diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index de9dbd8e9d..551ce8b897 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1247,6 +1247,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules", "redirect_document_id": true @@ -1357,6 +1362,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1692,6 +1702,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/powershell-example-code.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1762,6 +1777,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/python-example-code.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac", "redirect_document_id": true @@ -1894,7 +1914,7 @@ { "source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md", "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", - "redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md", @@ -1927,6 +1947,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1977,6 +2002,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles", "redirect_document_id": true diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index 45cd5c2570..640106062b 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -41,7 +41,8 @@ "depot_name": "Win.microsoft-edge", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Edge" }, "externalReference": [], "template": "op.html", diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 1cec2c9694..50208546bb 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -37,7 +37,8 @@ "depot_name": "Win.internet-explorer", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Internet Explorer" }, "externalReference": [], "template": "op.html", diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md index ff09fe4405..81e964a54b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md @@ -157,13 +157,13 @@ This table includes the attributes used by the Enterprise Mode schema. -<version> +version Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element. Internet Explorer 11 and Microsoft Edge -<exclude> -Specifies the domain or path excluded from applying the behavior and is supported on the <domain> and <path> elements. +exclude +Specifies the domain or path is excluded from applying Enterprise Mode. This attribute is only supported on the <domain> and <path> elements in the <emie> section.

Example 

 <emie>
@@ -175,7 +175,7 @@ Where http
 Internet Explorer 11 and Microsoft Edge
 
 
-<docMode>
+docMode
 Specifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section.
 
Example
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index 4bcf595aeb..a321e5a744 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -46,19 +46,19 @@ The following is an example of the v.2 version of the Enterprise Mode schema.
  
 ```xml
 
-	
+	
 	
 		EnterpriseSitelistManager
 		10240
 		20150728.135021
 	
-  	 
+  	 
 	
 		IE8Enterprise
 		MSEdge
 	
 	
-		default
+		Default
 		IE11
 	
 	
@@ -66,14 +66,15 @@ The following is an example of the v.2 version of the Enterprise Mode schema.
 		IE11
 	
 	
-		default
+		Default
 		IE11
 	
 	  
-		default
-		none
+		Default
+		None
 	  
 		IE8Enterprise"
+		None
 	
 	
 		IE7
@@ -232,26 +233,26 @@ These v.1 version schema attributes have been deprecated in the v.2 version of t
 
-
-
+
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -259,25 +260,28 @@ These v.1 version schema attributes have been deprecated in the v.2 version of t
 

 
 
Deprecated attributeNew attributeDeprecated element/attributeNew element
 Replacement example
 

 
 
 
<forceCompatView>forceCompatView
 <compat-mode>Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>Replace forceCompatView="true" with <compat-mode>IE7Enterprise</compat-mode>
 

 
<docMode>docMode
 <compat-mode>Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>Replace docMode="IE5" with <compat-mode>IE5</compat-mode>
 

 
<doNotTransition>doNotTransition
 <open-in>Replace <doNotTransition="true"> with <open-in>none</open-in>Replace doNotTransition="true" with <open-in>none</open-in>
 

 

 <domain> and <path>Replace:
 
 <emie>
-  <domain exclude="false">contoso.com</domain>
+  <domain>contoso.com</domain>
 </emie>

 With:
 
 <site url="contoso.com"/>
   <compat-mode>IE8Enterprise</compat-mode>
+  <open-in>IE11</open-in>
 </site>

 -AND-

 Replace:
 
 <emie>
-  <domain exclude="true">contoso.com
-     <path exclude="false" forceCompatView="true">/about</path>
+  <domain exclude="true" doNotTransition="true">
+    contoso.com
+    <path forceCompatView="true">/about</path>
   </domain>
 </emie>

 With:
 
 <site url="contoso.com/about">
   <compat-mode>IE7Enterprise</compat-mode>
+  <open-in>IE11</open-in>
 </site>

 

 

diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index 269b2bec06..da309b68cd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -71,19 +71,19 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
 
 ```xml
 
-	
+	
 	
 		EnterpriseSiteListManager
 		10586
 		20150728.135021
 	
-  	 
+  	 
 	
 		IE8Enterprise
 		IE11
 	
 	
-		default
+		Default
 		IE11
 	
 	
@@ -92,8 +92,8 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
 	
 	  
 	
 	  
 		IE8Enterprise"
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index 88e151583a..cd7c730569 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -14,11 +14,11 @@ ms.sitesec: library
 ms.date: 07/27/2017
 ---
 
+# IExpress Wizard command-line options
 
 **Applies to:**
 - Windows Server 2008 R2 with SP1
 
-# IExpress Wizard command-line options
 Use command-line options with the IExpress Wizard (IExpress.exe) to control your Internet Explorer custom browser package extraction process. 
 
 These command-line options work with IExpress:

diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 3ee637cb24..ce3a2dd2a0 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -16,7 +16,7 @@
 ## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md)
 ## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md)
 
-# Get started with HoloLens in commercial environments
+# HoloLens in commercial environments
 ## [Commercial feature overview](hololens-commercial-features.md)
 ## [Deployment planning](hololens-requirements.md)
 ## [Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md)
@@ -52,10 +52,11 @@
 ## [Environment considerations for HoloLens](hololens-environment-considerations.md)
 ## [Spatial mapping on HoloLens](hololens-spaces.md)
 
-# Update and recovery
+# Update, troubleshoot, or recover HoloLens
+## [Update, troubleshoot, or recover HoloLens](hololens-management-overview.md)
 ## [Update HoloLens](hololens-update-hololens.md)
-## [Manage updates on many HoloLens](hololens-updates.md)
 ## [Restart, reset, or recover](hololens-recovery.md)
+## [Troubleshoot HoloLens](hololens-troubleshooting.md)
 ## [Known issues](hololens-known-issues.md)
 ## [Frequently asked questions](hololens-faq.md)
 
diff --git a/devices/hololens/hololens-known-issues.md b/devices/hololens/hololens-known-issues.md
index 2fa916f8d0..3cb3f43717 100644
--- a/devices/hololens/hololens-known-issues.md
+++ b/devices/hololens/hololens-known-issues.md
@@ -123,15 +123,6 @@ If your device is still unable to load apps, you can sideload a version of the .
 
 We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences.
 
-## Connecting to WiFi
-
-During HoloLens Setup, there is a credential timeout of 2 minutes. The username/password needs to be entered within 2 minutes otherwise the username field will be automatically cleared.
-
-We recommend using a Bluetooth keyboard for entering long passwords.
-
-> [!NOTE]
-> If the wrong network is selected during HoloLens Setup, the device will need to be fully reset. Instructions can be found [here.](hololens-restart-recover.md)  
-
 ## Device Update
 
 - 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session.
diff --git a/devices/hololens/hololens-management-overview.md b/devices/hololens/hololens-management-overview.md
new file mode 100644
index 0000000000..307b2f7f00
--- /dev/null
+++ b/devices/hololens/hololens-management-overview.md
@@ -0,0 +1,32 @@
+---
+title: Update, troubleshoot, or recover HoloLens
+description: 
+author: Teresa-Motiv
+ms.author: v-tea
+ms.date: 11/27/2019
+ms.prod: hololens
+ms.topic: article
+ms.custom: CSSTroubleshooting
+audience: ITPro
+keywords: issues, bug, troubleshoot, fix, help, support, HoloLens
+manager: jarrettr
+ms.localizationpriority: medium
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Update, troubleshoot, or recover HoloLens
+
+The articles in this section help you keep your HoloLens up-to-date and help you resolve any issues that you encounter.
+
+**In this section**
+
+| Article | Description |
+| --- | --- |
+| [Update HoloLens](hololens-update-hololens.md) | Describes how to identify the build number of your device, and how to update your device manually. |
+| [Manage updates on many HoloLens](hololens-updates.md) | Describes how to use policies to manage device updates. |
+| [Restart, reset, or recover](hololens-recovery.md) | Describes how to restart, reset, or recover a HoloLens device |
+| [Troubleshoot HoloLens](hololens-troubleshooting.md) | Describes solutions to common HoloLens problems. |
+| [Known issues](hololens-known-issues.md) | Describes known HoloLens issues. |
+| [Frequently asked questions](hololens-faq.md) | Provides answers to common questions about HoloLens.|
diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md
index 0585bf89f7..42c5c64363 100644
--- a/devices/hololens/hololens-recovery.md
+++ b/devices/hololens/hololens-recovery.md
@@ -116,7 +116,7 @@ To use the tool, you’ll need a computer running Windows 10 or later, with at l
 
 To recover your HoloLens
 
-1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
+1. Download and install the [Windows Device Recovery Tool](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq) on your computer.
 1. Connect the HoloLens (1st gen) to your computer using the Micro USB cable that came with your HoloLens.
 1. Run the Windows Device Recovery Tool and follow the instructions.
 
diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md
index f977fa45ff..4d8b9c1a52 100644
--- a/devices/hololens/hololens-release-notes.md
+++ b/devices/hololens/hololens-release-notes.md
@@ -22,6 +22,13 @@ appliesto:
 > [!Note]
 > HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
 
+### December Update - build 18362.1042
+
+- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update.
+- Fixes stability of exclusive apps and navigation between exclusive apps.
+- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days.
+- Improves hologram stability.
+
 ### November Update - build 18362.1039
 
 - Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU.
diff --git a/devices/hololens/hololens-troubleshooting.md b/devices/hololens/hololens-troubleshooting.md
new file mode 100644
index 0000000000..75b91e51f9
--- /dev/null
+++ b/devices/hololens/hololens-troubleshooting.md
@@ -0,0 +1,92 @@
+---
+title: HoloLens troubleshooting
+description: Solutions for common HoloLens issues.
+author: mattzmsft
+ms.author: mazeller
+ms.date: 12/02/2019
+ms.prod: hololens
+ms.topic: article
+ms.custom: CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+keywords: issues, bug, troubleshoot, fix, help, support, HoloLens
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Troubleshooting HoloLens issues
+
+This article describes how to resolve several common HoloLens issues.
+
+## My HoloLens is unresponsive or won’t start
+
+If your HoloLens won't start:
+
+- If the LEDs next to the power button don't light up, or only one LED briefly blinks, you may need to charge your HoloLens.
+- If the LEDs light up when you press the power button but you can't see anything on the displays, hold the power button until all five of the LEDs turn off.
+
+If your HoloLens becomes frozen or unresponsive:
+
+- Turn off your HoloLens by pressing the power button until all five of the LEDs turn themselves off, or for 10 seconds if the LEDs are unresponsive. To start your HoloLens, press the power button again.
+
+If these steps don't work, you can try [recovering your device](hololens-recovery.md).
+
+## Holograms don't look good or are moving around
+
+If your holograms are unstable, jumpy, or don’t look right, try one of these fixes:
+
+- Clean your device visor and make sure that nothing is obstructing the sensors.
+- Make sure that there’s enough light in your room.
+- Try walking around and looking at your surroundings so that HoloLens can scan them more completely.
+- Try running the Calibration app. It calibrates your HoloLens to work best for your eyes. Go to **Settings** > **System** > **Utilities**. Under **Calibration**, select **Open Calibration**.
+
+## HoloLens doesn’t respond to my gestures
+
+To make sure that HoloLens can see your gestures, keep your hand in the gesture frame. The gesture frame extends a couple of feet on either side of you. When HoloLens can see your hand, the cursor changes from a dot to a ring. Learn more about [using gestures](hololens1-basic-usage.md#use-hololens-with-your-hands).
+
+If your environment is too dark, HoloLens might not see your hand, so make sure that there’s enough light.
+
+If your visor has fingerprints or smudges, use the microfiber cleaning cloth that came with the HoloLens to clean your visor gently.
+
+## HoloLens doesn’t respond to my voice commands.
+
+If Cortana isn’t responding to your voice commands, make sure Cortana is turned on. On the All apps list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
+
+## I can’t place holograms or see holograms that I previously placed
+
+If HoloLens can’t map or load your space, it enters Limited mode and you won’t be able to place holograms or see holograms that you’ve placed. Here are some things to try:
+
+- Make sure that there’s enough light in your environment so HoloLens can see and map the space.
+- Make sure that you’re connected to a Wi-Fi network. If you’re not connected to Wi-Fi, HoloLens can’t identify and load a known space.
+- If you need to create a new space, connect to Wi-Fi, then restart your HoloLens.
+- To see if the correct space is active, or to manually load a space, go to **Settings** > **System** > **Spaces**.
+- If the correct space is loaded and you’re still having problems, the space may be corrupt. To fix this issue, select the space, then select **Remove**. After you remove the space, HoloLens starts to map your surroundings and create a new space.
+
+## My HoloLens frequently enters Limited mode or shows a “Tracking lost” message
+
+If your device often shows a "Limited mode" or "Tracking lost" message, try the suggestions listed in [My Holograms don't look good or are moving around](#holograms-dont-look-good-or-are-moving-around).
+
+## My HoloLens can’t tell what space I’m in
+
+If your HoloLens can’t identify and load the space you’re in automatically, check the following factors:
+
+- Make sure that you’re connected to Wi-Fi
+- Make sure that there’s plenty of light in the room
+- Make sure that there haven’t been any major changes to the surroundings.
+
+You can also load a space manually or manage your spaces by going to **Settings** > **System** > **Spaces**.
+
+## I’m getting a “low disk space” error
+
+You’ll need to free up some storage space by doing one or more of the following:
+
+- Delete some unused spaces. Go to **Settings** > **System** > **Spaces**, select a space that you no longer need, and then select **Remove**.
+- Remove some of the holograms that you’ve placed.
+- Delete some pictures and videos from the Photos app.
+- Uninstall some apps from your HoloLens. In the **All apps** list, tap and hold the app you want to uninstall, and then select **Uninstall**.
+
+## My HoloLens can’t create a new space
+
+The most likely problem is that you’re running low on storage space. Try one of the [previous tips](#im-getting-a-low-disk-space-error) to free up some disk space.
diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md
index 760880135d..31e4077fbc 100644
--- a/devices/hololens/hololens2-language-support.md
+++ b/devices/hololens/hololens2-language-support.md
@@ -29,15 +29,15 @@ HoloLens 2 supports the following languages. This support includes voice command
 - German (Germany)
 - Italian (Italy)
 - Japanese (Japan)
-- Spanish (Mexico)
 - Spanish (Spain)
 
-Windows Mixed Reality is also available in the following languages. However, this support does not include speech commands or dictation features.
+HoloLens 2 is also available in the following languages. However, this support does not include speech commands or dictation features.
 
 - Chinese Traditional (Taiwan and Hong Kong)
 - Dutch (Netherlands)
 - Korean (Korea)
-- Changing language or keyboard
+
+## Changing language or keyboard
 
 > [!NOTE]
 > Your speech and dictation language depends on the Windows display language.
diff --git a/devices/hololens/hololens2-start.md b/devices/hololens/hololens2-start.md
index 783a6af601..78d3697f03 100644
--- a/devices/hololens/hololens2-start.md
+++ b/devices/hololens/hololens2-start.md
@@ -26,9 +26,9 @@ Before you get started, make sure you have the following available:
 
 **A network connection**. You'll need to connect your HoloLens to a network to set it up. With HoloLens 2, you can connect with Wi-Fi or by using ethernet (you'll need a USB-C-to-Ethernet adapter). The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. [Learn more about the websites that HoloLens uses](hololens-offline.md).
 
-**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free.
+**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](https://account.microsoft.com) and set one up for free.
 
-**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661).
+**A safe, well-lit space with no tripping hazards**. [Health and safety info](https://go.microsoft.com/fwlink/p/?LinkId=746661).
 
 **The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](hololens2-setup.md#adjust-fit).
 
@@ -58,6 +58,10 @@ HoloLens 2 will walk you through the following steps:
      HoloLens sets your time zone automatically based on information obtained from the Wi-Fi network. After setup finishes, you can change the time zone by using the Settings app.
 
     ![Connect to Wi-Fi](images/11-network.png)
+> [!NOTE] 
+> If you progress past the Wi-Fi step and later need to switch to a different network while still in setup, you can press the **Volume Down** and **Power** buttons simultaneously to return to this step if you are running an OS version from October 2019 or later. For earlier versions, you may need to [reset the device](hololens-recovery.md) or restart it in a location where the Wi-Fi network is not available to prevent it from automatically connecting.
+> 
+> Also note that during HoloLens Setup, there is a credential timeout of two minutes. The username/password needs to be entered within two minutes otherwise the username field will be automatically cleared.
 
 1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**.
     - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens automatically enrolls in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available. In that case, you need to [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app).
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
index d74914168f..8eba3c49b1 100644
--- a/devices/surface-hub/docfx.json
+++ b/devices/surface-hub/docfx.json
@@ -51,7 +51,8 @@
         "jborsecnik",
         "tiburd",
         "garycentric"
-      ]
+      ],
+      "titleSuffix": "Surface Hub"
     },
     "externalReference": [],
     "template": "op.html",
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index f60588a000..e4fa9986f3 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -30,6 +30,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
                         
Behind the design: Surface Hub 2S

                         
What's new in Surface Hub 2S

                         
Operating system essentials

+                        
Enable Microsoft Whiteboard on Surface Hub

                     
                 
             
diff --git a/devices/surface-hub/surface-hub-2s-recover-reset.md b/devices/surface-hub/surface-hub-2s-recover-reset.md
index 414456c4f3..5c28202363 100644
--- a/devices/surface-hub/surface-hub-2s-recover-reset.md
+++ b/devices/surface-hub/surface-hub-2s-recover-reset.md
@@ -9,7 +9,7 @@ ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article
-ms.date: 06/20/2019
+ms.date: 12/05/2019
 ms.localizationpriority: Medium
 ---
 
@@ -38,13 +38,15 @@ New in Surface Hub 2S, you can now reinstall the device using a recovery image.
 Surface Hub 2S lets you reinstall the device using a recovery image, which allows you to reinstall the device to factory settings if you lost the Bitlocker key or no longer have admin credentials to the Settings app.
 
 1. Begin with a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32.
-2. Download recovery image from the [Surface Recovery website](https://support.microsoft.com/en-us/surfacerecoveryimage?devicetype=surfacehub2s) onto the USB drive and connect it to any USB-C or USB A port on Surface Hub 2S.
-3. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins.
+2. From a separate PC, download the .zip file recovery image from the [Surface Recovery website](https://support.microsoft.com/surfacerecoveryimage?devicetype=surfacehub2s) and then return to these instructions. 
+3. Unzip the downloaded file onto the root of the USB drive.  
+4. Connect the USB drive to any USB-C or USB-A port on Surface Hub 2S.
+5. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins.
 
 ![*Use Volume down and power buttons to initiate recovery*](images/sh2-keypad.png) 

 
-4. In the language selection screen, select the display language for your Surface Hub 2S.
-5. Choose **Recover from a drive** and **Fully clean the drive** and then select **Recover**. If prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process.
+6. In the language selection screen, select the display language for your Surface Hub 2S.
+7. Choose **Recover from a drive** and **Fully clean the drive** and then select **Recover**. If prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process.
 Remove the USB drive when the first time setup screen appears.
 
 ## Recover a locked Surface Hub
diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
index 351b6d2449..2ad581deaa 100644
--- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
+++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
@@ -34,9 +34,7 @@ Beginning in version 1802, Endpoint Configuration Manager includes client manage
 
 ## Updating Surface device drivers and firmware
 
-For devices that receive updates through Windows Update, drivers for Surface components – and even firmware updates – are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
-
-As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
+For devices receiving updates through Windows Update, drivers for Surface components—and even firmware updates—are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or SCCM, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/).
 
 >[!NOTE]
 >Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2 – for more information see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
@@ -86,4 +84,3 @@ To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.micr
 When you deploy Windows to a Surface device, the push-button reset functionality of Windows is configured by default to revert the system back to a state where the environment is not yet configured. When the reset function is used, the system discards any installed applications and settings. Although in some situations it can be beneficial to restore the system to a state without applications and settings, in a professional environment this effectively renders the system unusable to the end user.
 
 Push-button reset can be configured, however, to restore the system configuration to a state where it is ready for use by the end user. Follow the process outlined in [Deploy push-button reset features](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/deploy-push-button-reset-features) to customize the push-button reset experience for your devices.
-
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
index fafc824f21..42faacbcac 100644
--- a/devices/surface/docfx.json
+++ b/devices/surface/docfx.json
@@ -47,7 +47,8 @@
         "jborsecnik",
         "tiburd",
         "garycentric"
-      ]
+      ],
+      "titleSuffix": "Surface"
     },
     "externalReference": [],
     "template": "op.html",
diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md
index 7234366511..b311e28937 100644
--- a/devices/surface/support-solutions-surface.md
+++ b/devices/surface/support-solutions-surface.md
@@ -20,7 +20,7 @@ ms.audience: itpro
 # Top support solutions for Surface devices
 
 > [!Note]
-> **Home users**: This article is only intended for use by IT professionals and  technical support agents. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
+> **Home users**: This article is only intended for use by IT professionals and  technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
 
 Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated.  For a complete listing of the update history, see [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) and [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined).
 
diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
index c290148b0d..76656d39e1 100644
--- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
+++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
@@ -1,3 +1,4 @@
+---
 ms.reviewer: 
 title: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User
 description: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User
diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
index c265b6155e..0345a45113 100644
--- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
+++ b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
@@ -1,3 +1,4 @@
+---
 ms.reviewer: 
 title: How to Use an App-V 4.6 Application From an App-V 5.0 Application
 description: How to Use an App-V 4.6 Application From an App-V 5.0 Application
diff --git a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
index 6346265cf1..7089ba0bff 100644
--- a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
@@ -49,7 +49,7 @@ The following items are required or recommended for creating the DaRT recovery i
 
 
 
Windows Debugging Tools for your platform

-
Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: Download and Install Debugging Tools for Windows.

+
Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: Download and Install Debugging Tools for Windows.

 
 
 
Optional: Windows symbols files for use with Crash Analyzer

@@ -62,7 +62,6 @@ The following items are required or recommended for creating the DaRT recovery i
 
 ## Related topics
 
-
 [Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md)
 
  
@@ -72,4 +71,3 @@ The following items are required or recommended for creating the DaRT recovery i
 
 
 
-
diff --git a/mdop/docfx.json b/mdop/docfx.json
index c037b4fa3c..e6f79ff24a 100644
--- a/mdop/docfx.json
+++ b/mdop/docfx.json
@@ -51,7 +51,8 @@
         "jborsecnik",
         "tiburd",
         "garycentric"
-      ]
+      ],
+      "titleSuffix": "Microsoft Desktop Optimization Pack"
     },
     "externalReference": [],
     "template": "op.html",
diff --git a/smb/docfx.json b/smb/docfx.json
index 1c1ce5a53a..a5644a3f2b 100644
--- a/smb/docfx.json
+++ b/smb/docfx.json
@@ -47,7 +47,8 @@
         "jborsecnik",
         "tiburd",
         "garycentric"
-      ]
+      ],
+      "titleSuffix": "Windows for Small to Midsize Business"
     },
     "fileMetadata": {},
     "template": [],
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index 6f3c2b6c50..09bd474c3e 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -42,7 +42,8 @@
           "depot_name": "MSDN.win-app-management",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "titleSuffix": "Windows Application Management"
     },
     "fileMetadata": {},
     "template": [],
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index d687294412..ffd1c9d266 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -44,7 +44,8 @@
           "depot_name": "MSDN.win-client-management",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "titleSuffix": "Windows Client Management"
     },
     "fileMetadata": {},
     "template": [],
diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md
index e0d86a8a23..dbcd186131 100644
--- a/windows/client-management/img-boot-sequence.md
+++ b/windows/client-management/img-boot-sequence.md
@@ -1,6 +1,6 @@
 ---
-description: A full-sized view of the boot sequence flowchart.
 title: Boot sequence flowchart
+description: A full-sized view of the boot sequence flowchart.
 ms.date: 11/16/2018
 ms.reviewer: 
 manager: dansimp
@@ -10,8 +10,8 @@ ms.topic: article
 ms.prod: w10
 ---
 
+# Boot sequence flowchart
+
 Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)

 
-
 ![Full-sized boot sequence flowchart](images/boot-sequence.png)
-
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index ef2bf77cba..97ea145013 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -12,13 +12,13 @@ ms.author: dansimp
 ms.topic: article
 ---
 
+# Manage the Settings app with Group Policy
+
+
 **Applies to**
 
 -   Windows 10, Windows Server 2016
 
-
-# Manage the Settings app with Group Policy
-
 You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
 To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
 
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index b2e9438fba..9d7b5546ff 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -31,6 +31,7 @@ When the server that stores the mandatory profile is unavailable, such as when t
 User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile.
 
 
+
 ## Profile extension for each Windows version
 
 The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version.
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index 0cd8b04e7c..60449c917c 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -1,6 +1,6 @@
 ---
-title: ApplicationControl CSP
-description: ApplicationControl CSP
+title: ApplicationControl CSP DDF
+description: This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index 429bf2fe21..84b5bb69b0 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -1,6 +1,6 @@
 ---
-title: EnrollmentStatusTracking CSP
-description: EnrollmentStatusTracking CSP
+title: EnrollmentStatusTracking DDF
+description: This topic shows the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index 080db28b5c..5fba2bac07 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnrollmentStatusTracking CSP
-description: EnrollmentStatusTracking CSP
+description: During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -11,7 +11,6 @@ ms.date: 05/21/2019
 
 # EnrollmentStatusTracking CSP
 
-
 During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status).
 
 ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. See [DMClient CSP](dmclient-csp.md) for more information.
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index 8d7aa80999..c82e246263 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -84,7 +84,7 @@ Valid values:
 
 The data type is integer. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
 
-# Configuration Example
+## Configuration Example
 
 These generic code portions for the options **ProxySettingsPerUser**, **Autodetect**, and **SetupScriptURL** can be used for a specific operation, for example Replace.  Only enter the portion of code needed in the **Replace** section.
 ```xml
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 7d8aeb48ed..0a4dde8690 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -1,5 +1,5 @@
 ---
-title: Policy CSP - TimeLanguageSettings
+title: Policy CSP - DeviceHealthMonitoring
 description: Policy CSP - TimeLanguageSettings
 ms.author: dansimp
 ms.topic: article
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index da9546ba23..da5cc3e5c8 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -23,7 +23,7 @@ ms.topic: reference
 -   Windows 10
 -   Windows 10 Mobile
 
-Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/details.aspx?id=56121).
+Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/100591).
 
 
 ## New Group Policy settings in Windows 10, version 1809
@@ -497,4 +497,3 @@ No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId=
 
 
 
-
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index 4986e61b5d..ea2a557e39 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -42,7 +42,8 @@
           "depot_name": "MSDN.win-configuration",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "titleSuffix": "Configure Windows"
     },
     "fileMetadata": {},
     "template": [],
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index a02ff6ba03..aaa526a014 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -97,6 +97,8 @@ In addition to the settings in the table, you may want to set up **automatic log
 > [!TIP]
 > You can also configure automatic sign-in [using the Autologon tool from Sysinternals](https://docs.microsoft.com/sysinternals/downloads/autologon).
 
+> [!NOTE]
+> If you are also using [Custom Logon](https://docs.microsoft.com/windows-hardware/customize/enterprise/custom-logon) with **HideAutoLogonUI** enabled, you might experience a black screen after a password expires. We recommend that you consider [setting the password to never expire](https://docs.microsoft.com/windows-hardware/customize/enterprise/troubleshooting-custom-logon#the-device-displays-a-black-screen-when-a-password-expiration-screen-is-displayed).
 
 ## Interactions and interoperability
 
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index b5e2f332bb..d90a888be9 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -47,7 +47,8 @@
           "depot_name": "MSDN.win-development",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "titleSuffix": "Windows Deployment" 
     },
     "fileMetadata": {},
     "template": [],
diff --git a/windows/deployment/images/sa-mfa1.png b/windows/deployment/images/sa-mfa1.png
new file mode 100644
index 0000000000..045e5a7794
Binary files /dev/null and b/windows/deployment/images/sa-mfa1.png differ
diff --git a/windows/deployment/images/sa-mfa2.png b/windows/deployment/images/sa-mfa2.png
new file mode 100644
index 0000000000..1964a7b263
Binary files /dev/null and b/windows/deployment/images/sa-mfa2.png differ
diff --git a/windows/deployment/images/sa-mfa3.png b/windows/deployment/images/sa-mfa3.png
new file mode 100644
index 0000000000..8987eac97b
Binary files /dev/null and b/windows/deployment/images/sa-mfa3.png differ
diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
index 5bc84062d1..6135a8daf8 100644
--- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
@@ -30,13 +30,8 @@ You can access the Query tool from within Compatibility Administrator. The Query
 
 For information about the Search feature, see [Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md). However, the Query tool provides more detailed search criteria, including tabs that enable you to search the program properties, the compatibility fix properties, and the fix description. You can perform a search by using SQL SELECT and WHERE clauses, in addition to searching specific types of databases.
 
-<<<<<<< HEAD
 > [!IMPORTANT]
 > You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
-=======
->[!IMPORTANT]
->You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
->>>>>>> bfaab3359a63dde24e6d0dca11b841e045c481f6
 
 ## Querying by Using the Program Properties Tab
 
diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 6def761bdb..72439c1132 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -28,7 +28,7 @@ The features described below are no longer being actively developed, and might b
 | Hyper-V vSwitch on LBFO | In a future release, the Hyper-V vSwitch will no longer have the capability to be bound to an LBFO team.  Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 1909 |
 | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
 | My People / People in the Shell |  My People is no longer being developed. It may be removed in a future update. | 1909 |
-| TFS1/TFS2 IME |  TSF1 and TSF2 IME will be replaced by TSF3 IME in a future release. [Text Services Framework](https://docs.microsoft.com/windows/win32/tsf/what-is-text-services-framework) (TSF) enables language technologies. TSF IME are Windows components that you can add to enable typing text for Japanese, Simplified Chinese, Traditional Chinese, and Korean languages. ​| 1909 |
+| TSF1/TSF2 IME |  TSF1 and TSF2 IME will be replaced by TSF3 IME in a future release. [Text Services Framework](https://docs.microsoft.com/windows/win32/tsf/what-is-text-services-framework) (TSF) enables language technologies. TSF IME are Windows components that you can add to enable typing text for Japanese, Simplified Chinese, Traditional Chinese, and Korean languages. ​| 1909 |
 | Package State Roaming (PSR) |  PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user. 
 
The recommended replacement for PSR is [Azure App Service](https://docs.microsoft.com/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 |
 | XDDM-based remote display driver  | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information about implementing a remote indirect display driver, ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | 1903 |
 | Taskbar settings roaming | Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. | 1903 |
diff --git a/windows/deployment/update/update-compliance-wd-av-status.md b/windows/deployment/update/update-compliance-wd-av-status.md
index a6c324c71c..edc9156531 100644
--- a/windows/deployment/update/update-compliance-wd-av-status.md
+++ b/windows/deployment/update/update-compliance-wd-av-status.md
@@ -23,7 +23,7 @@ The Windows Defender AV Status section deals with data concerning signature and
 >[!NOTE]
 >Update Compliance's Windows Defender Antivirus status is compatible with E3, B, F1, VL Professional and below licenses. Devices with an E5 license are not shown here; devices with an E5 license can be monitored using the [Windows Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection). If you'd like to learn more about Windows 10 licensing, see the [Windows 10 product licensing options](https://www.microsoft.com/Licensing/product-licensing/windows10.aspx). 
 
-# Windows Defender AV Status sections
+## Windows Defender AV Status sections
 The **Protection Status** blade gives a count for devices that have either out-of-date signatures or real-time protection turned off. Below, it gives a more detailed breakdown of the two issues. Selecting any of these statuses will navigate you to a Log Search view containing the query. 
 
 The **Threat Status** blade shows, among devices that have encountered threats, how many were and were not remediated successfully. It also provides a detailed count. Selecting either of these will take you to the respective query in Log Search for further investigation. 
diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md
index cbfbcdff46..c7be3666ed 100644
--- a/windows/deployment/update/waas-morenews.md
+++ b/windows/deployment/update/waas-morenews.md
@@ -1,5 +1,5 @@
 ---
-title: Windows as a service  
+title: Windows as a service news & resources
 ms.prod: w10
 ms.topic: article
 ms.manager: elizapo
diff --git a/windows/deployment/update/waas-servicing-differences.md b/windows/deployment/update/waas-servicing-differences.md
index 6a9df9bd4f..66ffdd5dd6 100644
--- a/windows/deployment/update/waas-servicing-differences.md
+++ b/windows/deployment/update/waas-servicing-differences.md
@@ -39,7 +39,7 @@ Windows 10 provided an opportunity to end the era of infinite fragmentation. Wit
 
 This helps simplify servicing. Devices with the original Release to Market (RTM) version of a feature release installed could get up to date by installing the most recent LCU. 
 
-Windows publishes the new LCU packages for each Windows 10 version (1607, 1709, etc.) on the second Tuesday of each month. This package is classified as a required security update and contains contents from the previous LCU as well as new security, non-security and Internet Explorer 11 (IE11) fixes. The security classification, by definition, requires a reboot of the device to complete installation of the update.
+Windows publishes the new LCU packages for each Windows 10 version (1607, 1709, etc.) on the second Tuesday of each month. This package is classified as a required security update and contains contents from the previous LCU as well as new security, non-security, and Internet Explorer 11 (IE11) fixes. A reboot of the device might be required to complete installation of the update.
 
 
 ![High level cumulative update model](images/servicing-cadence.png)
diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md
index 3acd3f759a..1cec56cb46 100644
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@@ -14,6 +14,7 @@ manager: laurawi
 ms.localizationpriority: high
 ms.collection: M365-modern-desktop
 ---
+
 # Windows as a service
 
 Find the tools and resources you need to help deploy and support Windows as a service in your organization.
diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md
index 044398b870..b8d84e3075 100644
--- a/windows/deployment/update/windows-update-error-reference.md
+++ b/windows/deployment/update/windows-update-error-reference.md
@@ -6,7 +6,7 @@ ms.mktglfcycl:
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
-ms.localizationprioauthor: jaimeo
+ms.localizationpriority: medium
 ms.audience: itpro
 author: jaimeo
 ms.date: 09/18/2018
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index c5cc2c3ba1..37da456194 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -22,9 +22,11 @@ ms.topic: article
 
 ## Upgrade paths
 
-This topic provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. For more information about migrating to a different edition of Windows 10, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md).
+This topic provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. 
 
-> **Windows 10 version upgrade**: You can directly upgrade any semi-annual channel version of Windows 10 to a newer, supported semi-annual channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information. 
+If you are also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths, but please note that applications and settings are not maintained when the Windows edition is downgraded.
+
+> **Windows 10 version upgrade**: You can directly upgrade any semi-annual channel version of Windows 10 to a newer, supported semi-annual channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information.
 > 
 > **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
 > 
diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md
index 2bffb25cd7..3439d25d7a 100644
--- a/windows/deployment/usmt/usmt-general-conventions.md
+++ b/windows/deployment/usmt/usmt-general-conventions.md
@@ -50,7 +50,7 @@ Before you modify the .xml files, become familiar with the following guidelines:
 
 -   **File names with brackets**
 
-    If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named File.txt, you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
+    If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named **file].txt**, you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
 
 -   **Using quotation marks**
 
diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md
index 4b2d8385c2..e9bb2376d5 100644
--- a/windows/deployment/usmt/usmt-hard-link-migration-store.md
+++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md
@@ -113,6 +113,9 @@ For example, a company has decided to deploy Windows 10 on all of their compute
 
 3.  An administrator runs the LoadState command-line tool on each computer. The LoadState tool restores user state back on each computer.
 
+> [!NOTE]
+> During the update of a domain-joined computer, the profiles of users whose SID cannot be resolved will not be migrated. When using a hard-link migration store, it could cause a data loss.
+     
 ## Hard-Link Migration Store Details
 
 
@@ -233,4 +236,3 @@ The following XML sample specifies that files locked by an application under the
 
 
 
-
diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
index c5c02eb7d8..6ced1398db 100644
--- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md
+++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
@@ -1,232 +1,232 @@
----
-title: Plan for volume activation (Windows 10)
-description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer.
-ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca
-ms.reviewer: 
-manager: laurawi
-ms.author: greglin
-keywords: vamt, volume activation, activation, windows activation
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.date: 09/27/2017
-ms.topic: article
----
-
-# Plan for volume activation
-
-**Applies to**
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012 R2
--   Windows Server 2012
--   Windows Server 2008 R2
-
-**Looking for retail activation?**
-
--   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
-
-*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
-
-During the activation process, information about the specific installation is examined. In the case of online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization.
-
->[!NOTE]
->The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
-
-## Distribution channels and activation
-
-In general, Microsoft software is obtained through three main channels: retail, original equipment manufacturer (OEM), and volume licensing agreements. Different activations methods are available through each channel. Because organizations are free to obtain software through multiple channels (for example, buying some at retail and others through a volume licensing program) most organizations choose to use a combination of activation methods.
-
-### Retail activations
-
-The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available.
-Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys.
-
-### Original equipment manufacturer
-
-Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required.
-OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled.
-
-### Volume licensing
-
-Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer:
--   Have the license preinstalled through the OEM.
--   Purchase a fully packaged retail product.
-
-The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised.
-Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing.
-
-**Note**  
-Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions.
-
-## Activation models
-
-For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps.
-
-With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose:
--   Online activation
--   Telephone activation
--   VAMT proxy activation
-
-Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models:
--   MAKs
--   KMS
--   Active Directory-based activation
-
-**Note**  
-A specialized method, Token-based activation, is available for specific situations when approved customers rely on a public key infrastructure in a completely isolated, and usually high-security, environment. For more information, contact your Microsoft Account Team or your service representative.
-Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607).
-
-### Multiple activation key
-
-A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also
-allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS.
-
-To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation.
-In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain.
-
-Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
-
-### Key Management Service
-
-With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services.
-
-Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user.
-
-The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*.
-
-Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely would more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide.
-
-### Active Directory-based activation
-
-Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device.
-
-Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company’s domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence.
-
-## Network and connectivity
-
-A modern business network has many nuances and interconnections. This section examines evaluating your network and the connections that are available to determine how volume activations will occur.
-
-### Core network
-
-Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network.
-
-In the core network, a centralized KMS solution is usually recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8.
-
-A typical core network that includes a KMS host is shown in Figure 1.
-
-![Typical core network](../images/volumeactivationforwindows81-01.jpg)
-
-**Figure 1**. Typical core network
-
-### Isolated networks
-
-In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues.
-
-**Isolated for security**
-
-Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization.
-
-If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds.
-
-If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2.
-
-If the isolated network cannot communicate with the core network’s KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs.
-
-If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network.
-
-![New KMS host in an isolated network](../images/volumeactivationforwindows81-02.jpg)
-
-**Figure 2**. New KMS host in an isolated network
-
-**Branch offices and distant networks**
-From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options:
--   **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain.
--   **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server.
--   **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server.
--   **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option.
-
-### Disconnected computers
-
-Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network.
-If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet).
-
-### Test and development labs
-
-Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately.
-If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide.
-In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days.
-
-## Mapping your network to activation methods
-
-Now it’s time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination.
-
-**Table 1**. Criteria for activation methods
-
-|Criterion |Activation method |
-|----------|------------------|
-|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation |
-|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days
Note
The core network must meet the KMS activation threshold. |KMS (central) |
-|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) |MAM |
-|Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) |
-|Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) |
-|Number of computers in isolated networks where the KMS activation threshold is not met |MAK |
-|Number of computers in test and development labs that will not be activated |None|
-|Number of computers that do not have a retail volume license |Retail (online or phone) |
-|Number of computers that do not have an OEM volume license |OEM (at factory) |
-|Total number of computer activations
Note
This total should match the total number of licensed computers in your organization. |
-
-## Choosing and acquiring keys
-
-When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways:
--   Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
--   Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
-
-### KMS host keys
-
-A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
-
-A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation.
-
-### Generic volume licensing keys
-
-When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys.
-
-Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. Note that the GLVK will not activate the software against Microsoft activation servers, only against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential.
-
-Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](https://technet.microsoft.com/library/jj612867.aspx).
-
-### Multiple activation keys
-
-You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT.
-
-## Selecting a KMS host
-
-The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers.
-KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.
-A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure.
-
-The flow of KMS activation is shown in Figure 3, and it follows this sequence:
-
-1.  An administrator uses the VAMT console to configure a KMS host and install a KMS host key.
-2.  Microsoft validates the KMS host key, and the KMS host starts to listen for requests.
-3.  The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.)
-4.  A client configured with a GVLK uses DNS to locate the KMS host.
-5.  The client sends one packet to the KMS host.
-6.  The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again.
-7.  If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host.
-8.  If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again.
-
-![KMS activation flow](../images/volumeactivationforwindows81-03.jpg)
-
-**Figure 3**. KMS activation flow
-
-## See also
--   [Volume Activation for Windows 10](volume-activation-windows-10.md)
- 
- 
+---
+title: Plan for volume activation (Windows 10)
+description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer.
+ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca
+ms.reviewer: 
+manager: laurawi
+ms.author: greglin
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.topic: article
+---
+
+# Plan for volume activation
+
+**Applies to**
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2012
+- Windows Server 2008 R2
+
+**Looking for retail activation?**
+
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+
+*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
+
+During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization.
+
+>[!NOTE]
+>The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
+
+## Distribution channels and activation
+
+In general, Microsoft software is obtained through three main channels: retail, original equipment manufacturer (OEM), and volume licensing agreements. Different activations methods are available through each channel. Because organizations are free to obtain software through multiple channels (for example, buying some at retail and others through a volume licensing program) most organizations choose to use a combination of activation methods.
+
+### Retail activations
+
+The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available.
+Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys.
+
+### Original equipment manufacturer
+
+Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required.
+OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled.
+
+### Volume licensing
+
+Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer:
+-   Have the license preinstalled through the OEM.
+-   Purchase a fully packaged retail product.
+
+The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised.
+Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing.
+
+**Note**  
+Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions.
+
+## Activation models
+
+For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps.
+
+With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose:
+-   Online activation
+-   Telephone activation
+-   VAMT proxy activation
+
+Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models:
+-   MAKs
+-   KMS
+-   Active Directory-based activation
+
+**Note**  
+Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative.
+Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607).
+
+### Multiple activation key
+
+A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also
+allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS.
+
+To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation.
+In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain.
+
+Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
+
+### Key Management Service
+
+With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services.
+
+Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user.
+
+The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*.
+
+Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely will more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide.
+
+### Active Directory-based activation
+
+Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device.
+
+Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company’s domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence.
+
+## Network and connectivity
+
+A modern business network has many nuances and interconnections. This section examines evaluating your network and the connections that are available to determine how volume activations will occur.
+
+### Core network
+
+Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network.
+
+In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8.
+
+A typical core network that includes a KMS host is shown in Figure 1.
+
+![Typical core network](../images/volumeactivationforwindows81-01.jpg)
+
+**Figure 1**. Typical core network
+
+### Isolated networks
+
+In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues.
+
+**Isolated for security**
+
+Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization.
+
+If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds.
+
+If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2.
+
+If the isolated network cannot communicate with the core network’s KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs.
+
+If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network.
+
+![New KMS host in an isolated network](../images/volumeactivationforwindows81-02.jpg)
+
+**Figure 2**. New KMS host in an isolated network
+
+**Branch offices and distant networks**
+From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options:
+-   **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain.
+-   **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server.
+-   **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server.
+-   **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option.
+
+### Disconnected computers
+
+Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network.
+If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet).
+
+### Test and development labs
+
+Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately.
+If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide.
+In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days.
+
+## Mapping your network to activation methods
+
+Now it’s time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination.
+
+**Table 1**. Criteria for activation methods
+
+|Criterion |Activation method |
+|----------|------------------|
+|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation |
+|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days
Note
The core network must meet the KMS activation threshold. |KMS (central) |
+|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK |
+|Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) |
+|Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) |
+|Number of computers in isolated networks where the KMS activation threshold is not met |MAK |
+|Number of computers in test and development labs that will not be activated |None|
+|Number of computers that do not have a retail volume license |Retail (online or phone) |
+|Number of computers that do not have an OEM volume license |OEM (at factory) |
+|Total number of computer activations
Note
This total should match the total number of licensed computers in your organization. |
+
+## Choosing and acquiring keys
+
+When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways:
+-   Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
+-   Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
+
+### KMS host keys
+
+A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
+
+A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation.
+
+### Generic volume licensing keys
+
+When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys.
+
+Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK will not activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential.
+
+Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](https://technet.microsoft.com/library/jj612867.aspx).
+
+### Multiple activation keys
+
+You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT.
+
+## Selecting a KMS host
+
+The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers.
+KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.
+A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure.
+
+The flow of KMS activation is shown in Figure 3, and it follows this sequence:
+
+1.  An administrator uses the VAMT console to configure a KMS host and install a KMS host key.
+2.  Microsoft validates the KMS host key, and the KMS host starts to listen for requests.
+3.  The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.)
+4.  A client configured with a GVLK uses DNS to locate the KMS host.
+5.  The client sends one packet to the KMS host.
+6.  The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again.
+7.  If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host.
+8.  If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again.
+
+![KMS activation flow](../images/volumeactivationforwindows81-03.jpg)
+
+**Figure 3**. KMS activation flow
+
+## See also
+-   [Volume Activation for Windows 10](volume-activation-windows-10.md)
+ 
+ 
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 8ceb4e28f5..2c105278f6 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -85,13 +85,26 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
 - Azure Active Directory (Azure AD) available for identity management.
 - Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
 
-    >[!NOTE]
-    >An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.  To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.
-
 For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
 
 If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
 
+#### Muti-factor authentication
+
+An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.  
+
+To resolve this issue:
+
+If the device is running Windows 10, version 1703 or 1709, the user must either sign in with an Azure AD account, or you must disable MFA for this user during the 30-day polling period and renewal.
+
+If the device is running Windows 10, version 1803 or later:
+1. Windows 10, version 1803 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch.
+2. When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there is a problem. Click the notification and then click **Fix now** to step through the subscription activation process. See the example below:
+
+![Subscription Activation with MFA1](images/sa-mfa1.png)

+![Subscription Activation with MFA2](images/sa-mfa2.png)

+![Subscription Activation with MFA2](images/sa-mfa3.png)
+
 ### Windows 10 Education requirements
 
 1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md
index b64c35b077..d94b04fdcb 100644
--- a/windows/deployment/windows-autopilot/TOC.md
+++ b/windows/deployment/windows-autopilot/TOC.md
@@ -20,6 +20,7 @@
 ## [Enrollment Status Page](enrollment-status.md)
 ## [BitLocker encryption](bitlocker.md)
 ## [DFCI management](dfci-management.md)
+## [Windows Autopilot update](autopilot-update.md)
 ## [Troubleshooting](troubleshooting.md)
 ## [Known issues](known-issues.md)
 
diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md
index c97fb6e3bb..b527168e97 100644
--- a/windows/deployment/windows-autopilot/autopilot-faq.md
+++ b/windows/deployment/windows-autopilot/autopilot-faq.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Autopilot support
-ms.reviewer: 
+title: Windows Autopilot FAQ
+ms.reviewer: This topic provides OEMs, partners, administrators, and end-users with answers to some frequently asked questions about deploying Windows 10 with Windows Autopilot. 
 manager: laurawi
 description: Support information for Windows Autopilot
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
@@ -99,7 +99,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e
 |How do I know that I received Autopilot?|You can tell that you received Windows Autopilot (as in the device received a configuration but has not yet applied it) when you skip the selection page (as seen below), and are immediately taken to a generic or customized sign-in page.|
 |Windows Autopilot didn’t work, what do I do now?| Questions and actions to assist in troubleshooting:  Did a screen not get skipped?   Did a user end up as an admin when configured not to? Remember that AAD Admins will be local admins regardless of whether Windows Autopilot is configured to disable local admin  Collection information – run licensingdiag.exe and send the .cab (Cabinet file) file that is generated to AutopilotHelp@microsoft.com. If possible, collect an ETL from WPR. Often in these cases, users are not signing into the right AAD tenant, or are creating local user accounts.  For a complete list of support options, refer to [Windows Autopilot support](autopilot-support.md). |
 | If an Administrator makes changes to an existing profile, will the changes take effect on devices that have that profile assigned to them that have already been deployed? |No. Windows Autopilot profiles are not resident on the device. They are downloaded during OOBE, the settings defined at the time are applied. Then, the profile is discarded on the device. If the device is re-imaged or reset, the new profile settings will take effect the next time the device goes through OOBE.|
-|What is the experience if a device isn’t registered or if an IT Admin doesn’t configure Windows Autopilot prior to an end user attempting to self-deploy?          |If the device isn’t registered, it will not receive the Windows Autopilot experience and the end user will go through normal OOBE. The Windows Autopilot configurations will NOT be applied until the user runs through OOBE again, after registration. If a device is started before an MDM profile is created, the device will go through standard OOBE experience.  The IT Admin would then have to manually enrol that device into the MDM, after which—the next time that device is “reset”—it will go through the Windows Autopilot OOBE experience.|
+|What is the experience if a device isn’t registered or if an IT Admin doesn’t configure Windows Autopilot prior to an end user attempting to self-deploy?          |If the device isn’t registered, it will not receive the Windows Autopilot experience and the end user will go through normal OOBE. The Windows Autopilot configurations will NOT be applied until the user runs through OOBE again, after registration. If a device is started before an MDM profile is created, the device will go through standard OOBE experience.  The IT Admin would then have to manually enroll that device into the MDM, after which—the next time that device is “reset”—it will go through the Windows Autopilot OOBE experience.|
 |What may be a reason why I did not receive a customized sign-in screen during Autopilot?                                          |Tenant branding must be configured in portal.azure.com to receive a customized sign-in experience.|
 |What happens if a device is registered with Azure AD but does not have an Windows Autopilot profile assigned?                                |The regular AAD OOBE will occur since no Windows Autopilot profile was assigned to the device.|
 |How can I collect logs on Autopilot?|The best way to collect logs on Windows Autopilot performance is to collect a Windows Performance Recorder (WPR) trace during OOBE. The XML file (WPRP extension) for this trace may be provided upon request.|
@@ -132,7 +132,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e
 |------------------|-----------------|
 |If I wipe the machine and restart, will I still receive Windows Autopilot?|Yes, if the device is still registered for Windows Autopilot and is running Windows 10, version 1703 7B and above releases, it will receive the Windows Autopilot experience.|
 |Can I harvest the device fingerprint on existing machines?|Yes, if the device is running Windows 10, version 1703 and above, you can harvest device fingerprints for registration. There are no plans to backport the functionality to previous releases and no way to harvest them on pre-Windows 10 Windows 10, version 1703 devices that have not been updated to Windows 10, version 1703.|
-|What is Windows 10, version 1703 7B and why does it matter?| Windows 10, version 1703 7B is a Windows 10, version 1703 image bundled with cumulative updates. To receive Autopilot, clients **must** run Windows 10, version 1703 7B or later. These cumulative updates contain a critical fix for Autopilot. Consider the following:

Windows Autopilot will not apply its profiles to the machine unless AAD credentials match the expected AAD tenant. For the Windows 10, version 1703 release, it was assumed that would be determined by the domain name, so the domain name used to register (for example contoso.com) should match the domain name used to sign in (for example user@contoso.com). But what happens if your tenant has multiple domains (for example us.contoso.com, or fr.contoso.com)? Since these domain names do not match, the device will not be configured for Autopilot. However, both domains are part of the same AAD tenant, and as such it was determined the matching scheme was not useful. This was improved upon by making use of the tenant ID. By using the tenant ID, we can determine that if the user signs into a domain with a tenant matching the one they registered with, we can safely consider this to be a match. The fix for this problem already exists in Windows 10, version 1709 and was backported into the Windows 10, version 1703 7B release.  

**Key Take-Aways**:  When using pre-Windows 10, version 1703 7B clients the user’s domain **must** match the domain they registered with. This functionality is found in Windows 10 version 1709 clients using build >= 16215, and Windows 10, version 1703 clients >= 7B. |
+|What is Windows 10, version 1703 7B and why does it matter?| Windows 10, version 1703 7B is a Windows 10, version 1703 image bundled with cumulative updates. To receive Autopilot, clients **must** run Windows 10, version 1703 7B or later. These cumulative updates contain a critical fix for Autopilot. Consider the following:

Windows Autopilot will not apply its profiles to the machine unless AAD credentials match the expected AAD tenant. For the Windows 10, version 1703 release, it was assumed that would be determined by the domain name, so the domain name used to register (for example contoso.com) should match the domain name used to sign in (for example user@contoso.com). But what happens if your tenant has multiple domains (for example us.contoso.com, or fr.contoso.com)? Since these domain names do not match, the device will not be configured for Autopilot. However, both domains are part of the same AAD tenant, and as such it was determined the matching scheme was not useful. This was improved upon by making use of the tenant ID. By using the tenant ID, we can determine that if the user signs into a domain with a tenant matching the one they registered with, we can safely consider this to be a match. The fix for this problem already exists in Windows 10, version 1709 and was backported into the Windows 10, version 1703 7B release.  

**Key takeaways**:  When using pre-Windows 10, version 1703 7B clients the user’s domain **must** match the domain they registered with. This functionality is found in Windows 10 version 1709 clients using build >= 16215, and Windows 10, version 1703 clients >= 7B. |
 |What is the impact of not updating to 7B?|See the detailed scenario described directly above.|
 |Is Windows Autopilot supported on other SKUs, e.g. Surface Hub, HoloLens, Windows Mobile.|No, Windows Autopilot isn’t supported on other SKUs.|
 |Does Windows Autopilot work after MBR or image re-installation?|Yes.|
diff --git a/windows/deployment/windows-autopilot/autopilot-update.md b/windows/deployment/windows-autopilot/autopilot-update.md
new file mode 100644
index 0000000000..9a5f1765eb
--- /dev/null
+++ b/windows/deployment/windows-autopilot/autopilot-update.md
@@ -0,0 +1,48 @@
+---
+title: Windows Autopilot update
+ms.reviewer: 
+manager: laurawi
+description: Windows Autopilot update 
+keywords: Autopilot, update, Windows 10
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+ms.localizationpriority: medium
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot update
+
+**Applies to**
+
+-   Windows 10, version 1903
+
+Windows Autopilot update enables you to get the latest Autopilot features and critical issue fixes without the need to move to latest Windows OS version. With Autopilot update, organizations can keep their current OS version and still benefit from new Autopilot features and bug fixes.
+ 
+During the Autopilot deployment process, Windows Autopilot update has been added as a new node after the critical [Windows Zero Day Patch (ZDP) update](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) check. During the update process, Windows Autopilot devices reach out to Windows Update to check for a new Autopilot update.  If there is an Autopilot update available, the device will download and install the update, then restart automatically. See the following example.
+
+   ![Autopilot update 1](images/update1.png)

+   ![Autopilot update 2](images/update2.png)

+   ![Autopilot update 3](images/update3.png)
+
+The following diagram illustrates a typical Windows Autopilot deployment orchestration during the Out of Box Experience (OOBE) with the new Windows Autopilot update node.
+
+   ![Autopilot update flow](images/update-flow.png)
+
+## Release cadence
+
+- When an Autopilot update is available, it is typically released on the 4th Tuesday of the month. The update could be released on a different week if there is an exception.
+- A knowledge base (KB) article will also be published to document the changes that are included in the update.
+
