Merge branch 'master' into App-v-revision

windows/application-management/manage-windows-mixed-reality.md

@@ -9,7 +9,7 @@ ms.localizationpriority: medium
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 04/30/2018
+ms.date: 05/16/2018
 ---
 
 # Enable or block Windows Mixed Reality apps in the enterprise
@@ -44,7 +44,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
 
     ```
     Add-Package
-    Dism /Image:C:\test\offline /Add-Package /PackagePath:*path to the cab file*
+    Dism /Online /add-windowspackage <cab>
     ```
 
   c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.

windows/configuration/change-history-for-configure-windows-10.md

@@ -22,6 +22,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
 New or changed topic | Description
 --- | ---
 [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Added note that Wi-Fi Sense is no longer available.
+Topics about Windows 10 diagnostic data | Moved to [Windows Privacy](https://docs.microsoft.com/windows/privacy/).
 
 ## RELEASE: Windows 10, version 1803
 

windows/hub/breadcrumb/toc.yml

@@ -25,6 +25,9 @@
             - name: Mobile Device Management
               tocHref: /windows/client-management/mdm/
               topicHref: /windows/client-management/mdm/index
+        - name: Privacy
+          tocHref: /windows/privacy/
+          topicHref: /windows/privacy/index
         - name: Security
           tocHref: /windows/security/
           topicHref: /windows/security/index

windows/privacy/breadcrumb/toc.yml

@@ -1,3 +0,0 @@
-- name: Docs
-  tocHref: /
-  topicHref: /

windows/privacy/docfx.json

@@ -33,8 +33,7 @@
     "externalReference": [],
     "globalMetadata": {
       "uhfHeaderId": "MSDocsHeader-WindowsIT", 
-      "breadcrumb_path": "/windows/privacy/breadcrumb/toc.json",
-      "extendBreadcrumb": true,
+      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
       "ms.technology": "windows",
       "ms.topic": "article",
 		  "ms.author": "daniha",

windows/privacy/gdpr-it-guidance.md

@@ -178,7 +178,7 @@ If an IT organization has not disabled this policy, users within the organizatio
 
 Windows 10, version 1803, and later can provide users with a notification during their logon. If the IT organization has not disabled the Group Policy **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in change notifications** or the MDM policy **ConfigureTelemetryOptInChangeNotification**, Windows diagnostic data notifications can appear at logon so that the users of a device are aware of the data collection.
 
-This notification can also be shown when the diagnostic level for the device was changed. For instance, if the telemetry level on the device is set to “Basic” and the IT organization changes it to “Full”, users will be notified on their next logon.
+This notification can also be shown when the diagnostic level for the device was changed. For instance, if the diagnostic level on the device is set to “Basic” and the IT organization changes it to “Full”, users will be notified on their next logon.
 
 ### Diagnostic Data Viewer (DDV)
 

windows/privacy/manage-windows-endpoints.md

@@ -24,13 +24,13 @@ Some Windows components, app, and related services transfer data to Microsoft ne
 -	Connecting to the cloud to store and access backups.
 -	Using your location to show a weather forecast.
 
-This article lists different endpoints that are available on a clean installation of Windows 10 Enterprise, version 1709 and later.
+This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
 Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). 
 Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. 
 
 We used the following methodology to derive these network endpoints:
 
-1.	Set up the latest version of Windows 10 Enterprise test virtual machine using the default settings. 
+1.	Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
 2.	Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
 3.	Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
 4.	Compile reports on traffic going to public IP addresses.
@@ -39,6 +39,8 @@ We used the following methodology to derive these network endpoints:
 > [!NOTE]
 > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
 
+## Windows 10 Enterprise connection endpoints
+
 ## Apps
 
 The following endpoint is used to download updates to the Weather app Live Tile. 

windows/privacy/windows-personal-data-services-configuration.md

@@ -43,44 +43,49 @@ This setting determines the amount of Windows diagnostic data sent to Microsoft.
 
