-<col width="50%" />
+|OMA DM version 1.2|<code>&lt;SyncML xmlns='SYNCML:SYNCML1.2'&gt;</code></p><p><code>&lt;/SyncML&gt;</code>|
 </colgroup>
 <thead>
 <tr class="header">
 <th>Version</th>
 <th>Format</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>OMA DM version 1.1.2</p></td>
 <td><p><code>&lt;SyncML xmlns='SYNCML:SYNCML1.1'&gt;</code></p>
 <p><code>&lt;/SyncML&gt;</code></p></td>
 </tr>
 <tr class="even">
 <td><p>OMA DM version 1.2</p></td>
 <td><p><code>&lt;SyncML xmlns='SYNCML:SYNCML1.2'&gt;</code></p>
 <p><code>&lt;/SyncML&gt;</code></p></td>
 </tr>
 </tbody>
 </table>
 ## File format
@ -103,7 +81,8 @@ This information is used to by the client device to properly manage the DM sessi
 The following example shows the header component of a DM message. In this case, OMA DM version 1.2 is used as an example only.
-> **Note**   The &lt;LocURI&gt; node value for the &lt;Source&gt; element in the SyncHdr of the device-generated DM package should be the same as the value of ./DevInfo/DevID. For more information about DevID, see [DevInfo configuration service provider](devinfo-csp.md).
+> [!NOTE]
 > The `<LocURI>` node value for the `<Source>` element in the SyncHdr of the device-generated DM package should be the same as the value of ./DevInfo/DevID. For more information about DevID, see [DevInfo configuration service provider](devinfo-csp.md).
@ -147,7 +126,7 @@ The following example shows the body component of a DM message. In this example,
 When using SyncML for OMA DM provisioning, a LocURI in SyncBody can have a "." as a valid segment name only in the first segment. However, a "." is not a valid segment name for the other segments. For example, the following LocURI is not valid because the segment name of the seventh segment is a ".".
-```
+```xml
 <LocURI>./Vendor/MSFT/Registry/HKLM/Security/./Test</LocURI>
 ```
@ -188,11 +167,3 @@ The following example illustrates how to use the Replace command to update a dev
   <Final />
 </SyncBody>
 ```
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@ -16,56 +16,30 @@ ms.date: 09/12/2019
 The SUPL configuration service provider is used to configure the location client, as shown in the following table:
-<table>
+- **Location Service**: Connection type
-<colgroup>
+  - **SUPL**: All connections other than CDMA
-<col width="20%" />
+  - **V2 UPL**: CDMA
 <col width="40%" />
 <col width="40%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th>Location Service</th>
 <th>SUPL</th>
 <th>V2 UPL</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>Connection type</p></td>
 <td><p>All connections other than CDMA</p></td>
 <td><p>CDMA</p></td>
 </tr>
 <tr class="even">
 <td><p>Configuration</p></td>
 <td><ul>
 <li><p>Settings that need to get pushed to the GNSS driver to configure the SUPL behavior:</p>
 <ul>
 <li><p>Address of the Home SUPL (H-SLP) server.</p></li>
 <li><p>H-SLP server certificate.</p></li>
 <li><p>Positioning method.</p></li>
 <li><p>Version of the protocol to use by default.</p></li>
 </ul></li>
 <li><p>MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.</p></li>
 </ul></td>
 <td><ul>
 <li><p>Address of the server — a mobile positioning center for non-trusted mode.</p></li>
 <li><p>The positioning method used by the MPC for non-trusted mode.</p></li>
 </ul></td>
 </tr>
 </tbody>
 </table>
- 
+- **Location Service**: Configuration
  - **SUPL**: 
    - Settings that need to get pushed to the GNSS driver to configure the SUPL behavior:
      - Address of the Home SUPL (H-SLP) server.
      - H-SLP server certificate.
      - Positioning method.
      - Version of the protocol to use by default.
    - MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.
  - **V2 UPL**: 
    - Address of the server — a mobile positioning center for non-trusted mode.
    - The positioning method used by the MPC for non-trusted mode.
 The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted, a new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used.
 The following shows the SUPL configuration service provider management object in tree format as used by OMA DM and OMA Client Provisioning.
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION capability to be accessed from a network configuration application.
+> [!NOTE]
 > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION capability to be accessed from a network configuration application. 
- 
+```console
 ```
 ./Vendor/MSFT/
 SUPL
 ----SUPL1
@ -97,6 +71,7 @@ SUPL
 --------NIDefaultTimeout 
 --------ServerAccessInterval
 ```
 <a href="" id="supl1"></a>**SUPL1**  
 Required for SUPL. Defines the account for the SUPL Enabled Terminal (SET) node. Only one SUPL account is supported at a given time.
@ -126,50 +101,21 @@ For OMA DM, if the format for this node is incorrect the entry will be ignored a
 <a href="" id="highaccpositioningmethod"></a>**HighAccPositioningMethod**  
 Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers:
-<table>
+|Value|Description|
-<colgroup>
+|--- |--- |
-<col width="15%" />
+|0|None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.|
-<col width="85%" />
+|1|Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.|
-</colgroup>
+|2|Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.|
-<thead>
+|3|Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.|
-<tr class="header">
+|4|OTDOA|
-<th>Value</th>
+|5|AFLT|
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>0</p></td>
 <td><p>None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.</p></td>
 </tr>
 <tr class="even">
 <td><p>1</p></td>
 <td><p>Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.</p></td>
 </tr>
 <tr class="odd">
 <td><p>2</p></td>
 <td><p>Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.</p></td>
 </tr>
 <tr class="even">
 <td><p>3</p></td>
 <td><p>Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.</p></td>
 </tr>
 <tr class="odd">
 <td><p>4</p></td>
 <td><p>OTDOA</p></td>
 </tr>
 <tr class="even">
 <td><p>5</p></td>
 <td><p>AFLT</p></td>
 </tr>
 </tbody>
 </table>
 The default is 0. The default method in Windows devices provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services.
-> **Important**   The Mobile Station Assisted, OTDOA, and AFLT positioning methods must only be configured for test purposes.
+> [!IMPORTANT]
 > The Mobile Station Assisted, OTDOA, and AFLT positioning methods must only be configured for test purposes.
@ -180,44 +126,13 @@ Optional. Boolean. Specifies whether the location toggle on the **location** scr
 This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
-<table>
+|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|On|0|Yes|
-<col width="33%" />
+|On|1|Yes|
-<col width="33%" />
+|Off|0|Yes|
-</colgroup>
+|Off|1|No (unless privacyOverride is set)|
 <thead>
 <tr class="header">
 <th>Location toggle setting</th>
 <th>LocMasterSwitchDependencyNII setting</th>
 <th>NI request processing allowed</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>On</p></td>
 <td><p>0</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>On</p></td>
 <td><p>1</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
 <td><p>Off</p></td>
 <td><p>0</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>Off</p></td>
 <td><p>1</p></td>
 <td><p>No (unless privacyOverride is set)</p></td>
 </tr>
 </tbody>
 </table>
 When the location toggle is set to Off and this value is set to 1, the following application requests will fail:
@ -309,46 +224,18 @@ Optional. The address of the Position Determination Entity (PDE), in the format
 <a href="" id="positioningmethod-mr"></a>**PositioningMethod\_MR**  
 Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers:
-<table>
+|Value|Description|
-<colgroup>
+|--- |--- |
-<col width="15%" />
+|0|None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.|
-<col width="85%" />
+|1|Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.|
-</colgroup>
+|2|Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.|
-<thead>
+|3|Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.|
-<tr class="header">
+|4|AFLT|
 <th>Value</th>
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>0</p></td>
 <td><p>None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.</p></td>
 </tr>
 <tr class="even">
 <td><p>1</p></td>
 <td><p>Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.</p></td>
 </tr>
 <tr class="odd">
 <td><p>2</p></td>
 <td><p>Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.</p></td>
 </tr>
 <tr class="even">
 <td><p>3</p></td>
 <td><p>Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.</p></td>
 </tr>
 <tr class="odd">
 <td><p>4</p></td>
 <td><p>AFLT</p></td>
 </tr>
 </tbody>
 </table>
 The default is 0. The default method provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services.
->  **Important**   The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes.
+> [!IMPORTANT]
 > The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes.
@ -359,44 +246,12 @@ Optional. Boolean. Specifies whether the location toggle on the **location** scr
 This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
-<table>
+|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|On|0|Yes|
-<col width="33%" />
+|On|1|Yes|
-<col width="33%" />
+|Off|0|Yes|
-</colgroup>
+|Off|1|No (unless privacyOverride is set)|
 <thead>
 <tr class="header">
 <th>Location toggle setting</th>
 <th>LocMasterSwitchDependencyNII setting</th>
 <th>NI request processing allowed</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>On</p></td>
 <td><p>0</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>On</p></td>
 <td><p>1</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
 <td><p>Off</p></td>
 <td><p>0</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>Off</p></td>
 <td><p>1</p></td>
 <td><p>No (unless privacyOverride is set)</p></td>
 </tr>
 </tbody>
 </table>
 When the location toggle is set to Off and this value is set to 1, the following application requests will fail:
@ -584,30 +439,10 @@ Adding a SUPL account to a device. Values in italic must be replaced with correc
 The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
-<table>
+|Elements|Available|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|parm-query|Yes|
-<col width="50%" />
+|characteristic-query|Yes <br/><br/>Recursive query: No<br/><br/>Top level query: No|
 </colgroup>
 <thead>
 <tr class="header">
 <th>Elements</th>
 <th>Available</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>parm-query</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>characteristic-query</p></td>
 <td><p>Yes</p>
 <p>Recursive query: No</p>
 <p>Top level query: No</p></td>
 </tr>
 </tbody>
 </table>
 ## Related topics
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@ -206,63 +206,22 @@ SurfaceHub
 <p>The data type is boolean. Supported operation is Get and Replace.
 <a href="" id="deviceaccount-errorcontext"></a>**DeviceAccount/ErrorContext**
 <p>If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values:
-<table>
+If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values:
-<colgroup>
+
-<col width="15%" />
+| ErrorContext value | Stage where error occurred | Description and suggestions |
-<col width="20%" />
+| --- | --- | --- |
-<col width="65%" />
+| 1 | Unknown | |
-</colgroup>
+| 2 | Populating account | Unable to retrieve account details using the username and password you provided.<br/><br/>-For Azure AD accounts, ensure that UserPrincipalName and Password are valid.<br/>-For AD accounts, ensure that DomainName, UserName, and Password are valid.<br/>-Ensure that the specified account has an Exchange server mailbox. |
-<thead>
+| 3 | Populating Exchange server address | Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field. |
-<tr class="header">
+| 4 | Validating Exchange server address | Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid. |
-<th>ErrorContext value</th>
+| 5 | Saving account information | Unable to save account details to the system. |
-<th>Stage where error occurred</th>
+| 6 | Validating EAS policies | The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide. |
-<th>Description and suggestions</th>
+
-</tr>
+The data type is integer. Supported operation is Get.
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>1</p></td>
 <td><p>Unknown</p></td>
 <td><p></p></td>
 </tr>
 <tr class="even">
 <td><p>2</p></td>
 <td><p>Populating account</p></td>
 <td><p>Unable to retrieve account details using the username and password you provided.</p>
 <ul>
 <li>For Azure AD accounts, ensure that UserPrincipalName and Password are valid.</li>
 <li>For AD accounts, ensure that DomainName, UserName, and Password are valid.</li>
 <li>Ensure that the specified account has an Exchange server mailbox.</li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td><p>3</p></td>
 <td><p>Populating Exchange server address</p></td>
 <td><p>Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field.</p></td>
 </tr>
 <tr class="even">
 <td><p>4</p></td>
 <td><p>Validating Exchange server address</p></td>
 <td><p>Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid.</p></td>
 </tr>
 <tr class="odd">
 <td><p>5</p></td>
 <td><p>Saving account information</p></td>
 <td><p>Unable to save account details to the system.</p></td>
 </tr>
 <tr class="even">
 <td><p>6</p></td>
 <td><p>Validating EAS policies</p></td>
 <td><p>The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide.</p></td>
 </tr>
 </tbody>
 </table>
 <p>The data type is integer. Supported operation is Get.
 <a href="" id="maintenancehourssimple-hours"></a>**MaintenanceHoursSimple/Hours**
 <p>Node for maintenance schedule.
 <a href="" id="maintenancehourssimple-hours-starttime"></a>**MaintenanceHoursSimple/Hours/StartTime**
@ -343,26 +302,11 @@ SurfaceHub
 <a href="" id="inboxapps-wirelessprojection-channel"></a>**InBoxApps/WirelessProjection/Channel**
 <p>Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification.
-<table>
+|Compatibility|Values|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Works with all Miracast senders in all regions|1, 3, 4, 5, 6, 7, 8, 9, 10, 11|
-<col width="50%" />
+|Works with all 5ghz band Miracast senders in all regions|36, 40, 44, 48|
-</colgroup>
+|Works with all 5ghz band Miracast senders in all regions except Japan|149, 153, 157, 161, 165|
 <tbody>
 <tr class="odd">
 <td><p>Works with all Miracast senders in all regions</p></td>
 <td><p>1, 3, 4, 5, 6, 7, 8, 9, 10, 11</p></td>
 </tr>
 <tr class="even">
 <td><p>Works with all 5ghz band Miracast senders in all regions</p></td>
 <td><p>36, 40, 44, 48</p></td>
 </tr>
 <tr class="odd">
 <td><p>Works with all 5ghz band Miracast senders in all regions except Japan</p></td>
 <td><p>149, 153, 157, 161, 165</p></td>
 </tr>
 </tbody>
 </table>
 <p>The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won&#39;t be looking for).
@ -397,50 +341,19 @@ SurfaceHub
 <p>The following table shows the permitted values.
-<table>
+|Value|Description|
-<thead>
+|--- |--- |
-<tr class="header">
+|0|Never time out|
-<th>Value</th>
+|1|1 minute|
-<th>Description</th>
+|2|2 minutes|
-</tr>
+|3|3 minutes|
-</thead>
+|5|5 minutes (default)|
-<tbody>
+|10|10 minutes|
-<tr>
+|15|15 minutes|
-<td>0</td>
+|30|30 minutes|
-<td>Never time out</td></tr>
+|60|1 hour|
-<tr>
+|120|2 hours|
-<td>1</td>
+|240|4 hours|
 <td>1 minute</td>
 </tr>
 <tr>
 <td>2</td>
 <td>2 minutes</td></tr>
 <tr>
 <td>3</td>
 <td>3 minutes</td></tr>
 <tr>
 <td>5</td>
 <td>5 minutes (default)</td></tr>
 <tr>
 <td>10</td>
 <td>10 minutes</td></tr>
 <tr>
 <td>15</td>
 <td>15 minutes</td></tr>
 <tr>
 <td>30</td>
 <td>30 minutes</td></tr>
 <tr>
 <td>60</td>
 <td>1 hour</td></tr>
 <tr>
 <td>120</td>
 <td>2 hours</td></tr>
 <tr>
 <td>240</td>
 <td>4 hours</td></tr>
 </tbody>
 </table>
 <p>The data type is integer. Supported operation is Get and Replace.
@ -449,50 +362,19 @@ SurfaceHub
 <p>The following table shows the permitted values.
-<table>
+|Value|Description|
-<thead>
+|--- |--- |
-<tr class="header">
+|0|Never time out|
-<th>Value</th>
+|1|1 minute (default)|
-<th>Description</th>
+|2|2 minutes|
-</tr>
+|3|3 minutes|
-</thead>
+|5|5 minutes|
-<tbody>
+|10|10 minutes|
-<tr>
+|15|15 minutes|
-<td>0</td>
+|30|30 minutes|
-<td>Never time out</td></tr>
+|60|1 hour|
-<tr>
+|120|2 hours|
-<td>1</td>
+|240|4 hours|
 <td>1 minute (default)</td>
 </tr>
 <tr>
 <td>2</td>
 <td>2 minutes</td></tr>
 <tr>
 <td>3</td>
 <td>3 minutes</td></tr>
 <tr>
 <td>5</td>
 <td>5 minutes</td></tr>
 <tr>
 <td>10</td>
 <td>10 minutes</td></tr>
 <tr>
 <td>15</td>
 <td>15 minutes</td></tr>
 <tr>
 <td>30</td>
 <td>30 minutes</td></tr>
 <tr>
 <td>60</td>
 <td>1 hour</td></tr>
 <tr>
 <td>120</td>
 <td>2 hours</td></tr>
 <tr>
 <td>240</td>
 <td>4 hours</td></tr>
 </tbody>
 </table>
 <p>The data type is integer. Supported operation is Get and Replace.
@ -501,50 +383,19 @@ SurfaceHub
 <p>The following table shows the permitted values.
-<table>
+|Value|Description|
-<thead>
+|--- |--- |
-<tr class="header">
+|0|Never time out|
-<th>Value</th>
+|1|1 minute|
-<th>Description</th>
+|2|2 minutes|
-</tr>
+|3|3 minutes|
-</thead>
+|5|5 minutes (default)|
-<tbody>
+|10|10 minutes|
-<tr>
+|15|15 minutes|
-<td>0</td>
+|30|30 minutes|
-<td>Never time out</td></tr>
+|60|1 hour|
-<tr>
+|120|2 hours|
-<td>1</td>
+|240|4 hours|
 <td>1 minute</td>
 </tr>
 <tr>
 <td>2</td>
 <td>2 minutes</td></tr>
 <tr>
 <td>3</td>
 <td>3 minutes</td></tr>
 <tr>
 <td>5</td>
 <td>5 minutes (default)</td></tr>
 <tr>
 <td>10</td>
 <td>10 minutes</td></tr>
 <tr>
 <td>15</td>
 <td>15 minutes</td></tr>
 <tr>
 <td>30</td>
 <td>30 minutes</td></tr>
 <tr>
 <td>60</td>
 <td>1 hour</td></tr>
 <tr>
 <td>120</td>
 <td>2 hours</td></tr>
 <tr>
 <td>240</td>
 <td>4 hours</td></tr>
 </tbody>
 </table>
 <p>The data type is integer. Supported operation is Get and Replace.
--- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
@ -19,9 +19,8 @@ ms.date: 06/26/2017
 Windows Management Infrastructure (WMI) providers (and the classes they support) are used to manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service. The following subsections show the list WMI MDM classes that are supported in Windows 10.
-> **Note**  Applications installed using WMI classes are not removed when the MDM account is removed from device.
+> [!NOTE]
-
+> Applications installed using WMI classes are not removed when the MDM account is removed from device. 
 The child node names of the result from a WMI query are separated by a forward slash (/) and not URI escaped. Here is an example query.
@ -51,163 +50,46 @@ Result
 ## MDM Bridge WMI classes
 For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
 ## MDM WMI classes
-<table>
+|Class|Test completed in Windows 10 for desktop|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|[**MDM_AppInstallJob**](/previous-versions/windows/desktop/mdmappprov/mdm-appinstalljob)|Currently testing.|
-<col width="50%" />
+|[**MDM_Application**](/previous-versions/windows/desktop/mdmappprov/mdm-application)|Currently testing.|
-</colgroup>
+|[**MDM_ApplicationFramework**](/previous-versions/windows/desktop/mdmappprov/mdm-applicationframework)|Currently testing.|
-<thead>
+|[**MDM_ApplicationSetting**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-applicationsetting)|Currently testing.|
-<tr class="header">
+|[**MDM_BrowserSecurityZones**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersecurityzones)|Yes|
-<th>Class</th>
+|[**MDM_BrowserSettings**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersettings)|Yes|
-<th>Test completed in Windows 10 for desktop</th>
+|[**MDM_Certificate**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificate)|Yes|
-</tr>
+|[**MDM_CertificateEnrollment**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificateenrollment)|Yes|
-</thead>
+|[**MDM_Client**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-client)|Currently testing.|
-<tbody>
+|[**MDM_ConfigSetting**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-configsetting)|Yes|
-<tr class="odd">
+|[**MDM_DeviceRegistrationInfo**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-deviceregistrationinfo)||
-<td><a href="/previous-versions/windows/desktop/mdmappprov/mdm-appinstalljob" data-raw-source="[&lt;strong&gt;MDM_AppInstallJob&lt;/strong&gt;](/previous-versions/windows/desktop/mdmappprov/mdm-appinstalljob)"><strong>MDM_AppInstallJob</strong></a></td>
+|[**MDM_EASPolicy**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-easpolicy)|Yes|
-<td><p>Currently testing.</p></td>
+|[**MDM_MgMtAuthority**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-mgmtauthority)|Yes|
-</tr>
+|**MDM_MsiApplication**||
-<tr class="even">
+|**MDM_MsiInstallJob**||
-<td><a href="/previous-versions/windows/desktop/mdmappprov/mdm-application" data-raw-source="[&lt;strong&gt;MDM_Application&lt;/strong&gt;](/previous-versions/windows/desktop/mdmappprov/mdm-application)"><strong>MDM_Application</strong></a></td>
+|[**MDM_RemoteApplication**](/previous-versions/windows/desktop/mdmappprov/mdm-remoteapplication)|Test not started.|
-<td><p>Currently testing.</p></td>
+|[**MDM_RemoteAppUseCookie**](/previous-versions/windows/desktop/mdmappprov/mdm-remoteappusercookie)|Test not started.|
-</tr>
+|[**MDM_Restrictions**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictions)|Yes|
-<tr class="odd">
+|[**MDM_RestrictionsUser**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictionsuser)|Test not started.|
-<td><a href="/previous-versions/windows/desktop/mdmappprov/mdm-applicationframework" data-raw-source="[&lt;strong&gt;MDM_ApplicationFramework&lt;/strong&gt;](/previous-versions/windows/desktop/mdmappprov/mdm-applicationframework)"><strong>MDM_ApplicationFramework</strong></a></td>
+|[**MDM_SecurityStatus**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatus)|Yes|
-<td><p>Currently testing.</p></td>
+|[**MDM_SideLoader**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-sideloader)||
-</tr>
+|[**MDM_SecurityStatusUser**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatususer)|Currently testing.|
-<tr class="even">
+|[**MDM_Updates**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-updates)|Yes|
-<td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-applicationsetting" data-raw-source="[&lt;strong&gt;MDM_ApplicationSetting&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-applicationsetting)"><strong>MDM_ApplicationSetting</strong></a></td>
+|[**MDM_VpnApplicationTrigger**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-vpnapplicationtrigger)|Yes|
-<td><p>Currently testing.</p></td>
+|**MDM_VpnConnection**||
-</tr>
+|[**MDM_WebApplication**](/previous-versions/windows/desktop/mdmappprov/mdm-webapplication)|Currently testing.|
-<tr class="odd">
+|[**MDM_WirelessProfile**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofile)|Yes|
-<td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersecurityzones" data-raw-source="[&lt;strong&gt;MDM_BrowserSecurityZones&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersecurityzones)"><strong>MDM_BrowserSecurityZones</strong></a></td>
+|[**MDM_WirelesssProfileXML**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofilexml)|Yes|
-<td>Yes</td>
+|[**MDM_WNSChannel**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnschannel)|Yes|
-</tr>
+|[**MDM_WNSConfiguration**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnsconfiguration)|Yes|
-<tr class="even">
+|[**MSFT_NetFirewallProfile**](/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile)|Yes|
-<td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersettings" data-raw-source="[&lt;strong&gt;MDM_BrowserSettings&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersettings)"><strong>MDM_BrowserSettings</strong></a></td>
+|[**MSFT_VpnConnection**](/previous-versions/windows/desktop/vpnclientpsprov/msft-vpnconnection)|Yes|
-<td>Yes</td>
+|[**SoftwareLicensingProduct**](/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct)||
-</tr>
+|[**SoftwareLicensingService**](/previous-versions/windows/desktop/sppwmi/softwarelicensingservice)||
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificate" data-raw-source="[&lt;strong&gt;MDM_Certificate&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificate)"><strong>MDM_Certificate</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificateenrollment" data-raw-source="[&lt;strong&gt;MDM_CertificateEnrollment&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificateenrollment)"><strong>MDM_CertificateEnrollment</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-client" data-raw-source="[&lt;strong&gt;MDM_Client&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-client)"><strong>MDM_Client</strong></a></td>
 <td><p>Currently testing.</p></td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-configsetting" data-raw-source="[&lt;strong&gt;MDM_ConfigSetting&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-configsetting)"><strong>MDM_ConfigSetting</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-deviceregistrationinfo" data-raw-source="[&lt;strong&gt;MDM_DeviceRegistrationInfo&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-deviceregistrationinfo)"><strong>MDM_DeviceRegistrationInfo</strong></a></td>
 <td></td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-easpolicy" data-raw-source="[&lt;strong&gt;MDM_EASPolicy&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-easpolicy)"><strong>MDM_EASPolicy</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-mgmtauthority" data-raw-source="[&lt;strong&gt;MDM_MgMtAuthority&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-mgmtauthority)"><strong>MDM_MgMtAuthority</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="even">
 <td><strong>MDM_MsiApplication</strong></td>
 <td></td>
 </tr>
 <tr class="odd">
 <td><strong>MDM_MsiInstallJob</strong></td>
 <td></td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmappprov/mdm-remoteapplication" data-raw-source="[&lt;strong&gt;MDM_RemoteApplication&lt;/strong&gt;](/previous-versions/windows/desktop/mdmappprov/mdm-remoteapplication)"><strong>MDM_RemoteApplication</strong></a></td>
 <td><p>Test not started.</p></td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmappprov/mdm-remoteappusercookie" data-raw-source="[&lt;strong&gt;MDM_RemoteAppUseCookie&lt;/strong&gt;](/previous-versions/windows/desktop/mdmappprov/mdm-remoteappusercookie)"><strong>MDM_RemoteAppUseCookie</strong></a></td>
 <td><p>Test not started.</p></td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictions" data-raw-source="[&lt;strong&gt;MDM_Restrictions&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictions)"><strong>MDM_Restrictions</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictionsuser" data-raw-source="[&lt;strong&gt;MDM_RestrictionsUser&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictionsuser)"><strong>MDM_RestrictionsUser</strong></a></td>
 <td><p>Test not started.</p></td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatus" data-raw-source="[&lt;strong&gt;MDM_SecurityStatus&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatus)"><strong>MDM_SecurityStatus</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-sideloader" data-raw-source="[&lt;strong&gt;MDM_SideLoader&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-sideloader)"><strong>MDM_SideLoader</strong></a></td>
 <td></td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatususer" data-raw-source="[&lt;strong&gt;MDM_SecurityStatusUser&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatususer)"><strong>MDM_SecurityStatusUser</strong></a></td>
 <td><p>Currently testing.</p></td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-updates" data-raw-source="[&lt;strong&gt;MDM_Updates&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-updates)"><strong>MDM_Updates</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-vpnapplicationtrigger" data-raw-source="[&lt;strong&gt;MDM_VpnApplicationTrigger&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-vpnapplicationtrigger)"><strong>MDM_VpnApplicationTrigger</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="odd">
 <td><strong>MDM_VpnConnection</strong></td>
 <td></td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmappprov/mdm-webapplication" data-raw-source="[&lt;strong&gt;MDM_WebApplication&lt;/strong&gt;](/previous-versions/windows/desktop/mdmappprov/mdm-webapplication)"><strong>MDM_WebApplication</strong></a></td>
 <td><p>Currently testing.</p></td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofile" data-raw-source="[&lt;strong&gt;MDM_WirelessProfile&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofile)"><strong>MDM_WirelessProfile</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofilexml" data-raw-source="[&lt;strong&gt;MDM_WirelesssProfileXML&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofilexml)"><strong>MDM_WirelesssProfileXML</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnschannel" data-raw-source="[&lt;strong&gt;MDM_WNSChannel&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnschannel)"><strong>MDM_WNSChannel</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnsconfiguration" data-raw-source="[&lt;strong&gt;MDM_WNSConfiguration&lt;/strong&gt;](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnsconfiguration)"><strong>MDM_WNSConfiguration</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile" data-raw-source="[&lt;strong&gt;MSFT_NetFirewallProfile&lt;/strong&gt;](/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile)"><strong>MSFT_NetFirewallProfile</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/vpnclientpsprov/msft-vpnconnection" data-raw-source="[&lt;strong&gt;MSFT_VpnConnection&lt;/strong&gt;](/previous-versions/windows/desktop/vpnclientpsprov/msft-vpnconnection)"><strong>MSFT_VpnConnection</strong></a></td>
 <td>Yes</td>
 </tr>
 <tr class="even">
 <td><a href="/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct" data-raw-source="[&lt;strong&gt;SoftwareLicensingProduct&lt;/strong&gt;](/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct)"><strong>SoftwareLicensingProduct</strong></a></td>
 <td></td>
 </tr>
 <tr class="odd">
 <td><a href="/previous-versions/windows/desktop/sppwmi/softwarelicensingservice" data-raw-source="[&lt;strong&gt;SoftwareLicensingService&lt;/strong&gt;](/previous-versions/windows/desktop/sppwmi/softwarelicensingservice)"><strong>SoftwareLicensingService</strong></a></td>
 <td></td>
 </tr>
 </tbody>
 </table>
 ### Parental control WMI classes
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@ -29,85 +29,24 @@ Windows 10 has a brand new Start experience. As a result, there are changes to
 These policy settings are available in **Administrative Templates\\Start Menu and Taskbar** under **User Configuration**.
