If you enable or don’t configure this setting, the F12 Developer Tools are available in Microsoft Edge.
If you disable this setting, the F12 Developer Tools aren’t available in Microsoft Edge. |**Enabled or not configured (default):** Shows the F12 Developer Tools on Microsoft Edge.
**Disabled:** Hides the F12 Developer Tools on Microsoft Edge. | -|Allow InPrivate browsing |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can browse using InPrivate website browsing.
If you enable or don’t configure this setting, employees can use InPrivate website browsing.
If you disable this setting, employees can’t use InPrivate website browsing. |**Enabled or not configured (default):** Lets employees use InPrivate website browsing.
**Disabled:** Stops employees from using InPrivate website browsing. | -|Allow web content on New Tab page |Windows 10 or later |This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
If you disable this setting, Microsoft Edge opens a new tab with a blank page.
If you don’t configure this setting, employees can choose how new tabs appears. |**Not configured (default):** Employees see web content on New Tab page, but can change it.
**Enabled:** Employees see web content on New Tab page.
**Disabled:** Employees always see an empty new tab. | -|Configure Autofill |Windows 10 or later |This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. By default, employees can choose whether to use Autofill.
If you enable this setting, employees can use Autofill to automatically fill in forms while using Microsoft Edge.
If you disable this setting, employees can’t use Autofill to automatically fill in forms while using Microsoft Edge.
If you don’t configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge. |**Not configured (default):** Employees can choose to turn Autofill on or off.
**Enabled:** Employees can use Autofill to complete form fields.
**Disabled:** Employees can’t use Autofill to complete form fields. | -|Configure cookies |Windows 10 or later|This setting lets you configure how to work with cookies.
If you enable this setting, you must also decide whether to:
If you disable or don't configure this setting, all cookies are allowed from all sites. |**Enabled:** Lets you decide how your company treats cookies.
If you use this option, you must also choose whether to:
**Disabled or not configured:** All cookies are allowed from all sites.| -|Configure Do Not Track |Windows 10 or later |This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests aren’t sent, but employees can choose to turn on and send requests.
If you enable this setting, Do Not Track requests are always sent to websites asking for tracking info.
If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info.
If you don’t configure this setting, employees can choose whether to send Do Not Track requests to websites asking for tracking info. |**Not configured (default):** Employees can choose to send Do Not Track headers on or off.
**Enabled:** Employees can send Do Not Track requests to websites requesting tracking info.
**Disabled:** Employees can’t send Do Not Track requests to websites requesting tracking info. | -|Allow Extensions |Windows 10, Version 1607 or later |This policy setting lets you decide whether employees can use Edge Extensions.
If you enable or don’t configure this setting, employees can use Edge Extensions.
If you disable this setting, employees can’t use Edge Extensions. |**Enabled or not configured:** Lets employees use Edge Extensions.
**Disabled:** Stops employees from using Edge Extensions. | -|Configure Favorites |Windows 10, Version 1511 or later |This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time.
If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.
If you disable or don’t configure this setting, employees will see the Favorites that they set in the Favorites hub. |**Enabled:** Configure the default list of Favorites for your employees. If you use this option, you must also add the URLs to the sites.
**Disabled or not configured:** Uses the Favorites list and URLs specified in the Favorites hub. | -|Configure Home pages |Windows 10, Version 1511 or later |This policy setting lets you configure one or more Home pages. for domain-joined devices. Your employees won't be able to change this after you set it.
If you enable this setting, you can configure one or more Home pages. If this setting is enabled, you must also include URLs to the pages, separating multiple pages by using angle brackets in this format: If you disable or don’t configure this setting, your default Home page is the webpage specified in App settings. |**Enabled:** Configure your Home pages. If you use this option, you must also include site URLs. **Disabled or not configured (default):** Uses the Home pages and URLs specified in the App settings. |
-|Configure Password Manager |Windows 10 or later |This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on. If you enable this setting, employees can use Password Manager to save their passwords locally. If you disable this setting, employees can’t use Password Manager to save their passwords locally. If you don’t configure this setting, employees can choose whether to use Password Manager to save their passwords locally. |**Not configured:** Employees can choose whether to use Password Manager. **Enabled (default):** Employees can use Password Manager to save passwords locally. **Disabled:** Employees can't use Password Manager to save passwords locally. |
-|Configure Pop-up Blocker |Windows 10 or later |This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on. If you enable this setting, Pop-up Blocker is turned on, stopping pop-up windows from appearing. If you disable this setting, Pop-up Blocker is turned off, letting pop-ups windows appear. If you don’t configure this setting, employees can choose whether to use Pop-up Blocker. |**Enabled or not configured (default):** Turns on Pop-up Blocker, stopping pop-up windows. **Disabled:** Turns off Pop-up Blocker, allowing pop-up windows. |
-|Configure search suggestions in Address bar |Windows 10 or later |This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. If you enable this setting, employees can see search suggestions in the Address bar of Microsoft Edge. If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge. If you don’t configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. |**Not configured (default):** Employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. **Enabled:** Employees can see search suggestions in the Address bar of Microsoft Edge. **Disabled:** Employees can’t see search suggestions in the Address bar of Microsoft Edge. |
-|Configure SmartScreen Filter |Windows 10 or later |This policy setting lets you configure whether to turn on SmartScreen Filter. SmartScreen Filter provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, SmartScreen Filter is turned on. If you enable this setting, SmartScreen Filter is turned on and employees can’t turn it off. If you disable this setting, SmartScreen Filter is turned off and employees can’t turn it on. If you don’t configure this setting, employees can choose whether to use SmartScreen Filter. |**Not configured (default):** Employees can choose whether to use SmartScreen Filter. **Enabled:** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software. **Disabled:** Turns off SmartScreen Filter. |
-|Configure the Enterprise Mode Site List |Windows 10 or later| This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. If you enable this setting, Microsoft Edge looks for the Enterprise Mode Site List XML file. This file includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. If you disable or don’t configure this setting, Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. **Note** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.|**Enabled:** Lets you use the Enterprise Mode Site List to address common compatibility problems with legacy apps, if it’s configured. If you use this option, you must also add the location to your site list in the `{URI}` box. When configured, any site on the list will always open in Internet Explorer 11. **Disabled or not configured (default):** You won't be able to use the Enterprise Mode Site List.|
-|Prevent access to the about:flags page |Windows 10, Version 1607 or later|This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features. If you enable this policy setting, employees can’t access the about:flags page. If you disable or don’t configure this setting, employees can access the about:flags page. |**Enabled:** Stops employees from using the about:flags page. **Disabled or not configured (default):** Lets employees use the about:flags page. |
-|Prevent bypassing SmartScreen prompts for files |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about downloading unverified files. If you enable this setting, employees can’t ignore SmartScreen Filter warnings and they’re blocked from downloading the unverified files. If you disable or don’t configure this setting, employees can ignore SmartScreen Filter warnings and continue the download process. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about unverified files. **Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about unverified files and lets them continue the download process. |
-|Prevent bypassing SmartScreen prompts for sites |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially malicious websites. If you enable this setting, employees can’t ignore SmartScreen Filter warnings and they’re blocked from continuing to the site. If you disable or don’t configure this setting, employees can ignore SmartScreen Filter warnings and continue to the site. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about potentially malicious sites. **Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about potentially malicious sites and continue to the site. |
-|Prevent using Localhost IP address for WebRTC |Windows 10, Version 1511 or later |This policy setting lets you decide whether an employee’s Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off. If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol. If you disable or don’t configure this setting, Localhost IP addresses are shown while making calls using the WebRTC protocol. |**Enabled:** Hides the Localhost IP address during calls using the WebRTC protocol. **Disabled or not configured (default):** Shows the Localhost IP address during phone calls using the WebRTC protocol. |
-|Send all intranet sites to Internet Explorer 11 |Windows 10 or later |This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge. If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11. If you disable or don’t configure this setting, all websites, including intranet sites, are automatically opened using Microsoft Edge. |**Enabled:** Automatically opens all intranet sites using Internet Explorer 11. **Disabled or not configured (default):** Automatically opens all websites, including intranet sites, using Microsoft Edge. |
-|Show message when opening sites in Internet Explorer |Windows 10, Version 1607 and later |This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. If you disable or don’t configure this setting, the default app behavior occurs and no additional page appears. |**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. **Disabled or not configured (default):** Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. |
+### Allow Address bar drop-down list suggestions
+- **Supported versions:** Windows 10, Windows Insider Program
-## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
+- **Description:** This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
+
+ - If you enable or don't configure this setting (default), employees can see the Address bar drop-down functionality in Microsoft Edge.
+
+ - If you disable this setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type".
+
+ > [!Note]
+ > Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting.
+
+### Allow Adobe Flash
+- **Supported versions:** Windows 10 or later
+
+- **Description:** This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.
+
+ - If you enable or don't configure this setting (default), employees can use Adobe Flash.
+
+ - If you disable this setting, employees can't use Adobe Flash.
+
+### Allow clearing browsing data on exit
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
+
+ - If you enable this policy setting, clearing browsing history on exit is turned on.
+
+ - If you disable or don't configure this policy setting (default), it can be turned on and configured by the employee in the Clear browsing data options area, under Settings.
+
+### Allow Developer Tools
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
+ - If you enable or don’t configure this setting (default), the F12 Developer Tools are available in Microsoft Edge.
+
+ - If you disable this setting, the F12 Developer Tools aren’t available in Microsoft Edge.
+
+### Allow Extensions
+- **Supported versions:** Windows 10, Version 1607 or later
+
+- **Description:** This policy setting lets you decide whether employees can use Edge Extensions.
+
+ - If you enable or don’t configure this setting, employees can use Edge Extensions.
+
+ - If you disable this setting, employees can’t use Edge Extensions.
+
+### Allow InPrivate browsing
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether employees can browse using InPrivate website browsing.