 #### Group Policy
 
-| | |
-|:-|:-|
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
-| **Policy Name** | Allow Telemetry |
-| **Default setting** | 2 - Enhanced |
-| **Recommended** | 2 - Enhanced |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
+>| **Policy Name** | Allow Telemetry |
+>| **Default setting** | 2 - Enhanced |
+>| **Recommended** | 2 - Enhanced |
 
-| | |
-|:-|:-|
-| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
-| **Policy Name** | Allow Telemetry |
-| **Default setting** | 2 - Enhanced |
-| **Recommended** | 2 - Enhanced |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
+>| **Policy Name** | Allow Telemetry |
+>| **Default setting** | 2 - Enhanced |
+>| **Recommended** | 2 - Enhanced |
 
 #### Registry
 
-| | |
-|:-|:-|
-| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
-| **Value** | AllowTelemetry |
-| **Type** | REG_DWORD |
-| **Setting** | "00000002" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
+>| **Value** | AllowTelemetry |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000002" |
 
-| | |
-|:-|:-|
-| **Registry key** | HKCU\Software\Policies\Microsoft\Windows\DataCollection |
-| **Value** | AllowTelemetry |
-| **Type** | REG_DWORD |
-| **Setting** | "00000002" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKCU\Software\Policies\Microsoft\Windows\DataCollection |
+>| **Value** | AllowTelemetry |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000002" |
 
 #### MDM
 
-| | |
-|:-|:-|
-| **MDM CSP** | System |
-| **Policy** | AllowTelemetry (scope: device and user)  |
-| **Default setting** | 2 – Enhanced |
-| **Recommended** | 2 – Allowed |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **MDM CSP** | System |
+>| **Policy** | AllowTelemetry (scope: device and user)  |
+>| **Default setting** | 2 – Enhanced |
+>| **Recommended** | 2 – Allowed |
 
 ### Diagnostic opt-in change notifications
 
@@ -88,30 +93,33 @@ This setting determines whether a device shows notifications about Windows diagn
 
 #### Group Policy
 
-| | |
-|:-|:-|
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
-| **Policy Name** | Configure telemetry opt-in change notifications |
-| **Default setting** | Enabled |
-| **Recommended** | Enabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
+>| **Policy Name** | Configure telemetry opt-in change notifications |
+>| **Default setting** | Enabled |
+>| **Recommended** | Enabled |
 
 #### Registry
 
-| | |
-|:-|:-|
-| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
-| **Value** | DisableTelemetryOptInChangeNotification |
-| **Type** | REG_DWORD |
-| **Setting** | "00000001" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
+>| **Value** | DisableTelemetryOptInChangeNotification |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000001" |
 
 #### MDM
 
-| | |
-|:-|:-|
-| **MDM CSP** | System |
-| **Policy** | ConfigureTelemetryOptInChangeNotification  |
-| **Default setting** | 0 – Enabled |
-| **Recommended** | 0 – Enabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **MDM CSP** | System |
+>| **Policy** | ConfigureTelemetryOptInChangeNotification  |
+>| **Default setting** | 0 – Enabled |
+>| **Recommended** | 0 – Enabled |
 
 ### Configure telemetry opt-in setting user interface
 
@@ -119,30 +127,33 @@ This setting determines whether people can change their own Windows diagnostic d
 
 #### Group Policy
 
-| | |
-|:-|:-|
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
-| **Policy Name** | Configure telemetry opt-in setting user interface |
-| **Default setting** | Enabled |
-| **Recommended** | Enabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
+>| **Policy Name** | Configure telemetry opt-in setting user interface |
+>| **Default setting** | Enabled |
+>| **Recommended** | Enabled |
 
 #### Registry
 
-| | |
-|:-|:-|
-| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
-| **Value** | DisableTelemetryOptInSettingsUx |
-| **Type** | REG_DWORD |
-| **Setting** | "00000001" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
+>| **Value** | DisableTelemetryOptInSettingsUx |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000001" |
 
 #### MDM
 
-| | |
-|:-|:-|
-| **MDM CSP** | System |
-| **Policy** | ConfigureTelemetryOptInSettingsUx  |
-| **Default setting** | 0 – Enabled |
-| **Recommended** | 0 – Enabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **MDM CSP** | System |
+>| **Policy** | ConfigureTelemetryOptInSettingsUx  |
+>| **Default setting** | 0 – Enabled |
+>| **Recommended** | 0 – Enabled |
 
 ## Policies affecting personal data protection managed by the Enterprise IT
 
@@ -158,66 +169,73 @@ The following settings determine whether fixed and removable drives are protecte
 