-<table>
+|Policy|Notes|
-
+|--- |--- |
-<thead>
+|Clear history of recently opened documents on exit|Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.|
-<tr class="header">
+|Do not allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.|
-<th align="left">Policy</th>
+|Do not display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.|
-<th align="left">Notes</th>
+|Do not keep history of recently opened documents|Documents that the user opens are not tracked during the session.|
-</tr>
+|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this disables all of the settings in **Settings** > **Personalization** > **Start** as well as the options in dialog available via right-click Taskbar > **Properties**|
-</thead>
+|Prevent users from customizing their Start Screen|Use this policy in conjunction with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it|
-<tbody>
+|Prevent users from uninstalling applications from Start|In Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)|
-<tr class="odd">
+|Remove All Programs list from the Start menu|In Windows 10, this removes the **All apps** button.|
-<td align="left">Clear history of recently opened documents on exit</td>
+|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.|
-<td align="left">Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.</td>
+|Remove common program groups from Start Menu|As in earlier versions of Windows, this removes apps specified in the All Users profile from Start|
-</tr>
+|Remove frequent programs list from the Start Menu|In Windows 10, this removes the top left **Most used** group of apps.|
-<tr class="even">
+|Remove Logoff on the Start Menu|**Logoff** has been changed to **Sign Out** in the user interface, however the functionality is the same.|
-<td align="left">Do not allow pinning items in Jump Lists</td>
+|Remove pinned programs list from the Start Menu|In Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).|
-<td align="left">Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.</td>
+|Show "Run as different user" command on Start|This enables the **Run as different user** option in the right-click menu for apps.|
-</tr>
+|Start Layout|This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.|
-<tr class="odd">
+|Force Start to be either full screen size or menu size|This applies a specific size for Start.|
 <td align="left">Do not display or track items in Jump Lists from remote locations</td>
 <td align="left">When this policy is applied, only items local on the computer are shown in Jump Lists.</td>
 </tr>
 <tr class="even">
 <td align="left">Do not keep history of recently opened documents</td>
 <td align="left">Documents that the user opens are not tracked during the session.</td>
 </tr>
 <tr class="odd">
 <td align="left">Prevent changes to Taskbar and Start Menu Settings</td>
 <td align="left">In Windows 10, this disables all of the settings in <strong>Settings</strong> &gt; <strong>Personalization</strong> &gt; <strong>Start</strong> as well as the options in dialog available via right-click Taskbar &gt; <strong>Properties</strong></td>
 </tr>
 <tr class="even">
 <td align="left">Prevent users from customizing their Start Screen</td>
 <td align="left"><p>Use this policy in conjunction with a <a href="windows-10-start-layout-options-and-policies.md" data-raw-source="[customized Start layout](windows-10-start-layout-options-and-policies.md)">customized Start layout</a> to prevent users from changing it</p></td>
 </tr>
 <tr class="odd">
 <td align="left">Prevent users from uninstalling applications from Start</td>
 <td align="left">In Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)</td>
 </tr>
 <tr class="even">
 <td align="left">Remove All Programs list from the Start menu</td>
 <td align="left">In Windows 10, this removes the <strong>All apps</strong> button.</td>
 </tr>
 <tr class="odd">
 <td align="left">Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands</td>
 <td align="left">This removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.</td>
 </tr>
 <tr class="even">
 <td align="left">Remove common program groups from Start Menu</td>
 <td align="left">As in earlier versions of Windows, this removes apps specified in the All Users profile from Start</td>
 </tr>
 <tr class="odd">
 <td align="left">Remove frequent programs list from the Start Menu</td>
 <td align="left">In Windows 10, this removes the top left <strong>Most used</strong> group of apps.</td>
 </tr>
 <tr class="even">
 <td align="left">Remove Logoff on the Start Menu</td>
 <td align="left"><strong>Logoff</strong> has been changed to <strong>Sign Out</strong> in the user interface, however the functionality is the same.</td>
 </tr>
 <tr class="odd">
 <td align="left">Remove pinned programs list from the Start Menu</td>
 <td align="left">In Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).</td>
 </tr>
 <tr class="even">
 <td align="left">Show &quot;Run as different user&quot; command on Start</td>
 <td align="left">This enables the <strong>Run as different user</strong> option in the right-click menu for apps.</td>
 </tr>
 <tr class="odd">
 <td align="left">Start Layout</td>
 <td align="left"><p>This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in <strong>User Configuration</strong> or <strong>Computer Configuration</strong>.</p>
 <div>
 </div></td>
 </tr>
 <tr class="even">
 <td align="left">Force Start to be either full screen size or menu size</td>
 <td align="left">This applies a specific size for Start.</td>
 </tr>
 </tbody>
 </table>
 ## <a href="" id="deprecated-group-policy-settings-for-start-"></a>Deprecated Group Policy settings for Start
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@ -81,7 +81,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
 ## Export the Start layout
-When you have the Start layout that you want your users to see, use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell to export the Start layout to an .xml file. Start layout is located by default at C:\Users\username\AppData\Local\Microsoft\Windows\Shell\
+When you have the Start layout that you want your users to see, use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet in Windows PowerShell to export the Start layout to an .xml file. Start layout is located by default at C:\Users\username\AppData\Local\Microsoft\Windows\Shell\
 >[!IMPORTANT]
 >If you include secondary Microsoft Edge tiles (tiles that link to specific websites in Microsoft Edge), see [Add custom images to Microsoft Edge secondary tiles](start-secondary-tiles.md) for instructions.
@ -102,38 +102,25 @@ When you have the Start layout that you want your users to see, use the [Export-
    In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml).
-    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet does not append the file name extension, and the policy settings require the extension.
+    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet does not append the file name extension, and the policy settings require the extension.
    Example of a layout file produced by `Export-StartLayout`:
-    <span codelanguage="XML"></span>
+    ```xml
-    <table>
+    <LayoutModificationTemplate Version="1" xmlns="https://schemas.microsoft.com/Start/2014/LayoutModification">
-    <colgroup>
+          <DefaultLayoutOverride>
-    <col width="100%" />
+            <StartLayoutCollection>
-    </colgroup>
+              <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="https://schemas.microsoft.com/Start/2014/FullDefaultLayout">
-    <thead>
+                <start:Group Name="Life at a glance" xmlns:start="https://schemas.microsoft.com/Start/2014/StartLayout">
-    <tr class="header">
+                  <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
-    <th align="left">XML</th>
+                  <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI" />
-    </tr>
+                  <start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
-    </thead>
+                </start:Group>        
-    <tbody>
+              </defaultlayout:StartLayout>
-    <tr class="odd">
+            </StartLayoutCollection>
-    <td align="left"><pre><code>&lt;LayoutModificationTemplate Version=&quot;1&quot; xmlns=&quot;https://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt;
+          </DefaultLayoutOverride>
-      &lt;DefaultLayoutOverride&gt;
+        </LayoutModificationTemplate>
-        &lt;StartLayoutCollection&gt;
+    ```
          &lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot; xmlns:defaultlayout=&quot;https://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot;&gt;
            &lt;start:Group Name=&quot;Life at a glance&quot; xmlns:start=&quot;https://schemas.microsoft.com/Start/2014/StartLayout&quot;&gt;
              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;0&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge&quot; /&gt;
              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI&quot; /&gt;
              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;2&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
            &lt;/start:Group&gt;        
          &lt;/defaultlayout:StartLayout&gt;
        &lt;/StartLayoutCollection&gt;
      &lt;/DefaultLayoutOverride&gt;
    &lt;/LayoutModificationTemplate&gt;</code></pre></td>
    </tr>
    </tbody>
    </table>
 3. (Optional) Edit the .xml file to add [a taskbar configuration](configure-windows-10-taskbar.md) or to [modify the exported layout](start-layout-xml-desktop.md). When you make changes to the exported layout, be aware that [the order of the elements in the .xml file is critical.](start-layout-xml-desktop.md#required-order)
--- a/windows/configuration/lockdown-features-windows-10.md
+++ b/windows/configuration/lockdown-features-windows-10.md
@ -23,97 +23,18 @@ ms.localizationpriority: medium
 Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. This table maps Windows Embedded Industry 8.1 features to Windows 10 Enterprise features, along with links to documentation.
-<table>
+|Windows Embedded 8.1 Industry lockdown feature|Windows 10 feature|Changes|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|[Hibernate Once/Resume Many (HORM)](/previous-versions/windows/embedded/dn449302(v=winembedded.82)): Quick boot to device|[HORM](/windows-hardware/customize/enterprise/hibernate-once-resume-many-horm-)|HORM is supported in Windows 10, version 1607 and later.|
-<col width="33%" />
+|[Unified Write Filter](/previous-versions/windows/embedded/dn449332(v=winembedded.82)): protect a device's physical storage media|[Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter)|The Unified Write Filter is continued in Windows 10.|
-<col width="33%" />
+|[Keyboard Filter](/previous-versions/windows/embedded/dn449298(v=winembedded.82)): block hotkeys and other key combinations|[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)|Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via **Turn Windows Features On/Off**. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.|
-</colgroup>
+|[Shell Launcher](/previous-versions/windows/embedded/dn449423(v=winembedded.82)): launch a Windows desktop application on sign-on|[Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher)|Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the **SMISettings** category.<br>Learn [how to use Shell Launcher to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Windows desktop application.|
-<thead>
+|[Application Launcher](/previous-versions/windows/embedded/dn449251(v=winembedded.82)): launch a Universal Windows Platform (UWP) app on sign-on|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.|
-<tr class="header">
+|[Dialog Filter](/previous-versions/windows/embedded/dn449395(v=winembedded.82)): suppress system dialogs and control which processes can run|[AppLocker](/windows/device-security/applocker/applocker-overview)|Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.<li>Control over which processes are able to run will now be provided by AppLocker.<li>System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.|
-<th align="left">Windows Embedded 8.1 Industry lockdown feature</th>
+|[Toast Notification Filter](/previous-versions/windows/embedded/dn449360(v=winembedded.82)): suppress toast notifications|Mobile device management (MDM) and Group Policy|Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.<br>Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications**<br>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Allow action center notifications** and a [custom OMA-URI setting](https://go.microsoft.com/fwlink/p/?LinkID=616317) for **AboveLock/AllowActionCenterNotifications**.|
-<th align="left">Windows 10 feature</th>
+|[Embedded Lockdown Manager](/previous-versions/windows/embedded/dn449279(v=winembedded.82)): configure lockdown features|[Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd)|The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.|
-<th align="left">Changes</th>
+|[USB Filter](/previous-versions/windows/embedded/dn449350(v=winembedded.82)): restrict USB devices and peripherals on system|MDM and Group Policy|The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.<br> <br> Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Device Installation Restrictions**<br>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Removable storage**.|
-</tr>
+|[Assigned Access](/previous-versions/windows/embedded/dn449303(v=winembedded.82)): launch a UWP app on sign-in and lock access to system|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.<br>In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.<br><br>Learn [how to use Assigned Access to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Universal Windows app.|
-</thead>
+|[Gesture Filter](/previous-versions/windows/embedded/dn449374(v=winembedded.82)): block swipes from top, left, and right edges of screen|MDM and Group Policy|In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe) policy.|
-<tbody>
+|[Custom Logon](/previous-versions/windows/embedded/dn449309(v=winembedded.82)): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown|[Embedded Logon](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.|
-<tr class="odd">
+|[Unbranded Boot](/previous-versions/windows/embedded/dn449249(v=winembedded.82)): custom brand a device by removing or replacing Windows boot UI elements|[Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.|
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449302(v=winembedded.82)" data-raw-source="[Hibernate Once/Resume Many (HORM)](/previous-versions/windows/embedded/dn449302(v=winembedded.82))">Hibernate Once/Resume Many (HORM)</a>: Quick boot to device</p></td>
 <td align="left"><a href="/windows-hardware/customize/enterprise/hibernate-once-resume-many-horm-" data-raw-source="[HORM](/windows-hardware/customize/enterprise/hibernate-once-resume-many-horm-)">HORM</a></td>
 <td align="left"><p>HORM is supported in Windows 10, version 1607 and later. </p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449332(v=winembedded.82)" data-raw-source="[Unified Write Filter](/previous-versions/windows/embedded/dn449332(v=winembedded.82))">Unified Write Filter</a>: protect a device&#39;s physical storage media</p></td>
 <td align="left"><a href="/windows-hardware/customize/enterprise/unified-write-filter" data-raw-source="[Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter)">Unified Write Filter</a></td>
 <td align="left"><p>The Unified Write Filter is continued in Windows 10.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449298(v=winembedded.82)" data-raw-source="[Keyboard Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626761)">Keyboard Filter</a>: block hotkeys and other key combinations</p></td>
 <td align="left"><a href="/windows-hardware/customize/enterprise/keyboardfilter" data-raw-source="[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)">Keyboard Filter</a></td>
 <td align="left"><p>Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via <strong>Turn Windows Features On/Off</strong>. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449423(v=winembedded.82)" data-raw-source="[Shell Launcher](/previous-versions/windows/embedded/dn449423(v=winembedded.82))">Shell Launcher</a>: launch a Windows desktop application on sign-on</p></td>
 <td align="left"><a href="/windows-hardware/customize/enterprise/shell-launcher" data-raw-source="[Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher)">Shell Launcher</a></td>
 <td align="left"><p>Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the <strong>SMISettings</strong> category.</p>
 <p>Learn <a href="/windows/configuration/kiosk-single-app" data-raw-source="[how to use Shell Launcher to create a kiosk device](./kiosk-single-app.md)">how to use Shell Launcher to create a kiosk device</a> that runs a Windows desktop application.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449251(v=winembedded.82)" data-raw-source="[Application Launcher]( https://go.microsoft.com/fwlink/p/?LinkId=626675)">Application Launcher</a>: launch a Universal Windows Platform (UWP) app on sign-on</p></td>
 <td align="left"><a href="/windows/client-management/mdm/assignedaccess-csp" data-raw-source="[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)">Assigned Access</a></td>
 <td align="left"><p>The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449395(v=winembedded.82)" data-raw-source="[Dialog Filter](/previous-versions/windows/embedded/dn449395(v=winembedded.82))">Dialog Filter</a>: suppress system dialogs and control which processes can run</p></td>
 <td align="left"><a href="/windows/device-security/applocker/applocker-overview" data-raw-source="[AppLocker](/windows/device-security/applocker/applocker-overview)">AppLocker</a></td>
 <td align="left"><p>Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.</p>
 <ul>
 <li><p>Control over which processes are able to run will now be provided by AppLocker.</p></li>
 <li><p>System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449360(v=winembedded.82)" data-raw-source="[Toast Notification Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626673)">Toast Notification Filter</a>: suppress toast notifications</p></td>
 <td align="left">Mobile device management (MDM) and Group Policy</td>
 <td align="left"><p>Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.</p>
 <p>Group Policy: <strong>User Configuration</strong> &gt; <strong>Administrative Templates</strong> &gt; <strong>Start Menu and Taskbar</strong> &gt; <strong>Notifications</strong></p>
 <p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow action center notifications</strong> and a <a href="https://go.microsoft.com/fwlink/p/?LinkID=616317" data-raw-source="[custom OMA-URI setting](https://go.microsoft.com/fwlink/p/?LinkID=616317)">custom OMA-URI setting</a> for <strong>AboveLock/AllowActionCenterNotifications</strong>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449279(v=winembedded.82)" data-raw-source="[Embedded Lockdown Manager](/previous-versions/windows/embedded/dn449279(v=winembedded.82))">Embedded Lockdown Manager</a>: configure lockdown features</p></td>
 <td align="left"><a href="/windows/configuration/provisioning-packages/provisioning-install-icd" data-raw-source="[Windows Imaging and Configuration Designer (ICD)](./provisioning-packages/provisioning-install-icd.md)">Windows Imaging and Configuration Designer (ICD)</a></td>
 <td align="left"><p>The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449350(v=winembedded.82)" data-raw-source="[USB Filter](/previous-versions/windows/embedded/dn449350(v=winembedded.82))">USB Filter</a>: restrict USB devices and peripherals on system</p></td>
 <td align="left">MDM and Group Policy</td>
 <td align="left"><p>The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.</p>
 <p>Group Policy: <strong>Computer Configuration</strong> &gt; <strong>Administrative Templates</strong> &gt; <strong>System</strong> &gt; <strong>Device Installation</strong> &gt; <strong>Device Installation Restrictions</strong></p>
 <p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Removable storage</strong>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449303(v=winembedded.82)" data-raw-source="[Assigned Access](/previous-versions/windows/embedded/dn449303(v=winembedded.82))">Assigned Access</a>: launch a UWP app on sign-in and lock access to system</p></td>
 <td align="left"><a href="/windows/client-management/mdm/assignedaccess-csp" data-raw-source="[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)">Assigned Access</a></td>
 <td align="left"><p>Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.</p>
 <p>In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.</p>
 <p>Learn <a href="/windows/configuration/kiosk-single-app" data-raw-source="[how to use Assigned Access to create a kiosk device](./kiosk-single-app.md)">how to use Assigned Access to create a kiosk device</a> that runs a Universal Windows app.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449374(v=winembedded.82)" data-raw-source="[Gesture Filter](/previous-versions/windows/embedded/dn449374(v=winembedded.82))">Gesture Filter</a>: block swipes from top, left, and right edges of screen</p></td>
 <td align="left">MDM and Group Policy</td>
 <td align="left"><p>In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the <a href="/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe" data-raw-source="[Allow edge swipe](/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe)">Allow edge swipe</a> policy. </p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449309(v=winembedded.82)" data-raw-source="[Custom Logon]( https://go.microsoft.com/fwlink/p/?LinkId=626759)">Custom Logon</a>: suppress Windows UI elements during Windows sign-on, sign-off, and shutdown</p></td>
 <td align="left"><a href="/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon" data-raw-source="[Embedded Logon](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon)">Embedded Logon</a></td>
 <td align="left"><p>No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="/previous-versions/windows/embedded/dn449249(v=winembedded.82)" data-raw-source="[Unbranded Boot](/previous-versions/windows/embedded/dn449249(v=winembedded.82))">Unbranded Boot</a>: custom brand a device by removing or replacing Windows boot UI elements</p></td>
 <td align="left"><a href="/windows-hardware/customize/enterprise/unbranded-boot" data-raw-source="[Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot)">Unbranded Boot</a></td>
 <td align="left"><p>No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.</p></td>
 </tr>
 </tbody>
 </table>
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@ -108,52 +108,14 @@ Architecture enumerates two possible values: **Win32** and **Win64**. These valu
 <a href="" id="process"></a>**Process**
 The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type:
-<table>
+|Element|Data Type|Mandatory|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|Filename|FilenameString|True|
-<col width="33%" />
+|Architecture|Architecture|False|
-<col width="33%" />
+|ProductName|String|False|
-</colgroup>
+|FileDescription|String|False|
-<tbody>
+|ProductVersion|ProcessVersion|False|
-<tr class="odd">
+|FileVersion|ProcessVersion|False|
 <td align="left"><p><strong>Element</strong></p></td>
 <td align="left"><p><strong>Data Type</strong></p></td>
 <td align="left"><p><strong>Mandatory</strong></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Filename</p></td>
 <td align="left"><p>FilenameString</p></td>
 <td align="left"><p>True</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Architecture</p></td>
 <td align="left"><p>Architecture</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ProductName</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>FileDescription</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ProductVersion</p></td>
 <td align="left"><p>ProcessVersion</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>FileVersion</p></td>
 <td align="left"><p>ProcessVersion</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 </tbody>
 </table>
 <a href="" id="processes"></a>**Processes**
 The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence.
@ -177,32 +139,11 @@ FileSetting contains parameters associated with files and files paths. Four chil
 <a href="" id="settings"></a>**Settings**
 Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described:
-<table>
+|Element|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Asynchronous|Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.|
-<col width="50%" />
+|PreventOverlappingSynchronization|By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.|
-</colgroup>
+|AlwaysApplySettings|This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.|
 <tbody>
 <tr class="odd">
 <td align="left"><p><strong>Element</strong></p></td>
 <td align="left"><p><strong>Description</strong></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Asynchronous</p></td>
 <td align="left"><p>Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those <code>get/set</code> through an API, like SystemParameterSetting.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>PreventOverlappingSynchronization</p></td>
 <td align="left"><p>By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>AlwaysApplySettings</p></td>
 <td align="left"><p>This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.</p></td>
 </tr>
 </tbody>
 </table>
 ### <a href="" id="name21"></a>Name Element
@ -212,8 +153,8 @@ Settings is a container for all the settings that apply to a particular template
 Name specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this can be objected from the ProductVersion element. For example, specify `<Name>My Application</Name>` rather than `<Name>My Application 1.1</Name>`.
-**Note**  
+> [!NOTE]
-UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use &reg; to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
+> UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use &reg; to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
 See <http://www.w3.org/TR/xhtml1/dtds.html> for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V template generator converts character entities to their Unicode representations automatically.
@ -239,10 +180,11 @@ ID populates a unique identifier for a particular template. This tag becomes the
 Version identifies the version of the settings location template for administrative tracking of changes. The UE-V template generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `<Version>2.5</Version>` are not allowed.
-**Hint:** You can save notes about version changes using XML comment tags `<!-- -->`, for example:
+> [!TIP]
 > You can save notes about version changes using XML comment tags `<!-- -->`, for example:
 ```xml
-  <!--
+<!--
   Version History
   Version 1 Jul 05, 2012 Initial template created by Generator - Denise@Contoso.com
@ -250,11 +192,11 @@ Version identifies the version of the settings location template for administrat
   Version 3 Jan 01, 2013 Added font settings support - Mark@Contoso.com
   Version 4 Jan 31, 2013 Added support for plugin settings - Tony@Contoso.com
 -->
-  <Version>4</Version>
+<Version>4</Version>
 ```
-**Important**  
+> [!IMPORTANT]
-This value is queried to determine if a new version of a template should be applied to an existing template in these instances:
+> This value is queried to determine if a new version of a template should be applied to an existing template in these instances:
 -   When the scheduled Template Auto Update task executes
@ -281,7 +223,7 @@ Author identifies the creator of the settings location template. Two optional ch
 Processes contains at least one `<Process>` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
 ```xml
-    <Process>
+<Process>
  <Filename>MyApplication.exe</Filename>
  <Architecture>Win64</Architecture>
  <ProductName> MyApplication </ProductName>
@ -298,7 +240,7 @@ Processes contains at least one `<Process>` element, which in turn contains the
 	<Build Minimum="0" Maximum="0" />
 	<Patch Minimum="5" Maximum="5" />
  </FileVersion>
-    </Process>
+</Process>
 ```
 ### Filename
@ -311,7 +253,8 @@ Filename refers to the actual file name of the executable as it appears in the f
 Valid filenames must not match the regular expression \[^\\\\\\?\\\*\\|&lt;&gt;/:\]+, that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon (the \\ ? \* | &lt; &gt; / or : characters.).
-**Hint:** To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**:
+> [!TIP]
 > To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**:
 `"YourFileName.exe" -match  "[\\\?\*\|<>/:]+"`
@ -325,8 +268,8 @@ A value of **True** indicates that the string contains illegal characters. Here
 -   Program&lt;1&gt;.exe
-**Note**  
+> [!NOTE]
-The UE-V template generator encodes the greater than and less than characters as &gt; and &lt; respectively.
+> The UE-V template generator encodes the greater than and less than characters as &gt; and &lt; respectively.
@ -342,8 +285,8 @@ Architecture refers to the processor architecture for which the target executabl
 If this element is absent, the settings location template ignores the process’ architecture and applies to both 32 and 64-bit processes if the file name and other attributes apply.
-**Note**  
+> [!NOTE]
-UE-V does not support ARM processors in this version.
+> UE-V does not support ARM processors in this version.
@ -356,13 +299,13 @@ UE-V does not support ARM processors in this version.
 ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
 ```xml
-    <Process>
+<Process>
  <Filename>MyApplication.exe</Filename>
  <ProductName>My Application 6.x by Contoso.com</ProductName>
  <ProductVersion>
 	<Major Minimum="6" Maximum="6" />
  </ProductVersion>
-    </Process>
+</Process>
 ```
 ### FileDescription
@ -410,10 +353,10 @@ The product and file version elements may be left unspecified. Doing so makes th
 Product version: 1.0 specified in the UE-V template generator produces the following XML:
 ```xml
-      <ProductVersion>
+<ProductVersion>
  <Major Minimum="1" Maximum="1" />
  <Minor Minimum="0" Maximum="0" />
-      </ProductVersion>
+</ProductVersion>
 ```
 **Example 2:**
@ -421,12 +364,12 @@ Product version: 1.0 specified in the UE-V template generator produces the follo
 File version: 5.0.2.1000 specified in the UE-V template generator produces the following XML:
 ```xml
-      <FileVersion>
+<FileVersion>
  <Major Minimum="5" Maximum="5" />
  <Minor Minimum="0" Maximum="0" />
  <Build Minimum="2" Maximum="2" />
  <Patch Minimum="1000" Maximum="1000" />
-      </FileVersion>
+</FileVersion>
 ```
 **Incorrect Example 1 – incomplete range:**
@ -434,9 +377,9 @@ File version: 5.0.2.1000 specified in the UE-V template generator produces the f
 Only the Minimum attribute is present. Maximum must be included in a range as well.
 ```xml
-      <ProductVersion>
+<ProductVersion>
  <Major Minimum="2" />
-      </ProductVersion>
+</ProductVersion>
 ```
 **Incorrect Example 2 – Minor specified without Major element:**
@ -444,9 +387,9 @@ Only the Minimum attribute is present. Maximum must be included in a range as we
 Only the Minor element is present. Major must be included as well.
 ```xml
-      <ProductVersion>
+<ProductVersion>
  <Minor Minimum="0" Maximum="0" />
-      </ProductVersion>
+</ProductVersion>
 ```
 ### FileVersion
@ -464,7 +407,7 @@ Including a FileVersion element for an application allows for more granular fine
 The child elements and syntax rules for FileVersion are identical to those of ProductVersion.
 ```xml
-      <Process>
+<Process>
  <Filename>MSACCESS.EXE</Filename>
  <Architecture>Win32</Architecture>
  <ProductVersion>
@ -475,168 +418,56 @@ The child elements and syntax rules for FileVersion are identical to those of Pr
    <Major Minimum="14" Maximum="14" />
    <Minor Minimum="0" Maximum="0" />
  </FileVersion>
-      </Process>
+</Process>
 ```
 ### <a href="" id="application21"></a>Application Element
 Application is a container for settings that apply to a particular application. It is a collection of the following fields/types.
