Merge remote-tracking branch 'refs/remotes/origin/master' into live

devices/surface-hub/device-reset-surface-hub.md

@@ -30,7 +30,7 @@ Initiating a reset will return the device to the last cumulative Windows update,
 -   Local admins on the device
 -   Configurations from MDM or the Settings app
 
-**To reset a Surface Hub**
+**To reset a Surface Hub from Settings**</br>
 1.	On your Surface Hub, open **Settings**. 
 
     ![Image showing Settings app for Surface Hub.](images/sh-settings.png)
@@ -43,8 +43,18 @@ Initiating a reset will return the device to the last cumulative Windows update,
 
     ![Image showing Reset device option in Settings app for Surface Hub.](images/sh-settings-reset-device.png) 
 
+**To reset a Surface Hub from Windows Recovery Environment**</br>
+On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device will automatically reboot and try again. If this operation fails repeatedly, the device will be automatically locked to protect user data. To unlock it, you must reset the device from Windows Recovery Environment (Windows RE). To learn more about Windows RE, see [What is Windows RE?](https://technet.microsoft.com/library/cc765966.aspx).
+
+To reset a Surface Hub from Windows RE:
+
+1.  From the welcome screen, toggle the Surface Hub's power switch 3 times. Wait a few seconds between each toggle. See the [Surface Hub Site Readiness Guide](https://www.microsoft.com/surface/support/surface-hub/surface-hub-site-readiness-guide) for help with locating the power switch.
+2.  The device should automatically boot into Windows RE. Select **Advanced Repair**.
+3.  Select **Reset**.
+4.  If prompted, enter your device's BitLocker key.
+
 **Important Note**</br>
-Performing a device reset may take up to 6 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
+Performing a device reset may take up to 2 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
 
 After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again. 
 
@@ -53,4 +63,4 @@ After the reset, Surface Hub restarts the [first run program](first-run-program-
 
 [Manage Microsoft Surface Hub](manage-surface-hub.md)
 
-[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
+[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)

windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md

@@ -4,6 +4,7 @@ description: Microsoft System Center 2012 R2 Configuration Manager supports depl
 ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
 keywords: deployment, task sequence, custom, customize
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 localizationpriority: high
 ms.sitesec: library

windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md

@@ -5,6 +5,7 @@ ms.assetid: 837f009c-617e-4b3f-9028-2246067ee0fb
 keywords: deploy, tools, configure, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 localizationpriority: high
 author: mtniehaus

windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md

@@ -6,6 +6,7 @@ keywords: configure, deploy, upgrade
 ms.prod: w10
 localizationpriority: high
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---

windows/deploy/integrate-configuration-manager-with-mdt-2013.md

@@ -29,6 +29,7 @@ When MDT is integrated with Configuration Manager, the task sequence takes addit
 
 The task sequence uses instructions that allow you to reduce the number of task sequences in Configuration Manager and instead store settings outside the task sequence. Here are a few examples:
 -   The following settings instruct the task sequence to install the HP Hotkeys package, but only if the hardware is a HP EliteBook 8570w. Note that you don't have to add the package to the task sequence.
+
     ``` syntax
     [Settings] 
     Priority=Model
@@ -36,6 +37,7 @@ The task sequence uses instructions that allow you to reduce the number of task
     Packages001=PS100010:Install HP Hotkeys
     ```
 -   The following settings instruct the task sequence to put laptops and desktops in different organizational units (OUs) during deployment, assign different computer names, and finally have the task sequence install the Cisco VPN client, but only if the machine is a laptop.
+
     ``` syntax
     [Settings]
     Priority= ByLaptopType, ByDesktopType

windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md

@@ -6,6 +6,7 @@ keywords: install, configure, deploy, deployment
 ms.prod: w10
 localizationpriority: high
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---

windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md

@@ -5,6 +5,7 @@ ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 keywords: deploy, deployment, replace
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 localizationpriority: high
 ms.pagetype: mdt

windows/deploy/set-up-mdt-2013-for-bitlocker.md

@@ -85,6 +85,7 @@ If you consistently get the error "Windows BitLocker Drive Encryption Informatio
 In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://go.microsoft.com/fwlink/p/?LinkId=167133) from Microsoft to C:\\Setup\\Scripts on DC01.
 1.  On DC01, start an elevated PowerShell prompt (run as Administrator).
 2.  Configure the permissions by running the following command:
+
     ``` syntax
     cscript C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs
     ```
@@ -106,10 +107,12 @@ cctk.exe --tpm=on --valsetuppwd=Password1234
 ### Add tools from HP
 
 The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
+
 ``` syntax
 BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234
 ```
 And the sample content of the TPMEnable.REPSET file:
+
 ``` syntax
 English
 Activate Embedded Security On Next Boot

windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md

@@ -140,6 +140,7 @@ Make sure the account you are using has permissions to run runbooks on the Orche
  