+
+ - If you enable or don’t configure this setting (default), employees can use InPrivate website browsing.
+
+ - If you disable this setting, employees can’t use InPrivate website browsing.
+
+### Allow Microsoft Compatibility List
+- **Supported versions:** Windows 10, Version 1607 or later
+
+- **Description:** This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat.
+
+ - If you enable or don’t configure this setting (default), Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though it’s in whatever version of IE is necessary for it to appear properly.
+
+ - If you disable this setting, the Microsoft Compatibility List isn’t used during browser navigation.
+
+### Allow search engine customization
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you decide whether users can change their search engine.
+
+ >[!Important]
+ >This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+ - If you enable or don't configure this policy (default), users can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings.
+
+ - If you disable this setting, users can't add search engines or change the default used in the address bar.
+
+### Allow web content on New Tab page
+- **Supported versions:** Windows 10 or later
+
+- **Description:** This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
+
+ - If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
+
+ - If you disable this setting, Microsoft Edge opens a new tab with a blank page.
+
+ - If you don’t configure this setting (default), employees can choose how new tabs appears.
+
+### Configure additional search engines
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting.
+
+ > [!Important]
+ > This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+ - If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine, using this format:
+
+
+ >If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
+
+### Configure Windows Defender SmartScreen
+- **Supported versions:** Windows 10 or later
+
+- **Description:** This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
+
+ - If you enable this setting, Windows Defender SmartScreen is turned on and employees can’t turn it off.
+
+ - If you disable this setting, Windows Defender SmartScreen is turned off and employees can’t turn it on.
+
+ - If you don’t configure this setting (default), employees can choose whether to use Windows Defender SmartScreen.
+
+### Disable lockdown of Start pages
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you disable the lock down of Start pages, letting employees modify the Start pages when the "Configure Start pages" setting is in effect.
+
+ >[!Important]
+ >This setting only applies when you're using the “Configure Start pages" setting and can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+ - If you enable this setting, you can't lock down any Start pages that are configured using the "Configure Start pages" setting, which means that employees can modify them.
+
+ - If you disable or don't configure this setting (default), employees can't change any Start pages configured using the "Configure Start pages" setting, thereby locking down the Start pages.
+
+### Keep favorites in sync between Internet Explorer and Microsoft Edge
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge.
+
+ - If you enable this setting, employees can sync their favorites between Internet Explorer and Microsoft Edge.
+
+ - If you disable or don't configure this setting (default), employees can’t sync their favorites between Internet Explorer and Microsoft Edge.
+
+### Prevent access to the about:flags page
+- **Supported versions:** Windows 10, Version 1607 or later
+
+- **Description:** This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
+
+ - If you enable this policy setting, employees can’t access the about:flags page.
+
+ - If you disable or don’t configure this setting (default), employees can access the about:flags page.
+
+### Prevent bypassing Windows Defender SmartScreen prompts for files
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
+
+ - If you enable this setting, employees can’t ignore Windows Defender SmartScreen warnings and they’re blocked from downloading the unverified files.
+
+ - If you disable or don’t configure this setting (default), employees can ignore Windows Defender SmartScreen warnings and continue the download process.
+
+### Prevent bypassing Windows Defender SmartScreen prompts for sites
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
+
+ - If you enable this setting, employees can’t ignore Windows Defender SmartScreen warnings and they’re blocked from continuing to the site.
+
+ - If you disable or don’t configure this setting (default), employees can ignore Windows Defender SmartScreen warnings and continue to the site.
+
+### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
+
+ - If you enable this setting, Microsoft Edge won't gather the Live Tile metadata, providing a minimal experience when a user pins a Live Tile to the Start menu.
+
+ - If you disable or don't configure this setting (default), Microsoft Edge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.
+
+### Prevent the First Run webpage from opening on Microsoft Edge
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.
+
+ - If you enable this setting, employees won't see the First Run page when opening Microsoft Edge for the first time.
+
+ - If you disable or don't configure this setting (default), employees will see the First Run page when opening Microsoft Edge for the first time.
+
+### Prevent using Localhost IP address for WebRTC
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether an employee’s Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off.
+
+ - If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol.
+
+ - If you disable or don’t configure this setting (default), Localhost IP addresses are shown while making calls using the WebRTC protocol.
+
+### Send all intranet sites to Internet Explorer 11
+- **Supported versions:** Windows 10 or later
+
+- **Description:** This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
+
+ - If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11.
+
+ - If you disable or don’t configure this setting (default), all websites, including intranet sites, are automatically opened using Microsoft Edge.
+
+### Set default search engine
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you configure the default search engine for your employees. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes.
+
+ >[!Important]
+ >This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+ >If you'd like your employees to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
+
+ - If you enable this setting, you can choose a default search engine for your employees. To choose the default engine, you must add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine, using this format:
+
+ https://fabrikam.com/opensearch.xml
+
+ - If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market. If you don't configure this setting, the default search engine is set to the one specified in App settings.
+
+ - If you don't configure this setting (default), the default search engine is set to the one specified in App settings.
+
+### Show message when opening sites in Internet Explorer
+- **Supported versions:** Windows 10, Version 1607 and later
+
+- **Description:** This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
+
+ - If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
+
+ - If you disable or don’t configure this setting (default), the default app behavior occurs and no additional page appears.
+
+## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
-> **Note** **Note** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one. **Example:** **Note** **Example:** **Example:** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
+
+### Favorites
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/Favorites
+
+ - **Data type:** String
+
+ - **Allowed values:**
+
+ - Configure the **Favorite** URLs for your employees.
+
+ **Example:**
+
+ **Disabled:** Stops employees from using Cortana on their devices. **Note** Employees can still perform searches even with Cortana turned off. |
-|Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync |Whether employees can use the **Sync your Settings** options to sync their settings to and from their device. |**Enabled:** Turns off the **Sync your Settings** options and none of the **Sync your Setting** groups are synced on the device. You can use the **Allow users to turn syncing on** option to turn the feature off by default, but to let the employee change this setting. **Disabled or not configured (default):** Turns on the **Sync your Settings** area by default, letting employees pick what can sync on their device. |
-|Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync browser settings |Whether a browser group can use the **Sync your Settings** options to sync their info to and from their device. This includes settings and info like **History** and Favorites. |**Enabled:** Turns off the **Sync your Settings** options so that browser groups are unable to sync their settings and info. You can use the **Allow users to turn browser syncing on** option to turn the feature off by default, but to let the employee change this setting. **Disabled or not configured (default):** Turns on the **Sync your Settings** area by default, letting browser groups pick what can sync on their device. |
+### Allow Cortana
+- **Location:** Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana
+
+- **Description:** This policy settings lets you decide whether employees can use Cortana.
+
+ - If you enable or don't configure this setting, employees can use Cortana on their devices.
+
+ - If you disable this setting, employees won't be able to use Cortana on their devices.
+
+ >[!Note]
+ >Employees can still perform searches even with Cortana turned off.
+
+### Do not sync
+- **Location:** Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync
+
+- **Description:** This policy settings lets you decide whether employees can use the Sync your Settings options to sync their settings to and from their device.
+
+ - If you enable this setting, the Sync your Settings options are turned off and none of the Sync your Setting groups are synced on the device. You can use the Allow users to turn syncing on option to turn the feature off by default, but to let the employee change this setting.
+
+ - If you disable or don't configure this setting (default), the Sync your Settings options are turned on, letting employees pick what can sync on their device.
+
+### Do not sync browser settings
+- **Location:** Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync browser settings
+
+- **Description:** This policy settings lets you decide whether a browser group can use the Sync your Settings options to sync their info to and from their device. This includes settings and info like History and Favorites.
+
+ - If you enable this setting, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting.
+
+ - If you disable or don't configure this setting (default), the Sync your Settings options are turned on, letting browser groups pick what can sync on their device.
+
## Microsoft Edge and Windows 10-specific MDM policy settings
These are additional Windows 10-specific MDM policy settings that work with Microsoft Edge.
-|MDM Policy name |Supports |Details |
-|----------------|--------------|------------------- |
-|AllowCortana |Both | Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10. Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic Enterprise when you apply the Enterprise license file to the device. Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10. Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic for Business when you apply the Enterprise license file to the device. [Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers. The Surface Hub's uses an Active Directory or Azure AD account (called a **device account**) to access Exchange and Skype for Business services. The Surface Hub must be able to connect to your Active Directory domain controller or to your Azure AD tenant in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address. Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join. In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. **Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address. In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. **Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address. Try it out: Windows 10 deployment (for education) [Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md) Admin X X X Purchaser X X Device Guard signer X
`
If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
-> The **Supports** column uses these options:
-
-- **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
-
-- **Mobile.** Supports Windows 10 Mobile devices only.
-
-- **Both.** Supports both desktop and mobile devices.
+> [!NOTE]
+> **Supported Devices** uses these options:
+> - **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
+> - **Mobile.** Supports Windows 10 Mobile devices only.
+> - **Both.** Supports both desktop and mobile devices.
All devices must be enrolled with Intune if you want to use the Windows Custom URI Policy.