-<table>
+|Field/Type|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
-<col width="50%" />
+|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
-</colgroup>
+|Description|An optional description of the template.|
-<tbody>
+|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
-<tr class="odd">
+|LocalizedDescriptions|An optional template description localized by a language locale.|
-<td align="left"><p><strong>Field/Type</strong></p></td>
+|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
-<td align="left"><p><strong>Description</strong></p></td>
+|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
-</tr>
+|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
-<tr class="even">
+|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.|
-<td align="left"><p>Name</p></td>
+|Processes|A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).|
-<td align="left"><p>Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see <a href="#name21" data-raw-source="[Name](#name21)">Name</a>.</p></td>
+|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21)".|
 </tr>
 <tr class="odd">
 <td align="left"><p>ID</p></td>
 <td align="left"><p>Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see <a href="#id21" data-raw-source="[ID](#id21)">ID</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Description</p></td>
 <td align="left"><p>An optional description of the template.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>LocalizedNames</p></td>
 <td align="left"><p>An optional name displayed in the UI, localized by a language locale.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>LocalizedDescriptions</p></td>
 <td align="left"><p>An optional template description localized by a language locale.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Version</p></td>
 <td align="left"><p>Identifies the version of the settings location template for administrative tracking of changes. For more information, see <a href="#version21" data-raw-source="[Version](#version21)">Version</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>DeferToMSAccount</p></td>
 <td align="left"><p>Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>DeferToOffice365</p></td>
 <td align="left"><p>Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>FixedProfile</p></td>
 <td align="left"><p>Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Processes</p></td>
 <td align="left"><p>A container for a collection of one or more Process elements. For more information, see <a href="#processes21" data-raw-source="[Processes](#processes21)">Processes</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Settings</p></td>
 <td align="left"><p>A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see <strong>Settings</strong> in <a href="#data21" data-raw-source="[Data types](#data21)">Data types</a>.</p></td>
 </tr>
 </tbody>
 </table>
 ### <a href="" id="common21"></a>Common Element
 Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types.
-<table>
+|Field/Type|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
-<col width="50%" />
+|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
-</colgroup>
+|Description|An optional description of the template.|
-<tbody>
+|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
-<tr class="odd">
+|LocalizedDescriptions|An optional template description localized by a language locale.|
-<td align="left"><p><strong>Field/Type</strong></p></td>
+|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
-<td align="left"><p><strong>Description</strong></p></td>
+|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
-</tr>
+|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
-<tr class="even">
+|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.|
-<td align="left"><p>Name</p></td>
+|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21).|
 <td align="left"><p>Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see <a href="#name21" data-raw-source="[Name](#name21)">Name</a>.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ID</p></td>
 <td align="left"><p>Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see <a href="#id21" data-raw-source="[ID](#id21)">ID</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Description</p></td>
 <td align="left"><p>An optional description of the template.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>LocalizedNames</p></td>
 <td align="left"><p>An optional name displayed in the UI, localized by a language locale.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>LocalizedDescriptions</p></td>
 <td align="left"><p>An optional template description localized by a language locale.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Version</p></td>
 <td align="left"><p>Identifies the version of the settings location template for administrative tracking of changes. For more information, see <a href="#version21" data-raw-source="[Version](#version21)">Version</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>DeferToMSAccount</p></td>
 <td align="left"><p>Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>DeferToOffice365</p></td>
 <td align="left"><p>Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>FixedProfile</p></td>
 <td align="left"><p>Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Settings</p></td>
 <td align="left"><p>A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see <strong>Settings</strong> in <a href="#data21" data-raw-source="[Data types](#data21)">Data types</a>.</p></td>
 </tr>
 </tbody>
 </table>
 ### <a href="" id="settingslocationtemplate21"></a>SettingsLocationTemplate Element
 This element defines the settings for a single application or a suite of applications.
-<table>
+|Field/Type|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
-<col width="50%" />
+|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
-</colgroup>
+|Description|An optional description of the template.|
-<tbody>
+|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
-<tr class="odd">
+|LocalizedDescriptions|An optional template description localized by a language locale.|
 <td align="left"><p><strong>Field/Type</strong></p></td>
 <td align="left"><p><strong>Description</strong></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Name</p></td>
 <td align="left"><p>Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see <a href="#name21" data-raw-source="[Name](#name21)">Name</a>.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ID</p></td>
 <td align="left"><p>Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see <a href="#id21" data-raw-source="[ID](#id21)">ID</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Description</p></td>
 <td align="left"><p>An optional description of the template.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>LocalizedNames</p></td>
 <td align="left"><p>An optional name displayed in the UI, localized by a language locale.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>LocalizedDescriptions</p></td>
 <td align="left"><p>An optional template description localized by a language locale.</p></td>
 </tr>
 </tbody>
 </table>
 ### <a href="" id="appendix21"></a>Appendix: SettingsLocationTemplate.xsd
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@ -29,8 +29,8 @@ When the User Experience Virtualization (UE-V) service is enabled, it creates th
 -   [Template Auto Update](#template-auto-update)
-**Note**<br>
+> [!NOTE]
-These tasks must remain enabled, because UE-V cannot function without them.
+> These tasks must remain enabled, because UE-V cannot function without them.
 These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
@ -44,55 +44,21 @@ The following scheduled tasks are included in UE-V with sample scheduled task co
 The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory.
-<table>
+|Task name|Default event|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|\Microsoft\UE-V\Monitor Application Status|Logon|
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Task name</th>
 <th align="left">Default event</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>\Microsoft\UE-V\Monitor Application Status</p></td>
 <td align="left"><p>Logon</p></td>
 </tr>
 </tbody>
 </table>
 ### Sync Controller Application
 The **Sync Controller Application** task is used to start the Sync Controller to synchronize settings from the computer to the settings storage location. By default, the task runs every 30 minutes. At that time, local settings are synchronized to the settings storage location, and updated settings on the settings storage location are synchronized to the computer. The Sync Controller application runs the Microsoft.Uev.SyncController.exe, which is located in the UE-V Agent installation directory.
-<table>
+|Task name|Default event|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|\Microsoft\UE-V\Sync Controller Application|Logon, and every 30 minutes thereafter|
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Task name</th>
 <th align="left">Default event</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>\Microsoft\UE-V\Sync Controller Application</p></td>
 <td align="left"><p>Logon, and every 30 minutes thereafter</p></td>
 </tr>
 </tbody>
 </table>
 For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes.
-``` syntax
+```console
 Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15
 ```
@ -100,118 +66,36 @@ Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15
 The **Synchronize Settings at Logoff** task is used to start an application at logon that controls the synchronization of applications at logoff for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory.
-<table>
+|Task name|Default event|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|\Microsoft\UE-V\Synchronize Settings at Logoff|Logon|
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Task name</th>
 <th align="left">Default event</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>\Microsoft\UE-V\Synchronize Settings at Logoff</p></td>
 <td align="left"><p>Logon</p></td>
 </tr>
 </tbody>
 </table>
 ### Template Auto Update
 The **Template Auto Update** task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The **Template Auto Update** task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent installation directory.
-<table>
+|Task name|Default event|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|\Microsoft\UE-V\Template Auto Update|System startup and at 3:30 AM every day, at a random time within a 1-hour window|
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Task name</th>
 <th align="left">Default event</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>\Microsoft\UE-V\Template Auto Update</p></td>
 <td align="left"><p>System startup and at 3:30 AM every day, at a random time within a 1-hour window</p></td>
 </tr>
 </tbody>
 </table>
 **Example:** The following command configures the UE-V service to check the settings template catalog store every hour.
-``` syntax
+```console
 schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60
 ```
 ## UE-V Scheduled Task Details
 The following chart provides additional information about scheduled tasks for UE-V 2:
-<table>
+|Task Name (file name)|Default Frequency|Power Toggle|Idle Only|Network Connection|Description|
-<colgroup>
+|--- |--- |--- |--- |--- |--- |
-<col width="16%" />
+|**Monitor Application Settings** (UevAppMonitor.exe)|Starts 30 seconds after logon and continues until logoff.|No|Yes|N/A|Synchronizes settings for Windows (AppX) apps.|
-<col width="16%" />
+|**Sync Controller Application** (Microsoft.Uev.SyncController.exe)|At logon and every 30 min thereafter.|Yes|Yes|Only if Network is connected|Starts the Sync Controller which synchronizes local settings with the settings storage location.|
-<col width="16%" />
+|**Synchronize Settings at Logoff** (Microsoft.Uev.SyncController.exe)|Runs at logon and then waits for Logoff to Synchronize settings.|No|Yes|N/A|Start an application at logon that controls the synchronization of applications at logoff.|
-<col width="16%" />
+|**Template Auto Update** (ApplySettingsCatalog.exe)|Runs at initial logon and at 3:30 AM every day thereafter.|Yes|No|N/A|Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.|
 <col width="16%" />
 <col width="16%" />
 </colgroup>
 <tbody>
 <tr class="odd">
 <td align="left"><p><strong>Task Name</strong> (file name)</p></td>
 <td align="left"><p><strong>Default Frequency</strong></p></td>
 <td align="left"><p><strong>Power Toggle</strong></p></td>
 <td align="left"><p><strong>Idle Only</strong></p></td>
 <td align="left"><p><strong>Network Connection</strong></p></td>
 <td align="left"><p><strong>Description</strong></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Monitor Application Settings</strong> (UevAppMonitor.exe)</p></td>
 <td align="left"><p>Starts 30 seconds after logon and continues until logoff.</p></td>
 <td align="left"><p>No</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>N/A</p></td>
 <td align="left"><p>Synchronizes settings for Windows (AppX) apps.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Sync Controller Application</strong> (Microsoft.Uev.SyncController.exe)</p></td>
 <td align="left"><p>At logon and every 30 min thereafter.</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>Only if Network is connected</p></td>
 <td align="left"><p>Starts the Sync Controller which synchronizes local settings with the settings storage location.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Synchronize Settings at Logoff</strong> (Microsoft.Uev.SyncController.exe)</p></td>
 <td align="left"><p>Runs at logon and then waits for Logoff to Synchronize settings.</p></td>
 <td align="left"><p>No</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>N/A</p></td>
 <td align="left"><p>Start an application at logon that controls the synchronization of applications at logoff.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Template Auto Update</strong> (ApplySettingsCatalog.exe)</p></td>
 <td align="left"><p>Runs at initial logon and at 3:30 AM every day thereafter.</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>No</p></td>
 <td align="left"><p>N/A</p></td>
 <td align="left"><p>Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.</p></td>
 </tr>
 </tbody>
 </table>
 **Legend**
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@ -26,147 +26,31 @@ The following policy settings can be configured for UE-V.
 **Group Policy settings**
-<table>
+|Group Policy setting name|Target|Group Policy setting description|Configuration options|
-<colgroup>
+|--- |--- |--- |--- |
-<col width="25%" />
+|Do not use the sync provider|Computers and Users|By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.|Enable this setting to configure the UE-V service not to use the sync provider.|
-<col width="25%" />
+|First Use Notification|Computers Only|This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.|The default is enabled.|
-<col width="25%" />
+|Synchronize Windows settings|Computers and Users|This Group Policy setting configures the synchronization of Windows settings.|Select which Windows settings synchronize between computers.<br>By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.|
-<col width="25%" />
+|Settings package size warning threshold|Computers and Users|This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.|Specify the preferred threshold for settings package sizes in kilobytes (KB).<br>By default, the UE-V service does not have a package file size threshold.|
-</colgroup>
+|Settings storage path|Computers and Users|This Group Policy setting configures where the user settings are to be stored.|Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.|
-<thead>
+|Settings template catalog path|Computers Only|This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.|Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.<br>Select the check box to replace the default Microsoft templates.|
-<tr class="header">
+|Sync settings over metered connections|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections.|By default, the UE-V service does not synchronize settings over a metered connection.|
-<th align="left">Group Policy setting name</th>
+|Sync settings over metered connections even when roaming|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.|By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.|
-<th align="left">Target</th>
+|Synchronization timeout|Computers and Users|This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.|Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.|
-<th align="left">Group Policy setting description</th>
+|Tray Icon|Computers Only|This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.|This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.|
-<th align="left">Configuration options</th>
+|Use User Experience Virtualization (UE-V)|Computers and Users|This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).|This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.|
-</tr>
+|Enable UE-V|Computers and Users|This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.|This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.|
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Do not use the sync provider</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.</p></td>
 <td align="left"><p>Enable this setting to configure the UE-V service not to use the sync provider.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>First Use Notification</p></td>
 <td align="left"><p>Computers Only</p></td>
 <td align="left"><p>This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.</p></td>
 <td align="left"><p>The default is enabled.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Synchronize Windows settings</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting configures the synchronization of Windows settings.</p></td>
 <td align="left"><p>Select which Windows settings synchronize between computers.</p>
 <p>By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Settings package size warning threshold</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.</p></td>
 <td align="left"><p>Specify the preferred threshold for settings package sizes in kilobytes (KB).</p>
 <p>By default, the UE-V service does not have a package file size threshold.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Settings storage path</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting configures where the user settings are to be stored.</p></td>
 <td align="left"><p>Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Settings template catalog path</p></td>
 <td align="left"><p>Computers Only</p></td>
 <td align="left"><p>This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.</p></td>
 <td align="left"><p>Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.</p>
 <p>Select the check box to replace the default Microsoft templates.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Sync settings over metered connections</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting defines whether UE-V synchronizes settings over metered connections.</p></td>
 <td align="left"><p>By default, the UE-V service does not synchronize settings over a metered connection.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Sync settings over metered connections even when roaming</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.</p></td>
 <td align="left"><p>By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Synchronization timeout</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.</p></td>
 <td align="left"><p>Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Tray Icon</p></td>
 <td align="left"><p>Computers Only</p></td>
 <td align="left"><p>This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.</p></td>
 <td align="left"><p>This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Use User Experience Virtualization (UE-V)</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).</p></td>
 <td align="left"><p>This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the <strong>Enable UE-V</strong> setting.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Enable UE-V</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.</p></td>
 <td align="left"><p>This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the <strong>Use User Experience Virtualization (UE-V)</strong> setting.</p></td>
 </tr>
 </tbody>
 </table>
 **Note**  
 In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications.
 >[!NOTE]
 >In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications.
 **Windows App Group Policy settings**
-<table>
+|Group Policy setting name|Target|Group Policy setting description|Configuration options|
-<colgroup>
+|--- |--- |--- |--- |
-<col width="25%" />
+|Do not synchronize Windows Apps|Computers and Users|This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.|The default is to synchronize Windows apps.|
-<col width="25%" />
+|Windows App List|Computer and User|This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.|You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.|
-<col width="25%" />
+|Sync Unlisted Windows Apps|Computer and User|This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.|By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.|
 <col width="25%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Group Policy setting name</th>
 <th align="left">Target</th>
 <th align="left">Group Policy setting description</th>
 <th align="left">Configuration options</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Do not synchronize Windows Apps</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.</p></td>
 <td align="left"><p>The default is to synchronize Windows apps.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Windows App List</p></td>
 <td align="left"><p>Computer and User</p></td>
 <td align="left"><p>This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.</p></td>
 <td align="left"><p>You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Sync Unlisted Windows Apps</p></td>
 <td align="left"><p>Computer and User</p></td>
 <td align="left"><p>This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.</p></td>
 <td align="left"><p>By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.</p></td>
 </tr>
 </tbody>
 </table>
 For more information about synchronizing Windows apps, see [Windows App List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@ -35,52 +35,15 @@ The UE-V Configuration Pack includes tools to:
 -   Create or update a UE-V Agent policy configuration item to set or clear these settings
-    <table>
+     |Configuration|Setting|Description|
-    <colgroup>
+     |--- |--- |--- |
-    <col width="33%" />
+     |Max package size|Enable/disable Windows app sync|Wait for sync on application start|
-    <col width="33%" />
+     |Setting import delay|Sync unlisted Windows apps|Wait for sync on logon|
-    <col width="33%" />
+     |Settings import notification|IT contact URL|Wait for sync timeout|
-    </colgroup>
+     |Settings storage path|IT contact descriptive text|Settings template catalog path|
-    <tbody>
+     |Sync enablement|Tray icon enabled|Start/Stop UE-V agent service|
-    <tr class="odd">
+     |Sync method|First use notification|Define which Windows apps will roam settings|
-    <td align="left"><p>Max package size</p></td>
+     |Sync timeout|||
    <td align="left"><p>Enable/disable Windows app sync</p></td>
    <td align="left"><p>Wait for sync on application start</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Setting import delay</p></td>
    <td align="left"><p>Sync unlisted Windows apps</p></td>
    <td align="left"><p>Wait for sync on logon</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p>Settings import notification</p></td>
    <td align="left"><p>IT contact URL</p></td>
    <td align="left"><p>Wait for sync timeout</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Settings storage path</p></td>
    <td align="left"><p>IT contact descriptive text</p></td>
    <td align="left"><p>Settings template catalog path</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p>Sync enablement</p></td>
    <td align="left"><p>Tray icon enabled</p></td>
    <td align="left"><p>Start/Stop UE-V agent service</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Sync method</p></td>
    <td align="left"><p>First use notification</p></td>
    <td align="left"><p>Define which Windows apps will roam settings</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p>Sync timeout</p></td>
    <td align="left"><p></p></td>
    <td align="left"><p></p></td>
    </tr>
    </tbody>
    </table>
 -   Verify compliance by confirming that UE-V is running.
@ -101,8 +64,8 @@ The UE-V service policy configuration item CAB file is created using the UevTemp
 -   ConfigurationFile &lt;full path to agent configuration XML file&gt;
-**Note**  
+> [!NOTE]
-It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console:
+> It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console:
 1.  Select **Administration &gt; Client Settings &gt; Properties**
@ -113,7 +76,7 @@ It might be necessary to change the PowerShell execution policy to allow these s
 1.  Copy the default settings configuration file from the UE-V Config Pack installation directory to a location visible to your ConfigMgr Admin Console:
-    ``` syntax
+    ```cmd
    C:\Program Files (x86)\Windows Kits\10\Microsoft User Experience Virtualization\Management\AgentConfiguration.xml 
    ```
@ -162,7 +125,7 @@ It might be necessary to change the PowerShell execution policy to allow these s
 3.  Run this command on a machine running the ConfigMgr Admin Console:
-    ``` syntax
+    ```cmd
    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe -Site ABC -CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" -ConfigurationFile "c:\AgentConfiguration.xml"
    ```
@ -206,7 +169,7 @@ The result is a baseline CAB file that is ready for import into Configuration Ma
 3.  Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator:
-    ``` syntax
+    ```cmd
    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe -Site "ABC" -TemplateFolder "C:\ProductionUevTemplates" -Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" -CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab"
    ```
@ -230,21 +193,7 @@ To distribute a new Notepad template, you would perform these steps:
 You can download the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2.0](https://www.microsoft.com/download/details.aspx?id=40913) from the Microsoft Download Center.
 ## Related topics
 [Manage Configurations for UE-V](uev-manage-configurations.md)
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@ -112,26 +112,9 @@ WMI and Windows PowerShell commands let you restore application and Windows sett
 2.  Enter the following Windows PowerShell cmdlet to restore the application settings and Windows settings.
-    <table>
+     |**Windows PowerShell cmdlet**|**Description**|
-    <colgroup>
+     |--- |--- |
-    <col width="50%" />
+     |`Restore-UevUserSetting -<TemplateID>` |Restores the user settings for an application or restores a group of Windows settings.|
    <col width="50%" />
    </colgroup>
    <thead>
    <tr class="header">
    <th align="left"><strong>Windows PowerShell cmdlet</strong></th>
    <th align="left"><strong>Description</strong></th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p><code>Restore-UevUserSetting -&lt;TemplateID&gt;</code></p></td>
    <td align="left"><p>Restores the user settings for an application or restores a group of Windows settings.</p></td>
    </tr>
    </tbody>
    </table>
 **To restore application settings and Windows settings with WMI**
@ -139,37 +122,12 @@ WMI and Windows PowerShell commands let you restore application and Windows sett
 2.  Enter the following WMI command to restore application settings and Windows settings.
-    <table>
+    |**WMI command**|**Description**|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList <template_ID>`|Restores the user settings for an application or restores a group of Windows settings.|
    <col width="50%" />
    </colgroup>
    <thead>
    <tr class="header">
    <th align="left"><strong>WMI command</strong></th>
    <th align="left"><strong>Description</strong></th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList &lt;template_ID&gt;</code></p></td>
    <td align="left"><p>Restores the user settings for an application or restores a group of Windows settings.</p></td>
    </tr>
    </tbody>
    </table>
 ~~~
 **Note**  
 UE-V does not provide a settings rollback for Windows apps.
 ~~~
 >[!NOTE]
 >UE-V does not provide a settings rollback for Windows apps.
 ## Related topics
--- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@ -21,7 +21,8 @@ ms.topic: article
 User Experience Virtualization (UE-V) uses XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V template generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). 
-> **Note**&nbsp;&nbsp;For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/).
+> [!NOTE]
 > For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/).
 ## Manage UE-V settings location templates by using Windows PowerShell
@ -29,136 +30,41 @@ The WMI and Windows PowerShell features of UE-V include the ability to enable, d
 You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable, disable, or list templates.
-***<em>To manage settings location templates by using Windows PowerShell</em>***
+**To manage settings location templates by using Windows PowerShell**
 1.  Use an account with administrator rights to open a Windows PowerShell command prompt.
 2.  Use the following Windows PowerShell cmdlets to register and manage the UE-V settings location templates.
-    <table>
+    |Windows PowerShell command|Description|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |`Get-UevTemplate`|Lists all the settings location templates that are registered on the computer.|
-    <col width="50%" />
+    |`Get-UevTemplate -Application <string>`|Lists all the settings location templates that are registered on the computer where the application name or template name contains.|
-    </colgroup>
+    |`Get-UevTemplate -TemplateID <string>`|Lists all the settings location templates that are registered on the computer where the template ID contains.|
-    <thead>
+    |`Get-UevTemplate [-ApplicationOrTemplateID] <string>`|Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains.|
-    <tr class="header">
+    |`Get-UevTemplateProgram [-ID] <template ID>`|Gets the name of the program and version information, which depend on the template ID.|
-    <th align="left">Windows PowerShell command</th>
+    |`Get-UevAppXPackage`|Gets the effective list of Windows apps.|
-    <th align="left">Description</th>
+    |`Get-UevAppXPackage -Computer`|Gets the list of Windows apps that are configured for the computer.|
-    </tr>
+    |`Get-UevAppXPackage -CurrentComputerUser`|Gets the list of Windows apps that are configured for the current user.|
-    </thead>
+    |`Register-UevTemplate [-Path] <template file path>[,<template file path>]`|Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.|
-    <tbody>
+    |`Register-UevTemplate -LiteralPath <template file path>[,<template file path>]`|Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.|
-    <tr class="odd">
+    |`Unregister-UevTemplate [-ID] <template ID>`|Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.|
-    <td align="left"><p><code>Get-UevTemplate</code></p></td>
+    |`Unregister-UevTemplate -All`|Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.|
-    <td align="left"><p>Lists all the settings location templates that are registered on the computer.</p></td>
+    |`Update-UevTemplate [-Path] <template file path>[,<template file path>]`|Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.|
-    </tr>
+    |`Update-UevTemplate -LiteralPath <template file path>[,<template file path>]`|Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.|
-    <tr class="even">
+    |`Clear-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]`|Removes one or more Windows apps from the computer Windows app list.|
-    <td align="left"><p><code>Get-UevTemplate -Application &lt;string&gt;</code></p></td>
+    |`Clear-UevAppXPackage -CurrentComputerUser`|Removes Windows app from the current user Windows app list.|
-    <td align="left"><p>Lists all the settings location templates that are registered on the computer where the application name or template name contains &lt;string&gt;.</p></td>
+    |`Clear-UevAppXPackage -Computer -All`|Removes all Windows apps from the computer Windows app list.|
-    </tr>
+    |`Clear-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]`|Removes one or more Windows apps from the current user Windows app list.|
-    <tr class="odd">
+    |`Clear-UevAppXPackage [-CurrentComputerUser] -All`|Removes all Windows apps from the current user Windows app list.|
-    <td align="left"><p><code>Get-UevTemplate -TemplateID &lt;string&gt;</code></p></td>
+    |`Disable-UevTemplate [-ID] <template ID>`|Disables a settings location template for the current user of the computer.|
-    <td align="left"><p>Lists all the settings location templates that are registered on the computer where the template ID contains &lt;string&gt;.</p></td>
+    |`Disable-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]`|Disables one or more Windows apps in the computer Windows app list.|
-    </tr>
+    |`Disable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]`|Disables one or more Windows apps in the current user Windows app list.|
-    <tr class="even">
+    |`Enable-UevTemplate [-ID] <template ID>`|Enables a settings location template for the current user of the computer.|
-    <td align="left"><p><code>Get-UevTemplate [-ApplicationOrTemplateID] &lt;string&gt;</code></p></td>
+    |`Enable-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]`|Enables one or more Windows apps in the computer Windows app list.|
-    <td align="left"><p>Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains &lt;string&gt;.</p></td>
+    |`Enable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]`|Enables one or more Windows apps in the current user Windows app list.|
-    </tr>
+    |`Test-UevTemplate [-Path] <template file path>[,<template file path>]`|Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.|
-    <tr class="odd">
+    |`Test-UevTemplate -LiteralPath <template file path>[,<template file path>]`|Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.|
    <td align="left"><p><code>Get-UevTemplateProgram [-ID] &lt;template ID&gt;</code></p></td>
    <td align="left"><p>Gets the name of the program and version information, which depend on the template ID.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Get-UevAppXPackage</code></p></td>
    <td align="left"><p>Gets the effective list of Windows apps.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Get-UevAppXPackage -Computer</code></p></td>
    <td align="left"><p>Gets the list of Windows apps that are configured for the computer.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Get-UevAppXPackage -CurrentComputerUser</code></p></td>
    <td align="left"><p>Gets the list of Windows apps that are configured for the current user.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Register-UevTemplate [-Path] &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
    <td align="left"><p>Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Register-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
    <td align="left"><p>Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Unregister-UevTemplate [-ID] &lt;template ID&gt;</code></p></td>
    <td align="left"><p>Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Unregister-UevTemplate -All</code></p></td>
    <td align="left"><p>Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Update-UevTemplate [-Path] &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
    <td align="left"><p>Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Update-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
    <td align="left"><p>Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Clear-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
    <td align="left"><p>Removes one or more Windows apps from the computer Windows app list.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Clear-UevAppXPackage -CurrentComputerUser</code></p></td>
    <td align="left"><p>Removes Windows app from the current user Windows app list.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Clear-UevAppXPackage -Computer -All</code></p></td>
    <td align="left"><p>Removes all Windows apps from the computer Windows app list.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Clear-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
    <td align="left"><p>Removes one or more Windows apps from the current user Windows app list.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Clear-UevAppXPackage [-CurrentComputerUser] -All</code></p></td>
    <td align="left"><p>Removes all Windows apps from the current user Windows app list.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Disable-UevTemplate [-ID] &lt;template ID&gt;</code></p></td>
    <td align="left"><p>Disables a settings location template for the current user of the computer.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Disable-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
    <td align="left"><p>Disables one or more Windows apps in the computer Windows app list.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Disable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
    <td align="left"><p>Disables one or more Windows apps in the current user Windows app list.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Enable-UevTemplate [-ID] &lt;template ID&gt;</code></p></td>
    <td align="left"><p>Enables a settings location template for the current user of the computer.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Enable-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
    <td align="left"><p>Enables one or more Windows apps in the computer Windows app list.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Enable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
    <td align="left"><p>Enables one or more Windows apps in the current user Windows app list.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Test-UevTemplate [-Path] &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
    <td align="left"><p>Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Test-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
    <td align="left"><p>Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.</p></td>
    </tr>
    </tbody>
    </table>
 The UE-V Windows PowerShell features enable you to manage a group of settings templates that are deployed in your enterprise. Use the following procedure to manage a group of templates by using Windows PowerShell.