+See [Autopilot update history](windows-autopilot-whats-new.md#windows-autopilot-update-history).
+
+## See also
+
+[Windows Update during OOBE](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe)

+[What's new in Windows Autopilot](windows-autopilot-whats-new.md)

\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/images/update-flow.png b/windows/deployment/windows-autopilot/images/update-flow.png
new file mode 100644
index 0000000000..c90f54e96c
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/update-flow.png differ
diff --git a/windows/deployment/windows-autopilot/images/update1.png b/windows/deployment/windows-autopilot/images/update1.png
new file mode 100644
index 0000000000..83d98a29b5
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/update1.png differ
diff --git a/windows/deployment/windows-autopilot/images/update2.png b/windows/deployment/windows-autopilot/images/update2.png
new file mode 100644
index 0000000000..04dbcaddc1
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/update2.png differ
diff --git a/windows/deployment/windows-autopilot/images/update3.png b/windows/deployment/windows-autopilot/images/update3.png
new file mode 100644
index 0000000000..851adb58ec
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/update3.png differ
diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md
index 7aacf56861..9fd9e87869 100644
--- a/windows/deployment/windows-autopilot/white-glove.md
+++ b/windows/deployment/windows-autopilot/white-glove.md
@@ -96,6 +96,9 @@ If the pre-provisioning process completes successfully:
  ![white-glove-result](images/white-glove-result.png)
 - Click **Reseal** to shut the device down.  At that point, the device can be shipped to the end user.
 
+>[!NOTE]
+>Technician Flow inherits behavior from [Self-Deploying Mode](self-deploying.md). Per the Self-Deploying Mode documentation, it leverages the Enrollment Status Page to hold the device in a provisioning state and prevent the user from proceeding to the desktop after enrollment but before software and configuration is done applying. As such, if Enrollment Status Page is disabled, the reseal button may appear before software and configuration is done applying letting you proceed to the user flow before technician flow provisioning is complete. The green screen validates that enrollment was successful, not that the technician flow is necessarily complete.
+
 If the pre-provisioning process fails:
 - A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
 - Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again.
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
index 80be0dc299..e11c96bd77 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@@ -82,6 +82,7 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti
   
Intel- https://ekop.intel.com/ekcertservice 
   
Qualcomm- https://ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1
   
AMD- https://ftpm.amd.com/pki/aia
+  
Infineon- https://pki.infineon.com
 
 
 ## Licensing requirements
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
index d0424dce3f..4aab58218f 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
@@ -9,7 +9,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
@@ -31,7 +32,9 @@ The Windows Autopilot Reset process automatically retains information from the e
 -   Azure Active Directory device membership and MDM enrollment information.
 
 Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages.  For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.  
-
+When Autopilot reset is used on a device, the device's primary user will be removed. The next user who signs in after the reset will be set as the primary user.
+ 
+ 
 >[!NOTE]
 >The Autopilot Reset does not support Hybrid Azure AD joined devices.
 
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index 5ee0171987..e76aa507b3 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -1,67 +1,70 @@
----
-title: Windows Autopilot scenarios and capabilities
-description: Windows Autopilot deployment
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot scenarios and capabilities
-
-**Applies to: Windows 10**
-
-## Scenarios
-
-Windows Autopilot includes support for a growing list of scenarios, designed to support common organization needs which can vary based on the type of organization and their progress moving to Windows 10 and [transitioning to modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management).
-
-The following Windows Autopilot scenarios are described in this guide:
-
-| Scenario | More information |
-| --- | --- |
-| Deploy devices that will be set up by a member of the organization and configured for that person | [Windows Autopilot user-driven mode](user-driven.md) |
-| Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.| [Windows Autopilot self-deploying mode](self-deploying.md) |
-| Re-deploy a device in a business-ready state.| [Windows Autopilot Reset](windows-autopilot-reset.md) |
-| Pre-provision a device with up-to-date applications, policies and settings.| [White glove](white-glove.md) |
-| Deploy Windows 10 on an existing Windows 7 or 8.1 device | [Windows Autopilot for existing devices](existing-devices.md) |
-
-## Windows Autopilot capabilities
-
-### Windows Autopilot is self-updating during OOBE
-
-Starting with the Windows 10, version 1903, Autopilot functional and critical updates will begin downloading automatically during OOBE after a device gets connected to a network and the [critical driver and Windows zero-day patch (ZDP) updates](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) have completed. The user or IT admin cannot opt-out of these Autopilot updates; they are required for Windows Autopilot deployment to operate properly.  Windows will alert the user that the device is checking for, downloading and installing the updates.
-
-### Cortana voiceover and speech recognition during OOBE
-
-In Windows 10, version 1903 and later Cortana voiceover and speech recognition during OOBE is DISABLED by default for all Windows 10 Pro, Education and Enterprise SKUs.
-
-If desired, you can enable Cortana voiceover and speech recognition during OOBE by creating the following registry key. This key does not exist by default.
-
-HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE\EnableVoiceForAllEditions
-
-The key value is a DWORD with  **0** = disabled and **1** = enabled.
-
-| Value | Description |
-| --- | --- |
-| 0 | Cortana voiceover is disabled |
-| 1 | Cortana voiceover is enabled |
-| No value | Device will fall back to default behavior of the edition |
-
-To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
-
-### Bitlocker encryption
-
-With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. For more information, see [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md)
-
-## Related topics
-
-[Windows Autopilot: What's new](windows-autopilot-whats-new.md)
+---
+title: Windows Autopilot scenarios and capabilities
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot scenarios and capabilities
+
+**Applies to: Windows 10**
+
+## Scenarios
+
+Windows Autopilot includes support for a growing list of scenarios, designed to support common organization needs which can vary based on the type of organization and their progress moving to Windows 10 and [transitioning to modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management).
+
+The following Windows Autopilot scenarios are described in this guide:
+
+| Scenario | More information |
+| --- | --- |
+| Deploy devices that will be set up by a member of the organization and configured for that person | [Windows Autopilot user-driven mode](user-driven.md) |
+| Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.| [Windows Autopilot self-deploying mode](self-deploying.md) |
+| Re-deploy a device in a business-ready state.| [Windows Autopilot Reset](windows-autopilot-reset.md) |
+| Pre-provision a device with up-to-date applications, policies and settings.| [White glove](white-glove.md) |
+| Deploy Windows 10 on an existing Windows 7 or 8.1 device | [Windows Autopilot for existing devices](existing-devices.md) |
+
+## Windows Autopilot capabilities
+
+### Windows Autopilot is self-updating during OOBE
+
+Starting with the Windows 10, version 1903, Autopilot functional and critical updates will begin downloading automatically during OOBE after a device gets connected to a network and the [critical driver and Windows zero-day patch (ZDP) updates](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) have completed. The user or IT admin cannot opt-out of these Autopilot updates; they are required for Windows Autopilot deployment to operate properly.  Windows will alert the user that the device is checking for, downloading and installing the updates.
+
+See [Windows Autopilot update](autopilot-update.md) for more information.
+
+### Cortana voiceover and speech recognition during OOBE
+
+In Windows 10, version 1903 and later Cortana voiceover and speech recognition during OOBE is DISABLED by default for all Windows 10 Pro, Education and Enterprise SKUs.
+
+If desired, you can enable Cortana voiceover and speech recognition during OOBE by creating the following registry key. This key does not exist by default.
+
+HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE\EnableVoiceForAllEditions
+
+The key value is a DWORD with  **0** = disabled and **1** = enabled.
+
+| Value | Description |
+| --- | --- |
+| 0 | Cortana voiceover is disabled |
+| 1 | Cortana voiceover is enabled |
+| No value | Device will fall back to default behavior of the edition |
+
+To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
+
+### Bitlocker encryption
+
+With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. For more information, see [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md)
+
+## Related topics
+
+[Windows Autopilot: What's new](windows-autopilot-whats-new.md)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
index 36ee6c06ad..7a40f71943 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
@@ -1,51 +1,58 @@
----
-title: Windows Autopilot what's new
-ms.reviewer: 
-manager: laurawi
-description: Windows Autopilot deployment
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot: What's new
-
-**Applies to**
-
--   Windows 10
-
-## New in Windows 10, version 1903
-
-[Windows Autopilot for white glove deployment](white-glove.md) is new in Windows 10, version 1903. See the following video:
-
-

-
-> [!VIDEO https://www.youtube.com/embed/nE5XSOBV0rI]
-
-Also new in this version of Windows:
-- The Intune enrollment status page (ESP) now tracks Intune Management Extensions.
-- [Cortana voiceover and speech recognition during OOBE](windows-autopilot-scenarios.md#cortana-voiceover-and-speech-recognition-during-oobe) is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
-- [Windows Autopilot is self-updating during OOBE](windows-autopilot-scenarios.md#windows-autopilot-is-self-updating-during-oobe). Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
-- Windows Autopilot will set the diagnostics data level to Full on Windows 10 version 1903 and later during OOBE. 
-
-## New in Windows 10, version 1809
-
-Windows Autopilot [self-deploying mode](self-deploying.md) enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured by Windows Autopilot. This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process. 
-
-You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. 
-
->[!NOTE]
->Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809.
-
-## Related topics
-
-[What's new in Microsoft Intune](https://docs.microsoft.com/intune/whats-new)

-[What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/)
+---
+title: Windows Autopilot what's new
+ms.reviewer: 
+manager: laurawi
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot: What's new
+
+**Applies to**
+
+-   Windows 10
+
+## Windows Autopilot update history
+
+Check back here soon for a link to the latest update.
+
+See [Windows Autopilot update](autopilot-update.md) for more information.
+
+## New in Windows 10, version 1903
+
+[Windows Autopilot for white glove deployment](white-glove.md) is new in Windows 10, version 1903. See the following video:
+
+

+
+> [!VIDEO https://www.youtube.com/embed/nE5XSOBV0rI]
+
+Also new in this version of Windows:
+- The Intune enrollment status page (ESP) now tracks Intune Management Extensions.
+- [Cortana voiceover and speech recognition during OOBE](windows-autopilot-scenarios.md#cortana-voiceover-and-speech-recognition-during-oobe) is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
+- [Windows Autopilot is self-updating during OOBE](windows-autopilot-scenarios.md#windows-autopilot-is-self-updating-during-oobe). Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
+- Windows Autopilot will set the diagnostics data level to Full on Windows 10 version 1903 and later during OOBE. 
+
+## New in Windows 10, version 1809
+
+Windows Autopilot [self-deploying mode](self-deploying.md) enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured by Windows Autopilot. This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process. 
+
+You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. 
+
+>[!NOTE]
+>Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809.
+
+## Related topics
+
+[What's new in Microsoft Intune](https://docs.microsoft.com/intune/whats-new)

+[What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/)
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index b850fee41f..07a8ea153b 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -46,7 +46,8 @@
           "depot_name": "MSDN.windows-hub",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "titleSuffix": "Windows 10 for IT Pros"
     },
     "fileMetadata": {},
     "template": [],
diff --git a/windows/privacy/Microsoft-DiagnosticDataViewer.md b/windows/privacy/Microsoft-DiagnosticDataViewer.md
index f1560f3a73..98e412e213 100644
--- a/windows/privacy/Microsoft-DiagnosticDataViewer.md
+++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md
@@ -21,8 +21,7 @@ ms.reviewer:
 
 **Applies to**
 
--   Windows 10, version 1809
--   Windows 10, version 1803
+-   Windows 10, version 1803 and newer
 -   Windows Server, version 1803
 -   Windows Server 2019
 
diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md
index 8e10f74a84..de11fa6d06 100644
--- a/windows/privacy/TOC.md
+++ b/windows/privacy/TOC.md
@@ -8,7 +8,7 @@
 ### [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
 ### [Diagnostic Data Viewer for PowerShell Overview](Microsoft-DiagnosticDataViewer.md)
 ## Basic level Windows diagnostic data events and fields
-### [Windows 10, version 1903 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
+### [Windows 10, version 1903 and Windows 10, version 1909 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 ### [Windows 10, version 1809 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 ### [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 ### [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
index f7e901603e..fd70d1e3bd 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
@@ -1,6 +1,6 @@
 ---
 description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
-title: Windows 10, version 1903 basic diagnostic events and fields (Windows 10)
+title: Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields (Windows 10)
 keywords: privacy, telemetry
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -8,19 +8,20 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
 author: brianlic-msft
-ms.author: dansimp
+ms.author: brianlic
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 audience: ITPro
-ms.date: 04/23/2019
+ms.date: 12/10/2019
 ---
 
 
-# Windows 10, version 1903 basic level Windows diagnostic events and fields
+# Windows 10, version 1903 and Windows 10, version 1909 basic level Windows diagnostic events and fields
 
  **Applies to**
 
+- Windows 10, version 1909
 - Windows 10, version 1903
 
 
@@ -41,11 +42,13 @@ You can learn more about Windows functional and diagnostic data through these ar
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 
 
+
+
 ## AppLocker events
 
 ### Microsoft.Windows.Security.AppLockerCSP.AddParams
 
-Parameters passed to Add function of the AppLockerCSP Node.
+This event indicates the parameters passed to the Add function of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -55,13 +58,13 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.AddStart
 
-Start of "Add" Operation for the AppLockerCSP Node.
+This event indicates the start of an Add operation for the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 
 
 ### Microsoft.Windows.Security.AppLockerCSP.AddStop
 
-End of "Add" Operation for AppLockerCSP Node.
+This event indicates the end of an Add operation for the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -70,7 +73,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Commit
 
-This event returns information about the “Commit” operation in AppLockerCSP.
+This event returns information about the Commit operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure..
 
 The following fields are available:
 
@@ -80,7 +83,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Rollback
 
-Result of the 'Rollback' operation in AppLockerCSP.
+This event provides the result of the Rollback operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -90,7 +93,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.ClearParams
 
-Parameters passed to the "Clear" operation for AppLockerCSP.
+This event provides the parameters passed to the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -99,40 +102,22 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.ClearStart
 
-Start of the "Clear" operation for the AppLockerCSP Node.
+This event indicates the start of the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 
 
 ### Microsoft.Windows.Security.AppLockerCSP.ClearStop
 
-End of the "Clear" operation for the AppLockerCSP node.
+This event indicates the end of the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
 - **hr**  HRESULT reported at the end of the 'Clear' function.
 
 
-### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStart
-
-Start of the "ConfigManagerNotification" operation for AppLockerCSP.
-
-The following fields are available:
-
-- **NotifyState**  State sent by ConfigManager to AppLockerCSP.
-
-
-### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStop
-
-End of the "ConfigManagerNotification" operation for AppLockerCSP.
-
-The following fields are available:
-
-- **hr**  HRESULT returned by the ConfigManagerNotification function in AppLockerCSP.
-
-
 ### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceParams
 
-Parameters passed to the CreateNodeInstance function of the AppLockerCSP node.
+This event provides the parameters that were passed to the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -143,13 +128,13 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStart
 
-Start of the "CreateNodeInstance" operation for the AppLockerCSP node.
+This event indicates the start of the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 
 
 ### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStop
 
-End of the "CreateNodeInstance" operation for the AppLockerCSP node
+This event indicates the end of the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -158,7 +143,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.DeleteChildParams
 
-Parameters passed to the DeleteChild function of the AppLockerCSP node.
+This event provides the parameters passed to the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -168,13 +153,13 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStart
 
-Start of the "DeleteChild" operation for the AppLockerCSP node.
+This event indicates the start of the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 
 
 ### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStop
 
-End of the "DeleteChild" operation for the AppLockerCSP node.
+This event indicates the end of the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -183,7 +168,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.EnumPolicies
 
-Logged URI relative to %SYSTEM32%\AppLocker, if the Plugin GUID is null, or the CSP doesn't believe the old policy is present.
+This event provides the logged Uniform Resource Identifier (URI) relative to %SYSTEM32%\AppLocker if the plug-in GUID is null or the Configuration Service Provider (CSP) doesn't believe the old policy is present.
 
 The following fields are available:
 
@@ -192,7 +177,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesParams
 
-Parameters passed to the GetChildNodeNames function of the AppLockerCSP node.
+This event provides the parameters passed to the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -201,13 +186,13 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStart
 
-Start of the "GetChildNodeNames" operation for the AppLockerCSP node.
+This event indicates the start of the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 
 
 ### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStop
 
-End of the "GetChildNodeNames" operation for the AppLockerCSP node.
+This event indicates the end of the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -218,7 +203,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.GetLatestId
 
-The result of 'GetLatestId' in AppLockerCSP (the latest time stamped GUID).
+This event provides the latest time-stamped unique identifier in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -228,7 +213,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.HResultException
 
-HRESULT thrown by any arbitrary function in AppLockerCSP.
+This event provides the result code (HRESULT) generated by any arbitrary function in the AppLocker Configuration Service Provider (CSP).
 
 The following fields are available:
 
@@ -238,26 +223,9 @@ The following fields are available:
 - **line**  Line in the file in the OS code base in which the exception occurs.
 
 
-### Microsoft.Windows.Security.AppLockerCSP.IsDependencySatisfiedStart
-
-Indicates the start of a call to the IsDependencySatisfied function in the Configuration Service Provider (CSP).
-
-
-
-### Microsoft.Windows.Security.AppLockerCSP.IsDependencySatisfiedStop
-
-Indicates the end of an IsDependencySatisfied function call in the Configuration Service Provider (CSP).
-
-The following fields are available:
-
-- **edpActive**  Indicates whether enterprise data protection is active.
-- **hr**  HRESULT that is reported.
-- **internalHr**  Internal HRESULT that is reported.
-
-
 ### Microsoft.Windows.Security.AppLockerCSP.SetValueParams
 
-Parameters passed to the SetValue function of the AppLockerCSP node.
+This event provides the parameters that were passed to the SetValue operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 The following fields are available:
 
@@ -267,7 +235,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.SetValueStart
 
-Start of the "SetValue" operation for the AppLockerCSP node.
+This event indicates the start of the SetValue operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.
 
 
 
@@ -282,7 +250,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.AppLockerCSP.TryRemediateMissingPolicies
 
-EntryPoint of fix step or policy remediation, includes URI relative to %SYSTEM32%\AppLocker that needs to be fixed.
+This event provides information for fixing a policy in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. It includes Uniform Resource Identifier (URI) relative to %SYSTEM32%\AppLocker that needs to be fixed.
 
 The following fields are available:
 
@@ -297,132 +265,207 @@ This event lists the types of objects and how many of each exist on the client d
 
 The following fields are available:
 
-- **DatasourceApplicationFile_19A**  The count of the number of this particular object type present on this device.
-- **DatasourceApplicationFile_19ASetup**  The count of the number of this particular object type present on this device.
 - **DatasourceApplicationFile_19H1**  The count of the number of this particular object type present on this device.
 - **DatasourceApplicationFile_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_20H1**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS1**  An ID for the system, calculated by hashing hardware identifiers.
+- **DatasourceApplicationFile_RS2**  An ID for the system, calculated by hashing hardware identifiers.
+- **DatasourceApplicationFile_RS3**  The count of the number of this particular object type present on this device.
 - **DatasourceApplicationFile_RS4**  The count of the number of this particular object type present on this device.
 - **DatasourceApplicationFile_RS5**  The count of the number of this particular object type present on this device.
-- **DatasourceApplicationFile_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_TH1**  The count of the number of this particular object type present on this device.
 - **DatasourceApplicationFile_TH2**  The count of the number of this particular object type present on this device.
-- **DatasourceDevicePnp_19A**  The count of the number of this particular object type present on this device.
-- **DatasourceDevicePnp_19ASetup**  The count of the number of this particular object type present on this device.
 - **DatasourceDevicePnp_19H1**  The count of the number of this particular object type present on this device.
 - **DatasourceDevicePnp_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_20H1**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS1**  The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device.
+- **DatasourceDevicePnp_RS2**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS3**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DatasourceDevicePnp_RS4**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DatasourceDevicePnp_RS5**  The count of the number of this particular object type present on this device.
 - **DatasourceDevicePnp_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_TH1**  The count of the number of this particular object type present on this device.
 - **DatasourceDevicePnp_TH2**  The count of the number of this particular object type present on this device.
-- **DatasourceDriverPackage_19A**  The count of the number of this particular object type present on this device.
-- **DatasourceDriverPackage_19ASetup**  The count of the number of this particular object type present on this device.
 - **DatasourceDriverPackage_19H1**  The count of the number of this particular object type present on this device.
 - **DatasourceDriverPackage_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_20H1**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS1**  The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device.
+- **DatasourceDriverPackage_RS2**  The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device.
+- **DatasourceDriverPackage_RS3**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DatasourceDriverPackage_RS4**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DatasourceDriverPackage_RS5**  The count of the number of this particular object type present on this device.
 - **DatasourceDriverPackage_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_TH1**  The count of the number of this particular object type present on this device.
 - **DatasourceDriverPackage_TH2**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoBlock_19A**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoBlock_19ASetup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_19H1**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_20H1**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS1**  The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device.
+- **DataSourceMatchingInfoBlock_RS2**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS3**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_RS5**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoBlock_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_TH1**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_TH2**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPassive_19A**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPassive_19ASetup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_19H1**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_20H1**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS1**  The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
+- **DataSourceMatchingInfoPassive_RS2**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS3**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPassive_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_TH1**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_TH2**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_19A**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_19ASetup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPoltUpgrade_20H1**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_19H1**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_20H1**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_20H1Setup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS1**  The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS2**  The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS3**  The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_TH1**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_TH2**  The count of the number of this particular object type present on this device.
-- **DatasourceSystemBios_19A**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_19ASetup**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_19H1**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_20H1**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS1**  The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device.
+- **DatasourceSystemBios_RS2**  The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device.
+- **DatasourceSystemBios_RS3**  The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device.
+- **DatasourceSystemBios_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_RS4**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_RS5**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_TH1**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_TH2**  The count of the number of this particular object type present on this device.
-- **DecisionApplicationFile_19A**  The count of the number of this particular object type present on this device.
-- **DecisionApplicationFile_19ASetup**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_19H1**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_20H1**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS1**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS2**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS3**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionApplicationFile_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_TH1**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_TH2**  The count of the number of this particular object type present on this device.
-- **DecisionDevicePnp_19A**  The count of the number of this particular object type present on this device.
-- **DecisionDevicePnp_19ASetup**  The count of the number of this particular object type present on this device.
 - **DecisionDevicePnp_19H1**  The count of the number of this particular object type present on this device.
 - **DecisionDevicePnp_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_20H1**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS1**  The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device.
+- **DecisionDevicePnp_RS2**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS3**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DecisionDevicePnp_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DecisionDevicePnp_RS5**  The count of the number of this particular object type present on this device.
 - **DecisionDevicePnp_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_TH1**  The count of the number of this particular object type present on this device.
 - **DecisionDevicePnp_TH2**  The count of the number of this particular object type present on this device.
-- **DecisionDriverPackage_19A**  The count of the number of this particular object type present on this device.
-- **DecisionDriverPackage_19ASetup**  The count of the number of this particular object type present on this device.
 - **DecisionDriverPackage_19H1**  The count of the number of this particular object type present on this device.
 - **DecisionDriverPackage_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_20H1**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS1**  The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device.
+- **DecisionDriverPackage_RS2**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS3**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DecisionDriverPackage_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DecisionDriverPackage_RS5**  The count of the number of this particular object type present on this device.
 - **DecisionDriverPackage_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_TH1**  The count of the number of this particular object type present on this device.
 - **DecisionDriverPackage_TH2**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoBlock_19A**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoBlock_19ASetup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoBlock_19H1**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoBlock_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_20H1**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS1**  The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device.
+- **DecisionMatchingInfoBlock_RS2**  The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device.
+- **DecisionMatchingInfoBlock_RS3**  The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device.
 - **DecisionMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoBlock_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoBlock_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_TH1**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoBlock_TH2**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPassive_19A**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPassive_19ASetup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPassive_19H1**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPassive_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_20H1**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS1**  The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
+- **DecisionMatchingInfoPassive_RS2**  The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device.
+- **DecisionMatchingInfoPassive_RS3**  The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device.
 - **DecisionMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPassive_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_TH1**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPassive_TH2**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPostUpgrade_19A**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPostUpgrade_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPoltUpgrade_20H1**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_19H1**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_20H1**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_20H1Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS1**  The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DecisionMatchingInfoPostUpgrade_RS2**  The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device.
+- **DecisionMatchingInfoPostUpgrade_RS3**  The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device.
 - **DecisionMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_TH1**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_TH2**  The count of the number of this particular object type present on this device.
-- **DecisionMediaCenter_19A**  The count of the number of this particular object type present on this device.
-- **DecisionMediaCenter_19ASetup**  The count of the number of this particular object type present on this device.
 - **DecisionMediaCenter_19H1**  The count of the number of this particular object type present on this device.
 - **DecisionMediaCenter_19H1Setup**  The total DecisionMediaCenter objects targeting the next release of Windows on this device.
+- **DecisionMediaCenter_20H1**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_RS1**  The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device.
+- **DecisionMediaCenter_RS2**  The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device.
+- **DecisionMediaCenter_RS3**  The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device.
 - **DecisionMediaCenter_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionMediaCenter_RS5**  The count of the number of this particular object type present on this device.
-- **DecisionMediaCenter_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_TH1**  The count of the number of this particular object type present on this device.
 - **DecisionMediaCenter_TH2**  The count of the number of this particular object type present on this device.
-- **DecisionSystemBios_19A**  The count of the number of this particular object type present on this device.
 - **DecisionSystemBios_19ASetup**  The count of the number of this particular object type present on this device.
 - **DecisionSystemBios_19H1**  The count of the number of this particular object type present on this device.
 - **DecisionSystemBios_19H1Setup**  The total DecisionSystemBios objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_20H1**  The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_RS1**  The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device.
+- **DecisionSystemBios_RS2**  The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device.
+- **DecisionSystemBios_RS3**  The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device.
+- **DecisionSystemBios_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DecisionSystemBios_RS4**  The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device.
+- **DecisionSystemBios_RS4Setup**  The total DecisionSystemBios objects targeting the next release of Windows on this device.
 - **DecisionSystemBios_RS5**  The total DecisionSystemBios objects targeting the next release of Windows on this device.
 - **DecisionSystemBios_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_TH1**  The count of the number of this particular object type present on this device.
 - **DecisionSystemBios_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessor_RS2**  The count of the number of this particular object type present on this device.
+- **DecisionTest_20H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionTest_RS1**  An ID for the system, calculated by hashing hardware identifiers.
 - **InventoryApplicationFile**  The count of the number of this particular object type present on this device.
+- **InventoryDeviceContainer**  A count of device container objects in cache.
+- **InventoryDevicePnp**  A count of device Plug and Play objects in cache.
+- **InventoryDriverBinary**  A count of driver binary objects in cache.
+- **InventoryDriverPackage**  A count of device objects in cache.
 - **InventoryLanguagePack**  The count of the number of this particular object type present on this device.
 - **InventoryMediaCenter**  The count of the number of this particular object type present on this device.
 - **InventorySystemBios**  The count of the number of this particular object type present on this device.
+- **InventorySystemMachine**  The count of the number of this particular object type present on this device.
+- **InventorySystemProcessor**  The count of the number of this particular object type present on this device.
+- **InventoryTest**  The count of the number of this particular object type present on this device.
 - **InventoryUplevelDriverPackage**  The count of the number of this particular object type present on this device.
 - **PCFP**  The count of the number of this particular object type present on this device.
 - **SystemMemory**  The count of the number of this particular object type present on this device.
@@ -435,13 +478,16 @@ The following fields are available:
 - **SystemWim**  The total number of objects of this type present on this device.
 - **SystemWindowsActivationStatus**  The count of the number of this particular object type present on this device.
 - **SystemWlan**  The total number of objects of this type present on this device.
-- **Wmdrm_19A**  The count of the number of this particular object type present on this device.
-- **Wmdrm_19ASetup**  The count of the number of this particular object type present on this device.
 - **Wmdrm_19H1**  The count of the number of this particular object type present on this device.
 - **Wmdrm_19H1Setup**  The total Wmdrm objects targeting the next release of Windows on this device.
+- **Wmdrm_20H1**  The count of the number of this particular object type present on this device.
+- **Wmdrm_20H1Setup**  The total Wmdrm objects targeting the next release of Windows on this device.
+- **Wmdrm_RS1**  An ID for the system, calculated by hashing hardware identifiers.
+- **Wmdrm_RS2**  An ID for the system, calculated by hashing hardware identifiers.
+- **Wmdrm_RS3**  An ID for the system, calculated by hashing hardware identifiers.
 - **Wmdrm_RS4**  The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
 - **Wmdrm_RS5**  The count of the number of this particular object type present on this device.
-- **Wmdrm_RS5Setup**  The count of the number of this particular object type present on this device.
+- **Wmdrm_TH1**  The count of the number of this particular object type present on this device.
 - **Wmdrm_TH2**  The count of the number of this particular object type present on this device.
 
 
@@ -459,7 +505,7 @@ The following fields are available:
 - **HasCitData**  Indicates whether the file is present in CIT data.
 - **HasUpgradeExe**  Indicates whether the anti-virus app has an upgrade.exe file.
 - **IsAv**  Is the file an anti-virus reporting EXE?
-- **ResolveAttempted**  This will always be an empty string when sending telemetry.
+- **ResolveAttempted**  This will always be an empty string when sending diagnostic data.
 - **SdbEntries**  An array of fields that indicates the SDB entries that apply to this file.
 
 
@@ -563,7 +609,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
 
-This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date.
+This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -585,7 +631,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
 
-This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -607,7 +653,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
 
-This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -629,7 +675,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
 
-This event sends compatibility database information about the BIOS to help keep Windows up-to-date.
+This event sends compatibility database information about the BIOS to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -651,7 +697,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
 
-This event sends compatibility decision data about a file to help keep Windows up-to-date.