-| Policy name |Supported versions |Supported device |Details |
-|-------------|-------------------|-----------------|--------|
-|AllowAutofill|Windows 10 or later |Desktop |
-|AllowBrowser |Windows 10 or later |Mobile |
|
-|AllowCookies |Windows 10 or later |Both |
|
-|AllowDeveloperTools |Windows 10, Version 1511 or later |Desktop |
|
-|AllowDoNotTrack |Windows 10 or later |Both |
|
-|AllowExtensions |Windows 10, Version 1607 and later |Desktop |
|
-|AllowInPrivate |Windows 10, Version 1511 or later |Both |
|
-|AllowPasswordManager |Windows 10 or later |Both |
|
-|AllowPopups |Windows 10 or later |Desktop |
|
-|AllowSearchSuggestions
inAddressBar |Windows 10 or later |Both |
|
-|AllowSmartScreen |Windows 10 or later |Both |
|
-|EnterpriseModeSiteList |Windows 10 or later |Desktop |
|
-|Favorites |Windows 10, Version 1511 or later |Both |
If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
|
-|FirstRunURL |Windows 10, Version 1511 or later |Mobile |
`
`
URLs must be on separate lines and aren't shared between Microsoft Edge and Internet Explorer 11.
|
-|HomePages |Windows 10, Version 1511 or later |Desktop |
`
|
-|PreventAccessToAbout
`
FlagsInMicrosoftEdge |Windows 10, Version 1607 and later |Desktop |
|
-|PreventSmartScreen
PromptOverride |Windows 10, Version 1511 or later |Both |
|
-|PreventSmartScreen
PromptOverrideFor
Files |Windows 10, Version 1511 or later |Both |
|
-|PreventUsingLocalHost
IPAddressForWebRTC |Windows 10, Version 1511 or later |Desktop |
|
-|SendIntranetTraffic
toInternetExplorer |Windows 10 or later |Desktop |
|
-|ShowMessageWhen
OpeningInteretExplorer
Sites |Windows 10, Version 1607 and later |Desktop |
|
+### AllowAddressBarDropdown
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type."
+
+ - **1 (default).** Allowed. Address bar drop-down is enabled.
+
+### AllowAutofill
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use Autofill to complete form fields.
+
+ - **1 (default).** Employees can use Autofill to complete form fields.
+
+### AllowBrowser
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Mobile
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowBrowser
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use Microsoft Edge.
+
+ - **1 (default).** Employees can use Microsoft Edge.
+
+### AllowCookies
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Allows all cookies from all sites.
+
+ - **1.** Blocks only cookies from 3rd party websites.
+
+ - **2.** Blocks all cookies from all sites.
+
+### AllowDeveloperTools
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can't use the F12 Developer Tools.
+
+ - **1 (default).** Employees can use the F12 Developer Tools.
+
+### AllowDoNotTrack
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Stops employees from sending Do Not Track headers to websites requesting tracking info.
+
+ - **1.** Employees can send Do Not Track headers to websites requesting tracking info.
+
+### AllowExtensions
+- **Supported versions:** Windows 10, Version 1607 and later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use Edge Extensions.
+
+ - **1 (default).** Employees can use Edge Extensions.
+
+### AllowFlash
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Not allowed. Employees can’t use Adobe Flash.
+
+ - **1 (default).** Allowed. Employees can use Adobe Flash.
+
+### AllowFlashClickToRun
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Desktop|
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Adobe Flash content is automatically loaded and run by Microsoft Edge
+
+ - **1 (default).** An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
+
+### AllowInPrivate
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use InPrivate browsing.
+
+ - **1 (default).** Employees can use InPrivate browsing.
+
+### AllowMicrosoftCompatibilityList
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Additional search engines aren't allowed and the default can’t be changed in the Address bar.
+
+ - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
+
+### AllowPasswordManager
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Employees can't use Password Manager to save passwords locally.
+
+ - **1.** Employees can use Password Manager to save passwords locally.
+
+### AllowPopups
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Turns off Pop-up Blocker, allowing pop-up windows.
+
+ - **1.** Turns on Pop-up Blocker, stopping pop-up windows.
+
+### AllowSearchEngineCustomization
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Additional search engines are not allowed and the default can’t be changed in the Address bar.
+
+ - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
+
+
+### AllowSearchSuggestionsinAddressBar
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Employees can’t see search suggestions in the Address bar of Microsoft Edge.
+
+ - **1.** Employees can see search suggestions in the Address bar of Microsoft Edge.
+
+### AllowSmartScreen
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Turns off Windows Defender SmartScreen.
+
+ - **1.** Turns on Windows Defender SmartScreen, providing warning messages to your employees about potential phishing scams and malicious software.
+
+### ClearBrowsingDataOnExit
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.
+
+ - **1.** Browsing data is cleared on exit.
+
+### ConfigureAdditionalSearchEngines
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Additional search engines are not allowed.
+
+ - **1.** Additional search engines are allowed.
+
+### DisableLockdownOfStartPages
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.
+
+ - **1.** Disable lockdown of the Start pages and allow users to modify them.
+
+### EnterpriseModeSiteList
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList
+
+ - **Data type:** String
+
+ - **Allowed values:**
+
+ - Not configured.
+
+ - **1 (default).** Use the Enterprise Mode Site List, if configured.
+
+ - **2.** Specify the location to the site list.
+
+ >[!NOTE]
+ >If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
|
-|AllowSyncMySettings |Desktop |
|
+### AllowCortana
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use Cortana on their devices.
+
+ - **1 (default).** Employees can use Cortana on their devices.
+
+### AllowSyncMySettings
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t sync settings between PCs.
+
+ - **1 (default).** Employees can sync between PCs.
## Related topics
* [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514)
-* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
-
-
-
-
-
-
-
-
+* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
\ No newline at end of file
diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md
index f188b5e0ee..ce750be2f7 100644
--- a/browsers/edge/change-history-for-microsoft-edge.md
+++ b/browsers/edge/change-history-for-microsoft-edge.md
@@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for
For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/).
+## February 2017
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. Reformatted for easier readability outside of scrolling table. |
+
## November 2016
|New or changed topic | Description |
|----------------------|-------------|
diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
index 4cabfa693f..fefb61f858 100644
--- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
+++ b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
@@ -29,7 +29,7 @@ If you're having trouble deciding whether Microsoft Edge is good for your organi
[Click to enlarge](img-microsoft-edge-infographic-lg.md)
-[Click to download image](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
+[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892)
### Microsoft Edge
Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
@@ -50,10 +50,10 @@ IE11 offers enterprises additional security, manageability, performance, backwar
- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.
## Related topics
-- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
-- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/en-us/browser/mt612809.aspx)
-- [Download Internet Explorer 11](http://windows.microsoft.com/en-US/internet-explorer/download-ie)
+- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=53892)
+- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
+- [Download Internet Explorer 11](http://windows.microsoft.com/internet-explorer/download-ie)
- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
- [Internet Explorer 11 - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/index)
-- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-ieak/index)
-- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
\ No newline at end of file
+- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/itpro/internet-explorer/ie11-ieak/index)
+- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index b17d3b59ae..93d825a26b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -17,7 +17,7 @@ If you’re having problems launching your legacy apps while running Internet Ex
1. **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-2. **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
+2. **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
index 5178b33d1f..a4a2db0dae 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
@@ -41,8 +41,8 @@ In IE, press **ALT+V** to show the **View** menu, press **T** to enter the **Too
## Where did the search box go?
IE11 uses the **One Box** feature, which lets users type search terms directly into the **Address bar**. Any text entered into the **Address bar** that doesn't appear to be a URL is automatically sent to the currently selected search provider.
-**Note**
-Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
+>[!NOTE]
+>Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index a1e744e8fe..1c6e2264ab 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -1,8 +1,9 @@
# [Microsoft HoloLens](index.md)
## [HoloLens in the enterprise: requirements](hololens-requirements.md)
## [Set up HoloLens](hololens-setup.md)
-## [Unlock Windows Holographic Enterprise features](hololens-upgrade-enterprise.md)
+## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
## [Set up HoloLens in kiosk mode](hololens-kiosk.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
-## [Install apps on HoloLens](hololens-install-apps.md)
\ No newline at end of file
+## [Install apps on HoloLens](hololens-install-apps.md)
+## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
\ No newline at end of file
diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md
new file mode 100644
index 0000000000..fb1d9fe158
--- /dev/null
+++ b/devices/hololens/change-history-hololens.md
@@ -0,0 +1,21 @@
+---
+title: Change history for Microsoft HoloLens documentation
+description: This topic lists new and updated topics for HoloLens.
+keywords: change history
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: surfacehub
+author: jdeckerMS
+localizationpriority: medium
+---
+
+# Change history for Microsoft HoloLens documentation
+
+This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
+
+## January 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| All topics | Changed all references from **Windows Holographic Enterprise** to **Windows Holographic for Business** |
\ No newline at end of file
diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md
index 87c565d59e..87a2cfa705 100644
--- a/devices/hololens/hololens-enroll-mdm.md
+++ b/devices/hololens/hololens-enroll-mdm.md
@@ -11,10 +11,10 @@ localizationpriority: medium
# Enroll HoloLens in MDM
-You can manage multiple HoloLens devices simultaneously using solutions like Microsoft InTune. You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need.
+You can manage multiple Microsoft HoloLens devices simultaneously using solutions like Microsoft InTune. You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need.
>[!NOTE]
->Mobile device management (MDM) for Development Edition HoloLens does not include VPN, BitLocker, or kiosk mode. Those features are only available when you [upgrade to Windows Holographic Enterprise](hololens-upgrade-enterprise.md).
+>Mobile device management (MDM) for the Development edition of HoloLens does not include VPN, BitLocker, or kiosk mode. Those features are only available when you [upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
## Requirements
diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md
index 0bd99695b0..ddd3a6d6b5 100644
--- a/devices/hololens/hololens-install-apps.md
+++ b/devices/hololens/hololens-install-apps.md
@@ -16,7 +16,7 @@ The recommended way to install Universal Windows Platform (UWP) apps on HoloLens
You can also deploy apps using your mobile device management (MDM) provider or use the Windows Device Portal to install apps, if you enable **Developer Mode** on the HoloLens device.
>[!IMPORTANT]
- >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device.** Developer Mode** on a device that has been upgraded to Windows Holographic Enterprise enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
+ >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device.**Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
## Use Windows Store for Business to deploy apps to HoloLens
diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md
index 5ef67cb981..54d65e5489 100644
--- a/devices/hololens/hololens-kiosk.md
+++ b/devices/hololens/hololens-kiosk.md
@@ -18,7 +18,7 @@ Kiosk mode limits the user's ability to launch new apps or change the running ap
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/holographic/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
>[!IMPORTANT]
- >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic Enterprise enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
+ >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/holographic/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/holographic/Using_the_Windows_Device_Portal.html#connecting_over_usb).