 1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
 2.  Using an elevated command prompt (run as Administrator), type the following command:
+
     ``` syntax
     cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
     ```

windows/keep-secure/implement-microsoft-passport-in-your-organization.md

@@ -20,9 +20,13 @@ localizationpriority: high
 You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10.
 
 >[!IMPORTANT]
->The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511. Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers.  To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. Use **Windows Hello for Business** policy settings to manage PINs.
+>The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511. 
+>
+>Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. 
+>
+>Use **Windows Hello for Business** policy settings to manage PINs for Windows Hello for Business.
  
-## Group Policy settings for Windows Hello for Businness
+## Group Policy settings for Windows Hello for Business
 
 The following table lists the Group Policy settings that you can configure for Hello use in your workplace. These policy settings are available in both **User configuration** and **Computer Configuration** under **Policies** > **Administrative Templates** > **Windows Components** > **Windows Hello for Business**.
 

windows/manage/configure-windows-telemetry-in-your-organization.md

@@ -378,15 +378,15 @@ There are a few more settings that you can turn off that may send telemetry info
 
 FAQs
 
-- [Cortana, Search, and privacy](http://windows.microsoft.com/windows-10/cortana-privacy-faq)
+- [Cortana, Search, and privacy](https://privacy.microsoft.com/windows-10-cortana-and-privacy)
-- [Windows 10 feedback, diagnostics, and privacy](http://windows.microsoft.com/windows-10/feedback-diagnostics-privacy-faq)
+- [Windows 10 feedback, diagnostics, and privacy](https://privacy.microsoft.com/windows-10-feedback-diagnostics-and-privacy)
-- [Windows 10 camera and privacy](http://windows.microsoft.com/windows-10/camera-privacy-faq)
+- [Windows 10 camera and privacy](https://privacy.microsoft.com/windows-10-camera-and-privacy)
-- [Windows 10 location service and privacy](http://windows.microsoft.com/windows-10/location-service-privacy)
+- [Windows 10 location service and privacy](https://privacy.microsoft.com/windows-10-location-and-privacy)
-- [Microsoft Edge and privacy](http://windows.microsoft.com/windows-10/edge-privacy-faq)
+- [Microsoft Edge and privacy](https://privacy.microsoft.com/windows-10-microsoft-edge-and-privacy)
-- [Windows 10 speech, inking, typing, and privacy](http://windows.microsoft.com/windows-10/speech-inking-typing-privacy-faq)
+- [Windows 10 speech, inking, typing, and privacy](https://privacy.microsoft.com/windows-10-speech-inking-typing-and-privacy-faq)
-- [Windows Hello and privacy](http://windows.microsoft.com/windows-10/windows-hello-privacy-faq)
+- [Windows Hello and privacy](https://privacy.microsoft.com/windows-10-windows-hello-and-privacy)
-- [Wi-Fi Sense](http://windows.microsoft.com/windows-10/wi-fi-sense-faq)
+- [Wi-Fi Sense](https://privacy.microsoft.com/windows-10-about-wifi-sense)
-- [Windows Update Delivery Optimization](http://windows.microsoft.com/windows-10/windows-update-delivery-optimization-faq)
+- [Windows Update Delivery Optimization](https://privacy.microsoft.com/windows-10-windows-update-delivery-optimization)
 
 Blogs
 
@@ -398,7 +398,7 @@ Privacy Statement
 
 TechNet
 
-- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 
 Web Pages
 

windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -91,6 +91,7 @@ See the following table for a summary of the management settings for Windows 10
 |     [16.14 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
 |     [16.15 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 |     [16.16 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | | | | |
+|     [16.17 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
 | [17. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
 | [18. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
 | [19. Teredo](#bkmk-teredo) | | | | | ![Check mark](images/checkmark.png) |
@@ -594,6 +595,8 @@ Use Settings > Privacy to configure some settings that may be important to yo
 
 -   [16.16 Background apps](#bkmk-priv-background)
 
+-   [16.17 Motion](#bkmk-priv-motion)
+
 ### <a href="" id="bkmk-general"></a>16.1 General
 
 **General** includes options that don't fall into other areas.
@@ -1051,6 +1054,18 @@ To turn off **Let apps run in the background**:
 
     -   Set the **Select a setting** box to **Force Deny**.
 
+### <a href="" id="bkmk-priv-motion"></a>16.17 Motion
+
+In the **Motion** area, you can choose which apps have access to your motion data.
+
+To turn off **Let Windows and your apps use your motion data and collect motion history**:
+
+-   Turn off the feature in the UI.
+
+     -or-
+
+-   Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access motion**
+
 ### <a href="" id="bkmk-spp"></a>17. Software Protection Platform
 
 Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:

windows/manage/uev-deploy-required-features.md

@@ -125,6 +125,9 @@ The UE-V service is the client-side component that captures user-personalized ap
 
 Before enabling the UE-V service, you need to register the UE-V templates for first time use. In a PowerShell window, type **register-<TemplateName>** where **TemplateName** is the name of the UE-V template you want to register, and press ENTER.
 
+>**Note**
+With Windows 10, version 1607, you must register UE-V templates for all inbox and custom templates. This provides flexibility for only deploying the required templates.
+
 With Windows 10, version 1607 and later, the UE-V service is installed on user devices. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
 
 **To enable the UE-V service with Group Policy**