+This event sends compatibility decision data about a file to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -666,7 +712,7 @@ The following fields are available:
 - **HasUxBlockOverride**  Does the file have a block that is overridden by a tag in the SDB?
 - **MigApplication**  Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
 - **MigRemoval**  Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
-- **NeedsDismissAction**  Will the file cause an action that can be dimissed?
+- **NeedsDismissAction**  Will the file cause an action that can be dismissed?
 - **NeedsInstallPostUpgradeData**  After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
 - **NeedsNotifyPostUpgradeData**  Does the file have a notification that should be shown after upgrade?
 - **NeedsReinstallPostUpgradeData**  After upgrade, this file will have a post-upgrade notification to reinstall the app.
@@ -703,7 +749,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
 
-This event sends compatibility decision data about a PNP device to help keep Windows up to date.
+This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -1107,7 +1153,29 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 
 The following fields are available:
 
-- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemProcessorEndSync
+
+This event indicates that a full set of InventorySystemProcessorAdd events has been sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemProcessorStartSync
+
+This event indicates that a new set of InventorySystemProcessorAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser binary (executable) generating the events.
 
 
 ### Microsoft.Windows.Appraiser.General.InventoryTestRemove
@@ -1197,7 +1265,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
 
-This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date.
+This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -1250,7 +1318,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
 
-This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date.
+This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -1274,7 +1342,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
 
-This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date.
+This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -1406,6 +1474,17 @@ The following fields are available:
 - **WindowsNotActivatedDecision**  Is the current operating system activated?
 
 
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove
+
+This event indicates that the SystemWindowsActivationStatus object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
 ### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
 
 This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent.
@@ -1419,7 +1498,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.SystemWlanAdd
 
-This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
+This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -1447,18 +1526,18 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
 
-This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
+This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
 
 The following fields are available:
 
 - **AppraiserBranch**  The source branch in which the version of Appraiser that is running was built.
-- **AppraiserDataVersion**  The version of the data files being used by the Appraiser telemetry run.
+- **AppraiserDataVersion**  The version of the data files being used by the Appraiser diagnostic data run.
 - **AppraiserProcess**  The name of the process that launched Appraiser.
 - **AppraiserVersion**  The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
 - **AuxFinal**  Obsolete, always set to false.
 - **AuxInitial**  Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
 - **DeadlineDate**  A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
-- **EnterpriseRun**  Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
+- **EnterpriseRun**  Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
 - **FullSync**  Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
 - **InboxDataVersion**  The original version of the data files before retrieving any newer version.
 - **IndicatorsWritten**  Indicates if all relevant UEX indicators were successfully written or updated.
@@ -1467,15 +1546,15 @@ The following fields are available:
 - **PerfBackoff**  Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
 - **PerfBackoffInsurance**  Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
 - **RunAppraiser**  Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
-- **RunDate**  The date that the telemetry run was stated, expressed as a filetime.
-- **RunGeneralTel**  Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
+- **RunDate**  The date that the diagnostic data run was stated, expressed as a filetime.
+- **RunGeneralTel**  Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
 - **RunOnline**  Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
-- **RunResult**  The hresult of the Appraiser telemetry run.
+- **RunResult**  The hresult of the Appraiser diagnostic data run.
 - **ScheduledUploadDay**  The day scheduled for the upload.
-- **SendingUtc**  Indicates if the Appraiser client is sending events during the current telemetry run.
+- **SendingUtc**  Indicates whether the Appraiser client is sending events during the current diagnostic data run.
 - **StoreHandleIsNotNull**  Obsolete, always set to false
-- **TelementrySent**  Indicates if telemetry was successfully sent.
-- **ThrottlingUtc**  Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
+- **TelementrySent**  Indicates whether diagnostic data was successfully sent.
+- **ThrottlingUtc**  Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
 - **Time**  The client time of the event.
 - **VerboseMode**  Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
 - **WhyFullSyncWithoutTablePrefix**  Indicates the reason or reasons that a full sync was generated.
@@ -1655,7 +1734,7 @@ The following fields are available:
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
 - **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
-- **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
 - **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
 
 
@@ -1697,6 +1776,7 @@ The following fields are available:
 - **ChassisType**  Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
 - **ComputerHardwareID**  Identifies a device class that is represented by a hash of different SMBIOS fields.
 - **D3DMaxFeatureLevel**  Supported Direct3D version.
+- **DeviceColor**  Indicates a color of the device.
 - **DeviceForm**  Indicates the form as per the device classification.
 - **DeviceName**  The device name that is set by the user.
 - **DigitizerSupport**  Is a digitizer supported?
@@ -1816,18 +1896,14 @@ The following fields are available:
 - **AdvertisingId**  Current state of the advertising ID setting.
 - **AppDiagnostics**  Current state of the app diagnostics setting.
 - **Appointments**  Current state of the calendar setting.
-- **AppointmentsSystem**  Current state of the calendar setting.
 - **Bluetooth**  Current state of the Bluetooth capability setting.
 - **BluetoothSync**  Current state of the Bluetooth sync capability setting.
 - **BroadFileSystemAccess**  Current state of the broad file system access setting.
 - **CellularData**  Current state of the cellular data capability setting.
 - **Chat**  Current state of the chat setting.
-- **ChatSystem**  Current state of the chat setting.
 - **Contacts**  Current state of the contacts setting.
-- **ContactsSystem**  Current state of the Contacts setting.
 - **DocumentsLibrary**  Current state of the documents library setting.
 - **Email**  Current state of the email setting.
-- **EmailSystem**  Current state of the email setting.
 - **FindMyDevice**  Current state of the "find my device" setting.
 - **GazeInput**  Current state of the gaze input setting.
 - **HumanInterfaceDevice**  Current state of the human interface device setting.
@@ -1839,7 +1915,6 @@ The following fields are available:
 - **Microphone**  Current state of the microphone setting.
 - **PhoneCall**  Current state of the phone call setting.
 - **PhoneCallHistory**  Current state of the call history setting.
-- **PhoneCallHistorySystem**  Current state of the call history setting.
 - **PicturesLibrary**  Current state of the pictures library setting.
 - **Radios**  Current state of the radios setting.
 - **SensorsCustom**  Current state of the custom sensor setting.
@@ -1849,7 +1924,6 @@ The following fields are available:
 - **USB**  Current state of the USB setting.
 - **UserAccountInformation**  Current state of the account information setting.
 - **UserDataTasks**  Current state of the tasks setting.
-- **UserDataTasksSystem**  Current state of the tasks setting.
 - **UserNotificationListener**  Current state of the notifications setting.
 - **VideosLibrary**  Current state of the videos library setting.
 - **Webcam**  Current state of the camera setting.
@@ -1937,6 +2011,7 @@ The following fields are available:
 - **CalendarType**  The calendar identifiers that are used to specify different calendars.
 - **DefaultApp**  The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
 - **DefaultBrowserProgId**  The ProgramId of the current user's default browser.
+- **LocaleName**  Name of the current user locale given by LOCALE_SNAME via the GetLocaleInfoEx() function.
 - **LongDateFormat**  The long date format the user has selected.
 - **ShortDateFormat**  The short date format the user has selected.
 
@@ -1987,18 +2062,14 @@ The following fields are available:
 - **AdvertisingId**  Current state of the advertising ID setting.
 - **AppDiagnostics**  Current state of the app diagnostics setting.
 - **Appointments**  Current state of the calendar setting.
-- **AppointmentsSystem**  Current state of the calendar setting.
 - **Bluetooth**  Current state of the Bluetooth capability setting.
 - **BluetoothSync**  Current state of the Bluetooth sync capability setting.
 - **BroadFileSystemAccess**  Current state of the broad file system access setting.
 - **CellularData**  Current state of the cellular data capability setting.
 - **Chat**  Current state of the chat setting.
-- **ChatSystem**  Current state of the chat setting.
 - **Contacts**  Current state of the contacts setting.
-- **ContactsSystem**  Current state of the Contacts setting.
 - **DocumentsLibrary**  Current state of the documents library setting.
 - **Email**  Current state of the email setting.
-- **EmailSystem**  Current state of the email setting.
 - **GazeInput**  Current state of the gaze input setting.
 - **HumanInterfaceDevice**  Current state of the human interface device setting.
 - **InkTypeImprovement**  Current state of the improve inking and typing setting.
@@ -2010,7 +2081,6 @@ The following fields are available:
 - **Microphone**  Current state of the microphone setting.
 - **PhoneCall**  Current state of the phone call setting.
 - **PhoneCallHistory**  Current state of the call history setting.
-- **PhoneCallHistorySystem**  Current state of the call history setting.
 - **PicturesLibrary**  Current state of the pictures library setting.
 - **Radios**  Current state of the radios setting.
 - **SensorsCustom**  Current state of the custom sensor setting.
@@ -2020,7 +2090,6 @@ The following fields are available:
 - **USB**  Current state of the USB setting.
 - **UserAccountInformation**  Current state of the account information setting.
 - **UserDataTasks**  Current state of the tasks setting.
-- **UserDataTasksSystem**  Current state of the tasks setting.
 - **UserNotificationListener**  Current state of the notifications setting.
 - **VideosLibrary**  Current state of the videos library setting.
 - **Webcam**  Current state of the camera setting.
@@ -2040,6 +2109,7 @@ The following fields are available:
 - **IsVirtualDevice**  Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
 - **SLATSupported**  Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
 - **VirtualizationFirmwareEnabled**  Represents whether virtualization is enabled in the firmware.
+- **VMId**  A string that uniquely identifies a virtual machine.
 
 
 ### Census.WU
@@ -2307,6 +2377,38 @@ The following fields are available:
 - **pendingDecision**  Indicates the cause of reboot, if applicable.
 
 
+### CbsServicingProvider.CbsLateAcquisition
+
+This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **Features**  The list of feature packages that could not be updated.
+- **RetryID**  The ID identifying the retry attempt to update the listed packages.
+
+
+### CbsServicingProvider.CbsPackageRemoval
+
+This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion**  The build number of the security update being uninstalled.
+- **clientId**  The name of the application requesting the uninstall.
+- **currentStateEnd**  The final state of the update after the operation.
+- **failureDetails**  Information about the cause of a failure, if applicable.
+- **failureSourceEnd**  The stage during the uninstall where the failure occurred.
+- **hrStatusEnd**  The overall exit code of the operation.
+- **initiatedOffline**  Indicates if the uninstall was initiated for a mounted Windows image.
+- **majorVersion**  The major version number of the security update being uninstalled.
+- **minorVersion**  The minor version number of the security update being uninstalled.
+- **originalState**  The starting state of the update before the operation.
+- **pendingDecision**  Indicates the cause of reboot, if applicable.
+- **primitiveExecutionContext**  The state during system startup when the uninstall was completed.
+- **revisionVersion**  The revision number of the security update being uninstalled.
+- **transactionCanceled**  Indicates whether the uninstall was cancelled.
+
+
 ### CbsServicingProvider.CbsQualityUpdateInstall
 
 This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
@@ -2378,6 +2480,12 @@ The following fields are available:
 - **updateTargetState**  A value indicating the desired state of the optional content.
 
 
+### CbsServicingProvider.CbsUpdateDeferred
+
+This event reports the results of deferring Windows Content to keep Windows up to date.
+
+
+
 ## Diagnostic data events
 
 ### TelClientSynthetic.AbnormalShutdown_0
@@ -2426,7 +2534,6 @@ The following fields are available:
 - **PowerButtonPressIsShutdownInProgress**  Indicates whether a system shutdown was in progress at the last time the power button was pressed.
 - **PowerButtonPressLastPowerWatchdogStage**  Progress while the monitor is being turned on.
 - **PowerButtonPressPowerWatchdogArmed**  Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
-- **RegKeyLastShutdownBootId**  The last recorded boot ID.
 - **ShutdownDeviceType**  Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API.
 - **SleepCheckpoint**  Provides the last checkpoint when there is a failure during a sleep transition.
 - **SleepCheckpointSource**  Indicates whether the source is the EFI variable or bootstat file.
@@ -2483,7 +2590,6 @@ The following fields are available:
 - **CanCollectOsTelemetry**  True if we can collect diagnostic data telemetry, false otherwise.
 - **CanCollectWindowsAnalyticsEvents**  True if we can collect Windows Analytics data, false otherwise.
 - **CanPerformDiagnosticEscalations**  True if we can perform diagnostic escalation collection, false otherwise.
-- **CanPerformTraceEscalations**  True if we can perform trace escalation collection, false otherwise.
 - **CanReportScenarios**  True if we can report scenario completions, false otherwise.
 - **PreviousPermissions**  Bitmask of previous telemetry state.
 - **TransitionFromEverythingOff**  True if we are transitioning from all telemetry being disabled, false otherwise.
@@ -2491,7 +2597,7 @@ The following fields are available:
 
 ### TelClientSynthetic.ConnectivityHeartBeat_0
 
-This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
+This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network.
 
 The following fields are available:
 
@@ -2504,22 +2610,6 @@ The following fields are available:
 - **RestrictedNetworkTime**  Retrieves the time spent on a metered (cost restricted) network in seconds.
 
 
-### TelClientSynthetic.EventMonitor_0
-
-This event provides statistics for specific diagnostic events.
-
-The following fields are available:
-
-- **ConsumerCount**  The number of instances seen in the Event Tracing for Windows consumer.
-- **EventName**  The name of the event being monitored.
-- **EventSnFirst**  The expected first event serial number.
-- **EventSnLast**  The expected last event serial number.
-- **EventStoreCount**  The number of events reaching the event store.
-- **MonitorSn**  The serial number of the monitor.
-- **TriggerCount**  The number of events reaching the trigger buffer.
-- **UploadedCount**  The number of events uploaded.
-
-
 ### TelClientSynthetic.GetFileInfoAction_FilePathNotApproved_0
 
 This event occurs when the DiagTrack escalation fails due to the scenario requesting a path that is not approved for GetFileInfo actions.
@@ -2527,8 +2617,6 @@ This event occurs when the DiagTrack escalation fails due to the scenario reques
 The following fields are available:
 
 - **FilePath**  The unexpanded path in the scenario XML.
-- **FilePathExpanded**  The file path, with environment variables expanded.
-- **FilePathExpandedScenario**  The file path, with property identifiers and environment variables expanded.
 - **ScenarioId**  The globally unique identifier (GUID) of the scenario.
 - **ScenarioInstanceId**  The error code denoting which path failed (internal or external).
 
@@ -2612,7 +2700,7 @@ The following fields are available:
 
 ### TelClientSynthetic.HeartBeat_DevHealthMon_5
 
-This event sends data (for Surface Hub devices) to monitor and ensure the correct functioning of those Surface Hub devices. This data helps ensure the device is up-to-date with the latest security and safety features.
+This event sends data (for Surface Hub devices) to monitor and ensure the correct functioning of those Surface Hub devices. This data helps ensure the device is up to date with the latest security and safety features.
 
 The following fields are available:
 
@@ -2721,6 +2809,89 @@ This event is a low latency health alert that is part of the 4Nines device healt
 
 
 
+## DISM events
+
+### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU
+
+The DISM Latest Installed LCU sends information to report result of search for latest installed LCU after last successful boot.
+
+The following fields are available:
+
+- **dismInstalledLCUPackageName**  The name of the latest installed package.
+
+
+### Microsoft.Windows.StartRepairCore.DISMPendingInstall
+
+The DISM Pending Install event sends information to report pending package installation found.
+
+The following fields are available:
+
+- **dismPendingInstallPackageName**  The name of the pending package.
+
+
+### Microsoft.Windows.StartRepairCore.DISMRevertPendingActions
+
+The DISM Pending Install event sends information to report pending package installation found.
+
+The following fields are available:
+
+- **errorCode**  The result code returned by the event.
+
+
+### Microsoft.Windows.StartRepairCore.DISMUninstallLCU
+
+The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU.
+
+The following fields are available:
+
+- **errorCode**  The result code returned by the event.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRepairActionEnd
+
+The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU.
+
+The following fields are available:
+
+- **errorCode**  The result code returned by the event.
+- **failedUninstallCount**  The number of driver updates that failed to uninstall.
+- **failedUninstallFlightIds**  The Flight IDs (identifiers of beta releases) of driver updates that failed to uninstall.
+- **foundDriverUpdateCount**  The number of found driver updates.
+- **srtRepairAction**  The scenario name for a repair.
+- **successfulUninstallCount**  The number of successfully uninstalled driver updates.
+- **successfulUninstallFlightIds**  The Flight IDs (identifiers of beta releases) of successfully uninstalled driver updates.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRepairActionStart
+
+The SRT Repair Action Start event sends information to report repair operation started for given plug-in.
+
+The following fields are available:
+
+- **srtRepairAction**  The scenario name for a repair.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagEnd
+
+The SRT Root Cause Diagnosis End event sends information to report diagnosis operation completed for given plug-in.
+
+The following fields are available:
+
+- **errorCode**  The result code returned by the event.
+- **flightIds**  The Flight IDs (identifier of the beta release) of found driver updates.
+- **foundDriverUpdateCount**  The number of found driver updates.
+- **srtRootCauseDiag**  The scenario name for a diagnosis event.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagStart
+
+The SRT Root Cause Diagnosis Start event sends information to report diagnosis operation started for given plug-in.
+
+The following fields are available:
+
+- **srtRootCauseDiag**  The scenario name for a diagnosis event.
+
+
 ## Driver installation events
 
 ### Microsoft.Windows.DriverInstall.DeviceInstall
@@ -2735,6 +2906,7 @@ The following fields are available:
 - **CoInstallers**  The list of coinstallers.
 - **ConfigFlags**  The device configuration flags.
 - **DeviceConfigured**  Indicates whether this device was configured through the kernel configuration.
+- **DeviceInstalled**  Indicates whether the legacy install code path was used.
 - **DeviceInstanceId**  The unique identifier of the device in the system.
 - **DeviceStack**  The device stack of the driver being installed.
 - **DriverDate**  The date of the driver.
@@ -2759,6 +2931,7 @@ The following fields are available:
 - **Inbox**  Indicates whether the driver package is included with Windows.
 - **InstallDate**  The date the driver was installed.
 - **LastCompatibleId**  The ID in the hardware ID list that provides the least specific device description.
+- **LastInstallFunction**  The last install function invoked in a co-installer if the install timeout was reached while a co-installer was executing.
 - **LegacyInstallReasonError**  The error code for the legacy installation.
 - **LowerFilters**  The list of lower filter drivers.
 - **MatchingDeviceId**  The hardware ID or compatible ID that Windows used to install the device instance.
@@ -2768,8 +2941,10 @@ The following fields are available:
 - **PendedUntilReboot**  Indicates whether the installation is pending until the device is rebooted.
 - **Problem**  Error code returned by the device after installation.
 - **ProblemStatus**  The status of the device after the driver installation.
+- **RebootRequiredReason**  DWORD (Double Word—32-bit unsigned integer) containing the reason why the device required a reboot during install.
 - **SecondaryDevice**  Indicates whether the device is a secondary device.
 - **ServiceName**  The service name of the driver.
+- **SessionGuid**  GUID (Globally Unique IDentifier) for the update session.
 - **SetupMode**  Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed.
 - **StartTime**  The time when the installation started.
 - **SubmissionId**  The driver submission identifier assigned by the Windows Hardware Development Center.
@@ -2788,6 +2963,7 @@ The following fields are available:
 - **FlightId**  The ID of the Windows Insider build the device received.
 - **InstallDate**  The date the driver was installed.
 - **InstallFlags**  The driver installation flags.
+- **OptionalData**  Metadata specific to WU (Windows Update) associated with the driver (flight IDs, recovery IDs, etc.)
 - **RebootRequired**  Indicates whether a reboot is required after the installation.
 - **RollbackPossible**  Indicates whether this driver can be rolled back.
 - **WuTargetedHardwareId**  Indicates that the driver was installed because the device hardware ID was targeted by the Windows Update.
@@ -2831,10 +3007,12 @@ The following fields are available:
 - **ComputePreemptionLevel**  The maximum preemption level supported by GPU for compute payload.
 - **DedicatedSystemMemoryB**  The amount of system memory dedicated for GPU use (in bytes).
 - **DedicatedVideoMemoryB**  The amount of dedicated VRAM of the GPU (in bytes).
+- **Display1UMDFilePath**  File path to the location of the Display User Mode Driver in the Driver Store.
 - **DisplayAdapterLuid**  The display adapter LUID.
 - **DriverDate**  The date of the display driver.
 - **DriverRank**  The rank of the display driver.
 - **DriverVersion**  The display driver version.
+- **DriverWorkarounds**  Numeric value indicating the driver workarounds enabled for this device.
 - **DX10UMDFilePath**  The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
 - **DX11UMDFilePath**  The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
 - **DX12UMDFilePath**  The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
@@ -2845,6 +3023,7 @@ The following fields are available:
 - **GPUVendorID**  The GPU vendor ID.
 - **InterfaceId**  The GPU interface ID.
 - **IsDisplayDevice**  Does the GPU have displaying capabilities?
+- **IsHwSchEnabled**  Boolean value indicating whether hardware scheduling is enabled.
 - **IsHwSchSupported**  Indicates whether the adapter supports hardware scheduling.
 - **IsHybridDiscrete**  Does the GPU have discrete GPU capabilities in a hybrid device?
 - **IsHybridIntegrated**  Does the GPU have integrated GPU capabilities in a hybrid device?
@@ -2976,6 +3155,24 @@ The following fields are available:
 - **TargetAsId**  The sequence number for the hanging process.
 
 
+## Feature update events
+
+### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
+
+This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state.
+
+The following fields are available:
+
+- **failureReason**  Provides data about the uninstall initialization operation failure.
+- **hr**  Provides the Win32 error code for the operation failure.
+
+
+### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered
+
+This event indicates that the uninstall was properly configured and that a system reboot was initiated.
+
+
+
 ## Hang Reporting events
 
 ### Microsoft.Windows.HangReporting.AppHangEvent
@@ -3004,6 +3201,94 @@ The following fields are available:
 - **WaitingOnPackageRelativeAppId**  If this is a cross process hang waiting for a package, this has the relative application id of the package.
 
 
+## Holographic events
+
+### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded
+
+This event indicates Windows Mixed Reality device state. This event is also used to count WMR device.
+
+The following fields are available:
+
+- **ClassGuid**  Windows Mixed Reality device class GUID.
+- **DeviceInterfaceId**  Windows Mixed Reality device interface ID.
+- **DeviceName**  Windows Mixed Reality device name.
+- **DriverVersion**  Windows Mixed Reality device driver version.
+- **FirmwareVersion**  Windows Mixed Reality firmware version.
+- **Manufacturer**  Windows Mixed Reality device manufacturer.
+- **ModelName**  Windows Mixed Reality device model name.
+- **SerialNumber**  Windows Mixed Reality device serial number.
+
+### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated
+
+This event indicates Windows Mixed Reality HoloShell State. This event is also used to count WMR device.
+
+The following fields are available:
+
+- **HmdState**  Windows Mixed Reality Headset HMD state.
+- **NewHoloShellState**  Windows Mixed Reality HoloShell state.
+- **PriorHoloShellState**  Windows Mixed Reality state prior to entering to HoloShell.
+- **SimulationEnabled**  Windows Mixed Reality Simulation state.
+
+
+### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated
+
+This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device.
+
+The following fields are available:
+
+- **IsDemoMode**  Windows Mixed Reality Portal app state of demo mode.
+- **IsDeviceSetupComplete**  Windows Mixed Reality Portal app state of device setup completion.
+- **PackageVersion**  Windows Mixed Reality Portal app package version.
+- **PreviousExecutionState**  Windows Mixed Reality Portal app prior execution state.
+- **wilActivity**  Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity).
+
+
+### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming
+
+This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device.
+
+
+
+### TraceLoggingOasisUsbHostApiProvider.DeviceInformation
+
+This event provides Windows Mixed Reality device information. This event is also used to count WMR device and device type.
+
+The following fields are available:
+
+- **BootloaderMajorVer**  Windows Mixed Reality device boot loader major version.
+- **BootloaderMinorVer**  Windows Mixed Reality device boot loader minor version.
+- **BootloaderRevisionNumber**  Windows Mixed Reality device boot loader revision number.
+- **BTHFWMajorVer**  Windows Mixed Reality device BTHFW major version. This event also used to count WMR device.
+- **BTHFWMinorVer**  Windows Mixed Reality device BTHFW minor version. This event also used to count WMR device.
+- **BTHFWRevisionNumber**  Windows Mixed Reality device BTHFW revision number.
+- **CalibrationBlobSize**  Windows Mixed Reality device calibration blob size.
+- **CalibrationFwMajorVer**  Windows Mixed Reality device calibration firmware major version.
+- **CalibrationFwMinorVer**  Windows Mixed Reality device calibration firmware minor version.
+- **CalibrationFwRevNum**  Windows Mixed Reality device calibration firmware revision number.
+- **DeviceInfoFlags**  Windows Mixed Reality device info flags.
+- **DeviceName**  Windows Mixed Reality device Name. This event is also used to count WMR device.
+- **DeviceReleaseNumber**  Windows Mixed Reality device release number.
+- **FirmwareMajorVer**  Windows Mixed Reality device firmware major version.
+- **FirmwareMinorVer**  Windows Mixed Reality device firmware minor version.
+- **FirmwareRevisionNumber**  Windows Mixed Reality device calibration firmware revision number.
+- **FpgaFwMajorVer**  Windows Mixed Reality device FPGA firmware major version.
+- **FpgaFwMinorVer**  Windows Mixed Reality device FPGA firmware minor version.
+- **FpgaFwRevisionNumber**  Windows Mixed Reality device FPGA firmware revision number.
+- **FriendlyName**  Windows Mixed Reality device friendly name.
+- **HashedSerialNumber**  Windows Mixed Reality device hashed serial number.
+- **HeaderSize**  Windows Mixed Reality device header size.
+- **HeaderVersion**  Windows Mixed Reality device header version.
+- **LicenseKey**  Windows Mixed Reality device header license key.
+- **Make**  Windows Mixed Reality device make.
+- **ManufacturingDate**  Windows Mixed Reality device manufacturing date.
+- **Model**  Windows Mixed Reality device model.
+- **PresenceSensorHidVendorPage**  Windows Mixed Reality device presence sensor HID vendor page.
+- **PresenceSensorHidVendorUsage**  Windows Mixed Reality device presence sensor HID vendor usage.
+- **PresenceSensorUsbVid**  Windows Mixed Reality device presence sensor USB VId.
+- **ProductBoardRevision**  Windows Mixed Reality device product board revision number.
+- **SerialNumber**  Windows Mixed Reality device serial number.
+
+
 ## Inventory events
 
 ### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
@@ -3042,6 +3327,7 @@ The following fields are available:
 - **InventoryMiscellaneousOfficeVBA**  A count of office vba objects in cache
 - **InventoryMiscellaneousOfficeVBARuleViolations**  A count of office vba rule violations objects in cache
 - **InventoryMiscellaneousUUPInfo**  A count of uup info objects in cache
+- **InventoryVersion**  The version of the inventory file generating the events.
 - **Metadata**  A count of metadata objects in cache.
 - **Orphan**  A count of orphan file objects in cache.
 - **Programs**  A count of program objects in cache.
@@ -3325,7 +3611,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
 
-This event represents the basic metadata about a plug and play (PNP) device and its associated driver.
+This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows.
 
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
@@ -3509,12 +3795,18 @@ The following fields are available:
 
 This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin.
 
+The following fields are available:
+
+- **key**  The globally unique identifier (GUID) used to identify the specific Json Trace logging session.
 
 
 ### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace
 
 This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end.
 
+The following fields are available:
+
+- **key**  The globally unique identifier (GUID) used to identify the specific Json Trace logging session.
 
 
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
@@ -3537,6 +3829,7 @@ The following fields are available:
 - **FullPath**  The full path to the Microsoft Office add-in.
 - **InventoryVersion**  The version of the inventory binary generating the events.
 - **LoadBehavior**  Integer that describes the load behavior.
+- **LoadTime**  Load time for the Office add-in.
 - **OfficeApplication**  The Microsoft Office application associated with the add-in.
 - **OfficeArchitecture**  The architecture of the add-in.
 - **OfficeVersion**  The Microsoft Office version for this add-in.
@@ -3546,6 +3839,7 @@ The following fields are available:
 - **ProductVersion**  The version associated with the Office add-in.
 - **ProgramId**  The unique program identifier of the Microsoft Office add-in.
 - **Provider**  Name of the provider for this add-in.
+- **Usage**  Data about usage for the add-in.
 
 
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
@@ -3707,10 +4001,10 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 
 The following fields are available:
 
-- **BrowserFlags**  Browser flags for Office-related products
-- **ExchangeProviderFlags**  Provider policies for Office Exchange
+- **BrowserFlags**  Browser flags for Office-related products.
+- **ExchangeProviderFlags**  Provider policies for Office Exchange.
 - **InventoryVersion**  The version of the inventory binary generating the events.
-- **SharedComputerLicensing**  Office shared computer licensing policies
+- **SharedComputerLicensing**  Office shared computer licensing policies.
 
 
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync
@@ -3931,11 +4225,11 @@ The following fields are available:
 - **LastShutdownSucceeded**  Flag indicating whether the last shutdown was successful.
 - **MaxAbove4GbFreeRange**  This field describes the largest memory range available above 4Gb.
 - **MaxBelow4GbFreeRange**  This field describes the largest memory range available below 4Gb.
+- **MeasuredLaunchCapable**  Indicates the system is capable of booting with Dynamic Root of Trust for Measurement (DRTM) support.
 - **MeasuredLaunchPrepared**  This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement).
 - **MeasuredLaunchResume**  This field tells us if Dynamic Root of Trust for Measurement (DRTM) was used when resuming from hibernation.
 - **MenuPolicy**  Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.).
 - **RecoveryEnabled**  Indicates whether recovery is enabled.
-- **SecureLaunchPrepared**  This field indicates if DRTM was prepared during boot.
 - **TcbLaunch**  Indicates whether the Trusted Computing Base was used during the boot flow.
 - **UserInputTime**  The amount of time the loader application spent waiting for user input.
 
@@ -3993,6 +4287,204 @@ The following fields are available:
 - **ServiceName**  The driver or service name that is attached to the device.
 
 
+### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown
+
+This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they are expected to.
+
+The following fields are available:
+
+- **temperature**  Contains the actual temperature measurement, in tenths of degrees Kelvin, for the area that exceeded the limit.
+- **thermalZone**  Contains an identifier that specifies which area it was that exceeded temperature limits.
+
+
+## Microsoft Edge events
+
+### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config
+
+This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_version**  The internal Microsoft Edge build version string.
+- **appConsentState**  Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
+- **client_id**  A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType**  The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
+- **container_client_id**  The client ID of the container if the device is in Windows Defender Application Guard mode.
+- **container_session_id**  The session ID of the container if the device is in Windows Defender Application Guard mode.
+- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
+- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
+- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource**  An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType**  The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
+- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+
+
+### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config
+
+This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_version**  The internal Microsoft Edge build version string.
+- **appConsentState**  Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
+- **client_id**  A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType**  The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
+- **container_client_id**  The client ID of the container if the device is in Windows Defender Application Guard mode.
+- **container_session_id**  The session ID of the container if the device is in Windows Defender Application Guard mode.
+- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
+- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
+- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource**  An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType**  The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
+- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+
+
+### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config
+
+This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_version**  The internal Microsoft Edge build version string.
+- **appConsentState**  Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
+- **client_id**  A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType**  The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
+- **container_client_id**  The client ID of the container if the device is in Windows Defender Application Guard mode.
+- **container_session_id**  The session ID of the container if the device is in Windows Defender Application Guard mode.
+- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
+- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
+- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource**  An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType**  The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
+- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+
+
+### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_version**  The internal Microsoft Edge build version string.
+- **appConsentState**  Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
+- **client_id**  A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType**  The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
+- **container_client_id**  The client ID of the container if the device is in Windows Defender Application Guard mode.
+- **container_session_id**  The session ID of the container if the device is in Windows Defender Application Guard mode.
+- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
+- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
+- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource**  An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType**  The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
+- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+
+
+### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
+
+This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's  used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date.
+
+The following fields are available:
+
+- **appAp**  Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''.
+- **appAppId**  The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update.
+- **appBrandCode**  The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown).
+- **appChannel**  An integer indicating the channel of the installation (e.g. Canary or Dev).
+- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
+- **appCohort**  A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appCohortHint**  A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appCohortName**  A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appConsentState**  Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
+- **appDayOfInstall**  The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown).
+- **appExperiments**  A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''.
+- **appInstallTimeDiffSec**  The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
+- **appLang**  The language of the product install, in IETF BCP 47 representation. Default: ''.
+- **appNextVersion**  The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
+- **appPingEventAppSize**  The total number of bytes of all downloaded packages. Default: '0'.
+- **appPingEventDownloadMetricsDownloadedBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
+- **appPingEventDownloadMetricsDownloader**  A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
+- **appPingEventDownloadMetricsDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
+- **appPingEventDownloadMetricsError**  The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'.
+- **appPingEventDownloadMetricsServerIpHint**  For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
+- **appPingEventDownloadMetricsTotalBytes**  For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
+- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
+- **appPingEventDownloadTimeMs**  For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
+- **appPingEventErrorCode**  The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
+- **appPingEventEventResult**  An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error).
+- **appPingEventEventType**  An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown).
+- **appPingEventExtraCode1**  Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
+- **appPingEventInstallTimeMs**  For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appPingEventNumBytesDownloaded**  The number of bytes downloaded for the specified application. Default: '0'.
+- **appPingEventSequenceId**  An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
+- **appPingEventSourceUrlIndex**  For events representing a download, the position of the download URL in the list of URLs supplied by the server in a  tag.
+- **appPingEventUpdateCheckTimeMs**	For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appUpdateCheckIsUpdateDisabled**  The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
+- **appUpdateCheckTargetVersionPrefix**  A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''.