@ -248,95 +154,28 @@ User Experience Virtualization provides the following set of WMI commands. Admin
 2.  Use the following WMI commands to register and manage the UE-V settings location templates.
-    <table>
+    |`Windows PowerShell command`|Description|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |`Get-WmiObject -Namespace root\Microsoft\UEV SettingsLocationTemplate Select-Object TemplateId,TemplateName, TemplateVersion,Enabled Format-Table -Autosize`|Lists all the settings location templates that are registered for the computer.|
-    <col width="50%" />
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name GetProcessInfoByTemplateId <template Id>`|Gets the name of the program and version information, which depends on the template name.|
-    </colgroup>
+    |`Get-WmiObject -Namespace root\Microsoft\UEV EffectiveWindows8App`|Gets the effective list of Windows apps.|
-    <thead>
+    |`Get-WmiObject -Namespace root\Microsoft\UEV MachineConfiguredWindows8App`|Gets the list of Windows apps that are configured for the computer.|
-    <tr class="header">
+    |`Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguredWindows8App`|Gets the list of Windows apps that are configured for the current user.|
-    <th align="left"><code>                         Windows PowerShell command</code></th>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Register -ArgumentList <template path >`|Registers a settings location template with UE-V.|
-    <th align="left">Description</th>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name UnregisterByTemplateId -ArgumentList <template ID>`|Unregisters a settings location template with UE-V. As soon as a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.|
-    </tr>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Update -ArgumentList <template path>`|Updates a settings location template with UE-V. The new template should be a newer version than the existing one.|
-    </thead>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name RemoveApp -ArgumentList <package family name>`|Removes one or more Windows apps from the computer Windows app list.|
-    <tbody>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name RemoveApp -ArgumentList <package family name>`|Removes one or more Windows apps from the current user Windows app list.|
-    <tr class="odd">
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name DisableByTemplateId -ArgumentList <template ID>`|Disables one or more settings location templates with UE-V.|
-    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV SettingsLocationTemplate | Select-Object TemplateId,TemplateName, TemplateVersion,Enabled | Format-Table -Autosize</code></p></td>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name DisableApp -ArgumentList <package family name>`|Disables one or more Windows apps in the computer Windows app list.|
-    <td align="left"><p>Lists all the settings location templates that are registered for the computer.</p></td>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name DisableApp -ArgumentList <package family name>`|Disables one or more Windows apps in the current user Windows app list.|
-    </tr>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name EnableByTemplateId -ArgumentList <template ID>`|Enables a settings location template with UE-V.|
-    <tr class="even">
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name EnableApp -ArgumentList <package family name>`|Enables Windows apps in the computer Windows app list.|
-    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name GetProcessInfoByTemplateId &lt;template Id&gt;</code></p></td>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name EnableApp -ArgumentList <package family name>`|Enables Windows apps in the current user Windows app list.|
-    <td align="left"><p>Gets the name of the program and version information, which depends on the template name.</p></td>
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Validate -ArgumentList <template path>`|Determines whether a given settings location template complies with its XML schema.|
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV EffectiveWindows8App</code></p></td>
    <td align="left"><p>Gets the effective list of Windows apps.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Get-WmiObject -Namespace root\Microsoft\UEV MachineConfiguredWindows8App</p></td>
    <td align="left"><p>Gets the list of Windows apps that are configured for the computer.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguredWindows8App</code></p></td>
    <td align="left"><p>Gets the list of Windows apps that are configured for the current user.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Register -ArgumentList &lt;template path &gt;</code></p></td>
    <td align="left"><p>Registers a settings location template with UE-V.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name UnregisterByTemplateId -ArgumentList &lt;template ID&gt;</code></p></td>
    <td align="left"><p>Unregisters a settings location template with UE-V. As soon as a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Update -ArgumentList &lt;template path&gt;</code></p></td>
    <td align="left"><p>Updates a settings location template with UE-V. The new template should be a newer version than the existing one.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name RemoveApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
    <td align="left"><p>Removes one or more Windows apps from the computer Windows app list.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name RemoveApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
    <td align="left"><p>Removes one or more Windows apps from the current user Windows app list.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name DisableByTemplateId -ArgumentList &lt;template ID&gt;</code></p></td>
    <td align="left"><p>Disables one or more settings location templates with UE-V.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name DisableApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
    <td align="left"><p>Disables one or more Windows apps in the computer Windows app list.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name DisableApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
    <td align="left"><p>Disables one or more Windows apps in the current user Windows app list.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name EnableByTemplateId -ArgumentList &lt;template ID&gt;</code></p></td>
    <td align="left"><p>Enables a settings location template with UE-V.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name EnableApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
    <td align="left"><p>Enables Windows apps in the computer Windows app list.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name EnableApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
    <td align="left"><p>Enables Windows apps in the current user Windows app list.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Validate -ArgumentList &lt;template path&gt;</code></p></td>
    <td align="left"><p>Determines whether a given settings location template complies with its XML schema.</p></td>
    </tr>
    </tbody>
    </table>
 **Note**  
 Where a list of Package Family Names is called by the WMI command, the list must be in quotes and separated by a pipe symbol, for example, `"<package family name | package family name>"`.
 > [!NOTE]
 > Where a list of Package Family Names is called by the WMI command, the list must be in quotes and separated by a pipe symbol, for example, `"<package family name | package family name>"`.
 ## Related topics
--- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
@ -30,165 +30,41 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
 2. Use the following Windows PowerShell commands to configure the service.
-   <table>
+   |Windows PowerShell command|Description|
-   <colgroup>
+   |--- |--- |
-   <col width="50%" />
+   |`Enable-UEV`|Turns on the UE-V service. Requires reboot.|
-   <col width="50%" />
+   |`Disable-UEV`|Turns off the UE-V service. Requires reboot.|
-   </colgroup>
+   |`Get-UevStatus`|Displays whether UE-V service is enabled or disabled, using a Boolean value.|
-   <thead>
+   |`Get-UevConfiguration`|Gets the effective UE-V service settings. User-specific settings have precedence over the computer settings.|
-   <tr class="header">
+   |`Get-UevConfiguration -CurrentComputerUser`|Gets the UE-V service settings values for the current user only.|
-   <th align="left">Windows PowerShell command</th>
+   |`Get-UevConfiguration -Computer`|Gets the UE-V service configuration settings values for all users on the computer.|
-   <th align="left">Description</th>
+   |`Get-UevConfiguration -Details`|Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.|
-   </tr>
+   |`Set-UevConfiguration -Computer -EnableDontSyncWindows8AppSettings`|Configures the UE-V service to not synchronize any Windows apps for all users on the computer.|
-   </thead>
+   |`Set-UevConfiguration -CurrentComputerUser -EnableDontSyncWindows8AppSettings`|Configures the UE-V service to not synchronize any Windows apps for the current computer user.|
-   <tbody>
+   |`Set-UevConfiguration -Computer -EnableFirstUseNotification`|Configures the UE-V service to display notification the first time the service runs for all users on the computer.|
-   <tr class="odd">
+   |`Set-UevConfiguration -Computer -DisableFirstUseNotification`|Configures the UE-V service to not display notification the first time that the service runs for all users on the computer.|
-   <td align="left"><p><code>Enable-UEV</code></p>
+   |`Set-UevConfiguration -Computer -EnableSettingsImportNotify`|Configures the UE-V service to notify all users on the computer when settings synchronization is delayed.<p>Use the DisableSettingsImportNotify parameter to disable notification.|
-   <p></p></td>
+   |`Set-UevConfiguration -CurrentComputerUser -EnableSettingsImportNotify`|Configures the UE-V service to notify the current user when settings synchronization is delayed.<p>Use the DisableSettingsImportNotify parameter to disable notification.|
-   <td align="left"><p>Turns on the UE-V service. Requires reboot.</p></td>
+   |`Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps`|Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).<p>Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.|
-   </tr>
+   |`Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps`|Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).<p>Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.|
-   <tr class="even">
+   |`Set-UevConfiguration -Computer -DisableSync`|Disables UE-V for all the users on the computer.<p>Use the EnableSync parameter to enable or re-enable.|
-   <td align="left"><p><code>Disable-UEV</code></p></td>
+   |`Set-UevConfiguration -CurrentComputerUser -DisableSync`|Disables UE-V for the current user on the computer.<p>Use the EnableSync parameter to enable or re-enable.|
-   <td align="left"><p>Turns off the UE-V service. Requires reboot.</p></td>
+   |`Set-UevConfiguration -Computer -EnableTrayIcon`|Enables the UE-V icon in the notification area for all users of the computer.<p>Use the DisableTrayIcon parameter to disable the icon.|
-   </tr>
+   |`Set-UevConfiguration -Computer -MaxPackageSizeInBytes <size in bytes>`|Configures the UE-V service to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.|
-   <tr class="odd">
+   |`Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes <size in bytes>`|Configures the UE-V service to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.|
-   <td align="left"><p><code>Get-UevStatus</code></p></td>
+   |`Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds`|Specifies the time in seconds before the user is notified for all users of the computer|
-   <td align="left"><p>Displays whether UE-V service is enabled or disabled, using a Boolean value.</p></td>
+   |`Set-UevConfiguration -CurrentComputerUser -SettingsImportNotifyDelayInSeconds`|Specifies the time in seconds before notification for the current user is sent.|
-   </tr>
+   |`Set-UevConfiguration -Computer -SettingsStoragePath <path to _settings_storage_location>`|Defines a per-computer settings storage location for all users of the computer.|
-   <tr class="even">
+   |`Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath <path to _settings_storage_location>`|Defines a per-user settings storage location.|
-   <td align="left"><p><code>Get-UevConfiguration</code></p>
+   |`Set-UevConfiguration -Computer -SettingsTemplateCatalogPath <path to catalog>`|Sets the settings template catalog path for all users of the computer.|
-   <p></p></td>
+   |`Set-UevConfiguration -Computer -SyncMethod <sync method>`|Sets the synchronization method for all users of the computer: SyncProvider or None.|
-   <td align="left"><p>Gets the effective UE-V service settings. User-specific settings have precedence over the computer settings.</p></td>
+   |`Set-UevConfiguration -CurrentComputerUser  -SyncMethod <sync method>`|Sets the synchronization method for the current user: SyncProvider or None.|
-   </tr>
+   |`Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds <timeout in milliseconds>`|Sets the synchronization time-out in milliseconds for all users of the computer|
-   <tr class="odd">
+   |`Set-UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds <timeout in milliseconds>`|Set the synchronization time-out for the current user.|
-   <td align="left"><p><code>Get-UevConfiguration -CurrentComputerUser</code></p>
+   |`Clear-UevConfiguration -Computer -<setting name>`|Clears the specified setting for all users on the computer.|
-   <p></p></td>
+   |`Clear-UevConfiguration -CurrentComputerUser -<setting name>`|Clears the specified setting for the current user only.|
-   <td align="left"><p>Gets the UE-V service settings values for the current user only.</p></td>
+   |`Export-UevConfiguration <settings migration file>`|Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.<p>The `Export` cmdlet exports all UE-V service settings that are configurable with the Computer parameter.|
-   </tr>
+   |`Import-UevConfiguration <settings migration file>`|Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.|
   <tr class="even">
   <td align="left"><p><code>Get-UevConfiguration -Computer</code></p></td>
   <td align="left"><p>Gets the UE-V service configuration settings values for all users on the computer.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Get-UevConfiguration -Details</code></p></td>
   <td align="left"><p>Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -Computer -EnableDontSyncWindows8AppSettings</code></p></td>
   <td align="left"><p>Configures the UE-V service to not synchronize any Windows apps for all users on the computer.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -EnableDontSyncWindows8AppSettings</code></p></td>
   <td align="left"><p>Configures the UE-V service to not synchronize any Windows apps for the current computer user.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -Computer -EnableFirstUseNotification</code></p></td>
   <td align="left"><p>Configures the UE-V service to display notification the first time the service runs for all users on the computer.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -Computer -DisableFirstUseNotification</code></p></td>
   <td align="left"><p>Configures the UE-V service to not display notification the first time that the service runs for all users on the computer.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -Computer -EnableSettingsImportNotify</code></p></td>
   <td align="left"><p>Configures the UE-V service to notify all users on the computer when settings synchronization is delayed.</p>
   <p>Use the <em>DisableSettingsImportNotify</em> parameter to disable notification.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -EnableSettingsImportNotify</code></p></td>
   <td align="left"><p>Configures the UE-V service to notify the current user when settings synchronization is delayed.</p>
   <p>Use the <em>DisableSettingsImportNotify</em> parameter to disable notification.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps</code></p></td>
   <td align="left"><p>Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see &quot;Get-UevAppxPackage&quot; in <a href="uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md" data-raw-source="[Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md)">Managing UE-V Settings Location Templates Using Windows PowerShell and WMI</a>.</p>
   <p>Use the <em>DisableSyncUnlistedWindows8Apps</em> parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps</code></p></td>
   <td align="left"><p>Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see &quot;Get-UevAppxPackage&quot; in <a href="uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md" data-raw-source="[Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md)">Managing UE-V Settings Location Templates Using Windows PowerShell and WMI</a>.</p>
   <p>Use the <em>DisableSyncUnlistedWindows8Apps</em> parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -Computer -DisableSync</code></p></td>
   <td align="left"><p>Disables UE-V for all the users on the computer.</p>
   <p>Use the <em>EnableSync</em> parameter to enable or re-enable.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -DisableSync</code></p></td>
   <td align="left"><p>Disables UE-V for the current user on the computer.</p>
   <p>Use the <em>EnableSync</em> parameter to enable or re-enable.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -Computer -EnableTrayIcon</code></p></td>
   <td align="left"><p>Enables the UE-V icon in the notification area for all users of the computer.</p>
   <p>Use the <em>DisableTrayIcon</em> parameter to disable the icon.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -Computer -MaxPackageSizeInBytes &lt;size in bytes&gt;</code></p></td>
   <td align="left"><p>Configures the UE-V service to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes &lt;size in bytes&gt;</code></p></td>
   <td align="left"><p>Configures the UE-V service to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds</code></p></td>
   <td align="left"><p>Specifies the time in seconds before the user is notified for all users of the computer</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -SettingsImportNotifyDelayInSeconds</code></p></td>
   <td align="left"><p>Specifies the time in seconds before notification for the current user is sent.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -Computer -SettingsStoragePath &lt;path to _settings_storage_location&gt;</code></p></td>
   <td align="left"><p>Defines a per-computer settings storage location for all users of the computer.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath &lt;path to _settings_storage_location&gt;</code></p></td>
   <td align="left"><p>Defines a per-user settings storage location.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -Computer -SettingsTemplateCatalogPath &lt;path to catalog&gt;</code></p></td>
   <td align="left"><p>Sets the settings template catalog path for all users of the computer.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -Computer -SyncMethod &lt;sync method&gt;</code></p></td>
   <td align="left"><p>Sets the synchronization method for all users of the computer: SyncProvider or None.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser  -SyncMethod &lt;sync method&gt;</code></p></td>
   <td align="left"><p>Sets the synchronization method for the current user: SyncProvider or None.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds &lt;timeout in milliseconds&gt;</code></p></td>
   <td align="left"><p>Sets the synchronization time-out in milliseconds for all users of the computer</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds &lt;timeout in milliseconds&gt;</code></p></td>
   <td align="left"><p>Set the synchronization time-out for the current user.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Clear-UevConfiguration -Computer -&lt;setting name&gt;</code></p></td>
   <td align="left"><p>Clears the specified setting for all users on the computer.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Clear-UevConfiguration -CurrentComputerUser -&lt;setting name&gt;</code></p></td>
   <td align="left"><p>Clears the specified setting for the current user only.</p></td>
   </tr>
   <tr class="even">
   <td align="left"><p><code>Export-UevConfiguration &lt;settings migration file&gt;</code></p></td>
   <td align="left"><p>Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.</p>
   <p>The <code>Export</code> cmdlet exports all UE-V service settings that are configurable with the <em>Computer</em> parameter.</p></td>
   </tr>
   <tr class="odd">
   <td align="left"><p><code>Import-UevConfiguration &lt;settings migration file&gt;</code></p></td>
   <td align="left"><p>Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.</p></td>
   </tr>
   </tbody>
   </table>
 ## To export UE-V package settings and repair UE-V templates with Windows PowerShell
@ -196,26 +72,10 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
 2.  Use the following Windows PowerShell commands to configure the service.
-    <table>
+    |Windows PowerShell command|Description|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |`Export-UevPackage MicrosoftNotepad.pkgx`|Extracts the settings from a Microsoft Notepad package file and converts them into a human-readable format in XML.|
-    <col width="50%" />
+    |`Repair-UevTemplateIndex`|Repairs the index of the UE-V settings location templates.|
    </colgroup>
    <tbody>
    <tr class="odd">
    <td align="left"><p><strong>Windows PowerShell command</strong></p></td>
    <td align="left"><p><strong>Description</strong></p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Export-UevPackage MicrosoftNotepad.pkgx</code></p></td>
    <td align="left"><p>Extracts the settings from a Microsoft Notepad package file and converts them into a human-readable format in XML.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Repair-UevTemplateIndex</code></p></td>
    <td align="left"><p>Repairs the index of the UE-V settings location templates.</p></td>
    </tr>
    </tbody>
    </table>
 ## To configure the UE-V service with WMI
@ -225,91 +85,21 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
 2.  Use the following WMI commands to configure the service.
-    <table>
+    |`Windows PowerShell command`|Description|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |`Get-WmiObject -Namespace root\Microsoft\UEV Configuration`|Displays the active UE-V service settings. User-specific settings have precedence over the computer settings.|
-    <col width="50%" />
+    |`Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration`|Displays the UE-V service configuration that is defined for a user.|
-    </colgroup>
+    |`Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`|Displays the UE-V service configuration that is defined for a computer.|
-    <thead>
+    |`Get-WmiObject -Namespace root\Microsoft\Uev ConfigurationItem`|Displays the details for each configuration item.|
-    <tr class="header">
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`<p>`$config.SettingsStoragePath = <path_to_settings_storage_location>`<p>`$config.Put()`|Defines a per-computer settings storage location.|
-    <th align="left"><code>Windows PowerShell command</code></th>
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration`<p>`$config.SettingsStoragePath = <path_to_settings_storage_location>`<p>`$config.Put()`|Defines a per-user settings storage location.|
-    <th align="left">Description</th>
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`<p>`$config.SyncTimeoutInMilliseconds = <timeout_in_milliseconds>`<p>`$config.Put()`|Sets the synchronization time-out in milliseconds for all users of the computer.|
-    </tr>
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`<p>`$config.MaxPackageSizeInBytes = <size_in_bytes>`<p>`$config.Put()`|Configures the UE-V service to report when a settings package file size reaches a defined threshold. Set the threshold package file size in bytes for all users of the computer.|
-    </thead>
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`<p>`$config.SyncMethod = <sync_method>`<p>`$config.Put()`|Sets the synchronization method for all users of the computer: SyncProvider or None.|
-    <tbody>
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`<p>`$config.<setting name> = $true`<p>`$config.Put()`|To enable a specific per-computer setting, clear the setting, and use $null as the setting value. Use UserConfiguration for per-user settings.|
-    <tr class="odd">
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`<p>`$config.<setting name> = $false`<p>`$config.Put()`|To disable a specific per-computer setting, clear the setting, and use $null as the setting value. Use User Configuration for per-user settings.|
-    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV Configuration</code></p>
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`<p>`$config.<setting name> = <setting value>`<p>`$config.Put()`|Updates a specific per-computer setting. To clear the setting, use $null as the setting value.|
-    <p></p></td>
+    |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`<p>`$config.<setting name> = <setting value>`<p>`$config.Put()`|Updates a specific per-user setting for all users of the computer. To clear the setting, use $null as the setting value.|
    <td align="left"><p>Displays the active UE-V service settings. User-specific settings have precedence over the computer settings.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration</code></p></td>
    <td align="left"><p>Displays the UE-V service configuration that is defined for a user.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p></td>
    <td align="left"><p>Displays the UE-V service configuration that is defined for a computer.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\Uev ConfigurationItem</code></p></td>
    <td align="left"><p>Displays the details for each configuration item.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
    <p><code>$config.SettingsStoragePath = &lt;path_to_settings_storage_location&gt;</code></p>
    <p>$config.Put()</p></td>
    <td align="left"><p>Defines a per-computer settings storage location.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration</code></p>
    <p><code>$config.SettingsStoragePath = &lt;path_to_settings_storage_location&gt;</code></p>
    <p><code>$config.Put()</code></p></td>
    <td align="left"><p>Defines a per-user settings storage location.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
    <p><code>$config.SyncTimeoutInMilliseconds = &lt;timeout_in_milliseconds&gt;</code></p>
    <p><code>$config.Put()</code></p></td>
    <td align="left"><p>Sets the synchronization time-out in milliseconds for all users of the computer.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
    <p><code>$config.MaxPackageSizeInBytes = &lt;size_in_bytes&gt;</code></p>
    <p><code>$config.Put()</code></p></td>
    <td align="left"><p>Configures the UE-V service to report when a settings package file size reaches a defined threshold. Set the threshold package file size in bytes for all users of the computer.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
    <p><code>$config.SyncMethod = &lt;sync_method&gt;</code></p>
    <p><code>$config.Put()</code></p></td>
    <td align="left"><p>Sets the synchronization method for all users of the computer: SyncProvider or None.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
    <p><code>$config.&lt;setting name&gt; = $true</code></p>
    <p><code>$config.Put()</code></p></td>
    <td align="left"><p>To enable a specific per-computer setting, clear the setting, and use <em>$null</em> as the setting value. Use UserConfiguration for per-user settings.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
    <p><code>$config.&lt;setting name&gt; = $false</code></p>
    <p><code>$config.Put()</code></p></td>
    <td align="left"><p>To disable a specific per-computer setting, clear the setting, and use <em>$null</em> as the setting value. Use User Configuration for per-user settings.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
    <p><code>$config.&lt;setting name&gt; = &lt;setting value&gt;</code></p>
    <p><code>$config.Put()</code></p></td>
    <td align="left"><p>Updates a specific per-computer setting. To clear the setting, use <em>$null</em> as the setting value.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
    <p><code></code>$config.&lt;setting name&gt; = &lt;setting value&gt;</p>
    <p><code>$config.Put()</code></p></td>
    <td align="left"><p>Updates a specific per-user setting for all users of the computer. To clear the setting, use <em>$null</em> as the setting value.</p></td>
    </tr>
    </tbody>
    </table>
 When you are finished configuring the UE-V service with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations.
@ -323,33 +113,10 @@ When you are finished configuring the UE-V service with WMI and Windows PowerShe
 2.  Use the following WMI commands.
-    <table>
+    |WMI command|Description|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name ExportPackage -ArgumentList <package name>`|Extracts the settings from a package file and converts them into a human-readable format in XML.|
-    <col width="50%" />
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name RebuildIndex`|Repairs the index of the UE-V settings location templates. Must be run as administrator.|
    </colgroup>
    <thead>
    <tr class="header">
    <th align="left">WMI command</th>
    <th align="left">Description</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name ExportPackage -ArgumentList &lt;package name&gt;</code></p></td>
    <td align="left"><p>Extracts the settings from a package file and converts them into a human-readable format in XML.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name RebuildIndex</code></p></td>
    <td align="left"><p>Repairs the index of the UE-V settings location templates. Must be run as administrator.</p></td>
    </tr>
    </tbody>
    </table>
 ## Related topics
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@ -24,8 +24,8 @@ This topic contains a brief overview of accounts and groups, log files, and othe
 ## Security considerations for UE-V configuration
-**Important**
+> [!IMPORTANT]
-When you create the settings storage share, limit the share access to users who require access.
+> When you create the settings storage share, limit the share access to users who require access.
 Because settings packages might contain personal information, you should take care to protect them as well as possible. In general, do the following:
@ -37,137 +37,36 @@ Because settings packages might contain personal information, you should take ca
 1.  Set the following share-level SMB permissions for the setting storage location folder.
-    <table>
+    |User account|Recommended permissions|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |Everyone|No permissions|
-    <col width="50%" />
+    |Security group of UE-V|Full control|
    </colgroup>
    <thead>
    <tr class="header">
    <th align="left">User account</th>
    <th align="left">Recommended permissions</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p>Everyone</p></td>
    <td align="left"><p>No permissions</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Security group of UE-V</p></td>
    <td align="left"><p>Full control</p></td>
    </tr>
    </tbody>
    </table>
 2.  Set the following NTFS file system permissions for the settings storage location folder.
-    <table>
+    |User account|Recommended permissions|Folder|
-    <colgroup>
+    |--- |--- |--- |
-    <col width="33%" />
+    |Creator/Owner|No permissions|No permissions|
-    <col width="33%" />
+    |Domain Admins|Full control|This folder, subfolders, and files|
-    <col width="33%" />
+    |Security group of UE-V users|List folder/read data, create folders/append data|This folder only|
-    </colgroup>
+    |Everyone|Remove all permissions|No permissions|
    <thead>
    <tr class="header">
    <th align="left">User account</th>
    <th align="left">Recommended permissions</th>
    <th align="left">Folder</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p>Creator/Owner</p></td>
    <td align="left"><p>No permissions</p></td>
    <td align="left"><p>No permissions</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Domain Admins</p></td>
    <td align="left"><p>Full control</p></td>
    <td align="left"><p>This folder, subfolders, and files</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p>Security group of UE-V users</p></td>
    <td align="left"><p>List folder/read data, create folders/append data</p></td>
    <td align="left"><p>This folder only</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Everyone</p></td>
    <td align="left"><p>Remove all permissions</p></td>
    <td align="left"><p>No permissions</p></td>
    </tr>
    </tbody>
    </table>
 3.  Set the following share-level SMB permissions for the settings template catalog folder.
-    <table>
+    |User account|Recommend permissions|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |Everyone|No permissions|
-    <col width="50%" />
+    |Domain computers|Read permission Levels|
-    </colgroup>
+    |Administrators|Read/write permission levels|
    <thead>
    <tr class="header">
    <th align="left">User account</th>
    <th align="left">Recommend permissions</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p>Everyone</p></td>
    <td align="left"><p>No permissions</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Domain computers</p></td>
    <td align="left"><p>Read permission Levels</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p>Administrators</p></td>
    <td align="left"><p>Read/write permission levels</p></td>
    </tr>
    </tbody>
    </table>
 4.  Set the following NTFS permissions for the settings template catalog folder.
-    <table>
+    |User account|Recommended permissions|Apply to|
-    <colgroup>
+    |--- |--- |--- |
-    <col width="33%" />
+    |Creator/Owner|Full control|This folder, sub-folders, and files|
-    <col width="33%" />
+    |Domain Computers|List folder contents and Read permissions|This folder, sub-folders, and files|
-    <col width="33%" />
+    |Everyone|No permissions|No permissions|
-    </colgroup>
+    |Administrators|Full Control|This folder, sub-folders, and files|
    <thead>
    <tr class="header">
    <th align="left">User account</th>
    <th align="left">Recommended permissions</th>
    <th align="left">Apply to</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p>Creator/Owner</p></td>
    <td align="left"><p>Full control</p></td>
    <td align="left"><p>This folder, subfolders, and files</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Domain Computers</p></td>
    <td align="left"><p>List folder contents and Read permissions</p></td>
    <td align="left"><p>This folder, subfolders, and files</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p>Everyone</p></td>
    <td align="left"><p>No permissions</p></td>
    <td align="left"><p>No permissions</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p>Administrators</p></td>
    <td align="left"><p>Full Control</p></td>
    <td align="left"><p>This folder, subfolders, and files</p></td>
    </tr>
    </tbody>
    </table>
 ### Use Windows Server as of Windows Server 2003 to host redirected file shares
@ -205,7 +104,8 @@ To ensure that UE-V works optimally, create only the root share on the server, a
 This permission configuration enables users to create folders for settings storage. The UE-V service creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users do not inherit access to this folder. You do not have to create and secure individual user directories. The UE-V service that runs in the context of the user does it automatically.
-> **Note**&nbsp;&nbsp;Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
+> [!NOTE]
 > Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
 1.  Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
@ -234,11 +134,6 @@ If you plan to share settings location templates with anyone outside your organi
 To remove the template author name or template author email, you can use the UE-V generator application. From the generator, select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template.
 ## Related topics
 [Technical Reference for UE-V](uev-technical-reference.md)
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@ -22,96 +22,18 @@ User Experience Virtualization (UE-V) lets you synchronize your application and
 ## UE-V Sync Trigger Events
 The following table explains the trigger events for classic applications and Windows settings.