@@ -32,7 +32,7 @@ Kiosk mode limits the user's ability to launch new apps or change the running ap
>[!NOTE]
- >The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has an [Enterprise license](hololens-upgrade-enterprise.md).
+ >The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has a [license to upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.
diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md
index 30385b6f81..c341d5ffb2 100644
--- a/devices/hololens/hololens-provisioning.md
+++ b/devices/hololens/hololens-provisioning.md
@@ -14,7 +14,7 @@ localizationpriority: medium
Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. The Windows Assessment and Deployment Kit (ADK) for Windows 10 includes the Imaging and Configuration Designer (ICD), a tool for configuring images and runtime settings which are then built into provisioning packages.
Some of the HoloLens configurations that you can apply in a provisioning package:
-- Upgrade to Windows Holographic Enterprise
+- Upgrade to Windows Holographic for Business
- Set up a local account
- Set up a Wi-Fi connection
- Apply certificatess to the device
@@ -32,7 +32,7 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
## Create a provisioning package for HoloLens
>[!NOTE]
->Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic Enterprise or if [the device has already been upgraded to Windows Holographic Enterprise](hololens-upgrade-enterprise.md).
+>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
1. On the Windows ICD start page, select **Advanced provisioning**.
@@ -101,7 +101,7 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
Provisioning packages make use of configuration service providers (CSPs). If you're not familiar with CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers).
-In Windows ICD, when you create a provisioning package for Windows Holographic, the settings in **Available customizations** are based on [CSPs that are supported in Windows Holographic](https://msdn.microsoft.co/library/windows/hardware/dn920025.aspx#HoloLens). The following table describes settings that you might want to configure for HoloLens.
+In Windows ICD, when you create a provisioning package for Windows Holographic, the settings in **Available customizations** are based on [CSPs that are supported in Windows Holographic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference#hololens). The following table describes settings that you might want to configure for HoloLens.
@@ -110,7 +110,7 @@ In Windows ICD, when you create a provisioning package for Windows Holographic,
| **Accounts** | Create a local account. HoloLens currently supports a single user only. Creating multiple local accounts in a provisioning package is not supported.
**IMPORTANT**
If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/holographic/reset_or_recover_your_hololens#perform_a_full_device_recovery). |
| **Certificates** | Deploy a certificate to HoloLens. |
| **ConnectivityProfiles** | Deploy a Wi-Fi profile to HoloLens. |
-| **EditionUpgrade** | [Upgrade to Windows Holographic Enterprise.](hololens-upgrade-enterprise.md) |
+| **EditionUpgrade** | [Upgrade to Windows Holographic for Business.](hololens-upgrade-enterprise.md) |
| **Policies** | Allow or prevent developer mode on HoloLens. |
>[!NOTE]
diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md
index c141d31509..d8a1c1b901 100644
--- a/devices/hololens/hololens-requirements.md
+++ b/devices/hololens/hololens-requirements.md
@@ -36,7 +36,7 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
- Wi-Fi network
- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
-## Upgrade to Windows Holographic Enterprise
+## Upgrade to Windows Holographic for Business
- HoloLens Enterprise license XML file
@@ -45,11 +45,11 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
## Related resources
-[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/en-us/documentation/articles/active-directory-get-started-premium/)
+[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/)
-[Get started with Intune](https://docs.microsoft.com/en-us/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune)
+[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune)
-[Enroll devices for management in Intune](https://docs.microsoft.com/en-us/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms)
+[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms)
-[Azure AD editions](https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/)
+[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/)
diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md
index 12546b5f31..bcc472ca43 100644
--- a/devices/hololens/hololens-upgrade-enterprise.md
+++ b/devices/hololens/hololens-upgrade-enterprise.md
@@ -1,6 +1,6 @@
---
-title: Unlock Windows Holographic Enterprise features (HoloLens)
-description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic Enterprise.
+title: Unlock Windows Holographic for Business features (HoloLens)
+description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic for Business.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
@@ -9,14 +9,14 @@ author: jdeckerMS
localizationpriority: medium
---
-# Unlock Windows Holographic Enterprise features
+# Unlock Windows Holographic for Business features
Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the [Commercial Suite](https://developer.microsoft.com/windows/holographic/release_notes#introducing_microsoft_hololens_commercial_suite), which provides extra features designed for business.
-When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic Enterprise. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
+When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
>[!TIP]
->You can tell that the HoloLens has been upgraded to the Enterprise edition in **Settings** > **Network & Internet**. The **VPN** option is only available in Windows Holographic Enterprise.
+>You can tell that the HoloLens has been upgraded to the business edition in **Settings** > **Network & Internet**. The **VPN** option is only available in Windows Holographic for Business.
diff --git a/devices/hololens/images/upgrade-flow.png b/devices/hololens/images/upgrade-flow.png
deleted file mode 100644
index 127c3358f4..0000000000
Binary files a/devices/hololens/images/upgrade-flow.png and /dev/null differ
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index 7e12977ae1..b57a42f178 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -13,7 +13,7 @@ localizationpriority: medium
-
## In this section
@@ -22,7 +22,7 @@ localizationpriority: medium
| --- | --- |
| [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management |
| [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time |
-| [Unlock Windows Holographic Enterprise features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic Enterprise|
+| [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business|
| [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft InTune |
| [Set up HoloLens in kiosk mode](hololens-kiosk.md) | Enable kiosk mode for HoloLens, which limits the user's ability to launch new apps or change the running app |
| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index 47279ae319..a9cde81f15 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -5,7 +5,8 @@
#### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)
#### [Create and test a device account](create-and-test-a-device-account-surface-hub.md)
##### [Online deployment](online-deployment-surface-hub-device-accounts.md)
-##### [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md)
+##### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md)
+##### [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md)
##### [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md)
##### [Create a device account using UI](create-a-device-account-using-office-365.md)
##### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md)
@@ -35,5 +36,7 @@
#### [Using a room control system](use-room-control-system-with-surface-hub.md)
### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
### [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)
+## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
## [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md)
+## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
## [Change history for Surface Hub](change-history-surface-hub.md)
\ No newline at end of file
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index 81f40741b7..74ee57c2f5 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -14,10 +14,18 @@ localizationpriority: medium
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
+## February 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | New |
+
## January 2017
| New or changed topic | Description |
| --- | --- |
+| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | New |
+| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | New |
| [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added graphics cards verified to work with 84" Surface Hubs and added information about the lengths of cables. |
| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated procedures for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. |
diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
index ec7e16757b..9930a748e3 100644
--- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
+++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
@@ -46,7 +46,8 @@ For detailed steps using PowerShell to provision a device account, choose an opt
| Organization deployment | Description |
|---------------------------------|--------------------------------------|
| [Online deployment (Office 365)](online-deployment-surface-hub-device-accounts.md) | Your organization's environment is deployed entirely on Office 365. |
-| [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync). |
+| [On-premises deployment (single-forest)](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a single-forest environment. |
+| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a multi-forest environment. |
| [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Your organization has a mix of services, with some hosted on-premises and some hosted online through Office 365. |
If you prefer to use a graphical user interface, some steps can be done using UI instead of PowerShell.
diff --git a/devices/surface-hub/device-reset-suface-hub.md b/devices/surface-hub/device-reset-suface-hub.md
deleted file mode 100644
index f91cbdd7b9..0000000000
--- a/devices/surface-hub/device-reset-suface-hub.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-title: Device reset (Surface Hub)
-description: You may wish to reset your Microsoft Surface Hub.
-ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
-redirect_url: https://technet.microsoft.com/itpro/surface-hub/device-reset-surface-hub
-keywords: reset Surface Hub
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: surfacehub
-author: TrudyHa
----
-
-
-
-
-
-
-
-
-
-
diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md
index dc24991701..f2cb38c5f2 100644
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@@ -31,9 +31,11 @@ Initiating a reset will return the device to the last cumulative Windows update,
- Configurations from MDM or the Settings app
> [!IMPORTANT]
-> Performing a device reset may take up to 2 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
+> Performing a device reset may take up to 6 hours. Do not turn off or unplug the Surface Hub until the process has completed. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
-After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again.
+After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again. If the Surface Hub displays a Welcome screen, that indicates that the reset encountered a problem and rolled back to the previously existing OS image.
+
+If you see a blank screen for long periods of time during the **Reset device** process, please wait and do not take any action.
## Reset a Surface Hub from Settings
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 43cc104e63..6ee36023cc 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -60,7 +60,8 @@ If the default values shown are correct, then you can click **Next** to go on. O
### What happens?
->**Note** Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-suface-hub.md)). Make sure that the settings are properly configured before proceeding.
+>[!NOTE]
+> Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-surface-hub.md)). Make sure that the settings are properly configured before proceeding.
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index ddbbfb4fab..22e94d2746 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -6,35 +6,25 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: surfacehub
-author: TrudyHa
+author: jdeckerMS
localizationpriority: medium
---
# Microsoft Surface Hub
-Documents related to the Microsoft Surface Hub.
+Documents related to deploying and managing the Microsoft Surface Hub in your organization.
+
+>[Looking for the user's guide for Surface Hub?](https://www.microsoft.com/surface/support/surface-hub)
## In this section
+| Topic | Description |
+| --- | --- |
+| [Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) | This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers.|
+| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. |
+| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. |
+| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide. |
+| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation. |
+
- 
-
diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md
index 2f658f6fd8..d26712627a 100644
--- a/devices/surface-hub/install-apps-on-surface-hub.md
+++ b/devices/surface-hub/install-apps-on-surface-hub.md
@@ -16,10 +16,9 @@ localizationpriority: medium
You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario.