+- **appUpdateCheckTtToken**  An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''.
+- **appVersion**  The version of the product install. Default: '0.0.0.0'.
+- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **eventType**  A string representation of appPingEventEventType indicating the type of the event.
+- **hwHasAvx**  '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse**  '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse2**  '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse3**  '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse41**  '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse42**  '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSsse3**  '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
+- **hwPhysmemory**  The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
+- **isMsftDomainJoined**  '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
+- **osArch**  The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
+- **osPlatform**  The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''.
+- **osServicePack**  The secondary version of the operating system. '' if unknown. Default: ''.
+- **osVersion**  The primary version of the operating system. '' if unknown. Default: ''.
+- **requestCheckPeriodSec**  The update interval in seconds. The value is read from the registry. Default: '-1'.
+- **requestDlpref**  A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''.
+- **requestDomainJoined**  '1' if the device is part of a managed enterprise domain. Otherwise '0'.
+- **requestInstallSource**  A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''.
+- **requestIsMachine**  '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'.
+- **requestOmahaShellVersion**  The version of the Omaha installation folder. Default: ''.
+- **requestOmahaVersion**  The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'.
+- **requestProtocolVersion**  The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined.
+- **requestRequestId**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Default: ''.
+- **requestSessionCorrelationVectorBase**  A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
+- **requestSessionId**  A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique sessionid. Default: ''.
+- **requestTestSource**  Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''.
+- **requestUid**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt should have (with high probability) a unique request id. Default: ''.
+
+
+### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_version**  The internal Microsoft Edge build version string.
+- **appConsentState**  Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **Channel**  An integer indicating the channel of the installation (Canary or Dev).
+- **client_id**  A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType**  The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
+- **container_client_id**  The client ID of the container if the device is in Windows Defender Application Guard mode.
+- **container_session_id**  The session ID of the container if the device is in Windows Defender Application Guard mode.
+- **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
+- **EventInfo.Level**  The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
+- **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource**  An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **PayloadClass**  The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID**  A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType**  The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
+- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+
 ## Migration events
 
 ### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
@@ -4104,6 +4596,23 @@ The following fields are available:
 - **WFD2Supported**  Indicates if the Miracast receiver supports WFD2 protocol.
 
 
+## OneDrive events
+
+### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
+
+This event is related to the OS version when the OS is upgraded with OneDrive installed.
+
+The following fields are available:
+
+- **CurrentOneDriveVersion**  The current version of OneDrive.
+- **CurrentOSBuildBranch**  The current branch of the operating system.
+- **CurrentOSBuildNumber**  The current build number of the operating system.
+- **CurrentOSVersion**  The current version of the operating system.
+- **HResult**  The HResult of the operation.
+- **SourceOSBuildBranch**  The source branch of the operating system.
+- **SourceOSBuildNumber**  The source build number of the operating system.
+- **SourceOSVersion**  The source version of the operating system.
+
 ## Privacy consent logging events
 
 ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -4324,15 +4833,6 @@ The following fields are available:
 - **timestamp**  Timestamp of this push-button reset event.
 
 
-### Microsoft.Windows.PBR.PBRClearRollBackEntry
-
-This event is sent when the push-button reset operation clears the rollback entry. Push-button reset cannot rollback after this point.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
 ### Microsoft.Windows.PBR.PBRClearTPMFailed
 
 This event is sent when there was a failure while clearing the Trusted Platform Module (TPM).
@@ -4356,27 +4856,6 @@ The following fields are available:
 - **SPPhase**  The last phase of the Setup Platform operation.
 
 
-### Microsoft.Windows.PBR.PBRCreateNewSystemReconstructionSucceed
-
-This event is sent when the push-button reset operation succeeds in constructing a new copy of the operating system.
-
-The following fields are available:
-
-- **CBSPackageCount**  The Component Based Servicing package count.
-- **CustomizationPackageCount**  The Customization package count.
-- **PBRType**  The type of push-button reset.
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRDriverInjectionFailed
-
-This event is sent when the driver injection fails.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
 ### Microsoft.Windows.PBR.PBRFailed
 
 This event is sent when the push-button reset operation fails and rolls back to the previous state.
@@ -4388,28 +4867,6 @@ The following fields are available:
 - **SessionID**  The ID of this push-button reset session.
 
 
-### Microsoft.Windows.PBR.PBRFinalizeNewSystemFailed
-
-This event is sent when the push-button reset operation fails to finalize the new system.
-
-The following fields are available:
-
-- **HRESULT**  The result error code.
-- **SessionID**  The ID of this push-button reset session.
-- **SPErrorCode**  The error code for the Setup Platform operation.
-- **SPOperation**  The Setup Platform operation.
-- **SPPhase**  The phase of the Setup Platform operation.
-
-
-### Microsoft.Windows.PBR.PBRFinalizeNewSystemSucceed
-
-This event is sent when the push-button reset operation succeeds in finalizing the new system.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
 ### Microsoft.Windows.PBR.PBRFinalUserSelection
 
 This event is sent when the user makes the final selection in the user interface.
@@ -4424,62 +4881,6 @@ The following fields are available:
 - **SessionID**  The ID of this push-button reset session.
 
 
-### Microsoft.Windows.PBR.PBRFormatOSVolumeFailed
-
-This event is sent when the operation to format the operating system volume fails during push-button reset (PBR).
-
-The following fields are available:
-
-- **JustDeleteFiles**  Indicates whether disk formatting was skipped.
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRFormatOSVolumeSucceed
-
-This event is sent when the operation to format the operating system volume succeeds during push-button reset (PBR).
-
-The following fields are available:
-
-- **JustDeleteFiles**  Indicates whether disk formatting was skipped.
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRInstallWinREFailed
-
-This event sends basic data about the recovery operation failure on the device to allow investigation.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRIOCTLErasureSucceed
-
-This event is sent when the erasure operation succeeds during push-button reset (PBR).
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRLayoutImageFailed
-
-This event is sent when push-button reset fails to create a new image of Windows.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRLayoutImageSucceed
-
-This event is sent when push-button reset succeeds in creating a new image of Windows.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
 ### Microsoft.Windows.PBR.PBROEM1Failed
 
 This event is sent when the first OEM extensibility operation is successfully completed.
@@ -4493,73 +4894,6 @@ The following fields are available:
 - **SessionID**  The ID of this push-button reset session.
 
 
-### Microsoft.Windows.PBR.PBROEM2Failed
-
-This event is sent when the second OEM extensibility operation is successfully completed.
-
-The following fields are available:
-
-- **HRESULT**  The result error code from the OEM extensibility script.
-- **Parameters**  The parameters that were passed to the OEM extensibility script.
-- **PBRType**  The type of push-button reset.
-- **ScriptName**  The path to the OEM extensibility script.
-- **SessionID**  The ID of the push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRPostApplyFailed
-
-This event returns data indicating the failure of the reset/recovery process after the operating system files are restored.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRPostApplyFinished
-
-This event returns data indicating the completion of the reset/recovery process after the operating system files are restored.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRPostApplyStarted
-
-This event returns data indicating the start of the reset/recovery process after the operating system files are restored.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRPreApplyFailed
-
-This event returns data indicating the failure of the reset/recovery process before the operating system files are restored.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRPreApplyFinished
-
-This event returns data indicating the completion of the reset/recovery process before the operating system files are restored.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRPreApplyStarted
-
-This event returns data indicating the start of the reset/recovery process before the operating system files are restored.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
 ### Microsoft.Windows.PBR.PBRReachedOOBE
 
 This event returns data when the PBR (Push Button Reset) process reaches the OOBE (Out of Box Experience).
@@ -4620,15 +4954,6 @@ The following fields are available:
 - **SessionID**  The ID of this push-button reset session.
 
 
-### Microsoft.Windows.PBR.PBRRestoreLicenseFailed
-
-This event sends basic data about recovery operation failure on the device. This data allows investigation to help keep Windows and PBR (Push Button Reset) up to date.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
 ### Microsoft.Windows.PBR.PBRSucceed
 
 This event returns data when PBR (Push Button Reset) succeeds.
@@ -4640,37 +4965,6 @@ The following fields are available:
 - **SessionID**  The ID of this push-button reset session.
 
 
-### Microsoft.Windows.PBR.PBRUserCancelled
-
-This event returns data when the user cancels the PBR (Push Button Reset) from the UI (user interface).
-
-The following fields are available:
-
-- **CancelPage**  The ID of the page where the user clicked Cancel.
-- **PBRVariation**  The type of push-button reset.
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRVersionsMistmatch
-
-This event returns data when there is a version mismatch for WinRE (Windows Recovery) and the OS.
-
-The following fields are available:
-
-- **OSVersion**  The OS version installed on the device.
-- **REVersion**  The version of Windows Recovery Environment (WinRE).
-- **SessionID**  The ID of this push-button reset session.
-
-
-### Microsoft.Windows.PBR.PBRWinREInstallationFailed
-
-This event returns data when the WinRE (Windows Recovery) installation fails.
-
-The following fields are available:
-
-- **SessionID**  The ID of this push-button reset session.
-
-
 ### Microsoft.Windows.PBR.PhaseFinished
 
 This event returns data when a phase of PBR (Push Button Reset) has completed.
@@ -4720,6 +5014,7 @@ The following fields are available:
 - **scenario**  The selected scenario for the push-button on reset operation.
 - **sessionID**  The ID of this push-button on reset session.
 - **timestamp**  The timestamp of this push-button on reset event.
+- **usePayload**  Indicates whether Cloud PBR or Reconstruction was used.
 - **wipeData**  Indicates whether the option was selected to wipe additional drives during push-button reset.
 
 
@@ -5156,7 +5451,7 @@ The following fields are available:
 - **ActiveDownloadTime**  Number of seconds the update was actively being downloaded.
 - **AppXBlockHashFailures**  Indicates the number of blocks that failed hash validation during download.
 - **AppXBlockHashValidationFailureCount**  A count of the number of blocks that have failed validation after being downloaded.
-- **AppXDownloadScope**  Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client.
+- **AppXDownloadScope**  Indicates the scope of the download for application content.
 - **AppXScope**  Indicates the scope of the app download.
 - **BiosFamily**  The family of the BIOS (Basic Input Output System).
 - **BiosName**  The name of the device BIOS.
@@ -5170,8 +5465,9 @@ The following fields are available:
 - **BundleRepeatFailFlag**  Indicates whether this particular update bundle previously failed to download.
 - **BundleRevisionNumber**  Identifies the revision number of the content bundle.
 - **BytesDownloaded**  Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
+- **CachedEngineVersion**  The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable.
 - **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
-- **CbsDownloadMethod**  Indicates whether the download was a full-file download or a partial/delta download.
+- **CbsDownloadMethod**  Indicates whether the download was a full- or a partial-file download.
 - **CbsMethod**  The method used for downloading the update content related to the Component Based Servicing (CBS) technology.
 - **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
 - **CDNId**  ID which defines which CDN the software distribution client downloaded the content from.
@@ -5179,9 +5475,11 @@ The following fields are available:
 - **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior.
 - **ConnectTime**  Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle.
 - **CurrentMobileOperator**  The mobile operator the device is currently connected to.
-- **DeviceModel**  What is the device model.
+- **DeviceModel**  The model of the device.
 - **DownloadPriority**  Indicates whether a download happened at background, normal, or foreground priority.
 - **DownloadProps**  Information about the download operation properties in the form of a bitmask.
+- **DownloadScenarioId**  A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events.
+- **DownloadType**  Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads.
 - **EventInstanceID**  A globally unique identifier for event instance.
 - **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed.
 - **EventType**  Possible values are Child, Bundle, or Driver.
@@ -5208,25 +5506,26 @@ The following fields are available:
 - **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
 - **Reason**  A 32-bit integer representing the reason the update is blocked from being downloaded in the background.
-- **RegulationReason**  The reason that the update is regulated
 - **RegulationResult**  The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
 - **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one.
 - **RepeatFailCount**  Indicates whether this specific content has previously failed.
-- **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
+- **RepeatFailFlag**  Indicates whether this specific content previously failed to download.
 - **RevisionNumber**  The revision number of the specified piece of content.
 - **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **Setup360Phase**  If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway.
-- **ShippingMobileOperator**  The mobile operator that a device shipped on.
+- **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
+- **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
 - **SizeCalcTime**  Time taken (in seconds) to calculate the total download size of the payload.
 - **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
 - **SystemBIOSMajorRelease**  Major version of the BIOS.
 - **SystemBIOSMinorRelease**  Minor version of the BIOS.
 - **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
 - **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TargetMetadataVersion**  The version of the currently downloading (or most recently downloaded) package.
 - **ThrottlingServiceHResult**  Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
-- **TimeToEstablishConnection**  Time (in ms) it took to establish the connection prior to beginning downloaded.
+- **TimeToEstablishConnection**  Time (in milliseconds) it took to establish the connection prior to beginning downloaded.
 - **TotalExpectedBytes**  The total count of bytes that the download is expected to be.
 - **UpdateId**  An identifier associated with the specific piece of content.
+- **UpdateID**  An identifier associated with the specific piece of content.
 - **UpdateImportance**  Indicates whether a piece of content was marked as Important, Recommended, or Optional.
 - **UsedDO**  Whether the download used the delivery optimization service.
 - **UsedSystemVolume**  Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
@@ -5414,7 +5713,6 @@ The following fields are available:
 - **CmdLineArgs**  Command line arguments passed in by the caller.
 - **EventInstanceID**  A globally unique identifier for the event instance.
 - **EventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **Mode**  Indicates the mode that has started.
 - **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
 - **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
 - **WUDeviceID**  Unique device ID controlled by the software distribution client.
@@ -5487,12 +5785,12 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether
 The following fields are available:
 
 - **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl**  URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
-- **EventScenario**  Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
+- **EndpointUrl**  The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
+- **EventScenario**  The purpose of this event, such as scan started, scan succeeded, or scan failed.
 - **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode was not specific enough.
 - **LeafCertId**  The integral ID from the FragmentSigning data for the certificate that failed.
 - **ListOfSHA256OfIntermediateCerData**  A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
-- **MetadataIntegrityMode**  Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **MetadataIntegrityMode**  The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
 - **MetadataSignature**  A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
 - **RawMode**  The raw unparsed mode string from the SLS response. This field is null if not applicable.
 - **RawValidityWindowInDays**  The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
@@ -5503,7 +5801,7 @@ The following fields are available:
 - **SHA256OfLeafCertPublicKey**  A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
 - **SHA256OfTimestampToken**  An encoded string of the timestamp token.
 - **SignatureAlgorithm**  The hash algorithm for the metadata signature.
-- **SLSPrograms**  A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **SLSPrograms**  A test program to which a device may have opted in. Example: Insider Fast
 - **StatusCode**  Result code of the event (success, cancellation, failure code HResult)
 - **TimestampTokenCertThumbprint**  The thumbprint of the encoded timestamp token.
 - **TimestampTokenId**  The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
@@ -5673,7 +5971,6 @@ The following fields are available:
 - **LastAttemptVersion**  The version of the most recent attempted firmware installation.
 - **LowestSupportedFirmwareVersion**  The oldest (lowest) version of firmware supported.
 - **MaxRetryCount**  The maximum number of retries, defined by the firmware class key.
-- **PartA_PrivTags**  The privacy tags associated with the firmware.
 - **RetryCount**  The number of attempted installations (retries), reported by the driver software key.
 - **Status**  The status returned to the PnP (Plug-and-Play) manager.
 - **UpdateAttempted**  Indicates if installation of the current update has been attempted before.
@@ -5692,6 +5989,7 @@ The following fields are available:
 - **ObjectId**  The unique value for each Update Agent mode.
 - **RebootRequired**  Indicates reboot is required.
 - **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result**  The HResult of the event.
 - **RevertResult**  The result code returned for the Revert operation.
 - **ScenarioId**  The ID of the update scenario.
 - **SessionId**  The ID of the update attempt.
@@ -5720,7 +6018,9 @@ This event sends data for the download request phase of updating Windows via the
 
 The following fields are available:
 
+- **ContainsSafeOSDUPackage**  Boolean indicating whether Safe DU packages are part of the payload.
 - **DeletedCorruptFiles**  Boolean indicating whether corrupt payload was deleted.
+- **DownloadComplete**  Indicates if the download is complete.
 - **DownloadRequests**  Number of times a download was retried.
 - **ErrorCode**  The error code returned for the current download request phase.
 - **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
@@ -5770,22 +6070,6 @@ The following fields are available:
 - **UpdateId**  Unique ID for each update.
 
 
-### Update360Telemetry.UpdateAgentFellBackToCanonical
-
-This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
-
-The following fields are available:
-
-- **FlightId**  Unique ID for each flight.
-- **ObjectId**  Unique value for each Update Agent mode.
-- **PackageCount**  Number of packages that feel back to canonical.
-- **PackageList**  PackageIds which fell back to canonical.
-- **RelatedCV**  Correlation vector value generated from the latest USO scan.
-- **ScenarioId**  Indicates the update scenario.
-- **SessionId**  Unique value for each update attempt.
-- **UpdateId**  Unique ID for each update.
-
-
 ### Update360Telemetry.UpdateAgentInitialize
 
 This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile.
@@ -5943,12 +6227,15 @@ The following fields are available:
 
 - **ErrorCode**  The error code returned for the current reboot.
 - **FlightId**  Unique ID for the flight (test instance version).
+- **IsSuspendable**  Indicates whether the update has the ability to be suspended and resumed at the time of reboot. When the machine is rebooted and the update is in middle of Predownload or Install and Setup.exe is running, this field is TRUE, if not its FALSE.
 - **ObjectId**  The unique value for each Update Agent mode.
+- **Reason**  Indicates the HResult why the machine could not be suspended. If it is successfully suspended, the result is 0.
 - **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
 - **Result**  The HResult of the event.
 - **ScenarioId**  The ID of the update scenario.
 - **SessionId**  The ID of the update attempt.
 - **UpdateId**  The ID of the update.
+- **UpdateState**  Indicates the state of the machine when Suspend is called. For example, Install, Download, Commit.
 
 
 ### Update360Telemetry.UpdateAgentSetupBoxLaunch
@@ -5972,11 +6259,29 @@ The following fields are available:
 - **UserSession**  Indicates whether install was invoked by user actions.
 
 
+## Update notification events
+
+### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat
+
+This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat.
+
+The following fields are available:
+
+- **CampaignConfigVersion**  Configuration version for the current campaign.
+- **CampaignID**  Currently campaign that is running on Update Notification Pipeline (UNP).
+- **ConfigCatalogVersion**  Current catalog version of UNP.
+- **ContentVersion**  Content version for the current campaign on UNP.
+- **CV**  Correlation vector.
+- **DetectorVersion**  Most recently run detector version for the current campaign on UNP.
+- **GlobalEventCounter**  Client-side counter that indicates the event ordering sent by the user.
+- **PackageVersion**  Current UNP package version.
+
+
 ## Upgrade events
 
 ### FacilitatorTelemetry.DCATDownload
 
-This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure.
+This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
 
 The following fields are available:
 
@@ -5989,12 +6294,23 @@ The following fields are available:
 - **UpdateId**  The ID of the update that was downloaded.
 
 
+### FacilitatorTelemetry.DUDownload
+
+This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows.
+
+The following fields are available:
+
+- **PackageCategoriesFailed**  Lists the categories of packages that failed to download.
+- **PackageCategoriesSkipped**  Lists the categories of package downloads that were skipped.
+
+
 ### FacilitatorTelemetry.InitializeDU
 
 This event determines whether devices received additional or critical supplemental content during an OS upgrade.
 
 The following fields are available:
 
+- **DCATUrl**  The Delivery Catalog (DCAT) URL we send the request to.
 - **DownloadRequestAttributes**  The attributes we send to DCAT.
 - **ResultCode**  The result returned from the initiation of Facilitator with the URL/attributes.
 - **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
@@ -6004,7 +6320,7 @@ The following fields are available:
 
 ### Setup360Telemetry.Downlevel
 
-This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure.
+This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
 
 The following fields are available:
 
@@ -6201,7 +6517,7 @@ The following fields are available:
 
 - **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
 - **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
-- **Operation**  Facilitator's last known operation (scan, download, etc.).
+- **Operation**  Facilitator’s last known operation (scan, download, etc.).
 - **ReportId**  ID for tying together events stream side.
 - **ResultCode**  Result returned for the entire setup operation.
 - **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
@@ -6285,7 +6601,7 @@ The following fields are available:
 - **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
 - **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
 - **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
 - **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
@@ -6380,27 +6696,16 @@ This event collects data about common platform hardware error recorded by the Wi
 The following fields are available:
 
 - **creatorId**  The unique identifier for the entity that created the error record.
-- **CreatorId**  The unique identifier for the entity that created the error record.
 - **errorFlags**  Any flags set on the error record.
-- **ErrorFlags**  Any flags set on the error record.
 - **notifyType**  The unique identifier for the notification mechanism which reported the error to the operating system.
-- **NotifyType**  The unique identifier for the notification mechanism which reported the error to the operating system.
 - **partitionId**  The unique identifier for the partition on which the hardware error occurred.
-- **PartitionId**  The unique identifier for the partition on which the hardware error occurred.
 - **platformId**  The unique identifier for the platform on which the hardware error occurred.
-- **PlatformId**  The unique identifier for the platform on which the hardware error occurred.
 - **record**  A collection of binary data containing the full error record.
-- **Record**  A collection of binary data containing the full error record.
 - **recordId**  The identifier of the error record.
-- **RecordId**  The identifier of the error record.
 - **sectionFlags**  The flags for each section recorded in the error record.
-- **SectionFlags**  The flags for each section recorded in the error record.
-- **SectionSeverity**  The severity of each individual section.
 - **sectionTypes**  The unique identifier that represents the type of sections contained in the error record.
-- **SectionTypes**  The unique identifier that represents the type of sections contained in the error record.
 - **severityCount**  The severity of each individual section.
 - **timeStamp**  The error time stamp as recorded in the error record.
-- **TimeStamp**  The error time stamp as recorded in the error record.
 
 
 ## Windows Security Center events
@@ -6515,6 +6820,7 @@ The following fields are available:
 
 - **AggregatedPackageFullNames**  Includes a set of package full names for each app that is part of an atomic set.
 - **AttemptNumber**  The total number of attempts to acquire this product.
+- **BundleId**  The identity of the test build (flight) associated with this product.
 - **CategoryId**  The identity of the package or packages being installed.
 - **ClientAppId**  The identity of the app that initiated this operation.
 - **HResult**  HResult code to show the result of the operation (success/failure).
@@ -6524,6 +6830,7 @@ The following fields are available:
 - **IsRemediation**  Is this repairing a previous installation?
 - **IsRestore**  Is this happening after a device restore?
 - **IsUpdate**  Is this an update?
+- **ParentBundleId**  The product identifier of the parent if this product is part of a bundle.
 - **PFN**  Product Family Name of the product being installed.
 - **ProductId**  The Store Product ID for the product being installed.
 - **SystemAttemptNumber**  The number of attempts by the system to acquire this product.
@@ -6822,6 +7129,45 @@ The following fields are available:
 - **PFamN**  The name of the app that is requested for update.
 
 
+## Windows Update CSP events
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed
+
+This event sends basic telemetry on the failure of the Feature Rollback.
+
+The following fields are available:
+
+- **current**  Result of currency check.
+- **dismOperationSucceeded**  Dism uninstall operation status.
+- **hResult**  Failure error code.
+- **oSVersion**  Build number of the device.
+- **paused**  Indicates whether the device is paused.
+- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
+- **sacDevice**  This is the device info.
+- **wUfBConnected**  Result of WUfB connection check.
+
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureNotApplicable
+
+This event sends basic telemetry on whether Feature Rollback (rolling back features updates) is applicable to a device.
+
+The following fields are available:
+
+- **current**  Result of currency check.
+- **dismOperationSucceeded**  Dism uninstall operation status.
+- **oSVersion**  Build number of the device.
+- **paused**  Indicates whether the device is paused.
+- **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
+- **sacDevice**  Represents the device info.
+- **wUfBConnected**  Result of WUfB connection check.
+
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureStarted
+
+This event sends basic information indicating that Feature Rollback has started.
+
+
+
 ## Windows Update Delivery Optimization events
 
 ### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
@@ -6879,6 +7225,7 @@ The following fields are available:
 - **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
 - **cdnIp**  The IP address of the source CDN.
 - **cdnUrl**  Url of the source Content Distribution Network (CDN).
+- **congestionPrevention**  Indicates a download may have been suspended to prevent network congestion.
 - **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
 - **doErrorCode**  The Delivery Optimization error code that was returned.
 - **downlinkBps**  The maximum measured available download bandwidth (in bytes per second).
@@ -6895,6 +7242,7 @@ The following fields are available:
 - **groupConnectionCount**  The total number of connections made to peers in the same group.
 - **internetConnectionCount**  The total number of connections made to peers not in the same LAN or the same group.
 - **isEncrypted**  TRUE if the file is encrypted and will be decrypted after download.
+- **isThrottled**  Indicates the Event Rate was throttled (event represent aggregated data).
 - **isVpn**  Is the device connected to a Virtual Private Network?
 - **jobID**  Identifier for the Windows Update job.
 - **lanConnectionCount**  The total number of connections made to peers in the same LAN.
@@ -6957,6 +7305,7 @@ The following fields are available:
 - **fileSizeCaller**  Value for total file size provided by our caller.
 - **groupID**  ID for the group.
 - **isEncrypted**  Indicates whether the download is encrypted.
+- **isThrottled**  Indicates the Event Rate was throttled (event represent aggregated data).
 - **isVpn**  Indicates whether the device is connected to a Virtual Private Network.
 - **jobID**  The ID of the Windows Update job.
 - **peerID**  The ID for this delivery optimization client.
@@ -7006,6 +7355,122 @@ The following fields are available:
 
 ## Windows Update events
 
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary
+
+This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **activated**  Whether the entire device manifest update is considered activated and in use.
+- **analysisErrorCount**  The number of driver packages that could not be analyzed because errors occurred during analysis.
+- **flightId**  Unique ID for each flight.
+- **missingDriverCount**  The number of driver packages delivered by the device manifest that are missing from the system.
+- **missingUpdateCount**  The number of updates in the device manifest that are missing from the system.
+- **objectId**  Unique value for each diagnostics session.
+- **publishedCount**  The number of drivers packages delivered by the device manifest that are published and available to be used on devices.
+- **relatedCV**  Correlation vector value generated from the latest USO scan.
+- **scenarioId**  Indicates the update scenario.
+- **sessionId**  Unique value for each update session.
+- **summary**  A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match.
+- **summaryAppendError**  A Boolean indicating if there was an error appending more information to the summary string.
+- **truncatedDeviceCount**  The number of devices missing from the summary string because there is not enough room in the string.
+- **truncatedDriverCount**  The number of driver packages missing from the summary string because there is not enough room in the string.
+- **unpublishedCount**  How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices.
+- **updateId**  The unique ID for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit
+
+This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **errorCode**  The error code returned for the current session initialization.
+- **flightId**  The unique identifier for each flight.
+- **objectId**  The unique GUID for each diagnostics session.
+- **relatedCV**  A correlation vector value generated from the latest USO scan.
+- **result**  Outcome of the initialization of the session.
+- **scenarioId**  Identifies the Update scenario.
+- **sessionId**  The unique value for each update session.
+- **updateId**  The unique identifier for each Update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest
+
+This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **deletedCorruptFiles**  Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted.
+- **errorCode**  The error code returned for the current session initialization.
+- **flightId**  The unique identifier for each flight.
+- **objectId**  Unique value for each Update Agent mode.
+- **packageCountOptional**  Number of optional packages requested.
+- **packageCountRequired**  Number of required packages requested.
+- **packageCountTotal**  Total number of packages needed.
+- **packageCountTotalCanonical**  Total number of canonical packages.
+- **packageCountTotalDiff**  Total number of diff packages.
+- **packageCountTotalExpress**  Total number of express packages.
+- **packageSizeCanonical**  Size of canonical packages in bytes.
+- **packageSizeDiff**  Size of diff packages in bytes.
+- **packageSizeExpress**  Size of express packages in bytes.
+- **rangeRequestState**  Represents the state of the download range request.
+- **relatedCV**  Correlation vector value generated from the latest USO scan.
+- **result**  Result of the download request phase of update.
+- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionId**  Unique value for each Update Agent mode attempt.
+- **updateId**  Unique ID for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize
+
+This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **errorCode**  The error code returned for the current session initialization.
+- **flightId**  The unique identifier for each flight.
+- **flightMetadata**  Contains the FlightId and the build being flighted.
+- **objectId**  Unique value for each Update Agent mode.
+- **relatedCV**  Correlation vector value generated from the latest USO scan.
+- **result**  Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled.
+- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionData**  Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **sessionId**  Unique value for each Update Agent mode attempt.
+- **updateId**  Unique ID for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall
+
+This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **errorCode**  The error code returned for the current install phase.
+- **flightId**  The unique identifier for each flight.
+- **objectId**  The unique identifier for each diagnostics session.
+- **relatedCV**  Correlation vector value generated from the latest USO scan.
+- **result**  Outcome of the install phase of the update.
+- **scenarioId**  The unique identifier for the update scenario.
+- **sessionId**  Unique value for each update session.
+- **updateId**  The unique identifier for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
+
+This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **flightId**  The unique identifier for each flight.
+- **mode**  The mode that is starting.
+- **objectId**  The unique value for each diagnostics session.
+- **relatedCV**  Correlation vector value generated from the latest USO scan.
+- **scenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionId**  Unique value for each Update Agent mode attempt.
+- **updateId**  Unique identifier for each update.
+
+
 ### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
 
 This event indicates that a notification dialog box is about to be displayed to user.
@@ -7100,22 +7565,6 @@ The following fields are available:
 - **UtcTime**  The time at which the reboot reminder dialog was shown (in UTC).
 
 
-### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderToast
-
-This event indicates that the Enhanced Engaged restart reminder pop-up banner was displayed.
-
-The following fields are available:
-
-- **DeviceLocalTime**  The local time on the device sending the event.
-- **ETag**  OneSettings versioning value.
-- **ExitCode**  Indicates how users exited the pop-up banner.
-- **RebootVersion**  The version of the reboot logic.
-- **UpdateId**  The ID of the update that is pending restart to finish installation.
-- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
-- **UserResponseString**  The option that the user chose in pop-up banner.
-- **UtcTime**  The time that the pop-up banner was displayed, in Coordinated Universal Time.
-
-
 ### Microsoft.Windows.Update.NotificationUx.RebootScheduled
 
 Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update.
@@ -7147,6 +7596,30 @@ The following fields are available:
 - **wuDeviceid**  Unique device ID used by Windows Update.
 
 
+### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours
+
+This event indicates that update activity was blocked because it is within the active hours window.
+
+The following fields are available:
+
+- **activeHoursEnd**  The end of the active hours window.
+- **activeHoursStart**  The start of the active hours window.
+- **updatePhase**  The current state of the update process.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel
+
+This event indicates that Windows Update activity was blocked due to low battery level.
+
+The following fields are available:
+
+- **batteryLevel**  The current battery charge capacity.
+- **batteryLevelThreshold**  The battery capacity threshold to stop update activity.
+- **updatePhase**  The current state of the update process.
+- **wuDeviceid**  Device ID.
+
+
 ### Microsoft.Windows.Update.Orchestrator.DeferRestart
 
 This event indicates that a restart required for installing updates was postponed.
@@ -7423,6 +7896,32 @@ The following fields are available:
 - **wuDeviceid**  Unique device ID used by Windows Update.
 
 
+### Microsoft.Windows.Update.Orchestrator.SeekerUpdateAvailable
+
+This event defines when an optional update is available for the device to help keep Windows up to date.
+
+The following fields are available:
+
+- **flightID**  The unique identifier of the Windows Insider build on this device.
+- **isFeatureUpdate**  Indicates whether the update is a Feature Update.
+- **revisionNumber**  The revision number of the update.
+- **updateId**  The GUID (Globally Unique Identifier) of the update.
+- **wuDeviceid**  The Windows Update device identifier.
+
+
+### Microsoft.Windows.Update.Orchestrator.SeekUpdate
+
+This event occurs when user initiates "seeker" scan. This helps keep Windows up to date.
+
+The following fields are available:
+
+- **flightID**  The ID of the Windows Insider builds on the device.
+- **isFeatureUpdate**  Indicates that the target of the Seek is a feature update.
+- **revisionNumber**  The revision number of the update.
+- **updateId**  The identifier of the update.
+- **wuDeviceid**  The Windows Update device identifier.
+
+
 ### Microsoft.Windows.Update.Orchestrator.StickUpdate
 
 This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update.
@@ -7449,6 +7948,18 @@ The following fields are available:
 - **wuDeviceid**  Unique device ID used by Windows Update.
 
 
+### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours
+
+This event indicates that update activity was stopped due to active hours starting.
+
+The following fields are available:
+
+- **activeHoursEnd**  The end of the active hours window.
+- **activeHoursStart**  The start of the active hours window.
+- **updatePhase**  The current state of the update process.
+- **wuDeviceid**  The device identifier.
+
+
 ### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorInvalidSignature
 
 This event is sent when an updater has attempted to register a binary that is not signed by Microsoft.
@@ -7460,6 +7971,17 @@ The following fields are available:
 - **wuDeviceid**  Unique device ID used by Windows Update.
 
 
+### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorScheduleWorkInvalidCmd
+
+Event to indicate a critical error with the callback binary requested by the updater
+
+The following fields are available:
+
+- **updaterCmdLine**  The callback executable for the updater.
+- **updaterId**  The ID of the updater.
+- **wuDeviceid**  The Windows Update device identifier.
+
+
 ### Microsoft.Windows.Update.Orchestrator.UnstickUpdate
 
 This event is sent when the update service orchestrator (USO) indicates that the update can be superseded by a newer update.
@@ -7470,6 +7992,16 @@ The following fields are available:
 - **wuDeviceid**  Unique device ID controlled by the software distribution client.
 
 
+### Microsoft.Windows.Update.Orchestrator.UpdateNotApplicableForReserves
+
+This event reports a critical error when using update reserves for OS updates to help keep Windows up to date.
+
+The following fields are available:
+
+- **updateId**  The GUID (Globally Unique Identifier) of the update.
+- **wuDeviceid**  The Windows Update device identifier.
+
+
 ### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
 
 This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows up to date.
@@ -7645,32 +8177,6 @@ The following fields are available:
 
 ## Windows Update mitigation events
 
-### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.General
-
-This event provides information about application properties to indicate the successful execution.
-
-The following fields are available:
-
-- **AppMode**  Indicates the mode the app is being currently run around privileges.
-- **ExitCode**  Indicates the exit code of the app.
-- **Help**  Indicates if the app needs to be launched in the help mode.
-- **ParseError**  Indicates if there was a parse error during the execution.
-- **RightsAcquired**  Indicates if the right privileges were acquired for successful execution.
-- **RightsWereEnabled**  Indicates if the right privileges were enabled for successful execution.
-- **TestMode**  Indicates whether the app is being run in test mode.
-
-
-### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.GetCount
-
-This event provides information about the properties of user accounts in the Administrator group.
-
-The following fields are available:
-
-- **Internal**  Indicates the internal property associated with the count group.
-- **LastError**  The error code (if applicable) for the cause of the failure to get the count of the user account.
-- **Result**  The HResult error.
-
-
 ### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
 
 This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates.
@@ -7695,6 +8201,28 @@ The following fields are available:
 - **WuId**  Unique ID for the Windows Update client.
 
 
+### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints
+
+This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates.
+
+The following fields are available:
+
+- **ClientId**  In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightId**  Unique identifier for each flight.
+- **InstanceId**  Unique GUID that identifies each instances of setuphost.exe.
+- **MitigationScenario**  The update scenario in which the mitigation was executed.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **ReparsePointsFailed**  Number of reparse points that are corrupted but we failed to fix them.
+- **ReparsePointsFixed**  Number of reparse points that were corrupted and were fixed by this mitigation.
+- **ReparsePointsSkipped**  Number of reparse points that are not corrupted and no action is required.
+- **Result**  HResult of this operation.
+- **ScenarioId**  ID indicating the mitigation scenario.
+- **ScenarioSupported**  Indicates whether the scenario was supported.
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each Update.
+- **WuId**  Unique ID for the Windows Update client.
+
+
 ### Mitigation360Telemetry.MitigationCustom.FixupEditionId
 
 This event sends data specific to the FixupEditionId mitigation used for OS updates.
@@ -7747,12 +8275,6 @@ The following fields are available:
 - **ReserveId**  The ID of the reserve that needs to be cleared.
 
 
-### Microsoft.Windows.UpdateReserveManager.ClearSoftReserve
-
-This event is sent when the Update Reserve Manager clears the contents of the soft reserve.
-
-
-
 ### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
 
 This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending.
@@ -7801,6 +8323,7 @@ The following fields are available:
 - **FallbackInitUsed**  Indicates whether fallback initialization is used.
 - **FinalUserFreeSpace**  The amount of user free space after initialization.
 - **Flags**  The flags used in the initialization of Update Reserve Manager.
+- **FreeSpaceToLeaveInUpdateScratch**  The amount of space that should be left free after using the reserves.
 - **HardReserveFinalSize**  The final size of the hard reserve.
 - **HardReserveFinalUsedSpace**  The used space in the hard reserve.
 - **HardReserveInitialSize**  The size of the hard reserve after initialization.
@@ -7841,6 +8364,7 @@ This event is sent when the Update Reserve Manager prepares the Trusted Installe
 
 The following fields are available:
 
+- **FallbackLogicUsed**  Indicates whether fallback logic was used for initialization.
 - **Flags**  The flags that are passed to the function to prepare the Trusted Installer for reserve initialization.
 
 
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 260868ca64..52f53de9e4 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -20,9 +20,9 @@ ms.date: 04/29/2019
 
 **Applies to**
 
--   Windows 10 Enterprise
--   Windows 10 Mobile
--   Windows Server
+- Windows 10 Enterprise
+- Windows 10 Mobile
+- Windows Server
 
 This article applies to Windows and Windows Server diagnostic data only. It describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
 
@@ -54,6 +54,7 @@ Windows as a Service is a fundamental change in how Microsoft plans, builds, and
 The release cadence of Windows may be fast, so feedback is critical to its success. We rely on diagnostic data at each stage of the process to inform our decisions and prioritize our efforts.
 
 ### What is Windows diagnostic data?
+
 Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways:
 
 - Keep Windows up to date
@@ -71,9 +72,10 @@ Here are some specific examples of Windows diagnostic data:
 
 Diagnostic data can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a user’s location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the user’s request.
 
-There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash).    On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
+There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash).  
+On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
 
-If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
+If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services/).
 
 The following are specific examples of functional data:
 
@@ -90,6 +92,7 @@ Windows and Windows Server diagnostic data gives every user a voice in the opera
 Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
 
 #### Real-world example of how Windows diagnostic data helps
+
 There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders’ devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
 
 ### Improve end-user productivity
@@ -104,20 +107,19 @@ Windows diagnostic data also helps Microsoft better understand how customers use
 
 ### Insights into your own organization
 
-Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better. Microsoft provides a set of solutions that leverage information shared by customers to provide insights customized for your internal use. The first of these was [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), followed by [Desktop Analytics](https://aka.ms/DADocs) (coming soon). Both help organizations with [Windows as a Service](/windows/deployment/update/wass-overview) adoption and potential compatibility challenges. For E5 customers, [Microsoft Defender Advanced Threat Protection](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
-
+Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better. Microsoft provides a set of solutions that leverage information shared by customers to provide insights customized for your internal use. The first of these was [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), followed by [Desktop Analytics](https://aka.ms/DADocs). Both help organizations with [Windows as a Service](/windows/deployment/update/wass-overview) adoption and potential compatibility challenges. For E5 customers, [Microsoft Defender Advanced Threat Protection](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 
 ## How Microsoft handles diagnostic data
 
 The diagnostic data is categorized into four levels:
 
--   [**Security**](#security-level). Information that’s required to help keep Windows and Windows Server secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
+- [**Security**](#security-level). Information that’s required to help keep Windows and Windows Server secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
 
--   [**Basic**](#basic-level). Basic device info, including: quality-related data, app compatibility, and data from the **Security** level.
+- [**Basic**](#basic-level). Basic device info, including: quality-related data, app compatibility, and data from the **Security** level.
 
--   [**Enhanced**](#enhanced-level). Additional insights, including: how Windows, Windows Server, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels.
+- [**Enhanced**](#enhanced-level). Additional insights, including: how Windows, Windows Server, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels.
 
--   [**Full**](#full-level). Includes information about the websites you browse, how you use apps and features, plus additional information about device health, device activity (sometimes referred to as usage), and enhanced error reporting. At Full, Microsoft also collects the memory state of your device when a system or app crash occurs. It includes data from the **Security**, **Basic**, and **Enhanced** levels.
+- [**Full**](#full-level). Includes information about the websites you browse, how you use apps and features, plus additional information about device health, device activity (sometimes referred to as usage), and enhanced error reporting. At Full, Microsoft also collects the memory state of your device when a system or app crash occurs. It includes data from the **Security**, **Basic**, and **Enhanced** levels.
 
 Diagnostic data levels are cumulative, meaning each subsequent level includes data collected through lower levels. For more information see the [Diagnostic data levels](#diagnostic-data-levels) section.
 
@@ -126,9 +128,9 @@ Diagnostic data levels are cumulative, meaning each subsequent level includes da
 Windows 10 and Windows Server includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
 
 1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces.
-2. Events are gathered using public operating system event logging and tracing APIs.
-3. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings.
-4. The Connected User Experiences and Telemetry component transmits the diagnostic data.
+1. Events are gathered using public operating system event logging and tracing APIs.
+1. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings.
+1. The Connected User Experiences and Telemetry component transmits the diagnostic data.
 
 Info collected at the Enhanced and Full levels of diagnostic data is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.
 
@@ -136,7 +138,7 @@ Info collected at the Enhanced and Full levels of diagnostic data is typically g
 
 All diagnostic data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks.
 
-The data transmitted at the Basic and Enhanced data diagnostic levels is quite small; typically less than 1 MB per device per day,  but occasionally up to 2 MB per device per day).
+The data transmitted at the Basic and Enhanced data diagnostic levels is quite small; typically less than 1 MB per device per day,  but occasionally up to 2 MB per device per day.
 
 ### Endpoints
 
@@ -149,24 +151,23 @@ For a complete list of diagnostics endpoints leveraged by Microsoft Defender Adv
 
 The following table defines the endpoints for Connected User Experiences and Telemetry component:
 
-| Windows release                                                                     | Endpoint                                                                            |
-| ----------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
-| Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed    | **Diagnostics data:** v10c.vortex-win.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com |
-| Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | **Diagnostics data:** v10.events.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com      |
-| Windows 10, version 1709 or earlier                                                 | **Diagnostics data:** v10.vortex-win.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com  |
+| Windows release | Endpoint |
+| - | - |
+| Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed | **Diagnostics data:** v10c.vortex-win.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com |
+| Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | **Diagnostics data:** v10.events.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com |
+| Windows 10, version 1709 or earlier | **Diagnostics data:** v10.vortex-win.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com  |
 
 The following table defines **additional diagnostics endpoints** not covered by services in the links above:
 
-| Service | Endpoint                                                                            |
-| ----------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
-| Onedrive app for Windows 10    | https://vortex.data.microsoft.com/collect/v1 |
-
+| Service | Endpoint |
+| - | - |
+| OneDrive app for Windows 10 |  |
 
 The following table defines the endpoints for other diagnostic data services:
 
 | Service | Endpoint |
 | - | - |
-| [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | 
+| [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
 | | ceuswatcab01.blob.core.windows.net |
 | | ceuswatcab02.blob.core.windows.net |
 | | eaus2watcab01.blob.core.windows.net |
@@ -175,7 +176,7 @@ The following table defines the endpoints for other diagnostic data services:
 | | weus2watcab02.blob.core.windows.net |
 | [Online Crash Analysis](https://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
 | OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
-| Microsoft Defender Advanced Threat Protection |  https://wdcp.microsoft.com
https://wdcpalt.microsoft.com |
+| Microsoft Defender Advanced Threat Protection | 
 |
 
 ### Data use and access
 
@@ -191,11 +192,10 @@ Microsoft believes in and practices information minimization. We strive to gathe
 
 Sharing diagnostic data with Microsoft is enabled by default on Windows 10, 1903 and later. Sharing this data provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
 
-Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available.
+Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available.
 
 IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level.  If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy sets the upper boundary for the users’ choices. To disable user choice after setting the level with the policy, you will need to use the "Configure telemetry opt-in setting user interface" group policy. The remainder of this article describes how to use group policy to configure levels and settings interface.
 
-
 #### Manage your diagnostic data settings
 
 Use the steps in this article to set and/or adjust the diagnostic data settings for Windows and Windows Server in your organization.
@@ -225,41 +225,41 @@ Use the appropriate value in the table below when you configure the management p
 
 Use a Group Policy object to set your organization’s diagnostic data level.
 
-1.  From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
+1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
 
-2.  Double-click **Allow Telemetry**.
+1. Double-click **Allow Telemetry**.
 
-3.  In the **Options** box, select the level that you want to configure, and then click **OK**.
+1. In the **Options** box, select the level that you want to configure, and then click **OK**.
 
 ### Use MDM to set the diagnostic data level
 
-Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy.
+Use the [Policy Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) to apply the System/AllowTelemetry MDM policy.
 
 ### Use Registry Editor to set the diagnostic data level
 
 Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
 
-1.  Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
+1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
 
-2.  Right-click **DataCollection**, click New, and then click **DWORD (32-bit) Value**.
+1. Right-click **DataCollection**, click New, and then click **DWORD (32-bit) Value**.
 
-3.  Type **AllowTelemetry**, and then press ENTER.
+1. Type **AllowTelemetry**, and then press ENTER.
 
-4.  Double-click **AllowTelemetry**, set the desired value from the table above, and then click **OK.**
+1. Double-click **AllowTelemetry**, set the desired value from the table above, and then click **OK.**
 
-5.  Click **File** > **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization.
+1. Click **File** > **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization.
 
 ### Additional diagnostic data controls
 
 There are a few more settings that you can turn off that may send diagnostic data information:
 
--   To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](https://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/).
+- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/index/).
 
--   Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** > **Update & security** > **Windows Defender**.
+- Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** > **Update & security** > **Windows Defender**.
 
--   Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716).
+- Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716).
 
--   Turn off **Improve inking and typing** in **Settings** > **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
+- Turn off **Improve inking and typing** in **Settings** > **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
 
     > [!NOTE]
     > Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
@@ -275,23 +275,23 @@ The Security level gathers only the diagnostic data info that is required to kee
 > [!NOTE]
 > If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
 
-Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is diagnostic data about Windows Server features or System Center gathered.
+Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager functionality is not affected at this level, nor is diagnostic data about Windows Server features or System Center gathered.
 
 The data gathered at this level includes:
 
--   **Connected User Experiences and Telemetry component settings**. If general diagnostic data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
+- **Connected User Experiences and Telemetry component settings**. If general diagnostic data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
 
--   **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
+- **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
 
     > [!NOTE]
     > You can turn off the MSRT infection report. No MSRT information is included if MSRT is not used. If Windows Update is turned off, MSRT will not be offered to users. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716).
 
--   **Windows Defender/Endpoint Protection**. Windows Defender and System Center Endpoint Protection requires some information to function, including: anti-malware signatures, diagnostic information, User Account Control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address.
+- **Windows Defender/Endpoint Protection**. Windows Defender and System Center Endpoint Protection requires some information to function, including: anti-malware signatures, diagnostic information, User Account Control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address.
 
     > [!NOTE]
     > This reporting can be turned off and no information is included if a customer is using third-party antimalware software, or if Windows Defender is turned off. For more info, see [Windows Defender](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender).
 
-    Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, System Center Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.
+    Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, Microsoft Endpoint Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.
 
 For servers with default diagnostic data settings and no Internet connectivity, you should set the diagnostic data level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity.
 
@@ -307,42 +307,34 @@ The normal upload range for the Basic diagnostic data level is between 109 KB -
 
 The data gathered at this level includes:
 
--   **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Servers in the ecosystem. Examples include:
+- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Servers in the ecosystem. Examples include:
 
-    -   Device attributes, such as camera resolution and display type
+  - Device attributes, such as camera resolution and display type
+  - Internet Explorer version
+  - Battery attributes, such as capacity and type
+  - Networking attributes, such as number of network adapters, speed of network adapters, mobile operator network, and IMEI number
+  - Processor and memory attributes, such as number of cores, architecture, speed, memory size, and firmware
+  - Virtualization attribute, such as Second Level Address Translation (SLAT) support and guest operating system
+  - Operating system attributes, such as Windows edition and virtualization state
+  - Storage attributes, such as number of drives, type, and size
 
-    -   Internet Explorer version
+- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time.
 
-    -   Battery attributes, such as capacity and type
+- **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app.
 
-    -   Networking attributes, such as number of network adapters, speed of network adapters, mobile operator network, and IMEI number
+- **Compatibility data**. Helps provide an understanding about which apps are installed on a device or virtual machine and identifies potential compatibility problems.
 
-    -   Processor and memory attributes, such as number of cores, architecture, speed, memory size, and firmware
+  - **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage.
 
-    -   Virtualization attribute, such as Second Level Address Translation (SLAT) support and guest operating system
+  - **Internet Explorer add-ons**. Includes a list of Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade.
 
-    -   Operating system attributes, such as Windows edition and virtualization state
+  - **System data**. Helps provide an understanding about whether a device meets the minimum requirements to upgrade to the next version of the operating system. System information includes the amount of memory, as well as information about the processor and BIOS.
 
-    -   Storage attributes, such as number of drives, type, and size
+  - **Accessory device data**. Includes a list of accessory devices, such as printers or external storage devices, that are connected to Windows PCs and whether these devices will function after upgrading to a new version of the operating system.
 
--   **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time.
-
--   **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app.
-
--   **Compatibility data**. Helps provide an understanding about which apps are installed on a device or virtual machine and identifies potential compatibility problems.
-
-    -   **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage.
-
-    -   **Internet Explorer add-ons**. Includes a list of Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade.
-
-    -   **System data**. Helps provide an understanding about whether a device meets the minimum requirements to upgrade to the next version of the operating system. System information includes the amount of memory, as well as information about the processor and BIOS.
-
-    -   **Accessory device data**. Includes a list of accessory devices, such as printers or external storage devices, that are connected to Windows PCs and whether these devices will function after upgrading to a new version of the operating system.
-
-    -   **Driver data**. Includes specific driver usage that’s meant to help figure out whether apps and devices will function after upgrading to a new version of the operating system. This can help to determine blocking issues and then help Microsoft and our partners apply fixes and improvements.
-
--   **Microsoft Store**. Provides information about how the Microsoft Store performs, including app downloads, installations, and updates. It also includes Microsoft Store launches, page views, suspend and resumes, and obtaining licenses.
+  - **Driver data**. Includes specific driver usage that’s meant to help figure out whether apps and devices will function after upgrading to a new version of the operating system. This can help to determine blocking issues and then help Microsoft and our partners apply fixes and improvements.
 
+- **Microsoft Store**. Provides information about how the Microsoft Store performs, including app downloads, installations, and updates. It also includes Microsoft Store launches, page views, suspend and resumes, and obtaining licenses.
 
 ### Enhanced level
 
@@ -354,13 +346,13 @@ The normal upload range for the Enhanced diagnostic data level is between 239 KB
 
 The data gathered at this level includes:
 
--   **Operating system events**. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.
+- **Operating system events**. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.
 
--   **Operating system app events**. A set of events resulting from Microsoft applications and management tools that were downloaded from the Store or pre-installed with Windows or Windows Server, including Server Manager, Photos, Mail, and Microsoft Edge.
+- **Operating system app events**. A set of events resulting from Microsoft applications and management tools that were downloaded from the Store or pre-installed with Windows or Windows Server, including Server Manager, Photos, Mail, and Microsoft Edge.
 
--   **Device-specific events**. Contains data about events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events.
+- **Device-specific events**. Contains data about events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events.
 
--   **Some crash dump types**. All crash dump types, except for heap dumps and full dumps.
+- **Some crash dump types**. All crash dump types, except for heap dumps and full dumps.
 
 If the Connected User Experiences and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experiences and Telemetry component at the **Enhanced** diagnostic data level will only gather data about the events associated with the specific issue.
 
@@ -374,11 +366,11 @@ If a device experiences problems that are difficult to identify or repeat using
 
 However, before more data is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
 
--   Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
+- Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
 
--   Ability to get registry keys.
+- Ability to get registry keys.
 
--   All crash dump types, including heap dumps and full dumps.
+- All crash dump types, including heap dumps and full dumps.
 
 > [!NOTE]
 > Crash dumps collected at this diagnostic data level may unintentionally contain personal data, such as portions of memory from a documents, a web page, etc.
@@ -387,7 +379,7 @@ However, before more data is gathered, Microsoft’s privacy governance team, in
 
 > [!IMPORTANT]
 > The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported.
-> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
+> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement).
 
 Desktop Analytics reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events.
 
@@ -414,7 +406,7 @@ With the retirement of Windows Analytics, this policy will continue to be suppor
 
     -AND-
 
-2. Enable the **LimitEnhancedDiagnosticDataWindowsAnalytics** setting, using either Group Policy or MDM.
+1. Enable the **LimitEnhancedDiagnosticDataWindowsAnalytics** setting, using either Group Policy or MDM.
 
     a. Using Group Policy, set the **Computer Configuration/Administrative Templates/Windows Components/Data collection and Preview builds/Limit Enhanced diagnostic data to the minimum required by Windows Analytics** setting to **Enabled**.
 
diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md
index 31d91bd6a5..64cfa25866 100644
--- a/windows/privacy/diagnostic-data-viewer-overview.md
+++ b/windows/privacy/diagnostic-data-viewer-overview.md
@@ -21,8 +21,7 @@ ms.reviewer:
 
 **Applies to**
 
--   Windows 10, version 1809
--   Windows 10, version 1803
+-   Windows 10, version 1803 and newer
 
 ## Introduction
 The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json
index 55e655b1dc..f7ff32cbfe 100644
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@@ -40,11 +40,12 @@
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
       "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
       "_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.privacy",
-                          "folder_relative_path_in_docset": "./"
-			}
-		}
+        "./": {
+          "depot_name": "MSDN.privacy",
+                            "folder_relative_path_in_docset": "./"
+        }
+      },
+      "titleSuffix": "Windows Privacy"
     },
     "fileMetadata": {},
     "template": [],
diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md
index b268fb53f1..892203bace 100644
--- a/windows/privacy/gdpr-it-guidance.md
+++ b/windows/privacy/gdpr-it-guidance.md
@@ -19,13 +19,9 @@ ms.reviewer:
 # Windows and the GDPR: Information for IT Administrators and Decision Makers
 
 Applies to:
-- Windows 10, version 1809
-- Windows 10, version 1803
-- Windows 10, version 1709
-- Windows 10, version 1703
+- Windows 10, version 1703 and newer
 - Windows 10 Team Edition, version 1703 for Surface Hub
-- Windows Server 2019
-- Windows Server 2016
+- Windows Server 2016 and newer
 - Desktop Analytics
 
 This topic provides IT Decision Makers with a basic understanding of the relationship between users in an organization and Microsoft in the context of the GDPR (General Data Protection Regulation). You will also learn what role an IT organization plays for that relationship.
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index ef6d2bf3ee..206a70414f 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1413,7 +1413,11 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for
 
   -or-
 
-- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
+- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)**
+
+  -and-
+ 
+- Set **RestrictImplicitInkCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)*
 
 
 ### 18.22 Activity History
diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md
index ae5da4bba4..28c2ac9038 100644
--- a/windows/privacy/manage-windows-1709-endpoints.md
+++ b/windows/privacy/manage-windows-1709-endpoints.md
@@ -1,5 +1,5 @@
 ---
-title: Connection endpoints for Windows 10, version 1709
+title: Connection endpoints for Windows 10 Enterprise, version 1709
 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
@@ -15,11 +15,11 @@ ms.topic: article
 ms.date: 6/26/2018
 ms.reviewer: 
 ---
-# Manage connection endpoints for Windows 10, version 1709
+# Manage connection endpoints for Windows 10 Enterprise, version 1709
 
 **Applies to**
 
-- Windows 10, version 1709
+- Windows 10 Enterprise, version 1709
 
 Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
 
diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md
index 2ad044d990..cb80bc42cd 100644
--- a/windows/privacy/manage-windows-1803-endpoints.md
+++ b/windows/privacy/manage-windows-1803-endpoints.md
@@ -15,11 +15,11 @@ ms.topic: article
 ms.date: 6/26/2018
 ms.reviewer: 
 ---
-# Manage connection endpoints for Windows 10, version 1803
+# Manage connection endpoints for Windows 10 Enterprise, version 1803
 
 **Applies to**
 
-- Windows 10, version 1803
+- Windows 10 Enterprise, version 1803
 
 Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
 
diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md
index 3e1def041d..83bf617928 100644
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@@ -15,11 +15,11 @@ ms.topic: article
 ms.date: 6/26/2018
 ms.reviewer: 
 ---
-# Manage connection endpoints for Windows 10, version 1809
+# Manage connection endpoints for Windows 10 Enterprise, version 1809
 
 **Applies to**
 
-- Windows 10, version 1809
+- Windows 10 Enterprise, version 1809
 
 Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
 
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
index 67ba2be075..2151461b3a 100644
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -169,7 +169,6 @@ The following methodology was used to derive these network endpoints:
 |||HTTPS|*.update.microsoft.com|
 ||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS|tsfe.trafficshaping.dsp.mp.microsoft.com|
 
-
 ## Other Windows 10 editions
 
 To view endpoints for other versions of Windows 10 Enterprise, see:
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 04e1b3af64..50ebcf0f14 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -19,11 +19,9 @@ ms.date: 05/21/2019
 # Windows 10 & Privacy Compliance:
A Guide for IT and Compliance Professionals
 
 Applies to:
-- Windows 10, version 1903
-- Windows 10, version 1809
+- Windows 10, version 1809 and newer
 - Windows 10 Team Edition, version 1703 for Surface Hub
-- Windows Server 2019
-- Windows Server 2016
+- Windows Server 2016 and newer
 - Windows Analytics
 
 For more information about the GDPR, see:
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index a8f66dc068..85c77ad883 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -12,13 +12,14 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 04/15/2019
+ms.date: 12/04/2019
 ms.reviewer: 
 ---
 
 # Windows 10, version 1709 and newer diagnostic data for the Full level
 
 Applies to:
+- Windows 10, version 1909
 - Windows 10, version 1903
 - Windows 10, version 1809
 - Windows 10, version 1803
@@ -248,7 +249,7 @@ This type of data includes details about the health of the device, operating sys
 [Pseudonymized](#pseudo) Product and Service Performance data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
 
 - Data about the reliability of content that appears in the [Windows Spotlight](https://docs.microsoft.com/windows/configuration/windows-spotlight) (rotating lock screen images) is used for Windows Spotlight reliability investigations.
-- Timing data about how quickly Cortana responds to voice commands is used to improve Cortana listening peformance.
+- Timing data about how quickly Cortana responds to voice commands is used to improve Cortana listening performance.
 - Timing data about how quickly the facial recognition feature starts up and finishes is used to improve facial recognition performance.
 - Data about when an Application Window fails to appear is used to investigate issues with Application Window reliability and performance.
 
diff --git a/windows/privacy/windows-personal-data-services-configuration.md b/windows/privacy/windows-personal-data-services-configuration.md
index 93c2b4da00..1366bdd1e6 100644
--- a/windows/privacy/windows-personal-data-services-configuration.md
+++ b/windows/privacy/windows-personal-data-services-configuration.md
@@ -19,7 +19,7 @@ ms.reviewer:
 # Windows 10 personal data services configuration
 
 Applies to:
-- Windows 10, version 1803
+- Windows 10, version 1803 and newer
 
 Microsoft assembled a list of Windows 10 services configuration settings that are useful for personal data privacy protection and related regulations, such as the General Data Protection Regulation (GDPR). There is one section with settings for service data that is managed at Microsoft and a section for local data that is managed by an IT organization.
 
diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
index 5e8590a6eb..f6351c2c0b 100644
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@@ -1,10 +1,10 @@
 ### YamlMime:YamlDocument
 
 documentType: LandingData
-title: Resolved issues in Windows 10 version 1809 & Windows Server 2019
+title: Resolved issues in Windows 10, version 1809 and Windows Server 2019
 metadata:
   document_id: 
-  title: Resolved issues in Windows 10 version 1809 and Windows Server 2019
+  title: Resolved issues in Windows 10, version 1809 and Windows Server 2019
   description: Resolved issues in Windows 10, version 1809 or Windows Server 2019
   keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10 1809"]
   ms.localizationpriority: high
diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml
index 89f8b611f6..dffdd5ba5f 100644
--- a/windows/release-information/resolved-issues-windows-10-1903.yml
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@@ -32,6 +32,7 @@ sections:
   - type: markdown
     text: "
       
+      
@@ -60,10 +61,6 @@ sections:
       
-      
-      
-      
-      
SummaryOriginating updateStatusDate resolved
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18362.356

September 10, 2019
KB4515384		Resolved
KB4530684		December 10, 2019 
10:00 AM PT

       
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. 

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 22, 2019 
04:10 PM PT

       
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 15, 2019 
05:59 PM PT

       
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive error code 0x80073701.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
November 12, 2019 
08:11 AM PT
Error attempting to update with external USB device or memory card attached 
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019 
01:53 PM PT

       
Audio not working with Dolby Atmos headphones and home theater 
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019 
01:53 PM PT

       
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved
KB4501375		June 27, 2019 
10:00 AM PT
Duplicate folders and documents showing in user profile directory
An empty folder with the same name may be created if known folders (e.g. Desktop, Documents) are redirected.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4497935		May 29, 2019 
02:00 PM PT
Older versions of BattlEye anti-cheat software incompatible
Users may experience a compatibility issue with some games that use older versions of BattlEye anti-cheat software.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
June 07, 2019 
04:26 PM PT
D3D applications and games may fail to enter full-screen mode on rotated displays
Some Direct3D (D3D) applications and games may fail to enter full-screen mode on rotated displays.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4497935		May 29, 2019 
02:00 PM PT
AMD RAID driver incompatibility  
Devices running certain AMD RAID drivers may have difficulty installing the Windows 10, version 1903 update.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
June 06, 2019 
11:06 AM PT

       

       "
 
@@ -79,6 +76,7 @@ sections:
   - type: markdown
     text: "
       
+      
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4530684.

Back to top		OS Build 18362.356

September 10, 2019
KB4515384		Resolved
KB4530684		Resolved:
December 10, 2019 
10:00 AM PT

Opened:
October 29, 2019 
05:15 PM PT

       
Unable to discover or connect to Bluetooth devices using some Qualcomm adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Resolution: This issue was resolved in KB4517389 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4517389		Resolved:
October 08, 2019 
10:00 AM PT

Opened:
October 25, 2019 
04:21 PM PT

       

       "
@@ -148,9 +146,5 @@ sections:
       
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
Resolved:
July 11, 2019 
01:54 PM PT

Opened:
May 24, 2019 
03:10 PM PT
       
Error attempting to update with external USB device or memory card attached 
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
Resolved:
July 11, 2019 
01:53 PM PT

Opened:
May 21, 2019 
07:38 AM PT
       
Audio not working with Dolby Atmos headphones and home theater 
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
Resolved:
July 11, 2019 
01:53 PM PT

Opened:
May 21, 2019 
07:16 AM PT
-      
Duplicate folders and documents showing in user profile directory
If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ?This issue does not cause any user files to be deleted and a solution is in progress.

To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.
(Posted June 11, 2019)

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4497935Resolved:
May 29, 2019 
02:00 PM PT

Opened:
May 21, 2019 
07:16 AM PT
-      
Older versions of BattlEye anti-cheat software incompatible
Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.

To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device. 

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Before updating your machine, we recommend you do one or more of the following:

  • Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.
  • Restart your system and open the game again.
  • Uninstall BattlEye using https://www.battleye.com/downloads/UninstallBE.exe, and then reopen your game.
  • Uninstall and reinstall your game.
Resolution: This issue was resolved externally by BattlEye for all known impacted games. For a list of recent games that use BattlEye, go to https://www.battleye.com/. We recommend following the workaround before updating to Windows 10, version 1903, as games with incompatible versions of BattleEye may fail to open after updating Windows. If you have confirmed your game is up to date and you have any issues with opening games related to a BattlEye error, please see https://www.battleye.com/support/faq/.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
Resolved:
June 07, 2019 
04:26 PM PT

Opened:
May 21, 2019 
07:34 AM PT
-      
D3D applications and games may fail to enter full-screen mode on rotated displays
Some Direct3D (D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Resolution: This issue was resolved in KB4497935

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4497935Resolved:
May 29, 2019 
02:00 PM PT

Opened:
May 21, 2019 
07:05 AM PT
-      
AMD RAID driver incompatibility  
Microsoft and AMD have identified an incompatibility with AMD RAID driver versions earlier than 9.2.0.105. When you attempt to install the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following:
AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode.
“A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”
 