-<table>
+|UE-V Trigger Event|SyncMethod=SyncProvider|SyncMethod=None|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|**Windows Logon**|<li>Application and Windows settings are imported to the local cache from the settings storage location.<li>[Asynchronous Windows settings](uev-prepare-for-deployment.md#windows-settings-synchronized-by-default) are applied.<li>Synchronous Windows settings will be applied during the next Windows logon.<li>Application settings will be applied when the application starts.|<li>Application and Windows settings are read directly from the settings storage location.<li>Asynchronous and synchronous Windows settings are applied.<li>Application settings will be applied when the application starts.|
-<col width="33%" />
+|**Windows Logoff**|Store changes locally and cache and copy asynchronous and synchronous Windows settings to the settings storage location server, if available|Store changes to asynchronous and synchronous Windows settings storage location|
-<col width="33%" />
+|**Windows Connect (RDP) / Unlock**|Synchronize any asynchronous Windows settings from settings storage location to local cache, if available.<p>Apply cached Windows settings|Download and apply asynchronous windows settings from settings storage location|
-</colgroup>
+|**Windows Disconnect (RDP) / Lock**|Store asynchronous Windows settings changes to the local cache.<p>Synchronize any asynchronous Windows settings from the local cache to settings storage location, if available|Store asynchronous Windows settings changes to the settings storage location|
-<tbody>
+|**Application start**|Apply application settings from local cache as the application starts|Apply application settings from settings storage location as the application starts|
-<tr class="odd">
+|**Application closes**|Store any application settings changes to the local cache and copy settings to settings storage location, if available|Store any application settings changes to settings storage location|
-<td align="left"><p><strong>UE-V Trigger Event</strong></p></td>
+|**Sync Controller Scheduled Task**|Application and Windows settings are synchronized between the settings storage location and the local cache.<br><div class="alert">**Note** Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.<p>For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous).</div><p>Settings are applied in these cases:<li>Asynchronous Windows settings are applied directly.<li>Application settings are applied when the application starts.<li>Both asynchronous and synchronous Windows settings are applied during the next Windows logon.<li>Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](uev-changing-the-frequency-of-scheduled-tasks.md#monitor-application-settings) for more information.|NA|
-<td align="left"><p><strong>SyncMethod=SyncProvider</strong></p></td>
+|**Asynchronous Settings updated on remote store***|Load and apply new asynchronous settings from the cache.|Load and apply settings from central server|
 <td align="left"><p><strong>SyncMethod=None</strong></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Windows Logon</strong></p></td>
 <td align="left"><ul>
 <li><p>Application and Windows settings are imported to the local cache from the settings storage location.</p></li>
 <li><p><a href="uev-prepare-for-deployment.md#windows-settings-synchronized-by-default" data-raw-source="[Asynchronous Windows settings](uev-prepare-for-deployment.md#windows-settings-synchronized-by-default)">Asynchronous Windows settings</a> are applied.</p></li>
 <li><p>Synchronous Windows settings will be applied during the next Windows logon.</p></li>
 <li><p>Application settings will be applied when the application starts.</p></li>
 </ul></td>
 <td align="left"><ul>
 <li><p>Application and Windows settings are read directly from the settings storage location.</p></li>
 <li><p>Asynchronous and synchronous Windows settings are applied.</p></li>
 <li><p>Application settings will be applied when the application starts.</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Windows Logoff</strong></p></td>
 <td align="left"><p>Store changes locally and cache and copy asynchronous and synchronous Windows settings to the settings storage location server, if available</p></td>
 <td align="left"><p>Store changes to asynchronous and synchronous Windows settings storage location</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Windows Connect (RDP) / Unlock</strong></p></td>
 <td align="left"><p>Synchronize any asynchronous Windows settings from settings storage location to local cache, if available.</p>
 <p>Apply cached Windows settings</p></td>
 <td align="left"><p>Download and apply asynchronous windows settings from settings storage location</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Windows Disconnect (RDP) / Lock</strong></p></td>
 <td align="left"><p>Store asynchronous Windows settings changes to the local cache.</p>
 <p>Synchronize any asynchronous Windows settings from the local cache to settings storage location, if available</p></td>
 <td align="left"><p>Store asynchronous Windows settings changes to the settings storage location</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Application start</strong></p></td>
 <td align="left"><p>Apply application settings from local cache as the application starts</p></td>
 <td align="left"><p>Apply application settings from settings storage location as the application starts</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Application closes</strong></p></td>
 <td align="left"><p>Store any application settings changes to the local cache and copy settings to settings storage location, if available</p></td>
 <td align="left"><p>Store any application settings changes to settings storage location</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Sync Controller Scheduled Task</strong></p>
 <p></p></td>
 <td align="left"><p>Application and Windows settings are synchronized between the settings storage location and the local cache.</p>
 <div class="alert">
 <strong>Note</strong><br/><p>Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.</p>
 <p>For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous).</p>
 </div>
 <div>
 </div>
 <p>Settings are applied in these cases:</p>
 <ul>
 <li><p>Asynchronous Windows settings are applied directly.</p></li>
 <li><p>Application settings are applied when the application starts.</p></li>
 <li><p>Both asynchronous and synchronous Windows settings are applied during the next Windows logon.</p></li>
 <li><p>Windows app (AppX) settings are applied during the next refresh. See <a href="uev-changing-the-frequency-of-scheduled-tasks.md#monitor-application-settings" data-raw-source="[Monitor Application Settings](uev-changing-the-frequency-of-scheduled-tasks.md#monitor-application-settings)">Monitor Application Settings</a> for more information.</p></li>
 </ul></td>
 <td align="left"><p>NA</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Asynchronous Settings updated on remote store*</strong></p></td>
 <td align="left"><p>Load and apply new asynchronous settings from the cache.</p></td>
 <td align="left"><p>Load and apply settings from central server</p></td>
 </tr>
 </tbody>
 </table>
 ## Related topics
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@ -37,92 +37,15 @@ Review the following tables for details about Office support in UE-V:
 ### Supported UE-V templates for Microsoft Office
-<table>
+|Office 2016 templates (UE-V for Windows 10 and Windows 10, version 1607, available in UE-V gallery)|Office 2013 templates (UE-V for Windows 10 and UE-V 2.x, available on UE-V gallery)|Office 2010 templates (UE-V 1.0 and 1.0 SP1)|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|MicrosoftOffice2016Win32.xml<p>MicrosoftOffice2016Win64.xml<p>MicrosoftSkypeForBusiness2016Win32.xml<p>MicrosoftSkypeForBusiness2016Win64.xml|MicrosoftOffice2013Win32.xml<p>MicrosoftOffice2013Win64.xml<p>MicrosoftLync2013Win32.xml<p>MicrosoftLync2013Win64.xml|MicrosoftOffice2010Win32.xml<p>MicrosoftOffice2010Win64.xml<p>MicrosoftLync2010.xml|
 <col width="33%" />
 <col width="33%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Office 2016 templates (UE-V for Windows 10 and Windows 10, version 1607, available in UE-V gallery)</th>
 <th align="left">Office 2013 templates (UE-V for Windows 10 and UE-V 2.x, available on UE-V gallery)</th>
 <th align="left">Office 2010 templates (UE-V 1.0 and 1.0 SP1)</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>MicrosoftOffice2016Win32.xml</p>
 <p>MicrosoftOffice2016Win64.xml</p>
 <p>MicrosoftSkypeForBusiness2016Win32.xml</p>
 <p>MicrosoftSkypeForBusiness2016Win64.xml</p></td>
 <td align="left"><p>MicrosoftOffice2013Win32.xml</p>
 <p>MicrosoftOffice2013Win64.xml</p>
 <p>MicrosoftLync2013Win32.xml</p>
 <p>MicrosoftLync2013Win64.xml</p></td>
 <td align="left"><p>MicrosoftOffice2010Win32.xml</p>
 <p>MicrosoftOffice2010Win64.xml</p>
 <p>MicrosoftLync2010.xml</p>
 <p></p></td>
 </tr>
 </tbody>
 </table>
 ### Microsoft Office Applications supported by the UE-V templates
-<table>
+|2016|2013|2010|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|Microsoft Access 2016<p>Microsoft Lync 2016<p>Microsoft Excel 2016<p>Microsoft OneNote 2016<p>Microsoft Outlook 2016<p>Microsoft PowerPoint 2016<p>Microsoft Project 2016<p>Microsoft Publisher 2016<p>Microsoft SharePoint Designer 2013 (not updated for 2016)<p>Microsoft Visio 2016<p>Microsoft Word 2016<p>Microsoft Office Upload Manager|Microsoft Access 2013<p>Microsoft Lync 2013<p>Microsoft Excel 2013<p>Microsoft InfoPath 2013<p>Microsoft OneNote 2013<p>Microsoft Outlook 2013<p>Microsoft PowerPoint 2013<p>Microsoft Project 2013<p>Microsoft Publisher 2013<p>Microsoft SharePoint Designer 2013<p>Microsoft Visio 2013<p>Microsoft Word 2013<p>Microsoft Office Upload Manager|Microsoft Access 2010<p>Microsoft Lync 2010<p>Microsoft Excel 2010<p>Microsoft InfoPath 2010<p>Microsoft OneNote 2010<p>Microsoft Outlook 2010<p>Microsoft PowerPoint 2010<p>Microsoft Project 2010<p>Microsoft Publisher 2010<p>Microsoft SharePoint Designer 2010<p>Microsoft Visio 2010<p>Microsoft Word 2010|
 <col width="33%" />
 <col width="33%" />
 </colgroup>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Microsoft Access 2016</p>
 <p>Microsoft Lync 2016</p>
 <p>Microsoft Excel 2016</p>
 <p>Microsoft OneNote 2016</p>
 <p>Microsoft Outlook 2016</p>
 <p>Microsoft PowerPoint 2016</p>
 <p>Microsoft Project 2016</p>
 <p>Microsoft Publisher 2016</p>
 <p>Microsoft SharePoint Designer 2013 (not updated for 2016)</p>
 <p>Microsoft Visio 2016</p>
 <p>Microsoft Word 2016</p>
 <p>Microsoft Office Upload Manager</p></td>
 <td align="left"><p>Microsoft Access 2013</p>
 <p>Microsoft Lync 2013</p>
 <p>Microsoft Excel 2013</p>
 <p>Microsoft InfoPath 2013</p>
 <p>Microsoft OneNote 2013</p>
 <p>Microsoft Outlook 2013</p>
 <p>Microsoft PowerPoint 2013</p>
 <p>Microsoft Project 2013</p>
 <p>Microsoft Publisher 2013</p>
 <p>Microsoft SharePoint Designer 2013</p>
 <p>Microsoft Visio 2013</p>
 <p>Microsoft Word 2013</p>
 <p>Microsoft Office Upload Manager</p></td>
 <td align="left"><p>Microsoft Access 2010</p>
 <p>Microsoft Lync 2010</p>
 <p>Microsoft Excel 2010</p>
 <p>Microsoft InfoPath 2010</p>
 <p>Microsoft OneNote 2010</p>
 <p>Microsoft Outlook 2010</p>
 <p>Microsoft PowerPoint 2010</p>
 <p>Microsoft Project 2010</p>
 <p>Microsoft Publisher 2010</p>
 <p>Microsoft SharePoint Designer 2010</p>
 <p>Microsoft Visio 2010</p>
 <p>Microsoft Word 2010</p>
 <p></p></td>
 </tr>
 </tbody>
 </table>
 ## Deploying Office templates
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@ -25,8 +25,9 @@ ms.collection: highpri
 **MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option.
->MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
+MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
->The tool is available in both the full OS environment and Windows PE. To use this tool in a deployment task sequence with Configuration Manager or Microsoft Deployment Toolkit (MDT), you must first update the Windows PE image (winpe.wim, boot.wim) with the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1703, or a later version.
+
 The tool is available in both the full OS environment and Windows PE. To use this tool in a deployment task sequence with Configuration Manager or Microsoft Deployment Toolkit (MDT), you must first update the Windows PE image (winpe.wim, boot.wim) with the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1703, or a later version.
 See the following video for a detailed description and demonstration of MBR2GPT.
@ -41,8 +42,10 @@ You can use MBR2GPT to:
 Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 are not officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.
->[!IMPORTANT]
+> [!IMPORTANT]
->After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode. <BR>Make sure that your device supports UEFI before attempting to convert the disk.
+> After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.
 >
 > Make sure that your device supports UEFI before attempting to convert the disk.
 ## Disk Prerequisites
@ -62,9 +65,7 @@ If any of these checks fails, the conversion will not proceed and an error will
 ## Syntax
-<table>
+`MBR2GPT /validate|convert [/disk:<diskNumber>] [/logs:<logDirectory>] [/map:<source>=<destination>] [/allowFullOS]`
 <TR><TD>MBR2GPT /validate|convert [/disk:&lt;diskNumber>] [/logs:&lt;logDirectory>] [/map:&lt;source>=&lt;destination>] [/allowFullOS]
 </TABLE>
 ### Options
@ -83,7 +84,7 @@ If any of these checks fails, the conversion will not proceed and an error will
 In the following example, disk 0 is validated for conversion. Errors and warnings are logged to the default location, **%windir%**.
-```
+```console
 X:\>mbr2gpt /validate /disk:0
 MBR2GPT: Attempting to validate disk 0
 MBR2GPT: Retrieving layout of disk
@ -102,9 +103,9 @@ In the following example:
 4. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3).
 5. The OS volume is selected again, and detail displays that it has been converted to the [GPT partition type](/windows/win32/api/winioctl/ns-winioctl-partition_information_gpt) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type.
->As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition will boot properly.
+As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition will boot properly.
-```
+```console
 X:\>DiskPart
 Microsoft DiskPart version 10.0.15048.0
@ -240,11 +241,12 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr
 For Windows to remain bootable after the conversion, an EFI system partition (ESP) must be in place. MBR2GPT creates the ESP using the following rules:
-1. The existing MBR system partition is reused if it meets these requirements:<br>
+1. The existing MBR system partition is reused if it meets these requirements:
-  a. It is not also the OS or Windows Recovery Environment partition.<br>
+   1. It is not also the OS or Windows Recovery Environment partition.
-  b. It is at least 100MB (or 260MB for 4K sector size disks) in size.<br>
+   1. It is at least 100MB (or 260MB for 4K sector size disks) in size.
-  c. It is less than or equal to 1GB in size. This is a safety precaution to ensure it is not a data partition.<br>
+   1. It is less than or equal to 1GB in size. This is a safety precaution to ensure it is not a data partition.
-  d. The conversion is not being performed from the full OS. In this case, the existing MBR system partition is in use and cannot be repurposed.
+   1. The conversion is not being performed from the full OS. In this case, the existing MBR system partition is in use and cannot be repurposed.
 2. If the existing MBR system partition cannot be reused, a new ESP is created by shrinking the OS partition. This new partition has a size of 100MB (or 260MB for 4K sector size disks) and is formatted FAT32.
 If the existing MBR system partition is not reused for the ESP, it is no longer used by the boot process after the conversion. Other partitions are not modified.
@ -272,7 +274,10 @@ For more information about partition types, see:
 ### Persisting drive letter assignments
-The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. **Important**: this code runs after the layout conversion has taken place, so the operation cannot be undone at this stage.
+The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. 
 > [!IMPORTANT]
 > This code runs after the layout conversion has taken place, so the operation cannot be undone at this stage.
 The conversion tool will obtain volume unique ID data before and after the layout conversion, organizing this information into a lookup table. It will then iterate through all the entries in **HKLM\SYSTEM\MountedDevices**, and for each entry do the following:
@ -293,7 +298,10 @@ Four log files are created by the MBR2GPT tool:
 - setupact.log
 - setuperr.log
-These files contain errors and warnings encountered during disk validation and conversion. Information in these files can be helpful in diagnosing problems with the tool. The setupact.log and setuperr.log files will have the most detailed information about disk layouts, processes, and other information pertaining to disk validation and conversion. Note: The setupact*.log files are different than the Windows Setup files that are found in the %Windir%\Panther directory.
+These files contain errors and warnings encountered during disk validation and conversion. Information in these files can be helpful in diagnosing problems with the tool. The setupact.log and setuperr.log files will have the most detailed information about disk layouts, processes, and other information pertaining to disk validation and conversion. 
 > [!NOTE]
 > The setupact*.log files are different than the Windows Setup files that are found in the %Windir%\Panther directory.
 The default location for all these log files in Windows PE is **%windir%**.
@ -303,8 +311,7 @@ To view a list of options available when using the tool, type **mbr2gpt /?**
 The following text is displayed:
-```
+```console
 C:\> mbr2gpt /?
 Converts a disk from MBR to GPT partitioning without modifying or deleting data on the disk.
@ -365,7 +372,7 @@ MBR2GPT has the following associated return codes:
 You can type the following command at a Windows PowerShell prompt to display the disk number and partition type. Example output is also shown:
-```
+```powershell
 PS C:\> Get-Disk | ft -Auto
 Number Friendly Name      Serial Number        HealthStatus OperationalStatus Total Size Partition Style
@ -376,12 +383,12 @@ Number Friendly Name      Serial Number        HealthStatus OperationalStatus To
 You can also view the partition type of a disk by opening the Disk Management tool, right-clicking the disk number, clicking **Properties**, and then clicking the **Volumes** tab. See the following example:
-![Volumes.](images/mbr2gpt-volume.png)
+:::image type="content" alt-text="Volumes." source="images/mbr2gpt-volume.png":::
 If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example:
-```
+```console
 X:\>DiskPart
 Microsoft DiskPart version 10.0.15048.0
@ -430,9 +437,11 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
    > You can access the ReAgent files if you have installed the User State Migration Tool (USMT) as a feature while installing Windows Assessment and Deployment Kit.
    **Command 1:**
-   ```cmd
+  
    ```console
    copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32"
    ```
    This command copies three files:
    * ReAgent.admx
@ -440,10 +449,13 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
    * ReAgent.xml
    **Command 2:**
-   ```cmd
+  
    ```console
    copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgent*.*" "C:\WinPE_Mount\Windows\System32\En-Us"
    ```
    This command copies two files:
    * ReAgent.adml
    * ReAgent.dll.mui
--- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
+++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
@ -37,65 +37,14 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can apply f
 3.  On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands.
-    <table>
+    |Options menu command|Description|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |**Filter Noise**|Filters noise from the issues.<p>This command is selected by default.|
-    <col width="50%" />
+    |**Load Noise Filter File**|Opens the **Open Noise Filter File** dialog box, in which you can load an existing noise filter (.xml) file.|
-    </colgroup>
+    |**Export Noise Filter File**|Opens the **Save Noise Filter File** dialog box, in which you can save filter settings as a noise filter (.xml) file.|
-    <thead>
+    |**Only Display Records with Application Name in StackTrace**|Filters out records that do not have the application name in the stack trace. <p>However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.|
-    <tr class="header">
+    |**Show More Details in StackTrace**|Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.|
-    <th align="left">Options menu command</th>
+    |**Warn Before Deleting AppVerifier Logs**|Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.<p>This command is selected by default.|
-    <th align="left">Description</th>
+    |**Logging**|Provides the following logging-related options:<ul><li>Show or hide log errors.<li>Show or hide log warnings.<li>Show or hide log information.</ul><p>To maintain a manageable file size, we recommend that you do not select the option to show informational messages.|
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p><strong>Filter Noise</strong></p></td>
    <td align="left"><p>Filters noise from the issues.</p>
    <p>This command is selected by default.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>Load Noise Filter File</strong></p></td>
    <td align="left"><p>Opens the <strong>Open Noise Filter File</strong> dialog box, in which you can load an existing noise filter (.xml) file.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>Export Noise Filter File</strong></p></td>
    <td align="left"><p>Opens the <strong>Save Noise Filter File</strong> dialog box, in which you can save filter settings as a noise filter (.xml) file.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>Only Display Records with Application Name in StackTrace</strong></p></td>
    <td align="left"><p>Filters out records that do not have the application name in the stack trace.</p>
    <p>However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>Show More Details in StackTrace</strong></p></td>
    <td align="left"><p>Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>Warn Before Deleting AppVerifier Logs</strong></p></td>
    <td align="left"><p>Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.</p>
    <p>This command is selected by default.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>Logging</strong></p></td>
    <td align="left"><p>Provides the following logging-related options:</p>
    <ul>
    <li><p>Show or hide log errors.</p></li>
    <li><p>Show or hide log warnings.</p></li>
    <li><p>Show or hide log information.</p></li>
    </ul>
    <p>To maintain a manageable file size, we recommend that you do not select the option to show informational messages.</p></td>
    </tr>
    </tbody>
    </table>
--- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
+++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
@ -45,195 +45,41 @@ Customized-compatibility databases in Compatibility Administrator contain the fo
 The following table shows the attributes you can use for querying your customized-compatibility databases in Compatibility Administrator.
-<table>
+|Attribute|Description|Data type|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|APP_NAME|Name of the application.|String|
-<col width="33%" />
+|DATABASE_GUID|Unique ID for your compatibility database.|String|
-<col width="33%" />
+|DATABASE_INSTALLED|Specifies if you have installed the database.|Boolean|
-</colgroup>
+|DATABASE_NAME|Descriptive name of your database.|String|
-<thead>
+|DATABASE_PATH|Location of the database on your computer.|String|
-<tr class="header">
+|FIX_COUNT|Number of compatibility fixes applied to a specific application.|Integer|
-<th align="left">Attribute</th>
+|FIX_NAME|Name of your compatibility fix.|String|
-<th align="left">Description</th>
+|MATCH_COUNT|Number of matching files for a specific, fixed application.|Integer|
-<th align="left">Data type</th>
+|MATCHFILE_NAME|Name of a matching file used to identify a specific, fixed application.|String|
-</tr>
+|MODE_COUNT|Number of compatibility modes applied to a specific, fixed application.|Integer|
-</thead>
+|MODE_NAME|Name of your compatibility mode.|String|
-<tbody>
+|PROGRAM_APPHELPTYPE|Type of AppHelp message applied to an entry. The value can be 1 or 2, where 1 enables the program to run and 2 blocks the program.|Integer|
-<tr class="odd">
+|PROGRAM_DISABLED|Specifies if you disabled the compatibility fix for an application. If True, Compatibility Administrator does not apply the fixes to the application.|Boolean|
-<td align="left"><p>APP_NAME</p></td>
+|PROGRAM_GUID|Unique ID for an application.|String|
-<td align="left"><p>Name of the application.</p></td>
+|PROGRAM_NAME|Name of the application that you are fixing.|String|
 <td align="left"><p>String</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>DATABASE_GUID</p></td>
 <td align="left"><p>Unique ID for your compatibility database.</p></td>
 <td align="left"><p>String</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>DATABASE_INSTALLED</p></td>
 <td align="left"><p>Specifies if you have installed the database.</p></td>
 <td align="left"><p>Boolean</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>DATABASE_NAME</p></td>
 <td align="left"><p>Descriptive name of your database.</p></td>
 <td align="left"><p>String</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>DATABASE_PATH</p></td>
 <td align="left"><p>Location of the database on your computer.</p></td>
 <td align="left"><p>String</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>FIX_COUNT</p></td>
 <td align="left"><p>Number of compatibility fixes applied to a specific application.</p></td>
 <td align="left"><p>Integer</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>FIX_NAME</p></td>
 <td align="left"><p>Name of your compatibility fix.</p></td>
 <td align="left"><p>String</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>MATCH_COUNT</p></td>
 <td align="left"><p>Number of matching files for a specific, fixed application.</p></td>
 <td align="left"><p>Integer</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>MATCHFILE_NAME</p></td>
 <td align="left"><p>Name of a matching file used to identify a specific, fixed application.</p></td>
 <td align="left"><p>String</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>MODE_COUNT</p></td>
 <td align="left"><p>Number of compatibility modes applied to a specific, fixed application.</p></td>
 <td align="left"><p>Integer</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>MODE_NAME</p></td>
 <td align="left"><p>Name of your compatibility mode.</p></td>
 <td align="left"><p>String</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>PROGRAM_APPHELPTYPE</p></td>
 <td align="left"><p>Type of AppHelp message applied to an entry. The value can be 1 or 2, where 1 enables the program to run and 2 blocks the program.</p></td>
 <td align="left"><p>Integer</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>PROGRAM_DISABLED</p></td>
 <td align="left"><p>Specifies if you disabled the compatibility fix for an application. If True, Compatibility Administrator does not apply the fixes to the application.</p></td>
 <td align="left"><p>Boolean</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>PROGRAM_GUID</p></td>
 <td align="left"><p>Unique ID for an application.</p></td>
 <td align="left"><p>String</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>PROGRAM_NAME</p></td>
 <td align="left"><p>Name of the application that you are fixing.</p></td>
 <td align="left"><p>String</p></td>
 </tr>
 </tbody>
 </table>
 ## Available Operators
 The following table shows the operators that you can use for querying your customized-compatibility databases in the Compatibility Administrator.
-<table>
+|Symbol|Description|Data type|Precedence|
-<colgroup>
+|--- |--- |--- |--- |
-<col width="25%" />
+|>|Greater than|Integer or string|1|
-<col width="25%" />
+|>=|Greater than or equal to|Integer or string|1|
-<col width="25%" />
+|<|Less than|Integer or string|1|
-<col width="25%" />
+|<=|Less than or equal to|Integer or string|1|
-</colgroup>
+|<>|Not equal to|Integer or string|1|
-<thead>
+|=|Equal to|Integer, string, or Boolean|1|
-<tr class="header">
+|HAS|A special SQL operator used to check if the left-hand operand contains a substring specified by the right-hand operand.|Left-hand operand. MATCHFILE_NAME, MODE_NAME, FIX_NAME<div class="alert">Note: Only the HAS operator can be applied to the MATCHFILE_NAME, MODE_NAME, and FIX_NAME attributes.</div><br/>Right-hand operand. String|1|
-<th align="left">Symbol</th>
+|OR|Logical OR operator|Boolean|2|
-<th align="left">Description</th>
+|AND|Logical AND operator|Boolean|2|
 <th align="left">Data type</th>
 <th align="left">Precedence</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>&gt;</p></td>
 <td align="left"><p>Greater than</p></td>
 <td align="left"><p>Integer or string</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>&gt;=</p></td>
 <td align="left"><p>Greater than or equal to</p></td>
 <td align="left"><p>Integer or string</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>&lt;</p></td>
 <td align="left"><p>Less than</p></td>
 <td align="left"><p>Integer or string</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>&lt;=</p></td>
 <td align="left"><p>Less than or equal to</p></td>
 <td align="left"><p>Integer or string</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>&lt;&gt;</p></td>
 <td align="left"><p>Not equal to</p></td>
 <td align="left"><p>Integer or string</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>=</p></td>
 <td align="left"><p>Equal to</p></td>
 <td align="left"><p>Integer, string, or Boolean</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>HAS</p></td>
 <td align="left"><p>A special SQL operator used to check if the left-hand operand contains a substring specified by the right-hand operand.</p></td>
 <td align="left"><p><strong>Left-hand operand</strong>. MATCHFILE_NAME, MODE_NAME, FIX_NAME</p>
 <div class="alert">
 <strong>Note</strong><br/><p>Only the HAS operator can be applied to the MATCHFILE_NAME, MODE_NAME, and FIX_NAME attributes.</p>
 </div>
 <div>
 </div>
 <p><strong>Right-hand operand</strong>. String</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>OR</p></td>
 <td align="left"><p>Logical OR operator</p></td>
 <td align="left"><p>Boolean</p></td>
 <td align="left"><p>2</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>AND</p></td>
 <td align="left"><p>Logical AND operator</p></td>
 <td align="left"><p>Boolean</p></td>
 <td align="left"><p>2</p></td>
 </tr>
 </tbody>
 </table>
 ## Related topics
 [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
--- a/windows/deployment/planning/compatibility-administrator-users-guide.md
+++ b/windows/deployment/planning/compatibility-administrator-users-guide.md
@ -44,29 +44,8 @@ The following flowchart shows the steps for using the Compatibility Administrato
 ## In this section
-<table>
+|Topic|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)|This section provides information about using the Compatibility Administrator tool.|
-<col width="50%" />
+|[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)|This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.|
-</colgroup>
+|[Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md)|You must deploy your customized database (.Sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. Including, by using a logon script, by using Group Policy, or by performing file copy operations.|
 <thead>
 <tr class="header">
 <th align="left">Topic</th>
 <th align="left">Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p><a href="using-the-compatibility-administrator-tool.md" data-raw-source="[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)">Using the Compatibility Administrator Tool</a></p></td>
 <td align="left"><p>This section provides information about using the Compatibility Administrator tool.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="managing-application-compatibility-fixes-and-custom-fix-databases.md" data-raw-source="[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)">Managing Application-Compatibility Fixes and Custom Fix Databases</a></p></td>
 <td align="left"><p>This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="using-the-sdbinstexe-command-line-tool.md" data-raw-source="[Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md)">Using the Sdbinst.exe Command-Line Tool</a></p></td>
 <td align="left"><p>You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.</p></td>
 </tr>
 </tbody>
 </table>
--- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
--- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
@ -78,145 +78,27 @@ Wi-Fi network adapter drivers are one of the most important drivers to make sure
 The following list of commonly used Wi-Fi network adapters that are not supported by the default drivers provided with Windows 10 is provided to help you ascertain whether or not you need to add drivers to your image.