A few things to know about apps on Surface Hub:
-- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp).
+- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). See a [list of apps that work with Surface Hub](https://www.microsoft.com/surface/support/surface-hub/surface-hub-apps).
- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631).
-- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
-- When submitting an app to the Windows Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
+- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.- When submitting an app to the Windows Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
- You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Windows Store to download and install apps.
diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
index 40fdda11b1..659e2a6ae5 100644
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@@ -17,7 +17,7 @@ New releases of the Surface Hub operating system are published through Windows U
- **Windows Update for Business** - New in Windows 10, Windows Update for Business is a set of features designed to provide enterprises additional control over how and when Windows Update installs releases, while reducing device management costs. Using this method, Surface Hubs are directly connected to Microsoft’s Windows Update service.
- **Windows Server Update Services (WSUS)** - Set of services that enable IT administrators to obtain the updates that Windows Update determines are applicable to the devices in their enterprise, perform additional testing and evaluation on the updates, and select the updates they want to install. Using this method, Surface Hubs will receive updates from WSUS rather than Windows Update.
-You can also configure Surface Hub to receive updates from both Windows Update for Business and WSUS. See [Integrate Windows Update for Business with Windows Server Update Services](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-integrate-wufb#integrate-windows-update-for-business-with-windows-server-update-services) for details.
+You can also configure Surface Hub to receive updates from both Windows Update for Business and WSUS. See [Integrate Windows Update for Business with Windows Server Update Services](https://technet.microsoft.com/itpro/windows/manage/waas-integrate-wufb#integrate-windows-update-for-business-with-windows-server-update-services) for details.
| Capabilities | Windows Update for Business | Windows Server Update Services (WSUS) |
| ------------ | --------------------------- | ------------------------------------- |
@@ -27,7 +27,7 @@ You can also configure Surface Hub to receive updates from both Windows Update f
| Define maintenance windows for installing updates. | Yes | Yes |
> [!TIP]
-> Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Optimize update delivery for Windows 10 updates](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-optimize-windows-10-updates) for details.
+> Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Optimize update delivery for Windows 10 updates](https://technet.microsoft.com/itpro/windows/manage/waas-optimize-windows-10-updates) for details.
> [!NOTE]
> Surface Hub does not currently support rolling back updates.
@@ -45,11 +45,11 @@ In order to improve release quality and simplify deployments, all new releases t
The Surface Hub operating system is available on **Current Branch (CB)** and **Current Branch for Business (CBB)**. Like other editions of Windows 10, the servicing lifetime of CB or CBB is finite. You must install new feature updates on machines running these branches in order to continue receiving quality updates.
-For more information on Windows as a Service, see [Overview of Windows as a service](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview).
+For more information on Windows as a Service, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/manage/waas-overview).
## Use Windows Update for Business
-Surface Hubs, like all Windows 10 devices, include **Windows Update for Business (WUfB)** to enable you to control how your devices are being updated. Windows Update for Business helps reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. For more information, see [Manage updates using Windows Update for Business](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-manage-updates-wufb).
+Surface Hubs, like all Windows 10 devices, include **Windows Update for Business (WUfB)** to enable you to control how your devices are being updated. Windows Update for Business helps reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. For more information, see [Manage updates using Windows Update for Business](https://technet.microsoft.com/itpro/windows/manage/waas-manage-updates-wufb).
**To set up Windows Update for Business:**
1. [Group Surface Hub into deployment rings](#group-surface-hub-into-deployment-rings)
@@ -57,11 +57,12 @@ Surface Hubs, like all Windows 10 devices, include **Windows Update for Business
2. [Configure when Surface Hub receives updates](#configure-when-surface-hub-receives-updates).
> [!NOTE]
-> You can use Microsoft Intune, System Center Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-wufb-intune)
+
+> You can use Microsoft Intune, System Center Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://technet.microsoft.com/itpro/windows/manage/waas-wufb-intune)
### Group Surface Hub into deployment rings
-Use deployment rings to control when updates roll out to your Surface Hubs, giving you time to validate them. For example, you can update a small pool of devices first to verify quality before a broader roll-out to your organization. Depending on who manages Surface Hub in your organization, consider incorporating Surface Hub into the deployment rings that you've built for your other Windows 10 devices. For more information about deployment rings, see [Build deployment rings for Windows 10 updates](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-deployment-rings-windows-10-updates).
+Use deployment rings to control when updates roll out to your Surface Hubs, giving you time to validate them. For example, you can update a small pool of devices first to verify quality before a broader roll-out to your organization. Depending on who manages Surface Hub in your organization, consider incorporating Surface Hub into the deployment rings that you've built for your other Windows 10 devices. For more information about deployment rings, see [Build deployment rings for Windows 10 updates](https://technet.microsoft.com/itpro/windows/manage/waas-deployment-rings-windows-10-updates).
This table gives examples of deployment rings.
@@ -74,22 +75,22 @@ This table gives examples of deployment rings.
### Configure Surface Hub to use Current Branch or Current Branch for Business
-By default, Surface Hubs are configured to receive updates from Current Branch (CB). CB receives feature updates as soon as they are released by Microsoft. Current Branch for Business (CBB), on the other hand, receives feature updates at least four months after they have been initially offered to CB devices, and includes all of the quality updates that have been released in the interim. For more information on the differences between CB and CBB, see [Servicing branches](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview#servicing-branches).
+By default, Surface Hubs are configured to receive updates from Current Branch (CB). CB receives feature updates as soon as they are released by Microsoft. Current Branch for Business (CBB), on the other hand, receives feature updates at least four months after they have been initially offered to CB devices, and includes all of the quality updates that have been released in the interim. For more information on the differences between CB and CBB, see [Servicing branches](https://technet.microsoft.com/itpro/windows/manage/waas-overview#servicing-branches).
**To manually configure Surface Hub to use CB or CBB:**
1. Open **Settings** > **Update & Security** > **Windows Update**, and then select **Advanced Options**.
2. Select **Defer feature updates**.
-To configure Surface Hub to use CB or CBB remotely using MDM, set an appropriate [Update/BranchReadinessLevel](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) policy.
+To configure Surface Hub to use CB or CBB remotely using MDM, set an appropriate [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) policy.
### Configure when Surface Hub receives updates
Once you've determined deployment rings for your Surface Hubs, configure update deferral policies for each ring:
-- To defer feature updates, set an appropriate [Update/DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) policy for each ring.
-- To defer quality updates, set an appropriate [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) policy for each ring.
+- To defer feature updates, set an appropriate [Update/DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) policy for each ring.
+- To defer quality updates, set an appropriate [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) policy for each ring.
> [!NOTE]
-> If you encounter issues during the update rollout, you can pause updates using [Update/PauseFeatureUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) and [Update/PauseQualityUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates).
+> If you encounter issues during the update rollout, you can pause updates using [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) and [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates).
## Use Windows Server Update Services
@@ -102,8 +103,16 @@ You can connect Surface Hub to your Windows Server Update Services (WSUS) server
3. Navigate to **Update & security** > **Windows Update** > **Advanced options** > **Configure Windows Server Update Services (WSUS) server**.
4. Click **Use WSUS Server to download updates** and type the URL of your WSUS server.
-To connect Surface Hub to a WSUS server using MDM, set an appropriate [Update/UpdateServiceUrl](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) policy.
+To connect Surface Hub to a WSUS server using MDM, set an appropriate [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) policy.
+**If you use a proxy server or other method to block URLs**
+
+If you use a method other than WSUS to block specific URLs and prevent updates, you will need to add the following Windows update trusted site URLs to the “allow list”:
+- `http(s)://*.update.microsoft.com`
+- `http://download.windowsupdate.com`
+- `http://windowsupdate.microsoft.com`
+
+Once the Windows 10 Team Anniversary Update is installed, you can remove these addresses to return your Surface Hub to its previous state.
## Maintenance window
@@ -126,7 +135,7 @@ A default maintenance window is set for all new Surface Hubs:
2. Navigate to **Update & security** > **Windows Update** > **Advanced options**.
3. Under **Maintenance hours**, select **Change**.
-To change the maintenance window using MDM, set the **MOMAgent** node in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt608323.aspx). See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for more details.
+To change the maintenance window using MDM, set the **MOMAgent** node in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for more details.
## Related topics
diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md
index 9f45d3d355..4b96956704 100644
--- a/devices/surface-hub/monitor-surface-hub.md
+++ b/devices/surface-hub/monitor-surface-hub.md
@@ -101,6 +101,9 @@ This table describes the sample queries in the Surface Hub solution:
For Surface Hub to connect to and register with the OMS service, it must have access to the port number of your domains and the URLs. This table list the ports that OMS needs. For more information, see [Configure proxy and firewall settings in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-proxy-firewall/).
+>[!NOTE]
+>Surface Hub does not currently support the use of a proxy server to communicate with the OMS service.
+
| Agent resource | Ports | Bypass HTTPS inspection? |
| --------------------------- | ----- | ------------------------ |
| *.ods.opinsights.azure.com | 443 | Yes |
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index cb9d732585..8914899056 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -1,5 +1,5 @@
---
-title: On-premises deployment (Surface Hub)
+title: On-premises deployment single forest (Surface Hub)
description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
keywords: single forest deployment, on prem deployment, device account, Surface Hub
@@ -11,12 +11,12 @@ author: TrudyHa
localizationpriority: medium
---
-# On-premises deployment (Surface Hub)
+# On-premises deployment for Surface Hub in a single-forest environment
This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
-If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, you can use equivalent cmdlets that will produce the same results. Those cmdlets are described in this section.
+If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md).