To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue has been resolved externally by AMD. To resolve this issue, you will need to download the latest AMD RAID drivers directly from AMD at https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399. The drivers must be version 9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update.
 
Note The safeguard hold will remain in place on machines with the older AMD RAID drivers. We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
Resolved:
June 06, 2019 
11:06 AM PT

Opened:
May 21, 2019 
07:12 AM PT
       
       "
diff --git a/windows/release-information/resolved-issues-windows-10-1909.yml b/windows/release-information/resolved-issues-windows-10-1909.yml
index 002f9b5358..a1e9bd5092 100644
--- a/windows/release-information/resolved-issues-windows-10-1909.yml
+++ b/windows/release-information/resolved-issues-windows-10-1909.yml
@@ -32,6 +32,7 @@ sections:
   - type: markdown
     text: "
       
+      
SummaryOriginating updateStatusDate resolved
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved
KB4530684		December 10, 2019 
10:00 AM PT

       
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. 

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved External
November 22, 2019 
04:10 PM PT

       
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved External
November 15, 2019 
05:59 PM PT

       

@@ -44,6 +45,15 @@ sections:
         

         
 
       "
+- title: October 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4530684.

Back to top		OS Build 18363.476

November 12, 2019
KB4524570		Resolved
KB4530684		Resolved:
December 10, 2019 
10:00 AM PT

Opened:
October 29, 2019 
05:15 PM PT

+      "
+
 - title: May 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml
index 85acf35ce0..780532c8fb 100644
--- a/windows/release-information/status-windows-10-1507.yml
+++ b/windows/release-information/status-windows-10-1507.yml
@@ -61,7 +61,6 @@ sections:
     text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.


       
-      
SummaryOriginating updateStatusLast updated

       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 10240.18368

October 08, 2019
KB4520011		Mitigated External
November 05, 2019 
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 10240.18215

May 14, 2019
KB4499154		Investigating
KB4505051		May 16, 2019 
06:41 PM PT

       
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019 
02:00 PM PT

       

       "
@@ -82,15 +81,6 @@ sections:
       
       "
 
-- title: May 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 10240.18215

May 14, 2019
KB4499154		Investigating
KB4505051		Last updated:
May 16, 2019 
06:41 PM PT

Opened:
May 16, 2019 
01:57 PM PT

-      "
-
 - title: January 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
index 45080603e4..b7c13357d2 100644
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@@ -61,7 +61,6 @@ sections:
     text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.


       
-      
@@ -84,15 +83,6 @@ sections:
       
SummaryOriginating updateStatusLast updated

       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 14393.3274

October 08, 2019
KB4519998		Mitigated External
November 05, 2019 
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 14393.2969

May 14, 2019
KB4494440		Investigating
KB4505052		May 16, 2019 
06:41 PM PT

       
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019 
02:00 PM PT

       
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019 
10:00 AM PT

       
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019 
02:00 PM PT

       "
 
-- title: May 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 14393.2969

May 14, 2019
KB4494440		Investigating
KB4505052		Last updated:
May 16, 2019 
06:41 PM PT

Opened:
May 16, 2019 
01:57 PM PT

-      "
-
 - title: January 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml
index 098a7ef42d..20cdc6691b 100644
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@@ -62,7 +62,6 @@ sections:
       
-      
SummaryOriginating updateStatusLast updated

       
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 16299.1387

September 10, 2019
KB4516066		Mitigated
November 12, 2019 
08:05 AM PT

       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 16299.1451

October 08, 2019
KB4520004		Mitigated External
November 05, 2019 
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 16299.1143

May 14, 2019
KB4498946		Investigating
KB4505062		May 16, 2019 
06:41 PM PT

       
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019 
02:00 PM PT

       

       "
@@ -92,15 +91,6 @@ sections:
       
       "
 
-- title: May 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 16299.1143

May 14, 2019
KB4498946		Investigating
KB4505062		Last updated:
May 16, 2019 
06:41 PM PT

Opened:
May 16, 2019 
01:57 PM PT

-      "
-
 - title: January 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml
index 0f9feb0c89..259b1f258f 100644
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@@ -66,7 +66,6 @@ sections:
       
-      
SummaryOriginating updateStatusLast updated

       
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17134.1006

September 10, 2019
KB4516058		Mitigated
November 12, 2019 
08:05 AM PT

       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 17134.1069

October 08, 2019
KB4520008		Mitigated External
November 05, 2019 
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 17134.765

May 14, 2019
KB4499167		Investigating
KB4505064		May 16, 2019 
06:41 PM PT

       
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Mitigated
April 25, 2019 
02:00 PM PT

       

       "
@@ -96,15 +95,6 @@ sections:
       
       "
 
-- title: May 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 17134.765

May 14, 2019
KB4499167		Investigating
KB4505064		Last updated:
May 16, 2019 
06:41 PM PT

Opened:
May 16, 2019 
01:57 PM PT

-      "
-
 - title: January 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
index 6129fbe2f0..88e42ce4a7 100644
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@@ -67,10 +67,8 @@ sections:
       
Microsoft Defender Advanced Threat Protection might stop running
The Microsoft Defender ATP service might stop running and might fail to send reporting data.

See details >OS Build 17763.832

October 15, 2019
KB4520062Resolved
KB4523205November 12, 2019 
10:00 AM PT
       
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >OS Build 17763.737

September 10, 2019
KB4512578Mitigated
November 12, 2019 
08:05 AM PT
       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >OS Build 17763.805

October 08, 2019
KB4519338Mitigated External
November 05, 2019 
03:36 PM PT
-      
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >OS Build 17763.503

May 14, 2019
KB4494441Investigating
KB4505056May 16, 2019 
06:41 PM PT
       
Devices with some Asian language packs installed may receive an error
Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

See details >OS Build 17763.437

April 09, 2019
KB4493509Mitigated
May 03, 2019 
10:59 AM PT
       
Certain operations performed on a Cluster Shared Volume may fail 
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >OS Build 17763.253

January 08, 2019
KB4480116Mitigated
April 09, 2019 
10:00 AM PT
-      
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Certain new Intel display drivers may accidentally turn on unsupported features in Windows.

See details >OS Build 17763.134

November 13, 2018
KB4467708Mitigated
March 15, 2019 
12:00 PM PT
       
       "
 
@@ -105,7 +103,6 @@ sections:
   - type: markdown
     text: "
       
-      
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 17763.503

May 14, 2019
KB4494441		Investigating
KB4505056		Last updated:
May 16, 2019 
06:41 PM PT

Opened:
May 16, 2019 
01:57 PM PT

       
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround: 
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under \"Reset this PC\" recovery option.
    3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019 
10:59 AM PT

Opened:
May 02, 2019 
04:36 PM PT

       

       "
@@ -118,12 +115,3 @@ sections:
       
Certain operations performed on a Cluster Shared Volume may fail 
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:  
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership. 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to topOS Build 17763.253

January 08, 2019
KB4480116Mitigated
Last updated:
April 09, 2019 
10:00 AM PT

Opened:
January 08, 2019 
10:00 AM PT
       
       "
-
-- title: November 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
DetailsOriginating updateStatusHistory
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
 
As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019 
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update.

For more information, see the Intel Customer Support article.

Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Mitigated
Last updated:
March 15, 2019 
12:00 PM PT

Opened:
November 13, 2018 
10:00 AM PT

-      "
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml
index 5164040208..e89546389a 100644
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@@ -64,15 +64,14 @@ sections:
   - type: markdown
     text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.


       
+      
-      
-      
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18362.356

September 10, 2019
KB4515384		Resolved
KB4530684		December 10, 2019 
10:00 AM PT

       
Issues with some older versions of Avast and AVG anti-virus products
Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.

See details >		N/A 

Mitigated External
November 25, 2019 
05:25 PM PT

       
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. 

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 22, 2019 
04:10 PM PT

       
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 15, 2019 
05:59 PM PT

       
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive error code 0x80073701.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
November 12, 2019 
08:11 AM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18362.356

September 10, 2019
KB4515384		Mitigated
November 12, 2019 
08:05 AM PT

       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 18362.418

October 08, 2019
KB4517389		Mitigated External
November 05, 2019 
03:36 PM PT

       
Intel Audio displays an intcdaud.sys notification
Devices with a range of Intel Display Audio device drivers may experience battery drain.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 12, 2019 
08:04 AM PT

       
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		July 26, 2019 
02:00 PM PT
Cannot launch Camera app 
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4501375		June 27, 2019 
10:00 AM PT

       

       "
 
@@ -98,7 +97,7 @@ sections:
   - type: markdown
     text: "
       
-      
+      
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.356

September 10, 2019
KB4515384		Mitigated
Last updated:
November 12, 2019 
08:05 AM PT

Opened:
October 29, 2019 
05:15 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4530684.

Back to top		OS Build 18362.356

September 10, 2019
KB4515384		Resolved
KB4530684		Resolved:
December 10, 2019 
10:00 AM PT

Opened:
October 29, 2019 
05:15 PM PT

       

       "
 
@@ -120,6 +119,5 @@ sections:
       
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903
  • Server: Windows 10, version 1909; Windows Server, version 1903
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 15, 2019 
05:59 PM PT

Opened:
May 21, 2019 
07:29 AM PT
       
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809
Resolution: This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.

Note If you are still experiencing the issue described, please contact your device manufacturer (OEM).

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 12, 2019 
08:04 AM PT

Opened:
May 21, 2019 
07:22 AM PT
       
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903Resolved:
July 26, 2019 
02:00 PM PT

Opened:
May 21, 2019 
07:28 AM PT
-      
Cannot launch Camera app 
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:
        \"Close other apps, error code: 0XA00F4243.”

To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4501375 and the safeguard hold has been removed.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4501375Resolved:
June 27, 2019 
10:00 AM PT

Opened:
May 21, 2019 
07:20 AM PT
       
       "
diff --git a/windows/release-information/status-windows-10-1909.yml b/windows/release-information/status-windows-10-1909.yml
index 65eca24a0c..a8b1f36597 100644
--- a/windows/release-information/status-windows-10-1909.yml
+++ b/windows/release-information/status-windows-10-1909.yml
@@ -21,7 +21,7 @@ sections:
       Find information on known issues and the status of the rollout for Windows 10, version 1909 and Windows Server, version 1909. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
       
  
-
Current status as of November 12, 2019:
Windows 10, version 1909 is available for any user on a recent version of Windows 10 who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.
 
For information on how users running Windows 10, version 1903 can update to Windows 10, version 1909 in a new, streamlined way, see this post.
 
Note follow @WindowsUpdate on Twitter to find out when new content is published to the release information dashboard.

+
Current status as of December 5, 2019:
Windows 10, version 1909 is available for any user on a recent version of Windows 10 who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.
 
Beginning today, we will slowly start the phased process to automatically initiate a feature update for devices running the October 2018 Update (Windows 10, version 1809) Home and Pro editions, keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health. We are starting this rollout process several months in advance of the end of service date to provide adequate time for a smooth update process.

For information on how users running Windows 10, version 1903 can update to Windows 10, version 1909 in a new, streamlined way, see this post.
 
Note follow @WindowsUpdate on Twitter to find out when new content is published to the release information dashboard.

 

 
       " 
@@ -64,10 +64,10 @@ sections:
   - type: markdown
     text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.


       
+      
-      
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved
KB4530684		December 10, 2019 
10:00 AM PT

       
Issues with some older versions of Avast and AVG anti-virus products
Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.

See details >		N/A 

Mitigated External
November 25, 2019 
05:25 PM PT

       
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. 

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved External
November 22, 2019 
04:10 PM PT

       
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved External
November 15, 2019 
05:59 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Mitigated
November 12, 2019 
08:05 AM PT

       

       "
 
@@ -92,7 +92,7 @@ sections:
   - type: markdown
     text: "
       
-      
+      
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18363.476

November 12, 2019
KB4524570		Mitigated
Last updated:
November 12, 2019 
08:05 AM PT

Opened:
October 29, 2019 
05:15 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4530684.

Back to top		OS Build 18363.476

November 12, 2019
KB4524570		Resolved
KB4530684		Resolved:
December 10, 2019 
10:00 AM PT

Opened:
October 29, 2019 
05:15 PM PT

       

       "
 
diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
index e8343dc359..dadedc3369 100644
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -63,7 +63,6 @@ sections:
       
MSRT might fail to install and be re-offered from Windows Update or WSUS 
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Mitigated
November 15, 2019 
05:59 PM PT
       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >October 08, 2019
KB4519976Mitigated External
November 05, 2019 
03:36 PM PT
       
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >August 13, 2019
KB4512506Mitigated
August 17, 2019 
12:59 PM PT
-      
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >May 14, 2019
KB4499164Investigating
KB4505050May 16, 2019 
06:41 PM PT
       
       "
 
@@ -92,12 +91,3 @@ sections:
       
IA64 and x64 devices may fail to start after installing updates
IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

Back to topAugust 13, 2019
KB4512506Mitigated
Last updated:
August 17, 2019 
12:59 PM PT

Opened:
August 13, 2019 
08:34 AM PT
       
       "
-
-- title: May 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		May 14, 2019
KB4499164		Investigating
KB4505050		Last updated:
May 16, 2019 
06:41 PM PT

Opened:
May 16, 2019 
01:57 PM PT

-      "
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
index 8bbbb769a8..d20fb293cd 100644
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@@ -62,7 +62,6 @@ sections:
       
-      
SummaryOriginating updateStatusLast updated

       
Printing from 32-bit apps might fail on a 64-bit OS
When attempting to print, you may receive an error or the application may stop responding or close.

See details >		August 13, 2019
KB4512489		Resolved
KB4525250		November 12, 2019 
10:00 AM PT

       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520005		Mitigated External
November 05, 2019 
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		May 14, 2019
KB4499151		Investigating
KB4505050		May 16, 2019 
06:41 PM PT

       
Japanese IME doesn't show the new Japanese Era name as a text input option
With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.

See details >		April 25, 2019
KB4493443		Mitigated
May 15, 2019 
05:53 PM PT

       
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		January 08, 2019
KB4480963		Mitigated
April 25, 2019 
02:00 PM PT

       

@@ -90,7 +89,6 @@ sections:
   - type: markdown
     text: "
       
-      
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		May 14, 2019
KB4499151		Investigating
KB4505050		Last updated:
May 16, 2019 
06:41 PM PT

Opened:
May 16, 2019 
01:57 PM PT

       
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

Affected platforms:
  • Client: Windows 8.1
  • Server: Windows Server 2012 R2; Windows Server 2012
Workaround: 
If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)

Back to top		April 25, 2019
KB4493443		Mitigated
Last updated:
May 15, 2019 
05:53 PM PT

Opened:
May 15, 2019 
05:53 PM PT

       

       "
diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml
index e91eb26a4c..734e55f864 100644
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@@ -62,7 +62,6 @@ sections:
       
-      
SummaryOriginating updateStatusLast updated

       
Printing from 32-bit apps might fail on a 64-bit OS
When attempting to print, you may receive an error or the application may stop responding or close.

See details >		August 13, 2019
KB4512482		Resolved
KB4525253		November 12, 2019 
10:00 AM PT

       
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520007		Mitigated External
November 05, 2019 
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		May 14, 2019
KB4499171		Investigating
KB4505050		May 16, 2019 
06:41 PM PT

       
Japanese IME doesn't show the new Japanese Era name as a text input option
With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019 
05:53 PM PT

       
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		January 08, 2019
KB4480975		Mitigated
April 25, 2019 
02:00 PM PT

       

@@ -90,7 +89,6 @@ sections:
   - type: markdown
     text: "
       
-      
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		May 14, 2019
KB4499171		Investigating
KB4505050		Last updated:
May 16, 2019 
06:41 PM PT

Opened:
May 16, 2019 
01:57 PM PT

       
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

Affected platforms:
  • Client: Windows 8.1
  • Server: Windows Server 2012 R2; Windows Server 2012
Workaround: 
If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)

Back to top		April 25, 2019
KB4493462		Mitigated
Last updated:
May 15, 2019 
05:53 PM PT

Opened:
May 15, 2019 
05:53 PM PT

       

       "
diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml
index cd3d50c72c..b3441dc375 100644
--- a/windows/release-information/windows-message-center.yml
+++ b/windows/release-information/windows-message-center.yml
@@ -50,6 +50,8 @@ sections:
     text: "
       
       
+      
+      
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index 328ee569c2..eaf36a4d9d 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -45,7 +45,8 @@
           "depot_name": "MSDN.security",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "titleSuffix": "Microsoft 365 Security"
     },
     "fileMetadata": {},
     "template": [],
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 63a6a403c2..d42dc24268 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -16,15 +16,15 @@ ms.date: 08/17/2017
 ms.reviewer: 
 ---
 
-## Additional mitigations
+# Additional mitigations
 
 Windows Defender Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Windows Defender Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, re-using previously stolen credentials prior to Windows Defender Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also must be deployed to make the domain environment more robust.
 
-### Restricting domain users to specific domain-joined devices
+## Restricting domain users to specific domain-joined devices
 
 Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on using devices that have Windows Defender Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Windows Defender Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used.
 
-#### Kerberos armoring
+### Kerberos armoring
 
 Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. 
 
@@ -34,7 +34,7 @@ Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring,
 -   All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
 -   All the devices with Windows Defender Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**.
 
-#### Protecting domain-joined device secrets
+### Protecting domain-joined device secrets
 
 Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Windows Defender Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user.
 
@@ -46,7 +46,7 @@ Domain-joined device certificate authentication has the following requirements:
 -   Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store.
 -   A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
 
-##### Deploying domain-joined device certificates
+#### Deploying domain-joined device certificates
 
 To guarantee that certificates with the required issuance policy are only installed on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates.
 
@@ -78,7 +78,7 @@ CertReq -EnrollCredGuardCert MachineAuthentication
 > [!NOTE]
 > You must restart the device after enrolling the machine authentication certificate.
  
-##### How a certificate issuance policy can be used for access control
+#### How a certificate issuance policy can be used for access control
 
 Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/library/dd378897(v=ws.10).aspx) on TechNet.
 
@@ -100,7 +100,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
     .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”"
     ```
 
-#### Restricting user sign on
+### Restricting user sign on
 
 So we now have completed the following:
 
@@ -129,17 +129,17 @@ Authentication policies have the following requirements:
 > [!NOTE]
 > When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
 
-##### Discovering authentication failures due to authentication policies
+#### Discovering authentication failures due to authentication policies
 
 To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
 
 To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/library/dn486813(v=ws.11).aspx).
 
-### Appendix: Scripts
+## Appendix: Scripts
 
 Here is a list of scripts mentioned in this topic.
 
-#### Get the available issuance policies on the certificate authority
+### Get the available issuance policies on the certificate authority
 
 Save this script file as get-IssuancePolicy.ps1.
 
@@ -330,7 +330,7 @@ write-host "There are no issuance policies which are not mapped to groups"
 > [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
  
-#### Link an issuance policy to a group
+### Link an issuance policy to a group
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index bd6b456162..104cadf507 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -22,9 +22,6 @@ ms.reviewer:
 -   Windows 10
 -   Windows Server 2016
 
-Prefer video? See [Credentials protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474)
-in the Deep Dive into Windows Defender Credential Guard video series.
-
 Some ways to store credentials are not protected by Windows Defender Credential Guard, including:
 
 -   Software that manages credentials outside of Windows feature protection
@@ -46,4 +43,6 @@ do not qualify as credentials because they cannot be presented to another comput
 
 **Deep Dive into Windows Defender Credential Guard: Related videos**
 
-[Protecting privileged users with Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474)
+[Microsoft Cybersecurity Stack: Advanced Identity and Endpoint Protection: Manage Credential Guard](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/manage-credential-guard?u=3322)
+> [!NOTE]
+> - Note: Requires [LinkedIn Learning subscription](https://www.linkedin.com/learning/subscription/products) to view the full video
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index 2e79df76db..e0c4077f94 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -1,5 +1,5 @@
 ---
-title: Validate Public Key Infrastructure (Windows Hello for Business)
+title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business)
 description: How to Validate Public Key Infrastructure for Windows Hello for Business
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
@@ -69,7 +69,7 @@ Sign-in to a certificate authority or management workstations with _Domain Admin
 4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
 5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise’s needs.   
     **Note**If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
-6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected.  Select **None** from the **Subject name format** list.  Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.
+6. On the **Subject Name** tab, select the **Build from this Active Directory information** button if it is not already selected.  Select **None** from the **Subject name format** list.  Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.
 7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
 8. Close the console.
 
@@ -104,7 +104,7 @@ Sign-in to a certificate authority or management workstations with _Domain Admin
 5. On the **General** tab, type **Internal Web Server** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.   
     **Note:** If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
 6. On the **Request Handling** tab, select **Allow private key to be exported**.
-7. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
+7. On the **Subject Name** tab, select the **Supply in the request** button if it is not already selected.
 8. On the **Security** tab, Click **Add**. Type **Domain Computers** in the **Enter the object names to select** box.  Click **OK**. Select the **Allow** check box next to the **Enroll** permission.
 9. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
 10. Close the console.
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
index b05057da97..7b37ebf924 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
@@ -23,7 +23,9 @@ ms.reviewer:
 
 * Windows 10, version 1703
 
-Dynamic lock enables you to configure Windows 10 devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value.  You configure the dynamic lock policy using Group Policy.  You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**.  The name of the policy is **Configure dynamic lock factors**.
+Dynamic lock enables you to configure Windows 10 devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it.
+
+You configure the dynamic lock policy using Group Policy.  You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**.  The name of the policy is **Configure dynamic lock factors**.
 
 The Group Policy Editor, when the policy is enabled, creates a default signal rule policy with the following value:
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 9a5ce9f830..7c4e019e6d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -151,7 +151,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
 
 Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equivalent credentials.
 1. Open an elevated command prompt.
-2. Run `certutil -dsTemplate WHFBAuthentication,msPKI-Private-Key-Flag,+CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
+2. Run `certutil -dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
 
 > [!NOTE]
 > If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index b7dfbc3d78..f1d56f5bb0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -17,6 +17,7 @@ ms.topic: article
 localizationpriority: medium
 ms.date: 05/05/2018
 ---
+
 # Windows Hello for Business
 
 In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.

diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index 8845f97509..df1cdd141d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -1,5 +1,5 @@
 ---
-title: Validate Public Key Infrastructure (Windows Hello for Business)
+title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business)
 description: How to Validate Public Key Infrastructure for Windows Hello for Business
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
@@ -16,6 +16,7 @@ localizationpriority: medium
 ms.date: 08/19/2018
 ms.reviewer: 
 ---
+
 # Validate and Configure Public Key Infrastructure
 
 **Applies to**
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index 6534a2b0bb..c9213a887f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -36,7 +36,9 @@ You can create a Group Policy or mobile device management (MDM) policy that will
 
 The following table lists the Group Policy settings that you can configure for Windows Hello use in your workplace. These policy settings are available in both **User configuration** and **Computer Configuration** under **Policies** > **Administrative Templates** > **Windows Components** > **Windows Hello for Business**.
 
-
+> [!NOTE]
+> Starting with Windows 10, version 1709, the location of the PIN complexity section of the Group Policy is: **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity**.
+ 
 
MessageDate
Take action: December 2019 security update available for all supported versions of Windows
The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
December 10, 2019 
08:00 AM PT
Timing of Windows 10 optional update releases (December 2019)
For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer.
December 10, 2019 
08:00 AM PT

       
Windows 10, version 1909 now available
Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how we’ve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.
November 12, 2019 
10:00 AM PT

       
Windows 10, version 1909 delivery options
Learn how devices running Windows 10, version 1903 can update to Windows 10, version 1909 using the same servicing technology used to deliver monthly quality updates, resulting in a single restart and reducing update-related downtime.
November 12, 2019 
10:00 AM PT

       
What’s new for IT pros in Windows 10, version 1909
Explore the latest features for IT, get information about media availability and related tools, and find answers to frequently asked questions.
November 12, 2019 
10:00 AM PT

@@ -320,4 +322,3 @@ If you want to use Windows Hello for Business with certificates, you’ll need a
 - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
 - [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
 - [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
-
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index e5194ab324..30d604bb53 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Hello for Business (Windows 10)
-ms.reviewer: 
+title: Windows Hello for Business Overview (Windows 10)
+ms.reviewer: An overview of Windows Hello for Business
 description: An overview of Windows Hello for Business 
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
@@ -15,6 +15,7 @@ ms.collection: M365-identity-device-management
 ms.topic: conceptual
 localizationpriority: medium
 ---
+
 # Windows Hello for Business Overview
 
 **Applies to**
diff --git a/windows/security/identity-protection/images/remote-credential-guard-gp.png b/windows/security/identity-protection/images/remote-credential-guard-gp.png
index a65253b04e..f7db3ee411 100644
Binary files a/windows/security/identity-protection/images/remote-credential-guard-gp.png and b/windows/security/identity-protection/images/remote-credential-guard-gp.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md b/windows/security/includes/improve-request-performance.md
similarity index 88%
rename from windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md
rename to windows/security/includes/improve-request-performance.md
index 880f5e4d11..ddff438e13 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md
+++ b/windows/security/includes/improve-request-performance.md
@@ -16,11 +16,8 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Improve request performance
-
-
 >[!NOTE]
 >For better performance, you can use server closer to your geo location:
 > - api-us.securitycenter.windows.com
 > - api-eu.securitycenter.windows.com
-> - api-uk.securitycenter.windows.com
\ No newline at end of file
+> - api-uk.securitycenter.windows.com
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md b/windows/security/includes/machineactionsnote.md
similarity index 66%
rename from windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md
rename to windows/security/includes/machineactionsnote.md
index 551174a844..246c89eb92 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md
+++ b/windows/security/includes/machineactionsnote.md
@@ -7,8 +7,7 @@ manager: dansimp
 ms.author: macapara
 author: mjcaparas
 ms.prod: w10
-title: Note
 ---
 
 >[!Note]
-> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender ATP.
+> This page focuses on performing a machine action via API. See [take response actions on a machine](../threat-protection/microsoft-defender-atp/respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender ATP.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prerelease.md b/windows/security/includes/prerelease.md
similarity index 95%
rename from windows/security/threat-protection/microsoft-defender-atp/prerelease.md
rename to windows/security/includes/prerelease.md
index eb022df5f7..a83544340f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prerelease.md
+++ b/windows/security/includes/prerelease.md
@@ -7,7 +7,6 @@ manager: dansimp
 ms.author: macapara
 author: mjcaparas
 ms.prod: w10
-title: "Prerelease"
 ---
 
 > [!IMPORTANT]
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index e91f6d7db8..7cdd7f45b1 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -314,7 +314,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many
 - Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer:
 
   ```powershell
-  manage-bde –protectors –get C:
+  manage-bde -protectors -get C:
   ```
   >**Note:**  Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock
  
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index 08e059935f..2314ea2eaf 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -23,22 +23,22 @@ The ideal for BitLocker management is to eliminate the need for IT admins to set
 Though much Windows BitLocker [documentation](bitlocker-overview.md) has been published, customers frequently ask for recommendations and pointers to specific, task-oriented documentation that is both easy to digest and focused on how to deploy and manage BitLocker. This article links to relevant documentation, products, and services to help answer this and other related frequently-asked questions, and also provides BitLocker recommendations for different types of computers.
 
 
->[!IMPORTANT]
-> Microsoft BitLocker Administration and Monitoring (MBAM) capabilities will be offered from [SCCM in on-prem scenarios](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology) in the future.
+> [!IMPORTANT]
+> Microsoft BitLocker Administration and Monitoring (MBAM) capabilities will be offered from [ConfigMgr in on-prem scenarios](https://docs.microsoft.com/configmgr/core/get-started/2019/technical-preview-1909#bkmk_bitlocker/) in the future.
 
 ## Managing domain-joined computers and moving to cloud  
 
-Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx).
+Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://docs.microsoft.com/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://docs.microsoft.com/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings/).
 
-Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD).
+Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201/) or they can receive extended support until April 2026. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD).
 
 ## Managing devices joined to Azure Active Directory
 
-Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as Microsoft Intune. Without Windows 10, version 1809, only local administrators can enable BitLocker via Intune policy. Starting with Windows 10, version 1809, Intune can enable BitLocker for standard users. [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
+Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as Microsoft Intune. Without Windows 10, version 1809, only local administrators can enable BitLocker via Intune policy. Starting with Windows 10, version 1809, Intune can enable BitLocker for standard users. [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider/), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access/) to services like Exchange Online and SharePoint Online.
 
-Starting with Windows 10 version 1703 (also known as the Windows Creators Update), the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) or the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 and on Windows phones.
+Starting with Windows 10 version 1703 (also known as the Windows Creators Update), the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider/) or the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp/). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 and on Windows phones.
 
-For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. For older devices that are not yet encrypted, beginning with Windows 10 version 1703 (the Windows 10 Creators Update), admins can use the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) to trigger encryption and store the recovery key in Azure AD.
+For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. For older devices that are not yet encrypted, beginning with Windows 10 version 1703 (the Windows 10 Creators Update), admins can use the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD.
 
 This is applicable to Azure Hybrid AD as well. 
 
@@ -52,9 +52,9 @@ For Windows PCs and Windows Phones that enroll using **Connect to work or school
 
 Servers are often installed, configured, and deployed using PowerShell, so the recommendation is to also use [PowerShell to enable BitLocker on a server](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server, so follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC. 
 
-The Minimal Server Interface is a prerequisite for some of the BitLocker administration tools. On a [Server Core](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-core) installation, you must add the necessary GUI components first. The steps to add shell components to Server Core are described in [Using Features on Demand with Updated Systems and Patched Images](https://blogs.technet.microsoft.com/server_core/2012/11/05/using-features-on-demand-with-updated-systems-and-patched-images/) and [How to update local source media to add roles and features](https://blogs.technet.microsoft.com/joscon/2012/11/14/how-to-update-local-source-media-to-add-roles-and-features/).  
+The Minimal Server Interface is a prerequisite for some of the BitLocker administration tools. On a [Server Core](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-core/) installation, you must add the necessary GUI components first. The steps to add shell components to Server Core are described in [Using Features on Demand with Updated Systems and Patched Images](https://blogs.technet.microsoft.com/server_core/2012/11/05/using-features-on-demand-with-updated-systems-and-patched-images/) and [How to update local source media to add roles and features](https://blogs.technet.microsoft.com/joscon/2012/11/14/how-to-update-local-source-media-to-add-roles-and-features/).  
 
-If you are installing a server manually, such as a stand-alone server, then choosing [Server with Desktop Experience](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-with-desktop-experience) is the easiest path because you can avoid performing the steps to add a GUI to Server Core.
+If you are installing a server manually, such as a stand-alone server, then choosing [Server with Desktop Experience](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-with-desktop-experience/) is the easiest path because you can avoid performing the steps to add a GUI to Server Core.
 
  Additionally, lights out data centers can take advantage of the enhanced security of a second factor while avoiding the need for user intervention during reboots by optionally using a combination of BitLocker (TPM+PIN) and BitLocker Network Unlock. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For the configuration steps, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). 
 
@@ -65,64 +65,60 @@ If you are installing a server manually, such as a stand-alone server, then choo
 For Azure AD-joined computers, including virtual machines, the recovery password should be stored in Azure Active Directory.  
 
 *Example: Use PowerShell to add a recovery password and back it up to Azure AD before enabling BitLocker*
-``` 
-PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
+```powershell
+Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
 
-PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"
+$BLV = Get-BitLockerVolume -MountPoint "C:"
+
+BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
+```
 
-PS C:\>BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
-``` 
 For domain-joined computers, including servers, the recovery password should be stored in Active Directory Domain Services (AD DS). 
 
 *Example: Use PowerShell to add a recovery password and back it up to AD DS before enabling BitLocker*
-``` 
-PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
+```powershell
+Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
 
-PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"
+$BLV = Get-BitLockerVolume -MountPoint "C:"
 
-PS C:\>Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
- ```
+Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
+```
 