-<table>
+|Vendor name|Product description|HWID|Windows Update availability|
-<colgroup>
+|--- |--- |--- |--- |
-<col width="25%" />
+|Broadcom|802.11abgn Wireless SDIO adapter|sd\vid_02d0&pid_4330&fn_1|Contact the system OEM or Broadcom for driver availability.|
-<col width="25%" />
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00d6106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-<col width="25%" />
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00f5106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-<col width="25%" />
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00ef106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-</colgroup>
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00f4106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-<tbody>
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_010e106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-<tr class="odd">
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00e4106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-<td align="left"><p><strong>Vendor name</strong></p></td>
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_433114e4&rev_02|Contact the system OEM or Broadcom for driver availability.|
-<td align="left"><p><strong>Product description</strong></p></td>
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_010f106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-<td align="left"><p><strong>HWID</strong></p></td>
+|Marvell|Yukon 88E8001/8003/8010 PCI Gigabit Ethernet|pci\ven_11ab&dev_4320&subsys_811a1043|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619080)<br>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619082)|
-<td align="left"><p><strong>Windows Update availability</strong></p></td>
+|Marvell|Libertas 802.11b/g Wireless|pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619128)<br>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619129)|
-</tr>
+|Qualcomm|Atheros AR6004 Wireless LAN Adapter|sd\vid_0271&pid_0401|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619086)<br>64-bit driver not available|
-<tr class="even">
+|Qualcomm|Atheros AR5BWB222 Wireless Network Adapter|pci\ven_168c&dev_0034&subsys_20031a56|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619348)<br>64-bit driver not available|
-<td align="left"><p>Broadcom</p></td>
+|Qualcomm|Atheros AR5BWB222 Wireless Network Adapter|pci\ven_168c&dev_0034&subsys_020a1028&rev_01|Contact the system OEM or Qualcom for driver availability.|
-<td align="left"><p>802.11abgn Wireless SDIO adapter</p></td>
+|Qualcomm|Atheros AR5005G Wireless Network Adapter|pci\ven_168c&dev_001a&subsys_04181468&rev_01|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619349)<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)|
-<td align="left"><p>sd\vid_02d0&amp;pid_4330&amp;fn_1</p></td>
+|Ralink|Wireless-G PCI Adapter|pci\ven_1814&dev_0301&subsys_00551737&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092)<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)|
-<td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
+|Ralink|Turbo Wireless LAN Card|pci\ven_1814&dev_0301&subsys_25611814&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094)<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)|
-</tr>
+|Ralink|Wireless LAN Card V1|pci\ven_1814&dev_0302&subsys_3a711186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097)<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)|
-<tr class="odd">
+|Ralink|D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)|pci\ven_1814&dev_0302&subsys_3c091186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099)<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)|
 <td align="left"><p>Broadcom</p></td>
 <td align="left"><p>802.11n Network Adapter</p></td>
 <td align="left"><p>pci\ven_14e4&amp;dev_4331&amp;subsys_00d6106b&amp;rev_02</p></td>
 <td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Broadcom</p></td>
 <td align="left"><p>802.11n Network Adapter</p></td>
 <td align="left"><p>pci\ven_14e4&amp;dev_4331&amp;subsys_00f5106b&amp;rev_02</p></td>
 <td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Broadcom</p></td>
 <td align="left"><p>802.11n Network Adapter</p></td>
 <td align="left"><p>pci\ven_14e4&amp;dev_4331&amp;subsys_00ef106b&amp;rev_02</p></td>
 <td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Broadcom</p></td>
 <td align="left"><p>802.11n Network Adapter</p></td>
 <td align="left"><p>pci\ven_14e4&amp;dev_4331&amp;subsys_00f4106b&amp;rev_02</p></td>
 <td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Broadcom</p></td>
 <td align="left"><p>802.11n Network Adapter</p></td>
 <td align="left"><p>pci\ven_14e4&amp;dev_4331&amp;subsys_010e106b&amp;rev_02</p></td>
 <td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Broadcom</p></td>
 <td align="left"><p>802.11n Network Adapter</p></td>
 <td align="left"><p>pci\ven_14e4&amp;dev_4331&amp;subsys_00e4106b&amp;rev_02</p></td>
 <td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Broadcom</p></td>
 <td align="left"><p>802.11n Network Adapter</p></td>
 <td align="left"><p>pci\ven_14e4&amp;dev_4331&amp;subsys_433114e4&amp;rev_02</p></td>
 <td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Broadcom</p></td>
 <td align="left"><p>802.11n Network Adapter</p></td>
 <td align="left"><p>pci\ven_14e4&amp;dev_4331&amp;subsys_010f106b&amp;rev_02</p></td>
 <td align="left"><p>Contact the system OEM or Broadcom for driver availability.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Marvell</p></td>
 <td align="left"><p>Yukon 88E8001/8003/8010 PCI Gigabit Ethernet</p></td>
 <td align="left"><p>pci\ven_11ab&amp;dev_4320&amp;subsys_811a1043</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619080" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619080)">32-bit driver</a></p>
 <p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619082" data-raw-source="[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619082)">64-bit driver</a></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Marvell</p></td>
 <td align="left"><p>Libertas 802.11b/g Wireless</p></td>
 <td align="left"><p>pci\ven_11ab&amp;dev_1faa&amp;subsys_6b001385&amp;rev_03</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619128" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619128)">32-bit driver</a></p>
 <p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619129" data-raw-source="[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619129)">64-bit driver</a></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR6004 Wireless LAN Adapter</p></td>
 <td align="left"><p>sd\vid_0271&amp;pid_0401</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619086" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619086)">32-bit driver</a></p>
 <p>64-bit driver not available</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR5BWB222 Wireless Network Adapter</p></td>
 <td align="left"><p>pci\ven_168c&amp;dev_0034&amp;subsys_20031a56</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619348" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619348)">32-bit driver</a></p>
 <p>64-bit driver not available</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR5BWB222 Wireless Network Adapter</p></td>
 <td align="left"><p>pci\ven_168c&amp;dev_0034&amp;subsys_020a1028&amp;rev_01</p></td>
 <td align="left"><p>Contact the system OEM or Qualcom for driver availability.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR5005G Wireless Network Adapter</p></td>
 <td align="left"><p>pci\ven_168c&amp;dev_001a&amp;subsys_04181468&amp;rev_01</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619349" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619349)">32-bit driver</a></p>
 <p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619091" data-raw-source="[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)">64-bit driver</a></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Wireless-G PCI Adapter</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0301&amp;subsys_00551737&amp;rev_00</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619092" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092)">32-bit driver</a></p>
 <p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619093" data-raw-source="[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)">64-bit driver</a></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Turbo Wireless LAN Card</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0301&amp;subsys_25611814&amp;rev_00</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619094" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094)">32-bit driver</a></p>
 <p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619095" data-raw-source="[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)">64-bit driver</a></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Wireless LAN Card V1</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0302&amp;subsys_3a711186&amp;rev_00</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619097" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097)">32-bit driver</a></p>
 <p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619098" data-raw-source="[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)">64-bit driver</a></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0302&amp;subsys_3c091186&amp;rev_00</p></td>
 <td align="left"><p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619099" data-raw-source="[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099)">32-bit driver</a></p>
 <p><a href="https://go.microsoft.com/fwlink/p/?LinkId=619100" data-raw-source="[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)">64-bit driver</a></p></td>
 </tr>
 </tbody>
 </table>
 IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)).
@ -290,7 +172,6 @@ Windows To Go Startup Options is a setting available on Windows 10-based PCs tha
    > [!TIP]
    > If your computer is part of a domain, the Group Policy setting can be used to enable the startup options instead of the dialog.
 3. Click **Save Changes**. If the User Account Control dialog box is displayed, confirm that the action it displays is what you want, and then click **Yes**.
 ### <a href="" id="wtg-changefirmware"></a>Change firmware settings
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
@ -37,33 +37,11 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can apply f
 3.  On the **Mitigation** menu, click the command that corresponds to the action that you want to take. The following table describes the commands.
-    <table>
+    |Mitigation menu command|Description|
-    <colgroup>
+    |--- |--- |
-    <col width="50%" />
+    |**Apply Mitigations**|Opens the **Mitigate AppCompat Issues** dialog box, in which you can select the fixes that you intend to apply to the application.|
-    <col width="50%" />
+    |**Undo Mitigations**|Removes the application fixes that you just applied.<p>This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using **Programs and Features** in Control Panel.|
-    </colgroup>
+    |**Export Mitigations as Windows Installer file**|Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.|
    <thead>
    <tr class="header">
    <th align="left">Mitigation menu command</th>
    <th align="left">Description</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p><strong>Apply Mitigations</strong></p></td>
    <td align="left"><p>Opens the <strong>Mitigate AppCompat Issues</strong> dialog box, in which you can select the fixes that you intend to apply to the application.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>Undo Mitigations</strong></p></td>
    <td align="left"><p>Removes the application fixes that you just applied.</p>
    <p>This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using <strong>Programs and Features</strong> in Control Panel.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>Export Mitigations as Windows Installer file</strong></p></td>
    <td align="left"><p>Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.</p></td>
    </tr>
    </tbody>
    </table>
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
@ -31,37 +31,14 @@ This section provides information about managing your application-compatibility
 ## In this section
-
+|Topic|Description|
-<table>
+|--- |--- |
-<colgroup>
+|[Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md)|As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.|
-<col width="50%" />
+|[Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md)|After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:|
-<col width="50%" />
+|[Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md)|This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.|
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Topic</th>
 <th align="left">Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p><a href="understanding-and-using-compatibility-fixes.md" data-raw-source="[Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md)">Understanding and Using Compatibility Fixes</a></p></td>
 <td align="left"><p>As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="compatibility-fix-database-management-strategies-and-deployment.md" data-raw-source="[Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md)">Compatibility Fix Database Management Strategies and Deployment</a></p></td>
 <td align="left"><p>After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="testing-your-application-mitigation-packages.md" data-raw-source="[Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md)">Testing Your Application Mitigation Packages</a></p></td>
 <td align="left"><p>This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.</p></td>
 </tr>
 </tbody>
 </table>
 ## Related topics
 [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
 [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
@ -37,41 +37,12 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can show th
 3.  On the **View** menu, click the command that corresponds to the messages that you want to see. The following table describes the commands.
-    <table>
+|View menu command|Description|
-    <colgroup>
+|--- |--- |
-    <col width="50%" />
+|**Error Messages**|When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink.<p>This command is selected by default.|
-    <col width="50%" />
+|**Warning Messages**|When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow.|
-    </colgroup>
+|**Information Messages**|When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green.|
-    <thead>
+|**Detailed Information**|When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.|
    <tr class="header">
    <th align="left">View menu command</th>
    <th align="left">Description</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p><strong>Error Messages</strong></p></td>
    <td align="left"><p>When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink.</p>
    <p>This command is selected by default.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>Warning Messages</strong></p></td>
    <td align="left"><p>When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>Information Messages</strong></p></td>
    <td align="left"><p>When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>Detailed Information</strong></p></td>
    <td align="left"><p>When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.</p></td>
    </tr>
    </tbody>
    </table>
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@ -38,33 +38,9 @@ You can use SUA in either of the following ways:
 ## In this section
-
+|Topic|Description|
-<table>
+|--- |--- |
-<colgroup>
+|[Using the SUA Wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.|
-<col width="50%" />
+|[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.|
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Topic</th>
 <th align="left">Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p><a href="using-the-sua-wizard.md" data-raw-source="[Using the SUA Wizard](using-the-sua-wizard.md)">Using the SUA Wizard</a></p></td>
 <td align="left"><p>The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="using-the-sua-tool.md" data-raw-source="[Using the SUA Tool](using-the-sua-tool.md)">Using the SUA Tool</a></p></td>
 <td align="left"><p>By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.</p></td>
 </tr>
 </tbody>
 </table>
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
@ -31,76 +31,15 @@ The tabs in the Standard User Analyzer (SUA) tool show the User Account Control
 The following table provides a description of each tab on the user interface for the SUA tool.
-<table>
+|Tab name|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|App Info|Provides the following information for the selected application:<li>Debugging information<li>Error, warning, and informational messages (if they are enabled)<li>Options for running the application|
-<col width="50%" />
+|File|Provides information about access to the file system.<p>For example, this tab might show an attempt to write to a file that only administrators can typically access.|
-</colgroup>
+|Registry|Provides information about access to the system registry.<p>For example, this tab might show an attempt to write to a registry key that only administrators can typically access.|
-<thead>
+|INI|Provides information about WriteProfile API issues.<p>For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from **Standard** to **Scientific**, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.|
-<tr class="header">
+|Token|Provides information about access-token checking.<p>For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user.|
-<th align="left">Tab name</th>
+|Privilege|Provides information about permissions.<p>For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user.|
-<th align="left">Description</th>
+|Name Space|Provides information about creation of system objects.<p>For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user.|
-</tr>
+|Other Objects|Provides information related to applications accessing objects other than files and registry keys.|
-</thead>
+|Process|Provides information about process elevation.<p>For example, this tab might show the use of the CreateProcess API to open an executable (.exe) file that, in turn, requires process elevation that will not function for a standard user.|
 <tbody>
 <tr class="odd">
 <td align="left"><p>App Info</p></td>
 <td align="left"><p>Provides the following information for the selected application:</p>
 <ul>
 <li><p>Debugging information</p></li>
 <li><p>Error, warning, and informational messages (if they are enabled)</p></li>
 <li><p>Options for running the application</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left"><p>File</p></td>
 <td align="left"><p>Provides information about access to the file system.</p>
 <p>For example, this tab might show an attempt to write to a file that only administrators can typically access.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Registry</p></td>
 <td align="left"><p>Provides information about access to the system registry.</p>
 <p>For example, this tab might show an attempt to write to a registry key that only administrators can typically access.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>INI</p></td>
 <td align="left"><p>Provides information about WriteProfile API issues.</p>
 <p>For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from <strong>Standard</strong> to <strong>Scientific</strong>, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Token</p></td>
 <td align="left"><p>Provides information about access-token checking.</p>
 <p>For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Privilege</p></td>
 <td align="left"><p>Provides information about permissions.</p>
 <p>For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Name Space</p></td>
 <td align="left"><p>Provides information about creation of system objects.</p>
 <p>For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Other Objects</p></td>
 <td align="left"><p>Provides information related to applications accessing objects other than files and registry keys.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Process</p></td>
 <td align="left"><p>Provides information about process elevation.</p>
 <p>For example, this tab might show the use of the CreateProcess API to open an executable (.exe) file that, in turn, requires process elevation that will not function for a standard user.</p></td>
 </tr>
 </tbody>
 </table>
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
@ -32,63 +32,17 @@ This section provides information about using the Compatibility Administrator to
 ## In this section
-<table>
+|Topic|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|[Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md)|The Compatibility Administrator tool provides a way to query your custom-compatibility databases.|
-<col width="50%" />
+|[Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md)|With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.|
-</colgroup>
+|[Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md)|You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.|
-<thead>
+|[Creating a Custom Compatibility Fix in Compatibility Administrator](creating-a-custom-compatibility-fix-in-compatibility-administrator.md)|The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.|
-<tr class="header">
+|[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)|Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases.|
-<th align="left">Topic</th>
+|[Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md)|The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.|
-<th align="left">Description</th>
+|[Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md)|The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.|
-</tr>
+|[Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)|You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.|
-</thead>
+|[Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)|The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.|
 <tbody>
 <tr class="odd">
 <td align="left"><p><a href="available-data-types-and-operators-in-compatibility-administrator.md" data-raw-source="[Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md)">Available Data Types and Operators in Compatibility Administrator</a></p></td>
 <td align="left"><p>The Compatibility Administrator tool provides a way to query your custom-compatibility databases.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="searching-for-fixed-applications-in-compatibility-administrator.md" data-raw-source="[Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md)">Searching for Fixed Applications in Compatibility Administrator</a></p></td>
 <td align="left"><p>With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md" data-raw-source="[Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md)">Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator</a></p></td>
 <td align="left"><p>You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="creating-a-custom-compatibility-fix-in-compatibility-administrator.md" data-raw-source="[Creating a Custom Compatibility Fix in Compatibility Administrator](creating-a-custom-compatibility-fix-in-compatibility-administrator.md)">Creating a Custom Compatibility Fix in Compatibility Administrator</a></p></td>
 <td align="left"><p>The Compatibility Administrator tool uses the term <em>fix</em> to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="creating-a-custom-compatibility-mode-in-compatibility-administrator.md" data-raw-source="[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)">Creating a Custom Compatibility Mode in Compatibility Administrator</a></p></td>
 <td align="left"><p>Windows® provides several <em>compatibility modes</em>, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="creating-an-apphelp-message-in-compatibility-administrator.md" data-raw-source="[Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md)">Creating an AppHelp Message in Compatibility Administrator</a></p></td>
 <td align="left"><p>The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="viewing-the-events-screen-in-compatibility-administrator.md" data-raw-source="[Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md)">Viewing the Events Screen in Compatibility Administrator</a></p></td>
 <td align="left"><p>The <strong>Events</strong> screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><a href="enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md" data-raw-source="[Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)">Enabling and Disabling Compatibility Fixes in Compatibility Administrator</a></p></td>
 <td align="left"><p>You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><a href="installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md" data-raw-source="[Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)">Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator</a></p></td>
 <td align="left"><p>The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.</p></td>
 </tr>
 </tbody>
 </table>
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@ -1,6 +1,6 @@
 ---
 title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
-description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command line options.
+description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options.
 ms.assetid: c1945425-3f8d-4de8-9d2d-59f801f07034
 ms.reviewer: 
 manager: laurawi
@ -28,15 +28,16 @@ ms.topic: article
 -   Windows Server 2012
 -   Windows Server 2008 R2
-You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
+You must deploy your customized database (.sdb) files to other computers in your organization. That is, before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. By using a logon script, by using Group Policy, or by performing file copy operations.
-After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application. 
+After you deploy and store the customized databases on each of your local computers, you must register the database files.
 Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application. 
 ## Command-Line Options for Deploying Customized Database Files
 Sample output from the command `Sdbinst.exe /?` in an elevated CMD window:
-```
+```console
 Microsoft Windows [Version 10.0.14393]
 (c) 2016 Microsoft Corporation. All rights reserved.
@ -59,56 +60,15 @@ Sdbinst.exe \[-?\] \[-p\] \[-q\] \[-u\] \[-g\] \[-u filepath\] \[-g *GUID*\] \[-
 The following table describes the available command-line options.
-<table>
+|Option|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|-?|Displays the Help for the Sdbinst.exe tool.<p>For example,<br>`sdbinst.exe -?`|
-<col width="50%" />
+|-p|Allows SDBs installation with Patches.<p>For example,<br>`sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb`|
-</colgroup>
+|-q|Does a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).<p>For example,<br>`sdbinst.exe -q`|
-<thead>
+|-u *filepath*|Does an uninstallation of the specified database.<p>For example,<br>`sdbinst.exe -u C:\example.sdb`|
-<tr class="header">
+|-g *GUID*|Specifies the customized database to uninstall by a globally unique identifier (GUID).<p>For example,<br>`sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3`|
-<th align="left">Option</th>
+|-n *"name"*|Specifies the customized database to uninstall by file name.<p>For example,<br>`sdbinst.exe -n "My_Database"`|
 <th align="left">Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>-?</p></td>
 <td align="left"><p>Displays the Help for the Sdbinst.exe tool.</p>
 <p>For example,</p>
 <p><code>sdbinst.exe -?</code></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>-p</p></td>
 <td align="left"><p>Allows SDBs installation with Patches</p>
 <p>For example,</p>
 <p><code>sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb</code></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>-q</p></td>
 <td align="left"><p>Performs a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).</p>
 <p>For example,</p>
 <p><code>sdbinst.exe -q</code></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>-u <em>filepath</em></p></td>
 <td align="left"><p>Performs an uninstallation of the specified database.</p>
 <p>For example,</p>
 <p><code>sdbinst.exe -u C:\example.sdb</code></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>-g <em>GUID</em></p></td>
 <td align="left"><p>Specifies the customized database to uninstall by a globally unique identifier (GUID).</p>
 <p>For example,</p>
 <p><code>sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3</code></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>-n <em>&quot;name&quot;</em></p></td>
 <td align="left"><p>Specifies the customized database to uninstall by file name.</p>
 <p>For example,</p>
 <p><code>sdbinst.exe -n &quot;My_Database&quot;</code></p></td>
 </tr>
 </tbody>
 </table>
 ## Related topics
 [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ b/windows/deployment/planning/windows-to-go-overview.md
@ -135,93 +135,27 @@ When assessing the use of a PC as a host for a Windows To Go workspace you shoul
 The following table details the characteristics that the host computer must have to be used with Windows To Go:
-<table>
+|Item|Requirement|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Boot process|Capable of USB boot|
-<col width="50%" />
+|Firmware|USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)|
-</colgroup>
+|Processor architecture|Must support the image on the Windows To Go drive|
-<thead>
+|External USB Hubs|Not supported; connect the Windows To Go drive directly to the host machine|
-<tr class="header">
+|Processor|1 Ghz or faster|
-<th align="left">Item</th>
+|RAM|2 GB or greater|
-<th align="left">Requirement</th>
+|Graphics|DirectX 9 graphics device with WDDM 1.2 or greater driver|
-</tr>
+|USB port|USB 2.0 port or greater|
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Boot process</p></td>
 <td align="left"><p>Capable of USB boot</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Firmware</p></td>
 <td align="left"><p>USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Processor architecture</p></td>
 <td align="left"><p>Must support the image on the Windows To Go drive</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>External USB Hubs</p></td>
 <td align="left"><p>Not supported; connect the Windows To Go drive directly to the host machine</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Processor</p></td>
 <td align="left"><p>1 Ghz or faster</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>RAM</p></td>
 <td align="left"><p>2 GB or greater</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Graphics</p></td>
 <td align="left"><p>DirectX 9 graphics device with WDDM 1.2 or greater driver</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>USB port</p></td>
 <td align="left"><p>USB 2.0 port or greater</p></td>
 </tr>
 </tbody>
 </table>
 **Checking for architectural compatibility between the host PC and the Windows To Go drive**
 In addition to the USB boot support in the BIOS, the Windows 10 image on your Windows To Go drive must be compatible with the processor architecture and the firmware of the host PC as shown in the table below.
-<table>
+|Host PC Firmware Type|Host PC Processor Architecture|Compatible Windows To Go Image Architecture|
-<colgroup>
+|--- |--- |--- |
-<col width="33%" />
+|Legacy BIOS|32-bit|32-bit only|
-<col width="33%" />
+|Legacy BIOS|64-bit|32-bit and 64-bit|
-<col width="33%" />
+|UEFI BIOS|32-bit|32-bit only|
-</colgroup>
+|UEFI BIOS|64-bit|64-bit only|
 <thead>
 <tr class="header">
 <th align="left">Host PC Firmware Type</th>
 <th align="left">Host PC Processor Architecture</th>
 <th align="left">Compatible Windows To Go Image Architecture</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Legacy BIOS</p></td>
 <td align="left"><p>32-bit</p></td>
 <td align="left"><p>32-bit only</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Legacy BIOS</p></td>
 <td align="left"><p>64-bit</p></td>
 <td align="left"><p>32-bit and 64-bit</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>UEFI BIOS</p></td>
 <td align="left"><p>32-bit</p></td>
 <td align="left"><p>32-bit only</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>UEFI BIOS</p></td>
 <td align="left"><p>64-bit</p></td>
 <td align="left"><p>64-bit only</p></td>
 </tr>
 </tbody>
 </table>
 ## Additional resources
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@ -41,11 +41,13 @@ For Windows 10, version 1607 and later, devices can be configured to receive upd
 - Admin has opted to put updates to Office and other products on WSUS
 - Admin has also put 3rd party drivers on WSUS
-<table><thead><th>Content</th><th>Metadata source</th><th>Payload source</th><th>Deferred?</th><th></th></thead>
+|Content|Metadata source|Payload source|Deferred?|
-<tbody><tr><td>Updates to Windows</td><td>Windows Update</td><td>Windows Update</td><td>Yes</td><td rowspan="3"><img src="images/wufb-config1a.png" alt="diagram of content flow"/></td></tr>
+|--- |--- |--- |--- |
-<tr><td>Updates to Office and other products</td><td>WSUS</td><td>WSUS</td><td>No</td></tr>
+|Updates to Windows|Windows Update|Windows Update|Yes|
-<tr><td>Third-party drivers</td><td>WSUS</td><td>WSUS</td><td>No</td></tr>
+|Updates to Office and other products|WSUS|WSUS|No|
-</table>
+|Third-party drivers|WSUS|WSUS|No|
 ![diagram of content flow](images/wufb-config1a.png)
 ### Configuration example \#2: Excluding drivers from Windows quality updates using Windows Update for Business 
@ -55,13 +57,13 @@ For Windows 10, version 1607 and later, devices can be configured to receive upd
 - Device is also configured to be managed by WSUS
 - Admin has opted to put Windows Update drivers on WSUS
 |Content|Metadata source|Payload source|Deferred?|
 |--- |--- |--- |--- |
 |Updates to Windows (excluding drivers)|Windows Update|Windows Update|Yes|
 |Updates to Office and other products|WSUS|WSUS|No|
 |Drivers|WSUS|WSUS|No|
-<table><thead><th>Content</th><th>Metadata source</th><th>Payload source</th><th>Deferred?</th><th></th></thead>
+![diagram of content flow 2](images/wufb-config2.png)
 <tbody><tr><td>Updates to Windows (excluding drivers)</td><td>Windows Update</td><td>Windows Update</td><td>Yes</td><td rowspan="4"><img src="images/wufb-config2.png" alt="diagram of content flow"/></td></tr>
 <tr><td>Updates to Office and other products</td><td>WSUS</td><td>WSUS</td><td>No</td></tr>
 <tr><td>Drivers</td><td>WSUS</td><td>WSUS</td><td>No</td></tr>
 </table>
 ### Configuration example \#3: Device configured to receive Microsoft updates 
@ -75,12 +77,13 @@ In this example, the deferral behavior for updates to Office and other non-Windo
 - In a non-WSUS case, these updates would be deferred just as any update to Windows would be.  
 - However, with WSUS also configured, these updates are sourced from Microsoft but deferral policies are not applied.  
 |Content|Metadata source|Payload source|Deferred?|
 |--- |--- |--- |--- |
 |Updates to Windows (excluding drivers)|Microsoft Update|Microsoft Update|Yes|
 |Updates to Office and other products|Microsoft Update|Microsoft Update|No|
 |Drivers, third-party applications|WSUS|WSUS|No|
-<table><thead><th>Content</th><th>Metadata source</th><th>Payload source</th><th>Deferred?</th><th></th></thead>
+![diagram of content flow 3](images/wufb-config3a.png)
 <tbody><tr><td>Updates to Windows (excluding drivers)</td><td>Microsoft Update</td><td>Microsoft Update</td><td>Yes</td><td rowspan="3"><img src="images/wufb-config3a.png" alt="diagram of content flow"/></td></tr>
 <tr><td>Updates to Office and other products</td><td>Microsoft Update</td><td>Microsoft Update</td><td>No</td></tr>
 <tr><td>Drivers, third-party applications</td><td>WSUS</td><td>WSUS</td><td>No</td></tr>
 </table>
 >[!NOTE]
 > Because the admin enabled **Update/AllowMUUpdateService**, placing the content on WSUS was not needed for the particular device, as the device will always receive Microsoft Update content from Microsoft when configured in this manner.
@ -89,7 +92,7 @@ In this example, the deferral behavior for updates to Office and other non-Windo
 For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
-![Example of unknown devices.](images/wufb-sccm.png)
+:::image type="content" alt-text="Example of unknown devices." source="images/wufb-sccm.png" lightbox="images/wufb-sccm.png":::
 For more information, see [Integration with Windows Update for Business in Windows 10](/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10).