1. Start a remote PowerShell session from a PC and connect to Exchange.
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
new file mode 100644
index 0000000000..08688230d6
--- /dev/null
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
@@ -0,0 +1,105 @@
+---
+title: On-premises deployment multi-forest (Surface Hub)
+description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
+ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
+keywords: multi forest deployment, on prem deployment, device account, Surface Hub
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: surfacehub
+author: jdeckerMS
+localizationpriority: medium
+---
+
+# On-premises deployment for Surface Hub in a multi-forest environment
+
+
+This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
+
+If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a single-forest deployment, see [On-premises deployment for Surface Hub in a single-forest environment](on-premises-deployment-surface-hub-device-accounts.md).
+
+1. Start a remote PowerShell session from a PC and connect to Exchange.
+
+ Be sure you have the right permissions set to run the associated cmdlets.
+
+ Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
+
+ ```PowerShell
+ Set-ExecutionPolicy Unrestricted
+ $org='contoso.microsoft.com'
+ $cred=Get-Credential $admin@$org
+ $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
+ $sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
+ Import-PSSession $sessExchange
+ Import-PSSession $sessLync
+ ```
+
+2. After establishing a session, create a new mailbox in the Resource Forest. This will allow the account to authenticate into the Surface Hub.
+
+ If you're changing an existing resource mailbox:
+
+ ```PowerShell
+ New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01"
+ ```
+
+3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+
+ Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+
+ If you haven’t created a compatible policy yet, use the following cmdlet-—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+
+ ```PowerShell
+ $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+ ```
+
+ Once you have a compatible policy, then you will need to apply the policy to the device account.
+
+ ```PowerShell
+ Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy -ActiveSyncEnabled $true
+ Set-Mailbox $acctUpn -Type Room
+ ```
+
+4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+
+ ```PowerShell
+ Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+ Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+ ```
+
+5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. This should be set in the User Forest.
+
+ ```PowerShell
+ Set-AdUser $acctUpn -PasswordNeverExpires $true
+ ```
+
+6. Enable the account in Active Directory so it will authenticate to the Surface Hub. This should be set in the User Forest.
+
+ ```PowerShell
+ Set-AdUser $acctUpn -Enabled $true
+ ```
+
+6. You now need to change the room mailbox to a linked mailbox:
+
+ ```PowerShell
+ $cred=Get-Credential AuthForest\LinkedRoomTest1
+ Set-mailbox -Alias LinkedRoomTest1 -LinkedMasterAccount AuthForest\LinkedRoomTest1 -LinkedDomainController AuthForest-4939.AuthForest.extest.contoso.com -Name LinkedRoomTest1 -LinkedCredential $cred -Identity LinkedRoomTest1
+ ```
+
+7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
+
+ ```PowerShell
+ Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
+ -DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
+ -Identity HUB01
+ ```
+
+ You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
+
+
+
+
+
+
+
+
+
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index ef5e99e41b..f5c342d43d 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -24,10 +24,10 @@ Review these dependencies to make sure Surface Hub features will work in your IT
|-------------------------------------------------------|-------------------------------------------------------|
| Active Directory or Azure Active Directory (Azure AD) |
-
-
-
-Topic
-Description
-
-
-[Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise.
-
-
-[Change history for Surface Hub](change-history-surface-hub.md) This topic lists new and updated topis in the Surface Hub documentation.
-
+## Privacy notice
+
+Microsoft Store for Business services get names and email addresses of people in your organization from Azure Active Directory. This information is needed for these admin functions:
+- Granting and managing permissions
+- Managing app licenses
+- Distributing apps to people (names appear in a list that admins can select from)
+
+Store for Business does not save names, or email addresses.
+
+Your use of Store for Business is also governed by the Store for Business Terms of Use.
+
+Information sent to Store for Business is subject to the [Store for Business Privacy Statement](https://privacy.microsoft.com/privacystatement/).
+
## ISVs and the Store for Business
diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md
index ee3fbbd2b8..0ce34a2dfe 100644
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@@ -13,6 +13,7 @@
### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
### [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)
### [Surface Dock Updater](surface-dock-updater.md)
+### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
## [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
## [Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)
## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index 5c29629a05..a6195be9e0 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -11,13 +11,18 @@ author: jdeckerMS
This topic lists new and updated topics in the Surface documentation library.
+## January 2017
+
+|New or changed topic | Description |
+| --- | --- |
+|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | New |
+
## December 2016
|New or changed topic | Description |
| --- | --- |
|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)|
-
## November 2016
|New or changed topic | Description |
diff --git a/devices/surface/images/sda-fig5-erase.png b/devices/surface/images/sda-fig5-erase.png
index cf8abe7dce..8ac3e174a7 100644
Binary files a/devices/surface/images/sda-fig5-erase.png and b/devices/surface/images/sda-fig5-erase.png differ
diff --git a/devices/surface/index.md b/devices/surface/index.md
index 3bd0c700bd..7a352fb536 100644
--- a/devices/surface/index.md
+++ b/devices/surface/index.md
@@ -33,7 +33,9 @@ For more information on planning for, deploying, and managing Surface devices in
| [Change history for Surface documentation](change-history-for-surface.md) | This topic lists new and updated topics in the Surface documentation library. |
+## Learn more
+[Certifying Surface Pro 4 and Surface Book as standard devices at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/849/Certifying-Surface-Pro-4-and-Surface-Book-as-standard-devices-at-Microsoft)
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index ad68711a00..4a39f0775e 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -16,7 +16,7 @@ author: miladCA
Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
-[Microsoft Surface Data Eraser](https://www.microsoft.com/download/details.aspx?id=46703) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://www.microsoft.com/surface/support/security-sign-in-and-accounts/data-wiping-policy).
+[Microsoft Surface Data Eraser](https://www.microsoft.com/download/details.aspx?id=46703) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB stick is easy to create by using the provided wizard, the Microsoft Surface Data Eraser wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://www.microsoft.com/surface/support/security-sign-in-and-accounts/data-wiping-policy).
Compatible Surface devices include:
@@ -100,43 +100,41 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.
-2. Ensure your system firmware is set to boot to USB. To enter the firmware settings:
+2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:
- 1. Turn off your Surface device.
+ a. Turn off your Surface device.
- 2. Press and hold the **Volume Up** button.
+ b. Press and hold the **Volume Down** button.
- 3. Press and release the **Power** button.
+ c. Press and release the **Power** button.
- 4. Release the **Volume Up** button.
+ d. Release the **Volume Down** button.
+
+ >[!NOTE]
+ >If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
-3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed.
+3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 4.
*Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
-4. Read the software license terms, and then close the notepad file.
+4. Read the software license terms, and then close the Notepad file.
-5. Accept or Decline the Software License Terms by typing **Accept** or **Decline**.
+5. Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue.
-6. Select one of the following three options:
+6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data).
- - **Enter S to start Data Erase** – Select this option to begin the data erase process. You will have a chance to confirm in the next step.
+ >[!NOTE]
+ >The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information.
- - **Enter D to perform Diskpart** – Select this option to use diskpart.exe to manage partitions on your disk.
+ 
+
+ *Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
- - **Enter X to shut device down** – Select this option to perform no action and shut down the device.
+7. If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
-7. If you typed **S** to begin the data erase process, the partition that will be erased is displayed, as shown in Figure 5. If this is correct, press **Y** to continue, or **N** to shut down the device.
-
- 
-
- *Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
-
-8. If you pressed **Y** in step 7, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
-
-9. Click the **Yes** button to continue erasing data on the Surface device.
+8. Click the **Yes** button to continue erasing data on the Surface device.
diff --git a/devices/surface/update.md b/devices/surface/update.md
index 3e00c77e71..46d1f3b6bd 100644
--- a/devices/surface/update.md
+++ b/devices/surface/update.md
@@ -16,6 +16,7 @@ Find out how to download and manage the latest firmware and driver updates for y
| Topic | Description |
| --- | --- |
+|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically. |
| [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.|
| [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.|
| [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)| Read about the different methods you can use to manage the process of Surface Dock firmware updates.|
diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
index f44e7cf414..5e81cad6ce 100644
--- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
+++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
@@ -413,3 +413,12 @@ When you deploy SEMM using this script application and with a configuration that
Alternatively, you can configure the application installation to reboot automatically and to install invisibly to the user – in this scenario, a technician will be required to enter the thumbprint on each device as it reboots. Any technician with access to the certificate file can read the thumbprint by viewing the certificate with CertMgr. Instructions for viewing the thumbprint with CertMgr are in the [Create or modify the SEMM Configuration Manager scripts](#create-or-modify-the-semm-configuration-manager-scripts) section of this article.
Removal of SEMM from a device deployed with Configuration Manager using these scripts is as easy as uninstalling the application with Configuration Manager. This action starts the ResetSEMM.ps1 script and properly unenrolls the device with the same certificate file that was used during the deployment of SEMM.
+
+>[!NOTE]
+>Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
+
+>We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that – just like the certificate itself – this universal reset package can be used to unenroll any of your organization’s Surface devices from SEMM.
+
+>When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package – the device will prompt for the certificate thumbprint before ownership is taken.
+
+>For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.
\ No newline at end of file
diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md
new file mode 100644
index 0000000000..cee0c58856
--- /dev/null
+++ b/devices/surface/wake-on-lan-for-surface-devices.md
@@ -0,0 +1,56 @@
+---
+title: Wake On LAN for Surface devices (Surface)
+description: See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically – even if the devices are powered down.
+keywords: update, deploy, driver, wol, wake-on-lan
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.pagetype: surface, devices
+ms.sitesec: library
+author: jobotto
+---
+
+# Wake On LAN for Surface devices
+
+Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as System Center Configuration Manager) automatically – even if the devices are powered down. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using System Center Configuration Manager during a window in the middle of the night, when the office is empty.
+
+>[!NOTE]
+>Surface devices must be connected to AC power to support WOL.