 Subsequently, you can use PowerShell to enable BitLocker. 
 
 *Example: Use PowerShell to enable BitLocker with a TPM protector*
- ```
-PS C:\>Enable-BitLocker -MountPoint "D:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -TpmProtector 
- ```
-*Example: Use PowerShell to enable BitLocker with a TPM+PIN protector, in this case with a PIN set to 123456*
- ```
-PS C:\>$SecureString = ConvertTo-SecureString "123456" -AsPlainText -Force
+```powershell
+Enable-BitLocker -MountPoint "D:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -TpmProtector 
+```
 
-PS C:\> Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pin $SecureString -TPMandPinProtector
-  ``` 
+*Example: Use PowerShell to enable BitLocker with a TPM+PIN protector, in this case with a PIN set to 123456*
+```powershell
+$SecureString = ConvertTo-SecureString "123456" -AsPlainText -Force
+
+Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pin $SecureString -TPMandPinProtector
+``` 
 
 ## Related Articles
 
 [BitLocker: FAQs](bitlocker-frequently-asked-questions.md)
 
-[Microsoft BitLocker Administration and Management (MBAM)](https://technet.microsoft.com/windows/hh826072.aspx)
+[Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/)
 
 [Overview of BitLocker Device Encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) 
 
-[System Center 2012 Configuration Manager SP1](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) *(Pre-provision BitLocker task sequence)*
+[BitLocker Group Policy Reference](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings) 
 
-[Enable BitLocker task sequence](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker)
-
-[BitLocker Group Policy Reference](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx) 
-
-[Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) 
+[Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune/)
 *(Overview)*
 
 [Configuration Settings Providers](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)
 *(Policy CSP: See [Security-RequireDeviceEncryption](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-security#security-policies))*
 
-[BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp)
-
-

+[BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp/)
 
 **Windows Server setup tools**
 
-[Windows Server Installation Options](https://technet.microsoft.com/library/hh831786(v=ws.11).aspx)
+[Windows Server Installation Options](https://docs.microsoft.com/windows-server/get-started-19/install-upgrade-migrate-19/)
 
 [How to update local source media to add roles and features](https://blogs.technet.microsoft.com/joscon/2012/11/14/how-to-update-local-source-media-to-add-roles-and-features/)
 
@@ -134,10 +130,9 @@ PS C:\> Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpace
 
 [Shielded VMs and Guarded Fabric](https://blogs.technet.microsoft.com/windowsserver/2016/05/10/a-closer-look-at-shielded-vms-in-windows-server-2016/) 
 
-

 
-**Powershell**
+**PowerShell**
 
 [BitLocker cmdlets for Windows PowerShell](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell) 
 
-[Surface Pro Specifications](https://www.microsoft.com/surface/support/surface-pro-specs)
+[Surface Pro Specifications](https://www.microsoft.com/surface/support/surface-pro-specs/)
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index f8b477aa62..94634c4b79 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -131,16 +131,16 @@ Introduced in Windows 10, version 1703, this policy setting configures the TPM t
 > -  Disable it from group policy
 > -  Clear the TPM on the system
 
-# TPM Group Policy settings in the Windows Security app
+## TPM Group Policy settings in the Windows Security app
 
 You can change what users see about TPM in the Windows Security app. The Group Policy settings for the TPM area in the Windows Security app are located at:
 
 **Computer Configuration\\Administrative Templates\\Windows Components\\Windows Security\\Device security** 
 
-## Disable the Clear TPM button
+### Disable the Clear TPM button
 If you don't want users to be able to click the **Clear TPM** button in the Windows Security app, you can disable it with this Group Policy setting. Select **Enabled** to make the **Clear TPM** button unavailable for use.
 
-## Hide the TPM Firmware Update recommendation
+### Hide the TPM Firmware Update recommendation
 If you don't want users to see the recommendation to update TPM firmware, you can disable it with this setting. Select **Enabled** to prevent users from seeing a recommendation to update their TPM firmware when a vulnerable firmware is detected.
 
 ## Related topics
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index d50923659c..d46434c430 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -4,8 +4,8 @@
 ### [What is Microsoft Defender Advanced Threat Protection?](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
 ### [Overview of Microsoft Defender ATP capabilities](microsoft-defender-atp/overview.md)
 ### [Threat & Vulnerability Management]()
-#### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
 #### [Next-generation capabilities](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
+#### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
 #### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
 #### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
 #### [Configuration score](microsoft-defender-atp/configuration-score.md)
@@ -448,13 +448,6 @@
 #### [Common Vulnerabilities and Exposures (CVE) to KB map]()
 ##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
 
-#### [API for custom alerts (Deprecated)]()
-##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
-##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
-##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
-##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
-##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
-##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
 
 #### [Pull detections to your SIEM tools]()
 ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index ad2a9abf62..e36022563e 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -2,7 +2,7 @@
 title: Advanced security audit policy settings (Windows 10)
 description: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 ms.assetid: 93b28b92-796f-4036-a53b-8b9e80f9f171
-ms.reviewer: 
+ms.reviewer: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 ms.author: dansimp
 ms.prod: w10
 ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md
index 31d65aafb1..10c0796852 100644
--- a/windows/security/threat-protection/auditing/audit-sam.md
+++ b/windows/security/threat-protection/auditing/audit-sam.md
@@ -56,6 +56,3 @@ For information about reducing the number of events generated in this subcategor
 **Events List:**
 
 -   [4661](event-4661.md)(S, F): A handle to an object was requested.
-
-# 
-
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index 505106fe5e..4ab122d7f1 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -154,3 +154,69 @@ For 4716(S): Trusted domain information was modified.
 
 -   Any changes in Active Directory domain trust settings must be monitored and alerts should be triggered. If this change was not planned, investigate the reason for the change.
 
+## Anonymous Logon account
+
+If the account reported in the event is **Anonymous Logon**, it means the password is changed by system automatic password reset. For example:
+
+```
+Log Name:      Security
+Source:        Microsoft-Windows-Security-Auditing
+Date:          

 

 Policy