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@ -33,44 +33,31 @@ Several log files are created during each phase of the upgrade process. These lo
 The following table describes some log files and how to use them for troubleshooting purposes:<br>
-<br>
+|Log file |Phase: Location |Description |When to use|
-
+|---|---|---|---|
-<table>
+|setupact.log|Down-Level:<br>$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.<br> This is the most important log for diagnosing setup issues.|
-<tr><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Log file</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Phase: Location</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Description</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>When to use</td>
+|setupact.log|OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
-<tr><td rowspan="5">setupact.log</td><td>Down-Level:<br>$Windows.~BT\Sources\Panther</td><td>Contains information about setup actions during the downlevel phase. </td>
+|setupact.log|Rollback:<br>$Windows.~BT\Sources\Rollback|Contains information about actions during rollback.|Investigating generic rollbacks - 0xC1900101.|
-<td>All down-level failures and starting point for rollback investigations.<br> This is the most important log for diagnosing setup issues.</td>
+|setupact.log|Pre-initialization (prior to downlevel):<br>Windows|Contains information about initializing setup.|If setup fails to launch.|
-<tr><td>OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC</td>
+|setupact.log|Post-upgrade (after OOBE):<br>Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.|
-<td>Contains information about actions during the OOBE phase.</td><td>Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.</td>
+|setuperr.log|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.|
-<tr><td>Rollback:<br>$Windows.~BT\Sources\Rollback<td>Contains information about actions during rollback.<td>Investigating generic rollbacks - 0xC1900101.</td>
+|miglog.xml|Post-upgrade (after OOBE):<br>Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.|
-<tr><td>Pre-initialization (prior to downlevel):<br>Windows</td><td>Contains information about initializing setup.<td>If setup fails to launch.</td>
+|BlueBox.log|Down-Level:<br>Windows\Logs\Mosetup|Contains information communication between setup.exe and Windows Update.|Use during WSUS and WU down-level failures or for 0xC1900107.|
-<tr><td>Post-upgrade (after OOBE):<br>Windows\Panther<td>Contains information about setup actions during the installation.<td>Investigate post-upgrade related issues.</td>
+|Supplemental rollback logs:<br>Setupmem.dmp<br>setupapi.dev.log<br>Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.<br>Setupapi: Device install issues - 0x30018<br>Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.|
 <tr><td>setuperr.log<td>Same as setupact.log<td>Contains information about setup errors during the installation.<td>Review all errors encountered during the installation phase.</td>
 <tr><td>miglog.xml<td>Post-upgrade (after OOBE):<br>Windows\Panther<td>Contains information about what was migrated during the installation.<td>Identify post upgrade data migration issues.</td>
 <tr><td>BlueBox.log<td>Down-Level:<br>Windows\Logs\Mosetup<td>Contains information communication between setup.exe and Windows Update.<td>Use during WSUS and WU down-level failures or for 0xC1900107.</td>
 <tr><td>Supplemental rollback logs:<br>
 Setupmem.dmp<br>
 setupapi.dev.log<br>
 Event logs (*.evtx)</td>
 <td>$Windows.~BT\Sources\Rollback<td>Additional logs collected during rollback.</td>
 <td>
 Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.<br>
 Setupapi: Device install issues - 0x30018<br>
 Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.</td>
 </table>
 ## Log entry structure
 A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements:
-<ol>
+1.  **The date and time** - 2016-09-08 09:20:05.
-<LI><B>The date and time</B> - 2016-09-08 09:20:05.
+
-<LI><B>The log level</B> - Info, Warning, Error, Fatal Error.
+2.  **The log level** - Info, Warning, Error, Fatal Error.
-<LI><B>The logging component</B> - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
+
-<UL>
+3.  **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
-<LI>The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors.
+
-</UL>
+    The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors.
-<LI><B>The message</B> - Operation completed successfully.
+
-</OL>
+4.  **The message** - Operation completed successfully.
 See the following example:
@ -83,40 +70,45 @@ See the following example:
 The following instructions are meant for IT professionals. Also see the [Upgrade error codes](upgrade-error-codes.md) section in this guide to familiarize yourself with [result codes](upgrade-error-codes.md#result-codes) and [extend codes](upgrade-error-codes.md#extend-codes).
-<br>To analyze Windows Setup log files:
+To analyze Windows Setup log files:
-<ol>
+1.  Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process.
-<LI>Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process.
+
-<LI>Based on the <a href="upgrade-error-codes.md#extend-codes" data-raw-source="[extend code](upgrade-error-codes.md#extend-codes)">extend code</a> portion of the error code, determine the type and location of a <a href="#log-files" data-raw-source="[log files](#log-files)">log files</a> to investigate.
+2.  Based on the [extend code](upgrade-error-codes.md#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
-<LI>Open the log file in a text editor, such as notepad.
+
-<LI>Using the <a href="upgrade-error-codes.md#result-codes" data-raw-source="[result code](upgrade-error-codes.md#result-codes)">result code</a> portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the &quot;abort&quot; and abandoning&quot; text strings described in step 7 below.
+3.  Open the log file in a text editor, such as notepad.
-<LI>To find the last occurrence of the result code:
+
-  <OL type="a">
+4.  Using the [result code](upgrade-error-codes.md#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
-  <LI>Scroll to the bottom of the file and click after the last character.
+
-  <LI>Click <B>Edit</B>.
+5.  To find the last occurrence of the result code:
-  <LI>Click <B>Find</B>.
+
-  <LI>Type the result code.
+    1.  Scroll to the bottom of the file and click after the last character.
-  <LI>Under <B>Direction</B> select <b>Up</b>.
+    2.  Click **Edit**.
-  <LI>Click <b>Find Next</b>.
+    3.  Click **Find**.
-  </OL>
+    4.  Type the result code.
-<LI> When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code.
+    5.  Under **Direction** select **Up**.
-<LI> Search for the following important text strings:
+    6.  Click **Find Next**.
-  <UL>
+
-  <LI><B>Shell application requested abort</B>
+6.  When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code.
-  <LI><B>Abandoning apply due to error for object</B>
+
-  </UL>
+7.  Search for the following important text strings:
-<LI> Decode Win32 errors that appear in this section.
+
-<LI> Write down the timestamp for the observed errors in this section.
+    *   **Shell application requested abort**
-<LI> Search other log files for additional information matching these timestamps or errors.
+    *   **Abandoning apply due to error for object**
-</OL>
+
 8.  Decode Win32 errors that appear in this section.
 9.  Write down the timestamp for the observed errors in this section.
 10. Search other log files for additional information matching these timestamps or errors.
 For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file:
 Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN."
-<br><B>setuperr.log</B> content:
+**setuperr.log** content:
-<pre>
+```console
 27:08, Error           SP     Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
 27:08, Error           MIG    Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
 27:08, Error                  Gather failed. Last error: 0x00000000
@ -125,21 +117,21 @@ Some lines in the text below are shortened to enhance readability. The date and
 27:09, Error           SP     Operation failed: Migrate framework (Full). Error: 0x8007042B[gle=0x000000b7]
 27:09, Error           SP     Operation execution failed: 13. hr = 0x8007042B[gle=0x000000b7]
 27:09, Error           SP     CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7]
-</PRE>
+```
 The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below):
-<pre>
+```console
 27:08, Error           SP     Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
-</PRE>
+```
-</B>The error 0x00000570 is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
+The error 0x00000570 is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
 Therefore, Windows Setup failed because it was not able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**.  This file is a local system certificate and can be safely deleted. Searching the setupact.log file for additional details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
-<br><B>setupact.log</B> content:
+**setupact.log** content:
-<pre>
+```console
 27:00, Info                   Gather started at 10/5/2016 23:27:00
 27:00, Info [0x080489] MIG    Setting system object filter context (System)
 27:00, Info [0x0803e5] MIG    Not unmapping HKCU\Software\Classes; it is not mapped
@ -160,11 +152,11 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
 27:08, Info                   Gather ended at 10/5/2016 23:27:08 with result 44
 27:08, Info                   Leaving MigGather method
 27:08, Error           SP     SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
-</pre>
+```
-<br><B>setupapi.dev.log</B> content:
+**setupapi.dev.log** content:
-<pre>
+```console
 >>>  [Device Install (UpdateDriverForPlugAndPlayDevices) - PCI\VEN_8086&DEV_8C4F]
 >>>  Section start 2019/09/26 20:13:01.623
      cmd: rundll32.exe "C:\WINDOWS\Installer\MSI6E4C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_95972906 484 ChipsetWiX.CustomAction!Intel.Deployment.ChipsetWiX.CustomActions.InstallDrivers
@ -248,9 +240,12 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
 !    ndv: No devices were updated.
 <<<  Section end 2019/09/26 20:13:01.759
 <<<  [Exit status: FAILURE(0xC1900101)]
-</pre>
+```
-<br>This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is  C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. 
+This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file.
 > [!NOTE]
 > In this example, the full, unshortened file name is  C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. 
 ## Related topics
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@ -69,196 +69,40 @@ See the following general troubleshooting procedures associated with a result co
 ## Other result codes
-<br /><table>
+|Error code|Cause|Mitigation|
-
+|--- |--- |--- |
-<tr>
+|0xC1800118|WSUS has downloaded content that it cannot use due to a missing decryption key.|See [Steps to resolve error 0xC1800118](/archive/blogs/wsus/resolving-error-0xc1800118) for information.|
-<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Error code</b></font></td>
+|0xC1900200|Setup.exe has detected that the machine does not meet the minimum system requirements.|Ensure the system you are trying to upgrade meets the minimum system requirements. See [Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications) for information.|
-<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Cause</b></font></td>
+|0x80090011|A device driver error occurred during user data migration.|Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process.<p>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.|
-<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Mitigation</b></font></td>
+|0xC7700112|Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk.|This issue is resolved in the latest version of Upgrade Assistant.<p>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.|
-</tr>
+|0x80190001|An unexpected error was encountered while attempting to download files required for upgrade.|To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/software-download/windows10).|
-
+|0x80246007|The update was not downloaded successfully.|Attempt other methods of upgrading the operating system.<p>Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/software-download/windows10).<p>Attempt to upgrade using .ISO or USB.<p> **Note:** Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx).|
-<tr>
+|0x80244018|Your machine is connected through a proxy server.|Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings).|
-<td>0xC1800118</td>
+|0xC1900201|The system did not pass the minimum requirements to install the update.|Contact the hardware vendor to get the latest updates.|
-<td>WSUS has downloaded content that it cannot use due to a missing decryption key.</td>
+|0x80240017|The upgrade is unavailable for this edition of Windows.|Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator.|
-<td>See <a href="/archive/blogs/wsus/resolving-error-0xc1800118" data-raw-source="[Steps to resolve error 0xC1800118](/archive/blogs/wsus/resolving-error-0xc1800118)">Steps to resolve error 0xC1800118</a> for information.</td>
+|0x80070020|The existing process cannot access the file because it is being used by another process.|Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).|
-</tr>
+|0x80070522|The user doesn’t have required privilege or credentials to upgrade.|Ensure that you have signed in as a local administrator or have local administrator privileges.|
-
+|0xC1900107|A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.|Restart the device and run setup again. If restarting the device does not resolve the issue, then use the Disk Cleanup utility and clean up the temporary files as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10).|
-<tr>
+|0xC1900209|The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.|Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe) for more information.<p>You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.|
-<td>0xC1900200</td>
+|0x8007002|This error is specific to upgrades using System Center 2012 Configuration Manager R2 SP1 CU3 (5.00.8238.1403)|Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)<p>The error 80072efe means that the connection with the server was terminated abnormally.<p>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.|
-<td>Setup.exe has detected that the machine does not meet the minimum system requirements.</td>
+|0x80240FFF|Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.|You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:<ol><li>Disable the Upgrades classification.<li>Install hotfix 3095113.<li>Delete previously synched updates.<li>Enable the Upgrades classification.<li>Perform a full synch.</ol><p>For detailed information on how to run these steps check out How to delete upgrades in WSUS.|
-<td>Ensure the system you are trying to upgrade meets the minimum system requirements. <br>See <a href="https://www.microsoft.com/windows/windows-10-specifications" data-raw-source="[Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications)">Windows 10 specifications</a> for information.</td>
+|0x8007007E|Occurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.|Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.<p>Stop the Windows Update service. <li>Sign in as a user with administrative privileges, and then do the following:<li>Open Administrative Tools from the Control Panel.<li>Double-click Services.<li>Find the Windows Update service, right-click it, and then select Stop. If prompted, enter your credentials.<p>Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.<p>Restart the Windows Update service.|
 </tr>
 <tr>
 <td>0x80090011</td>
 <td>A device driver error occurred during user data migration.</td>
 <td>Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process.
 <br>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process.</td>
 </tr>
 <tr>
 <td>0xC7700112</td>
 <td>Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk.</td>
 <td>This issue is resolved in the latest version of Upgrade Assistant.
 <br>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process.</td>
 </tr>
 <tr>
 <td>0x80190001</td>
 <td>An unexpected error was encountered while attempting to download files required for upgrade.</td>
 <td>To resolve this issue, download and run the media creation tool. See <a href="https://www.microsoft.com/software-download/windows10" data-raw-source="[Download windows 10](https://www.microsoft.com/software-download/windows10)">Download windows 10</a>.
 </td>
 </tr>
 <tr>
 <td>0x80246007</td>
 <td>The update was not downloaded successfully.</td>
 <td>Attempt other methods of upgrading the operating system.<br>
 Download and run the media creation tool. See <a href="https://www.microsoft.com/software-download/windows10" data-raw-source="[Download windows 10](https://www.microsoft.com/software-download/windows10)">Download windows 10</a>.
 <br>Attempt to upgrade using .ISO or USB.<br>
 <strong>Note</strong><br>Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the <a href="https://www.microsoft.com/licensing/servicecenter/default.aspx" data-raw-source="[Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx)">Volume Licensing Service Center</a>.
 </td>
 </tr>
 <tr>
 <td>0x80244018</td>
 <td>Your machine is connected through a proxy server.</td>
 <td>Make sure Automatically Detect Settings is selected in internet options. (<b>Control Panel</b> > <b>Internet Options</b> > <b>Connections</b> > <b>LAN Settings</b>).
 </td>
 </tr>
 <tr>
 <td>0xC1900201</td>
 <td>The system did not pass the minimum requirements to install the update.</td>
 <td>Contact the hardware vendor to get the latest updates.</td>
 </tr>
 <tr>
 <td>0x80240017</td>
 <td>The upgrade is unavailable for this edition of Windows.</td>
 <td>Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator.</td>
 </tr>
 <tr>
 <td>0x80070020</td>
 <td>The existing process cannot access the file because it is being used by another process.</td>
 <td>Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see <a href="https://support.microsoft.com/kb/929135" data-raw-source="[How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135)">How to perform a clean boot in Windows</a>.</td>
 </tr>
 <tr>
 <td>0x80070522</td>
 <td>The user doesn’t have required privilege or credentials to upgrade.</td>
 <td>Ensure that you have signed in as a local administrator or have local administrator privileges.</td>
 </tr>
 <tr>
 <td>0xC1900107</td>
 <td>A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.
 </td>
 <td>Restart the device and run setup again. If restarting the device does not resolve the issue, then use the Disk Cleanup utility and clean up the temporary files as well as the System files. For more information, see <a href="https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10" data-raw-source="[Disk cleanup in Windows 10](https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10)">Disk cleanup in Windows 10</a>.</td>
 </tr>
 <tr>
 <td>0xC1900209</td>
 <td>The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.</td>
 <td>Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See <a href="/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe" data-raw-source="[Windows 10 Pre-Upgrade Validation using SETUP.EXE](/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe)">Windows 10 Pre-Upgrade Validation using SETUP.EXE</a> for more information.
 <br>You can also download the <a href="https://go.microsoft.com/fwlink/p/?LinkId=526740">Windows Assessment and Deployment Kit (ADK) for Windows 10</a> and install Application Compatibility Tools.
 </td>
 </tr>
 <tr>
 <td>0x8007002 </td>
 <td>This error is specific to upgrades using System Center 2012 Configuration Manager R2 SP1 CU3 (5.00.8238.1403)</td>
 <td>Analyze the SMSTS.log and verify that the upgrade is failing on &quot;Apply Operating system&quot; Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
 <br>The error 80072efe means that the connection with the server was terminated abnormally.
 <br>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
 </td>
 </tr>
 <tr>
 <td>0x80240FFF </td>
 <td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/">hotfix 3095113</a>, WSUS doesn&#39;t recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
 <td> You can prevent this by installing <a href="/archive/blogs/wsus/important-update-for-wsus-4-0-kb-3095113">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
 <ol>
 <li>Disable the Upgrades classification.</li>
 <li>Install hotfix 3095113.</li>
 <li>Delete previously synched updates.</li>
 <li>Enable the Upgrades classification.</li>
 <li>Perform a full synch.</li>
 </ol>
 For detailed information on how to run these steps check out <a href="/archive/blogs/wsus/how-to-delete-upgrades-in-wsus">How to delete upgrades in WSUS</a>.</p>
 </td>
 </tr>
 <tr>
 <td>0x8007007E</td>
 <td>Occurs when update synchronization fails because you do not have <a href="https://support.microsoft.com/help/3095113/">hotfix 3095113</a> installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.</td>
 <td> Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
 <ol>
 <li>Stop the Windows Update service. Sign in as a user with administrative privileges, and then do the following:
 <ol>
 <li>Open <b>Administrative Tools</b> from the Control Panel.</li>
 <li>Double-click <b>Services</b>.</li>
 <li>Find the <b>Windows Update</b> service, right-click it, and then select <b>Stop</b>. If prompted, enter your credentials.</li>
 </ol>
 </li>
 <li>Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.</li>
 <li>Restart the Windows Update service.</li>
 </ol>
 </td>
 </tr>
 </table>
 ## Other error codes
-<br><table>
+| Error Codes | Cause | Mitigation |
-
+| --- | --- | --- |
-<tr><td BGCOLOR="#a0e4fa"><font color="#000000">Error Codes<td BGCOLOR="#a0e4fa"><font color="#000000">Cause<td BGCOLOR="#a0e4fa"><font color="#000000">Mitigation</td></tr>
+|0x80070003- 0x20007|This is a failure during SafeOS phase driver installation.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
-<tr><td>0x80070003- 0x20007
+|0x8007025D - 0x2000C|This error occurs if the ISO file&#39;s metadata is corrupt.|Re-download the ISO/Media and re-attempt the upgrade<p>Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).|
-<td>This is a failure during SafeOS phase driver installation.
+|0x80070490 - 0x20007|An incompatible device driver is present.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
-
+|0xC1900101 - 0x2000c|An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.|Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide.<br>Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.|
-<td><a href="/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations" data-raw-source="[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations)">Verify device drivers</a> on the computer, and <a href="log-files.md#analyze-log-files" data-raw-source="[analyze log files](log-files.md#analyze-log-files)">analyze log files</a> to determine the problem driver.
+|0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.|See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements.<p>Review logs for [compatibility information](/archive/blogs/askcore/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues).|
-</td></tr>
+|0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.<p>See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements.<p>Review logs for [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications).||
-<tr><td>0x8007025D - 0x2000C
+|0x80070004 - 0x3000D|This is a problem with data migration during the first boot phase. There are multiple possible causes.|[Analyze log files](log-files.md#analyze-log-files) to determine the issue.|
-<td>This error occurs if the ISO file&#39;s metadata is corrupt.<td>&quot;Re-download the ISO/Media and re-attempt the upgrade.
+|0xC1900101 - 0x4001E|Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.|This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section.|
-
+|0x80070005 - 0x4000D|The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.|[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access denied.|
-Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).
+|0x80070004 - 0x50012|Windows Setup failed to open a file.|[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access problems.|
-
+|0xC190020e<br>0x80070070 - 0x50011<br>0x80070070 - 0x50012<br>0x80070070 - 0x60000|These errors indicate the computer does not have enough free space available to install the upgrade.|To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/help/17421/windows-free-up-drive-space) before proceeding with the upgrade. <p><div>**Note:** If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS.  Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.</div>|
 </td></tr>
 <tr><td>0x80070490 - 0x20007<td>An incompatible device driver is present.
 <td><a href="/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations" data-raw-source="[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations)">Verify device drivers</a> on the computer, and <a href="log-files.md#analyze-log-files" data-raw-source="[analyze log files](log-files.md#analyze-log-files)">analyze log files</a> to determine the problem driver.
 </td></tr>
 <tr><td>0xC1900101 - 0x2000c
 <td>An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.
 <td>Run checkdisk to repair the file system. For more information, see the <a href="quick-fixes.md" data-raw-source="[quick fixes](quick-fixes.md)">quick fixes</a> section in this guide.
 <br>Update drivers on the computer, and select &quot;Download and install updates (recommended)&quot; during the upgrade process. Disconnect devices other than the mouse, keyboard and display.</td></tr>
 <tr><td>0xC1900200 - 0x20008
 <td>The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.
 See <a href="https://www.microsoft.com/windows/windows-10-specifications" data-raw-source="[Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)">Windows 10 Specifications</a> and verify the computer meets minimum requirements.
 Review logs for [compatibility information](/archive/blogs/askcore/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues).</td></tr>
 <tr><td>0x80070004 - 0x3000D
 <td>This is a problem with data migration during the first boot phase. There are multiple possible causes.
 <td><a href="log-files.md#analyze-log-files" data-raw-source="[Analyze log files](log-files.md#analyze-log-files)">Analyze log files</a> to determine the issue.</td></tr>
 <tr><td>0xC1900101 - 0x4001E
 <td>Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.
 <td>This is a generic error that occurs during the OOBE phase of setup. See the <a href="#0xc1900101" data-raw-source="[0xC1900101](#0xc1900101)">0xC1900101</a> section of this guide and review general troubleshooting procedures described in that section.</td></tr>
 <tr><td>0x80070005 - 0x4000D
 <td>The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.
 <td><a href="log-files.md#analyze-log-files" data-raw-source="[Analyze log files](log-files.md#analyze-log-files)">Analyze log files</a> to determine the data point that is reporting access denied.</td></tr>
 <tr><td>0x80070004 - 0x50012
 <td>Windows Setup failed to open a file.
 <td><a href="log-files.md#analyze-log-files" data-raw-source="[Analyze log files](log-files.md#analyze-log-files)">Analyze log files</a> to determine the data point that is reporting access problems.</td></tr>
 <tr><td>0xC190020e
 <br>0x80070070 - 0x50011
 <br>0x80070070 - 0x50012
 <br>0x80070070 - 0x60000
 <td>These errors indicate the computer does not have enough free space available to install the upgrade.
 <td>To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to <a href="https://support.microsoft.com/help/17421/windows-free-up-drive-space" data-raw-source="[free up drive space](https://support.microsoft.com/help/17421/windows-free-up-drive-space)">free up drive space</a> before proceeding with the upgrade.
 > [!NOTE]  
 > If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS.  Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.
 </td></tr>
 </table>
 ## Modern setup errors
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@ -67,79 +67,14 @@ Windows 10 Enterprise edition has a number of features that are unavailable in
 *Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
-<table>
+|Feature|Description|
-<colgroup>
+|--- |--- |
-<col width="20%" />
+|Credential Guard|This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.<p>Credential Guard has the following features:<li>**Hardware-level security**.  Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.<li>**Virtualization-based security**.  Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.<li>**Improved protection against persistent threats**.  Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.<li>**Improved manageability**.  Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.<p>For more information, see [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard).<p>*Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*|
-<col width="80%" />
+|Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.<p>Device Guard does the following:<li>Helps protect against malware<li>Helps protect the Windows system core from vulnerability and zero-day exploits<li>Allows only trusted apps to run<p>For more information, see [Introduction to Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
-</colgroup>
+|AppLocker management|This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.<p>For more information, see [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).|
-<thead>
+|Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.<p>For more information, see [Getting Started with App-V for Windows 10](/windows/application-management/app-v/appv-getting-started).|
-<tr class="header">
+|User Experience Virtualization (UE-V)|With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share.<p>When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.<p>UE-V provides the ability to do the following:<li>Specify which application and Windows settings synchronize across user devices<li>Deliver the settings anytime and anywhere users work throughout the enterprise<li>Create custom templates for your third-party or line-of-business applications<li>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state<p>For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).|
-<th align="left">Feature</th>
+|Managed User Experience|This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:<li>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands<li>Removing Log Off (the User tile) from the Start menu<li>Removing frequent programs from the Start menu<li>Removing the All Programs list from the Start menu<li>Preventing users from customizing their Start screen<li>Forcing Start menu to be either full-screen size or menu size<li>Preventing changes to Taskbar and Start menu settings|
 <th align="left">Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Credential Guard<strong><em></strong></p></td>
 <td align="left"><p>This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.</p>
 <p>Credential Guard has the following features:</p>
 <ul>
 <li><p><strong>Hardware-level security</strong>.&nbsp;&nbsp;Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.</p></li>
 <li><p><strong>Virtualization-based security</strong>.&nbsp;&nbsp;Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.</p></li>
 <li><p><strong>Improved protection against persistent threats</strong>.&nbsp;&nbsp;Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.</p></li>
 <li><p><strong>Improved manageability</strong>.&nbsp;&nbsp;Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.</p></li>
 </ul>
 <p>For more information, see <a href="/windows/security/identity-protection/credential-guard/credential-guard" data-raw-source="[Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)">Protect derived domain credentials with Credential Guard</a>.</p>
 <p></em> <i>Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)</i></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Device Guard</p></td>
 <td align="left"><p>This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.</p>
 <p>Device Guard does the following:</p>
 <ul>
 <li><p>Helps protect against malware</p></li>
 <li><p>Helps protect the Windows system core from vulnerability and zero-day exploits</p></li>
 <li><p>Allows only trusted apps to run</p></li>
 </ul>
 <p>For more information, see <a href="/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control" data-raw-source="[Introduction to Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control)">Introduction to Device Guard</a>.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>AppLocker management</p></td>
 <td align="left"><p>This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.</p>
 <p>For more information, see <a href="/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview" data-raw-source="[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)">AppLocker</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Application Virtualization (App-V)</p></td>
 <td align="left"><p>This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don&#39;t conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.</p>
 <p>For more information, see <a href="/windows/application-management/app-v/appv-getting-started" data-raw-source="[Getting Started with App-V for Windows 10](/windows/application-management/app-v/appv-getting-started)">Getting Started with App-V for Windows 10</a>.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>User Experience Virtualization (UE-V)</p></td>
 <td align="left"><p>With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.</p>
 <p>UE-V provides the ability to do the following:</p>
 <ul>
 <li><p>Specify which application and Windows settings synchronize across user devices</p></li>
 <li><p>Deliver the settings anytime and anywhere users work throughout the enterprise</p></li>
 <li><p>Create custom templates for your third-party or line-of-business applications</p></li>
 <li><p>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state</p></li>
 </ul>
 <p>For more information, see <a href="/windows/configuration/ue-v/uev-for-windows" data-raw-source="[User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows)">User Experience Virtualization (UE-V) for Windows 10 overview</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Managed User Experience</p></td>
 <td align="left"><p>This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:</p>
 <ul>
 <li><p>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands</p></li>
 <li><p>Removing Log Off (the User tile) from the Start menu</p></li>
 <li><p>Removing frequent programs from the Start menu</p></li>
 <li><p>Removing the All Programs list from the Start menu</p></li>
 <li><p>Preventing users from customizing their Start screen</p></li>
 <li><p>Forcing Start menu to be either full-screen size or menu size</p></li>
 <li><p>Preventing changes to Taskbar and Start menu settings</p></li>
 </ul>
 </tr>
 </tbody>
 </table>
 ## Deployment of Windows 10/11 Enterprise E3 licenses
@ -151,7 +86,10 @@ Now that you have Windows 10/11 Enterprise edition running on devices, how do yo
 The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10/11 Enterprise edition features.
-### Credential Guard\*
+### Credential Guard
 > [!NOTE]
 > Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present).
 You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10/11 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
@ -171,7 +109,7 @@ For more information about implementing Credential Guard, see the following reso
 -   [PC OEM requirements for Device Guard and Credential Guard](/windows-hardware/design/device-experiences/oem-security-considerations)
 -   [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337)
-\* *Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*
+
 ### Device Guard
--- a/windows/security/identity-protection/access-control/active-directory-accounts.md
+++ b/windows/security/identity-protection/access-control/active-directory-accounts.md
@ -107,65 +107,23 @@ The Administrator account can also be disabled when it is not required. Renaming
 On a domain controller, the Administrator account becomes the Domain Admin account. The Domain Admin account is used to sign in to the domain controller and this account requires a strong password. The Domain Admin account gives you access to domain resources.