+
+## Supported devices
+
+The following devices are supported for WOL:
+
+* Surface Book
+* Surface Pro 4
+* Surface Pro 3
+* Surface 3
+* Surface Ethernet adapter
+* Surface Dock
+* Surface Docking Station for Surface Pro 3
+
+## WOL driver
+
+To enable WOL support on Surface devices, a specific driver for the Surface Ethernet adapter is required. This driver is not included in the standard driver and firmware pack for Surface devices – you must download and install it separately. You can download the Surface WOL driver (SurfaceWOL.msi) from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
+
+You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as System Center Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt).
+
+>[!NOTE]
+>During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
+
+>**HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests**
+
+To extract the contents of SurfaceWOL.msi, use the MSIExec administrative installation option (**/a**), as shown in the following example, to extract the contents to the C:\WOL\ folder:
+
+ `msiexec /a surfacewol.msi targetdir=C:\WOL /qn`
+
+## Using Surface WOL
+
+The Surface WOL driver conforms to the WOL standard, whereby the device is woken by a special network communication known as a magic packet. The magic packet consists of 6 bytes of 255 (or FF in hexadecimal) followed by 16 repetitions of the target computer’s MAC address. You can read more about the magic packet and the WOL standard on [Wikipedia](https://wikipedia.org/wiki/Wake-on-LAN#Magic_packet).
+
+>[!NOTE]
+>To send a magic packet and wake up a device by using WOL, you must know the MAC address of the target device and Ethernet adapter. Because the magic packet does not use the IP network protocol, it is not possible to use the IP address or DNS name of the device.
+
+Many management solutions, such as System Center Configuration Manager, provide built-in support for WOL. There are also many solutions, including Windows Store apps, PowerShell modules, third-party applications, and third-party management solutions that allow you to send a magic packet to wake up a device. For example, you can use the [Wake On LAN PowerShell module](https://gallery.technet.microsoft.com/scriptcenter/Wake-On-Lan-815424c4) from the TechNet Script Center.
+
+>[!NOTE]
+>After a device has been woken up with a magic packet, the device will return to sleep if an application is not actively preventing sleep on the system or if the AllowSystemRequiredPowerRequests registry key is not configured to 1, which allows applications to prevent sleep. See the [WOL driver](#wol-driver) section of this article for more information about this registry key.
diff --git a/education/windows/index.md b/education/windows/index.md
index f8db1c0562..6ee2d1946a 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -1,11 +1,12 @@
---
title: Windows 10 for Education (Windows 10)
-description: Learn how to use Windows 10 in schools.
+description: Learn how to use Windows 10 in schools.
keywords: Windows 10, education
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
+localizationpriority: high
author: CelesteDG
---
@@ -29,8 +30,7 @@ author: CelesteDG
Command
State change
-Response
+Response(On in [Replacement PC mode](connect-and-display-with-surface-hub.md#replacement-pc-mode))
Learn how to upgrade devices running the Windows 7 operating system to Windows 10 Anniversary Update, and how to manage devices, apps, and users in Windows 10 Anniversary Update.
For the best experience, use this guide in tandem with the TechNet Virtual Lab: IT Pro Try-It-Out.
If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free upgrade to Windows 10 Pro Education.
Added the Turn off Windows Mail application Group Policy to the Mail synchronization section. |
-| [Customize and export Start layout](customize-and-export-start-layout.md) | Added a note to clarify that partial Start layout is only supported in Windows 10, version 1511 and later |
+| [Customize and export Start layout](customize-and-export-start-layout.md) | Added a note to clarify that partial Start layout is only supported in Windows 10, version 1511 and later |
| [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | Added instructions for replacing markup characters with escape characters in Start layout XML |
| [Introduction to configuration service providers (CSPs) for IT pros](how-it-pros-can-use-configuration-service-providers.md) | New |
| [Windows 10 Mobile and MDM](windows-10-mobile-and-mdm.md) | New |
-| [Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md) | Added information on servicing options for Windows 10 Mobile, Windows 10 Mobile Enterprise, and Windows 10 IoT Core (IoT Core). |
-
+| [Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md) | Added information on servicing options for Windows 10 Mobile, Windows 10 Mobile Enterprise, and Windows 10 IoT Core (IoT Core). |
+
## December 2015
@@ -185,5 +192,3 @@ The topics in this library have been updated for Windows 10, version 1607 (also
[Change history for Deploy Windows 10](../deploy/change-history-for-deploy-windows-10.md)
[Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md)
-
-
diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md
index a7f9bbef7e..d8710b1bb2 100644
--- a/windows/manage/configure-windows-telemetry-in-your-organization.md
+++ b/windows/manage/configure-windows-telemetry-in-your-organization.md
@@ -98,17 +98,17 @@ Windows telemetry also helps Microsoft better understand how customers use (or d
### Insights into your own organization
-Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well. Microsoft is in the process of developing a set of analytics customized for your internal use. The first of these, called [Windows 10 Upgrade Analytics](../deploy/manage-windows-upgrades-with-upgrade-analytics.md).
+Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well. Microsoft is in the process of developing a set of analytics customized for your internal use. The first of these, called [Upgrade Readiness](../deploy/manage-windows-upgrades-with-upgrade-readiness.md).
-#### Windows 10 Upgrade Analytics
+#### Upgrade Readiness
Upgrading to new operating system versions has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
-To better help customers through this difficult process, Microsoft developed Upgrade Analytics to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis.
+To better help customers through this difficult process, Microsoft developed Upgrade Readiness to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis.
With Windows telemetry enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft.
-Use Upgrade Analytics to get:
+Use Upgrade Readiness to get:
- A visual workflow that guides you from pilot to production
- Detailed computer, driver, and application inventory
@@ -118,7 +118,7 @@ Use Upgrade Analytics to get:
- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
- Data export to commonly used software deployment tools
-The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
+The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
## How is telemetry data handled by Microsoft?
@@ -179,7 +179,7 @@ The levels are cumulative and are illustrated in the following diagram. Also, th
### Security level
-The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windos IoT Core editions.
+The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
> [!NOTE]
> If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
@@ -216,6 +216,8 @@ No user content, such as user files or communications, is gathered at the **Secu
The Basic level gathers a limited set of data that’s critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a particular hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for other non-Windows applications if they have user consent.
+The normal upload range for the Basic telemetry level is between 109 KB - 159 KB per day, per device.
+
The data gathered at this level includes:
- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 in the ecosystem. Examples include:
@@ -256,12 +258,15 @@ The data gathered at this level includes:
- **Windows Store**. Provides information about how the Windows Store performs, including app downloads, installations, and updates. It also includes Windows Store launches, page views, suspend and resumes, and obtaining licenses.
+
### Enhanced level
The Enhanced level gathers data about how Windows and apps are used and how they perform. This level also includes data from both the **Basic** and **Security** levels. This level helps to improve the user experience with the operating system and apps. Data from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements.
This is the default level for Windows 10 Enterprise and Windows 10 Education editions, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues.
+The normal upload range for the Enhanced telemetry level is between 239 KB - 348 KB per day, per device.
+
The data gathered at this level includes:
- **Operating system events**. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.
diff --git a/windows/manage/cortana-at-work-scenario-6.md b/windows/manage/cortana-at-work-scenario-6.md
index ac15463824..2ad1c7cb5c 100644
--- a/windows/manage/cortana-at-work-scenario-6.md
+++ b/windows/manage/cortana-at-work-scenario-6.md
@@ -1,13 +1,14 @@
---
-title: Test scenario 6 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device (Windows 10)
-description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
+title: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email (Windows 10)
+description: A test scenario about how to use Cortana with the Suggested reminders feature.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
+author: eross-msft
localizationpriority: high
---
-# Test scenario 6 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
+# Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
- Windows 10, Windows Insider Program
- Windows 10 Mobile, Windows Insider Program
@@ -16,22 +17,32 @@ localizationpriority: high
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
>[!IMPORTANT]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
+>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/en-us/servicesagreement).
-This optional scenario helps you to protect your organization’s data on a device, based on an inspection by Cortana.
+Cortana automatically finds patterns in your email, suggesting reminders based things that you said you would do so you don’t forget about them. For example, Cortana recognizes that if you include the text, _I’ll get this to you by the end of the week_ in an email, you're making a commitment to provide something by a specific date. Cortana can now suggest that you be reminded about this event, letting you decide whether to keep it or to cancel it.
-## Use Cortana and WIP to protect your organization’s data
+>[!NOTE]
+>The Suggested reminders feature is currently only available in English (en-us).
-1. Create and deploy an WIP policy to your organization. For info about how to do this, see [Protect your enterprise data using Windows Information Protection (WIP)](../keep-secure/protect-enterprise-data-using-wip.md).
+**To use Cortana to create Suggested reminders for you**
-2. Create a new email from a non-protected or personal mailbox, including the text _I’ll send you that presentation tomorrow_.
+1. Make sure that you've connected Cortana to Office 365. For the steps to connect, see [Set up and test Cortana with Office 365 in your organization](cortana-at-work-o365.md).
-3. Wait up to 2 hours to make sure everything has updated, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+2. Click on the **Cortana** search box in the taskbar, click the **Notebook** icon, and then click **Permissions**.
- Cortana automatically pulls your commitment to sending the presentation out of your email, showing it to you.
+3. Make sure the **Contacts, email, calendar, and communication history** option is turned on.
-4. Create a new email from a protected mailbox, including the same text as above, _I’ll send you that presentation tomorrow_.
+ 
-5. Wait until everything has updated again, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+4. Click the **Notebook** icon again, click the **Suggested reminders** option, click to turn on the **All reminder suggestions cards** option, click the **Notify me when something I mentioned doing is coming up** box, and then click **Save**.
+
+ 
+
+5. Create and send an email to yourself (so you can see the Suggested reminder), including the text, _I’ll finish this project by end of day today_.
+
+6. After you get the email, click on the Cortana **Home** icon, and scroll to today’s events.