-**Note**  
+> [!NOTE]
-When the domain controller is initially installed, you can sign in and use Server Manager to set up a local Administrator account, with the rights and permissions you want to assign. For example, you can use a local Administrator account to manage the operating system when you first install it. By using this approach, you can set up the operating system without getting locked out. Generally, you do not need to use the account after installation. You can only create local user accounts on the domain controller, before Active Directory Domain Services is installed, and not afterwards.
+> When the domain controller is initially installed, you can sign in and use Server Manager to set up a local Administrator account, with the rights and permissions you want to assign. For example, you can use a local Administrator account to manage the operating system when you first install it. By using this approach, you can set up the operating system without getting locked out. Generally, you do not need to use the account after installation. You can only create local user accounts on the domain controller, before Active Directory Domain Services is installed, and not afterwards.
 When Active Directory is installed on the first domain controller in the domain, the Administrator account is created for Active Directory. The Administrator account is the most powerful account in the domain. It is given domain-wide access and administrative rights to administer the computer and the domain, and it has the most extensive rights and permissions over the domain. The person who installs Active Directory Domain Services on the computer creates the password for this account during the installation.
 **Administrator account attributes**
-<table>
+|Attribute|Value|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Well-Known SID/RID|S-1-5-`<domain>`-500|
-<col width="50%" />
+|Type|User|
-</colgroup>
+|Default container|CN=Users, DC=`<domain>`, DC=|
-<thead>
+|Default members|N/A|
-<tr class="header">
+|Default member of|Administrators, Domain Admins, Enterprise Administrators, Domain Users. Note that the Primary Group ID of all user accounts is Domain Users. <br/><br/>Group Policy Creator Owners, and Schema Admins in Active Directory<br/><br/>Domain Users group|
-<th>Attribute</th>
+|Protected by ADMINSDHOLDER?|Yes|
-<th>Value</th>
+|Safe to move out of default container?|Yes|
-</tr>
+|Safe to delegate management of this group to non-service administrators?|No|
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
 <td><p>S-1-5-&lt;domain&gt;-500</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>
 <td><p>User</p></td>
 </tr>
 <tr class="odd">
 <td><p>Default container</p></td>
 <td><p>CN=Users, DC=&lt;domain&gt;, DC=</p></td>
 </tr>
 <tr class="even">
 <td><p>Default members</p></td>
 <td><p>N/A</p></td>
 </tr>
 <tr class="odd">
 <td><p>Default member of</p></td>
 <td><p>Administrators, Domain Admins, Enterprise Administrators, Domain Users. Note that the Primary Group ID of all user accounts is Domain Users.</p>
 <p>Group Policy Creator Owners, and Schema Admins in Active Directory</p>
 <p>Domain Users group</p></td>
 </tr>
 <tr class="even">
 <td><p>Protected by ADMINSDHOLDER?</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
 <td><p>Safe to move out of default container?</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
 <td><p>Safe to delegate management of this group to non-service administrators?</p></td>
 <td><p>No</p></td>
 </tr>
 </tbody>
 </table>
 ## <a href="" id="sec-guest"></a>Guest account
@ -200,54 +158,16 @@ For details about the Guest account attributes, see the following table.
 **Guest account attributes**
-<table>
+|Attribute|Value|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Well-Known SID/RID|S-1-5-`<domain>`-501|
-<col width="50%" />
+|Type|User|
-</colgroup>
+|Default container|CN=Users, DC=`<domain>`, DC=|
-<thead>
+|Default members|None|
-<tr class="header">
+|Default member of|Guests, Domain Guests|
-<th>Attribute</th>
+|Protected by ADMINSDHOLDER?|No|
-<th>Value</th>
+|Safe to move out of default container?|Can be moved out, but we do not recommend it.|
-</tr>
+|Safe to delegate management of this group to non-Service admins?|No|
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
 <td><p>S-1-5-&lt;domain&gt;-501</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>
 <td><p>User</p></td>
 </tr>
 <tr class="odd">
 <td><p>Default container</p></td>
 <td><p>CN=Users, DC=&lt;domain&gt;, DC=</p></td>
 </tr>
 <tr class="even">
 <td><p>Default members</p></td>
 <td><p>None</p></td>
 </tr>
 <tr class="odd">
 <td><p>Default member of</p></td>
 <td><p>Guests, Domain Guests</p></td>
 </tr>
 <tr class="even">
 <td><p>Protected by ADMINSDHOLDER?</p></td>
 <td><p>No</p></td>
 </tr>
 <tr class="odd">
 <td><p>Safe to move out of default container?</p></td>
 <td><p>Can be moved out, but we do not recommend it.</p></td>
 </tr>
 <tr class="even">
 <td><p>Safe to delegate management of this group to non-Service admins?</p></td>
 <td><p>No</p></td>
 </tr>
 </tbody>
 </table>
 ## <a href="" id="sec-helpassistant"></a>HelpAssistant account (installed with a Remote Assistance session)
@ -260,9 +180,9 @@ HelpAssistant is the primary account that is used to establish a Remote Assistan
 The SIDs that pertain to the default HelpAssistant account include:
-   SID: S-1-5-&lt;domain&gt;-13, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note that, in Windows Server 2008, Remote Desktop Services are called Terminal Services.
+-   SID: S-1-5-`<domain>`-13, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note that, in Windows Server 2008, Remote Desktop Services are called Terminal Services.
-   SID: S-1-5-&lt;domain&gt;-14, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
+-   SID: S-1-5-`<domain>`-14, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
 For the Windows Server operating system, Remote Assistance is an optional component that is not installed by default. You must install Remote Assistance before it can be used.
@ -270,53 +190,16 @@ For details about the HelpAssistant account attributes, see the following table.
 **HelpAssistant account attributes**
-<table>
+|Attribute|Value|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Well-Known SID/RID|S-1-5-`<domain>`-13 (Terminal Server User), S-1-5-`<domain>`-14 (Remote Interactive Logon)|
-<col width="50%" />
+|Type|User|
-</colgroup>
+|Default container|CN=Users, DC=`<domain>`, DC=|
-<thead>
+|Default members|None|
-<tr class="header">
+|Default member of|Domain Guests<p>Guests|
-<th>Attribute</th>
+|Protected by ADMINSDHOLDER?|No|
-<th>Value</th>
+|Safe to move out of default container?|Can be moved out, but we do not recommend it.|
-</tr>
+|Safe to delegate management of this group to non-Service admins?|No|
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
 <td><p>S-1-5-&lt;domain&gt;-13 (Terminal Server User), S-1-5-&lt;domain&gt;-14 (Remote Interactive Logon)</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>
 <td><p>User</p></td>
 </tr>
 <tr class="odd">
 <td><p>Default container</p></td>
 <td><p>CN=Users, DC=&lt;domain&gt;, DC=</p></td>
 </tr>
 <tr class="even">
 <td><p>Default members</p></td>
 <td><p>None</p></td>
 </tr>
 <tr class="odd">
 <td><p>Default member of</p></td>
 <td><p>Domain Guests</p>
 <p>Guests</p></td>
 </tr>
 <tr class="even">
 <td><p>Protected by ADMINSDHOLDER?</p></td>
 <td><p>No</p></td>
 </tr>
 <tr class="odd">
 <td><p>Safe to move out of default container?</p></td>
 <td><p>Can be moved out, but we do not recommend it.</p></td>
 </tr>
 <tr class="even">
 <td><p>Safe to delegate management of this group to non-Service admins?</p></td>
 <td><p>No</p></td>
 </tr>
 </tbody>
 </table>
@ -355,8 +238,8 @@ For all account types (users, computers, and services)
 Because it is impossible to predict the specific errors that will occur for any given user in a production operating environment, you must assume all computers and users will be affected.
-**Important**  
+> [!IMPORTANT]
-Rebooting a computer is the only reliable way to recover functionality as this will cause both the computer account and user accounts to log back in again. Logging in again will request new TGTs that are valid with the new KRBTGT, correcting any KRBTGT related operational issues on that computer.
+> Rebooting a computer is the only reliable way to recover functionality as this will cause both the computer account and user accounts to log back in again. Logging in again will request new TGTs that are valid with the new KRBTGT, correcting any KRBTGT related operational issues on that computer.
 For information about how to help mitigate the risks associated with a potentially compromised KRBTGT account, see [KRBTGT Account Password Reset Scripts now available for customers](https://blogs.microsoft.com/cybertrust/2015/02/11/krbtgt-account-password-reset-scripts-now-available-for-customers/).
@ -370,54 +253,16 @@ After the credentials are cached on the RODC, the RODC can accept that user's si
 For details about the KRBTGT account attributes, see the following table.
-<table>
+|Attribute|Value|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|Well-Known SID/RID|S-1-5-`<domain>`-502|
-<col width="50%" />
+|Type|User|
-</colgroup>
+|Default container|CN=Users, DC=`<domain>`, DC=|
-<thead>
+|Default members|None|
-<tr class="header">
+|Default member of|Domain Users group. Note that the Primary Group ID of all user accounts is Domain Users.|
-<th>Attribute</th>
+|Protected by ADMINSDHOLDER?|Yes|
-<th>Value</th>
+|Safe to move out of default container?|Can be moved out, but we do not recommend it.|
-</tr>
+|Safe to delegate management of this group to non-Service admins?|No|
 </thead>
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
 <td><p>S-1-5-&lt;domain&gt;-502</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>
 <td><p>User</p></td>
 </tr>
 <tr class="odd">
 <td><p>Default container</p></td>
 <td><p>CN=Users, DC=&lt;domain&gt;, DC=</p></td>
 </tr>
 <tr class="even">
 <td><p>Default members</p></td>
 <td><p>None</p></td>
 </tr>
 <tr class="odd">
 <td><p>Default member of</p></td>
 <td><p>Domain Users group. Note that the Primary Group ID of all user accounts is Domain Users.</p></td>
 </tr>
 <tr class="even">
 <td><p>Protected by ADMINSDHOLDER?</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
 <td><p>Safe to move out of default container?</p></td>
 <td><p>Can be moved out, but we do not recommend it.</p></td>
 </tr>
 <tr class="even">
 <td><p>Safe to delegate management of this group to non-Service admins?</p></td>
 <td><p>No</p></td>
 </tr>
 </tbody>
 </table>
 ## <a href="" id="sec-account-settings"></a>Settings for default local accounts in Active Directory
@ -426,73 +271,18 @@ Each default local account in Active Directory has a number of account settings
 **Settings for default local accounts in Active Directory**
-<table>
+|Account settings|Description|
-<colgroup>
+|--- |--- |
-<col width="50%" />
+|User must change password at next logon|Forces a password change the next time that the user logs signs in to the network. Use this option when you want to ensure that the user is the only person to know his or her password.|
-<col width="50%" />
+|User cannot change password|Prevents the user from changing the password. Use this option when you want to maintain control over a user account, such as for a Guest or temporary account.|
-</colgroup>
+|Password never expires|Prevents a user password from expiring. It is a best practice to enable this option with service accounts and to use strong passwords.|
-<thead>
+|Store passwords using reversible encryption|Provides support for applications that use protocols requiring knowledge of the plaintext form of the user’s password for authentication purposes.<br/><br/>This option is required when using Challenge Handshake Authentication Protocol (CHAP) in Internet Authentication Services (IAS), and when using digest authentication in Internet Information Services (IIS).|
-<tr class="header">
+|Account is disabled|Prevents the user from signing in with the selected account. As an administrator, you can use disabled accounts as templates for common user accounts.|
-<th>Account settings</th>
+|Smart card is required for interactive logon|Requires that a user has a smart card to sign on to the network interactively. The user must also have a smart card reader attached to their computer and a valid personal identification number (PIN) for the smart card.<br/><br/>When this attribute is applied on the account, the effect is as follows:<li>The attribute only restricts initial authentication for interactive logon and Remote Desktop logon. When interactive or Remote Desktop logon requires a subsequent network logon, such as with a domain credential, an NT Hash provided by the domain controller is used to complete the smartcard authentication process<li>Each time the attribute is enabled on an account, the account’s current password hash value is replaced with a 128-bit random number. This invalidates the use of any previously configured passwords for the account. The value does not change after that unless a new password is set or the attribute is disabled and re-enabled.<li>Accounts with this attribute cannot be used to start services or run scheduled tasks.|
-<th>Description</th>
+|Account is trusted for delegation|Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the Delegation tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the setspn command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously.|
-</tr>
+|Account is sensitive and cannot be delegated|Gives control over a user account, such as for a Guest account or a temporary account. This option can be used if this account cannot be assigned for delegation by another account.|
-</thead>
+|Use DES encryption types for this account|Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption, including Microsoft Point-to-Point Encryption (MPPE) Standard (40-bit and 56-bit), MPPE standard (56-bit), MPPE Strong (128-bit), Internet Protocol security (IPSec) DES (40-bit), IPSec 56-bit DES, and IPSec Triple DES (3DES).<div class="alert"> **Note:** DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see [Hunting down DES in order to securely deploy Kerberos](/archive/blogs/askds/hunting-down-des-in-order-to-securely-deploy-kerberos)</div>|
-<tbody>
+|Do not require Kerberos preauthentication|Provides support for alternate implementations of the Kerberos protocol. Because preauthentication provides additional security, use caution when enabling this option. Note that domain controllers running Windows 2000 or Windows Server 2003 can use other mechanisms to synchronize time.|
 <tr class="odd">
 <td><p>User must change password at next logon</p></td>
 <td><p>Forces a password change the next time that the user logs signs in to the network. Use this option when you want to ensure that the user is the only person to know his or her password.</p></td>
 </tr>
 <tr class="even">
 <td><p>User cannot change password</p></td>
 <td><p>Prevents the user from changing the password. Use this option when you want to maintain control over a user account, such as for a Guest or temporary account.</p></td>
 </tr>
 <tr class="odd">
 <td><p>Password never expires</p></td>
 <td><p>Prevents a user password from expiring. It is a best practice to enable this option with service accounts and to use strong passwords.</p></td>
 </tr>
 <tr class="even">
 <td><p>Store passwords using reversible encryption</p></td>
 <td><p>Provides support for applications that use protocols requiring knowledge of the plaintext form of the user’s password for authentication purposes.</p>
 <p>This option is required when using Challenge Handshake Authentication Protocol (CHAP) in Internet Authentication Services (IAS), and when using digest authentication in Internet Information Services (IIS).</p></td>
 </tr>
 <tr class="odd">
 <td><p>Account is disabled</p></td>
 <td><p>Prevents the user from signing in with the selected account. As an administrator, you can use disabled accounts as templates for common user accounts.</p></td>
 </tr>
 <tr class="even">
 <td><p>Smart card is required for interactive logon</p></td>
 <td><p>Requires that a user has a smart card to sign on to the network interactively. The user must also have a smart card reader attached to their computer and a valid personal identification number (PIN) for the smart card.</p>
 <p>When this attribute is applied on the account, the effect is as follows:</p>
 <ul>
 <li><p>The attribute only restricts initial authentication for interactive logon and Remote Desktop logon. When interactive or Remote Desktop logon requires a subsequent network logon, such as with a domain credential, an NT Hash provided by the domain controller is used to complete the smartcard authentication process</p></li>
 <li><p>Each time the attribute is enabled on an account, the account’s current password hash value is replaced with a 128-bit random number. This invalidates the use of any previously configured passwords for the account. The value does not change after that unless a new password is set or the attribute is disabled and re-enabled.</p></li>
 <li><p>Accounts with this attribute cannot be used to start services or run scheduled tasks.</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td><p>Account is trusted for delegation</p></td>
 <td><p>Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the <b>Delegation</b> tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the <b>setspn</b> command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously.</p></td>
 </tr>
 <tr class="even">
 <td><p>Account is sensitive and cannot be delegated</p></td>
 <td><p>Gives control over a user account, such as for a Guest account or a temporary account. This option can be used if this account cannot be assigned for delegation by another account.</p></td>
 </tr>
 <tr class="odd">
 <td><p>Use DES encryption types for this account</p></td>
 <td><p>Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption, including Microsoft Point-to-Point Encryption (MPPE) Standard (40-bit and 56-bit), MPPE standard (56-bit), MPPE Strong (128-bit), Internet Protocol security (IPSec) DES (40-bit), IPSec 56-bit DES, and IPSec Triple DES (3DES).</p>
 <div class="alert">
 <b>Note</b><br/><p>DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see <a href="/archive/blogs/askds/hunting-down-des-in-order-to-securely-deploy-kerberos" data-raw-source="[Hunting down DES in order to securely deploy Kerberos](/archive/blogs/askds/hunting-down-des-in-order-to-securely-deploy-kerberos)">Hunting down DES in order to securely deploy Kerberos</a>.</p>
 </div>
 <div>
 </div></td>
 </tr>
 <tr class="even">
 <td><p>Do not require Kerberos preauthentication</p></td>
 <td><p>Provides support for alternate implementations of the Kerberos protocol. Because preauthentication provides additional security, use caution when enabling this option. Note that domain controllers running Windows 2000 or Windows Server 2003 can use other mechanisms to synchronize time.</p></td>
 </tr>
 </tbody>
 </table>
@ -552,8 +342,8 @@ Restrict Domain Admins accounts and other sensitive accounts to prevent them fro
 -   **Standard user account**. Grant standard user rights for standard user tasks, such as email, web browsing, and using line-of-business (LOB) applications. These accounts should not be granted administrator rights.
-**Important**  
+> [!IMPORTANT]
-Ensure that sensitive administrator accounts cannot access email or browse the Internet as described in the following section.
+> Ensure that sensitive administrator accounts cannot access email or browse the Internet as described in the following section.
@ -561,8 +351,8 @@ Ensure that sensitive administrator accounts cannot access email or browse the I
 Administrators need to manage job responsibilities that require sensitive administrator rights from a dedicated workstation because they do not have easy physical access to the servers. A workstation that is connected to the Internet and has email and web browsing access is regularly exposed to compromise through phishing, downloading, and other types of Internet attacks. Because of these threats, it is a best practice to set these administrators up by using workstations that are dedicated to administrative duties only, and not provide access to the Internet, including email and web browsing. For more information, see [Separate administrator accounts from user accounts](#task1-separate-admin-accounts).
-**Note**  
+> [!NOTE]
-If the administrators in your environment can sign in locally to managed servers and perform all tasks without elevated rights or domain rights from their workstation, you can skip this task.
+> If the administrators in your environment can sign in locally to managed servers and perform all tasks without elevated rights or domain rights from their workstation, you can skip this task.
@ -582,8 +372,8 @@ If the administrators in your environment can sign in locally to managed servers
 The following procedure describes how to block Internet access by creating a Group Policy Object (GPO) that configures an invalid proxy address on administrative workstations. These instructions apply only to computers running Internet Explorer and other Windows components that use these proxy settings.
-**Note**  
+> [!NOTE]
-In this procedure, the workstations are dedicated to domain administrators. By simply modifying the administrator accounts to grant permission to administrators to sign in locally, you can create additional OUs to manage administrators that have fewer administrative rights to use the instructions described in the following procedure.
+> In this procedure, the workstations are dedicated to domain administrators. By simply modifying the administrator accounts to grant permission to administrators to sign in locally, you can create additional OUs to manage administrators that have fewer administrative rights to use the instructions described in the following procedure.
 **To install administrative workstations in a domain and block Internet and email access (minimum)**
@ -591,7 +381,8 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 2.  Create computer accounts for the new workstations.
-    > **Note**&nbsp;&nbsp;You might have to delegate permissions to join computers to the domain if the account that joins the workstations to the domain does not already have them. For more information, see [Delegation of Administration in Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx).
+    > [!NOTE]
    > You might have to delegate permissions to join computers to the domain if the account that joins the workstations to the domain does not already have them. For more information, see [Delegation of Administration in Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx).
    ![Active Directory local accounts](images/adlocalaccounts-proc1-sample1.gif)
@ -619,8 +410,8 @@ In this procedure, the workstations are dedicated to domain administrators. By s
    4.  Click **Add User or Group** &gt; **Browse**, type **Domain Admins**, and &gt; **OK**.
-        **Important**  
+        > [!IMPORTANT]
-        These instructions assume that the workstation is to be dedicated to domain administrators.
+        > These instructions assume that the workstation is to be dedicated to domain administrators.
@ -650,48 +441,18 @@ In this procedure, the workstations are dedicated to domain administrators. By s
    2.  Configure Windows Update settings as described in the following table.
-        <table>
+        |Windows Update Setting|Configuration|
-        <colgroup>
+        |--- |--- |
-        <col width="50%" />
+        |Allow Automatic Updates immediate installation|Enabled|
-        <col width="50%" />
+        |Configure Automatic Updates|Enabled4 - Auto download and schedule the installation0 - Every day 03:00|
-        </colgroup>
+        |Enable Windows Update Power Management to automatically wake up the system to install scheduled updates|Enabled|
-        <tbody>
+        |Specify intranet Microsoft Update service location|Enabled `http://<WSUSServername> http://<WSUSServername>` Where `<WSUSServername>` is the DNS name or IP address of the Windows Server Update Services (WSUS) in the environment.|
-        <tr class="odd">
+        |Automatic Updates detection frequency|6 hours|
-        <td><p><b>Windows Update Setting</b></p></td>
+        |Re-prompt for restart with scheduled installations|1 minute|
-        <td><p><b>Configuration</b></p></td>
+        |Delay restart for scheduled installations|5 minutes|
        </tr>
        <tr class="even">
        <td><p>Allow Automatic Updates immediate installation</p></td>
        <td><p>Enabled</p></td>
        </tr>
        <tr class="odd">
        <td><p>Configure Automatic Updates</p></td>
        <td><p>Enabled<br>4 - Auto download and schedule the installation<br>0 - Every day 03:00</p></td>
        </tr>
        <tr class="even">
        <td><p>Enable Windows Update Power Management to automatically wake up the system to install scheduled updates</p></td>
        <td><p>Enabled</p></td>
        </tr>
        <tr class="odd">
        <td><p>Specify intranet Microsoft Update service location</p></td>
        <td><p>Enabled http://&lt;WSUSServername&gt; http://&lt;WSUSServername&gt; Where &lt;WSUSServername&gt; is the DNS name or IP address of the Windows Server Update Services (WSUS) in the environment.</p></td>
        </tr>
        <tr class="even">
        <td><p>Automatic Updates detection frequency</p></td>
        <td><p>6 hours</p></td>
        </tr>
        <tr class="odd">
        <td><p>Re-prompt for restart with scheduled installations</p></td>
        <td><p>1 minute</p></td>
        </tr>
        <tr class="even">
        <td><p>Delay restart for scheduled installations</p></td>
        <td><p>5 minutes</p></td>
        </tr>
        </tbody>
        </table>
-        > **Note**&nbsp;&nbsp;This step assumes that Windows Server Update Services (WSUS) is installed and configured in the environment. You can skip this step if you use another tool to deploy software updates. Also, if the public Microsoft Windows Update service only is used on the Internet, then these administrative workstations no longer receive updates.
+        > [!NOTE]
        > This step assumes that Windows Server Update Services (WSUS) is installed and configured in the environment. You can skip this step if you use another tool to deploy software updates. Also, if the public Microsoft Windows Update service only is used on the Internet, then these administrative workstations no longer receive updates.
 12. Configure the inbound firewall to block all connections as follows:
@ -713,8 +474,8 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 It is a best practice to restrict administrators from using sensitive administrator accounts to sign in to lower-trust servers and workstations. This restriction prevents administrators from inadvertently increasing the risk of credential theft by signing in to a lower-trust computer.
-**Important**  
+> [!IMPORTANT]
-Ensure that you either have local access to the domain controller or that you have built at least one dedicated administrative workstation.
+> Ensure that you either have local access to the domain controller or that you have built at least one dedicated administrative workstation.
@ -726,8 +487,8 @@ Restrict logon access to lower-trust servers and workstations by using the follo
 -   **Ideal**. Restrict server administrators from signing in to workstations, in addition to domain administrators.
-**Note**  
+> [!NOTE]
-For this procedure, do not link accounts to the OU that contain workstations for administrators that perform administration duties only, and do not provide Internet or email access. For more information, see [Create dedicated workstation hosts for administrators](#task2-admin-workstations)
+> For this procedure, do not link accounts to the OU that contain workstations for administrators that perform administration duties only, and do not provide Internet or email access. For more information, see [Create dedicated workstation hosts for administrators](#task2-admin-workstations)
@ -735,7 +496,7 @@ For this procedure, do not link accounts to the OU that contain workstations for
 1.  As a domain administrator, open the Group Policy Management Console (GPMC).
-2.  Open **Group Policy Management**, and expand *&lt;forest&gt;*\\Domains\\*&lt;domain&gt;*, and then expand to **Group Policy Objects**.
+2.  Open **Group Policy Management**, and expand *&lt;forest&gt;*\\Domains\\`<domain>`, and then expand to **Group Policy Objects**.
 3.  Right-click **Group Policy Objects**, and &gt; **New**.
@ -759,8 +520,8 @@ For this procedure, do not link accounts to the OU that contain workstations for
        ![An Active Directory's local accounts](images/adlocalaccounts-proc2-sample3.png)
-        **Note**  
+        > [!NOTE]
-        You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
+        > You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
@ -768,8 +529,8 @@ For this procedure, do not link accounts to the OU that contain workstations for
 8.  Configure the user rights to deny batch and service logon rights for domain administrators as follows:
-    **Note**  
+    > [!NOTE]
-    Completing this step might cause issues with administrator tasks that run as scheduled tasks or services with accounts in the Domain Admins group. The practice of using domain administrator accounts to run services and tasks on workstations creates a significant risk of credential theft attacks and therefore should be replaced with alternative means to run scheduled tasks or services.
+    > Completing this step might cause issues with administrator tasks that run as scheduled tasks or services with accounts in the Domain Admins group. The practice of using domain administrator accounts to run services and tasks on workstations creates a significant risk of credential theft attacks and therefore should be replaced with alternative means to run scheduled tasks or services.
@ -781,8 +542,8 @@ For this procedure, do not link accounts to the OU that contain workstations for
        ![An AD's local accounts](images/adlocalaccounts-proc2-sample4.png)
-        **Note**  
+        > [!NOTE]
-        You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
+        > You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
@ -794,14 +555,14 @@ For this procedure, do not link accounts to the OU that contain workstations for
        ![Local accounts for AD](images/adlocalaccounts-proc2-sample5.png)
-        **Note**  
+        > [!NOTE]
-        You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
+        > You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
 9.  Link the GPO to the first Workstations OU.
-    Navigate to the *&lt;forest&gt;*\\Domains\\*&lt;domain&gt;*\\OU Path, and then:
+    Navigate to the *&lt;forest&gt;*\\Domains\\`<domain>`\\OU Path, and then:
    1.  Right-click the workstation OU, and then &gt; **Link an Existing GPO**.
@ -810,6 +571,12 @@ For this procedure, do not link accounts to the OU that contain workstations for
    2.  Select the GPO that you just created, and &gt; **OK**.
        ![Active Directory's local accounts' presentation](images/adlocalaccounts-proc2-sample7.png)
 =======
        ![Active Directory local accounts 13](images/adlocalaccounts-proc2-sample6.png)
    2.  Select the GPO that you just created, and &gt; **OK**.
        ![Active Directory local accounts 14](images/adlocalaccounts-proc2-sample7.png)
 10. Test the functionality of enterprise applications on workstations in the first OU and resolve any issues caused by the new policy.
@ -817,8 +584,8 @@ For this procedure, do not link accounts to the OU that contain workstations for
    However, do not create a link to the Administrative Workstation OU if it is created for administrative workstations that are dedicated to administration duties only, and that are without Internet or email access. For more information, see [Create dedicated workstation hosts for administrators](#task2-admin-workstations).
-    **Important**  
+    > [!IMPORTANT]
-    If you later extend this solution, do not deny logon rights for the **Domain Users** group. The **Domain Users** group includes all user accounts in the domain, including Users, Domain Administrators, and Enterprise Administrators.
+    > If you later extend this solution, do not deny logon rights for the **Domain Users** group. The **Domain Users** group includes all user accounts in the domain, including Users, Domain Administrators, and Enterprise Administrators.
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md