+
+ If the reminder has a specific date or time associated with it, like end of day, Cortana notifies you at the appropriate time and puts the reminder into the Action Center. Also from the Home screen, you can view the email where you made the promise, set aside time on your calendar, officially set the reminder, or mark the reminder as completed.
+
+ 
- Because it was in an WIP-protected email, the presentation info isn’t pulled out and it isn’t shown to you.
diff --git a/windows/manage/cortana-at-work-scenario-7.md b/windows/manage/cortana-at-work-scenario-7.md
new file mode 100644
index 0000000000..e8d6cfd3ff
--- /dev/null
+++ b/windows/manage/cortana-at-work-scenario-7.md
@@ -0,0 +1,38 @@
+---
+title: Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device (Windows 10)
+description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: eross-msft
+localizationpriority: high
+---
+
+# Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
+
+- Windows 10, Windows Insider Program
+- Windows 10 Mobile, Windows Insider Program
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+>[!IMPORTANT]
+>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
+
+This optional scenario helps you to protect your organization’s data on a device, based on an inspection by Cortana.
+
+## Use Cortana and WIP to protect your organization’s data
+
+1. Create and deploy an WIP policy to your organization. For info about how to do this, see [Protect your enterprise data using Windows Information Protection (WIP)](../keep-secure/protect-enterprise-data-using-wip.md).
+
+2. Create a new email from a non-protected or personal mailbox, including the text _I’ll send you that presentation tomorrow_.
+
+3. Wait up to 2 hours to make sure everything has updated, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+
+ Cortana automatically pulls your commitment to sending the presentation out of your email, showing it to you.
+
+4. Create a new email from a protected mailbox, including the same text as above, _I’ll send you that presentation tomorrow_.
+
+5. Wait until everything has updated again, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+
+ Because it was in an WIP-protected email, the presentation info isn’t pulled out and it isn’t shown to you.
diff --git a/windows/manage/cortana-at-work-testing-scenarios.md b/windows/manage/cortana-at-work-testing-scenarios.md
index 41f734e006..9f97783bca 100644
--- a/windows/manage/cortana-at-work-testing-scenarios.md
+++ b/windows/manage/cortana-at-work-testing-scenarios.md
@@ -18,15 +18,19 @@ localizationpriority: high
We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
-- Sign-in to Cortana using Azure AD, manage entries in the notebook, and search for content across your device, Bing, and the cloud, using Cortana.
+- [Sign-in to Cortana using Azure AD, manage entries in the notebook, and search for content across your device, Bing, and the cloud, using Cortana](cortana-at-work-scenario-1.md)
-- Set a reminder and have it remind you when you’ve reached a specific location.
+- [Perform a quick search with Cortana at work](cortana-at-work-scenario-2.md)
-- Search for your upcoming meetings on your work calendar.
+- [Set a reminder and have it remind you when you’ve reached a specific location](cortana-at-work-scenario-3.md)
-- Send an email to a co-worker from your work email app.
+- [Search for your upcoming meetings on your work calendar](cortana-at-work-scenario-4.md)
-- Use WIP to secure content on a device and then try to manage your organization’s entries in the notebook.
+- [Send an email to a co-worker from your work email app](cortana-at-work-scenario-5.md)
+
+- [Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work-scenario-6.md)
+
+- [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organization’s entries in the notebook](cortana-at-work-scenario-7.md)
>[!IMPORTANT]
>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
\ No newline at end of file
diff --git a/windows/manage/images/cortana-communication-history-permissions.png b/windows/manage/images/cortana-communication-history-permissions.png
new file mode 100644
index 0000000000..db182be13c
Binary files /dev/null and b/windows/manage/images/cortana-communication-history-permissions.png differ
diff --git a/windows/manage/images/cortana-suggested-reminder-settings.png b/windows/manage/images/cortana-suggested-reminder-settings.png
new file mode 100644
index 0000000000..176dbff483
Binary files /dev/null and b/windows/manage/images/cortana-suggested-reminder-settings.png differ
diff --git a/windows/manage/images/cortana-suggested-reminder.png b/windows/manage/images/cortana-suggested-reminder.png
new file mode 100644
index 0000000000..4184bd1b6c
Binary files /dev/null and b/windows/manage/images/cortana-suggested-reminder.png differ
diff --git a/windows/manage/start-layout-xml-desktop.md b/windows/manage/start-layout-xml-desktop.md
index c86fc0cfe6..db4bf8dd66 100644
--- a/windows/manage/start-layout-xml-desktop.md
+++ b/windows/manage/start-layout-xml-desktop.md
@@ -224,7 +224,7 @@ The following example shows how to create a tile of the Web site's URL using the
Column="4"/>
```
-The following table describes the other attributes that you can use with the **start:SecondaryTile** tag in addition to *8Size**, **Row**, and *8Column**.
+The following table describes the other attributes that you can use with the **start:SecondaryTile** tag in addition to **Size**, **Row**, and **Column**.
| Attribute | Required/optional | Description |
| --- | --- | --- |
diff --git a/windows/manage/waas-delivery-optimization.md b/windows/manage/waas-delivery-optimization.md
index 8f9e0d54cd..120818bbe1 100644
--- a/windows/manage/waas-delivery-optimization.md
+++ b/windows/manage/waas-delivery-optimization.md
@@ -99,6 +99,8 @@ Download mode dictates which download sources clients are allowed to use when do
By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and AD DS site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or AD DS site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to peer. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.
>[!NOTE]
+>To generate a GUID using Powershell, use [```[guid]::NewGuid()```](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/)
+>
>This configuration is optional and not required for most implementations of Delivery Optimization.
### Max Cache Age
diff --git a/windows/manage/waas-optimize-windows-10-updates.md b/windows/manage/waas-optimize-windows-10-updates.md
index 773814c884..681a39ca98 100644
--- a/windows/manage/waas-optimize-windows-10-updates.md
+++ b/windows/manage/waas-optimize-windows-10-updates.md
@@ -13,24 +13,24 @@ localizationpriority: high
**Applies to**
-- Windows 10
+- Windows 10
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
When considering your content distribution strategy for Windows 10, think about enabling a form of peer-to-peer content sharing to reduce bandwidth issues during updates. Windows 10 offers two peer-to-peer options for update content distribution: Delivery Optimization and BranchCache. These technologies can be used with several of the servicing tools for Windows 10.
-Two methods of peer-to-peer content distribution are available in Windows 10.
+Two methods of peer-to-peer content distribution are available in Windows 10.
-- [Delivery Optimization](waas-delivery-optimization.md) is a new peer-to-peer distribution method in Windows 10. Windows 10 clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfil peer-to-peer requests.
+- [Delivery Optimization](waas-delivery-optimization.md) is a new peer-to-peer distribution method in Windows 10. Windows 10 clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfil peer-to-peer requests.
- Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources as well as the time it takes for clients to retrieve the updates.
+ Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources as well as the time it takes for clients to retrieve the updates.
-- [BranchCache](waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of the Windows Server 2016 Technical Preview and Windows 10 operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7.
+- [BranchCache](waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of the Windows Server 2016 Technical Preview and Windows 10 operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7.
>[!NOTE]
>Full BranchCache functionality is supported in Windows 10 Enterprise and Education; Windows 10 Pro supports some BranchCache functionality, including BITS transfers used for servicing operations.
- Windows Server Update Services (WSUS) and System Center Configuration Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
+ Windows Server Update Services (WSUS) and System Center Configuration Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
@@ -50,7 +50,7 @@ Windows 10 update downloads can be large because every package contains all prev
### How Microsoft supports Express
- **Express on WSUS Standalone**
-
+
Express update delivery is available on [all support versions of WSUS](https://technet.microsoft.com/library/cc708456(v=ws.10).aspx).
- **Express on devices directly connected to Windows Update**
- **Enterprise devices managed using [Windows Update for Business](waas-manage-updates-wufb.md)** also get the benefit of Express update delivery support without any change in configuration.
@@ -61,7 +61,7 @@ For OS updates that support Express, there are two versions of the file payload
1. **Full-file version** - essentially replacing the local versions of the update binaries.
2. **Express version** - containing the deltas needed to patch the existing binaries on the device.
-Both the full-file version and the Express version are referenced in the udpate's metadata, which has been downloaded to the client as part of the scan phase.
+Both the full-file version and the Express version are referenced in the update's metadata, which has been downloaded to the client as part of the scan phase.
**Express download works as follows:**
@@ -96,7 +96,7 @@ or [Manage Windows 10 updates using System Center Configuration Manager](waas-ma
## Related topics
- [Update Windows 10 in the enterprise](waas-update-windows-10.md)
-- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md)
+- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md)
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
- [Configure Windows Update for Business](waas-configure-wufb.md)
@@ -104,5 +104,3 @@ or [Manage Windows 10 updates using System Center Configuration Manager](waas-ma
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md)
- [Manage device restarts after updates](waas-restart.md)
-
-
diff --git a/windows/manage/windows-store-for-business-overview.md b/windows/manage/windows-store-for-business-overview.md
index c2ce1d7706..59c4b92895 100644
--- a/windows/manage/windows-store-for-business-overview.md
+++ b/windows/manage/windows-store-for-business-overview.md
@@ -89,50 +89,12 @@ For more information, see [Sign up for the Store for Business](../manage/sign-up
After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions.
-
-
-
+| Permission | Account settings | Acquire apps | Distribute apps | Device Guard signing |
+| ---------- | ---------------- | ------------ | --------------- | -------------------- |
+| Admin | X | X | X | |
+| Purchaser | | X | X | |
+| Device Guard signer | | | | X |
-
In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](../manage/manage-users-and-groups-windows-store-for-business.md).
Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with the Store for Business.
@@ -367,7 +329,19 @@ Store for Business is currently available in these markets.
-
-
-
-Permission
-Account settings
-Acquire apps
-Distribute apps
-Device Guard signing
-
-
-
-
-
-
-
-
-
-
-
-
-
-