 #### Group Policy
 
-| | |
-|:-|:-|
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Fixed Data Drives |
-| **Policy Name** | Deny write access to fixed drives not protected by BitLocker |
-| **Default setting** | Not configured |
-| **Recommended** | Enabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Fixed Data Drives |
+>| **Policy Name** | Deny write access to fixed drives not protected by BitLocker |
+>| **Default setting** | Not configured |
+>| **Recommended** | Enabled |
 
 #### Registry
 
-| | |
-|:-|:-|
-| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE |
-| **Value** | FDVDenyWriteAccess |
-| **Type** | REG_DWORD |
-| **Setting** | "00000001" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE |
+>| **Value** | FDVDenyWriteAccess |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000001" |
 
 #### MDM
 
-| | |
-|:-|:-|
-| **MDM CSP** | BitLocker |
-| **Policy** | RemovableDrivesRequireEncryption  |
-| **Default setting** | Disabled |
-| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#fixeddrivesrequireencryption)) |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **MDM CSP** | BitLocker |
+>| **Policy** | RemovableDrivesRequireEncryption  |
+>| **Default setting** | Disabled |
+>| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#fixeddrivesrequireencryption)) |
 
 #### Removable Data Drives
 
 #### Group Policy
 
-| | |
-|:-|:-|
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Removable Data Drives |
-| **Policy Name** | Deny write access to removable drives not protected by BitLocker |
-| **Default setting** | Not configured |
-| **Recommended** | Enabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Removable Data Drives |
+>| **Policy Name** | Deny write access to removable drives not protected by BitLocker |
+>| **Default setting** | Not configured |
+>| **Recommended** | Enabled |
 
 #### Registry
 
-| | |
-|:-|:-|
-| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE |
-| **Value** | RDVDenyWriteAccess |
-| **Type** | REG_DWORD |
-| **Setting** | "00000001" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE |
+>| **Value** | RDVDenyWriteAccess |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000001" |
 
-| | |
-|:-|:-|
-| **Registry key** | HKLM\Software\Policies\Microsoft\FVE |
-| **Value** | RDVDenyCrossOrg |
-| **Type** | REG_DWORD |
-| **Setting** | "00000000" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKLM\Software\Policies\Microsoft\FVE |
+>| **Value** | RDVDenyCrossOrg |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000000" |
 
 #### MDM
 
-| | |
-|:-|:-|
-| **MDM CSP** | BitLocker |
-| **Policy** | RemovableDrivesRequireEncryption  |
-| **Default setting** | Disabled |
-| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#removabledrivesrequireencryption)) |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **MDM CSP** | BitLocker |
+>| **Policy** | RemovableDrivesRequireEncryption  |
+>| **Default setting** | Disabled |
+>| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#removabledrivesrequireencryption)) |
 
 ### Privacy – AdvertisingID
 
@@ -225,30 +243,33 @@ This setting determines if the advertising ID, which preventing apps from using
 
 #### Group Policy
 
-| | |
-|:-|:-|
-| **Group Policy** | Computer Configuration\Administrative Templates\System\User Profiles |
-| **Policy Name** | Turn off the advertising ID |
-| **Default setting** | Not configured |
-| **Recommended** | Enabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | Computer Configuration\Administrative Templates\System\User Profiles |
+>| **Policy Name** | Turn off the advertising ID |
+>| **Default setting** | Not configured |
+>| **Recommended** | Enabled |
 
 #### Registry
 
-| | |
-|:-|:-|
-| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo |
-| **Value** | DisabledByGroupPolicy |
-| **Type** | REG_DWORD |
-| **Setting** | "00000001" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo |
+>| **Value** | DisabledByGroupPolicy |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000001" |
 
 #### MDM
 
-| | |
-|:-|:-|
-| **MDM CSP** | Privacy |
-| **Policy** | DisableAdvertisingId  |
-| **Default setting** | 65535 (default) - Not configured |
-| **Recommended** | 1 – Enabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **MDM CSP** | Privacy |
+>| **Policy** | DisableAdvertisingId  |
+>| **Default setting** | 65535 (default) - Not configured |
+>| **Recommended** | 1 – Enabled |
 
 ### Edge
 
@@ -259,44 +280,49 @@ These settings whether employees send “Do Not Track” from the Microsoft Edge
 
 #### Group Policy
 
-| | |
-|:-|:-|
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge |
-| **Policy Name** | Configure Do Not Track |
-| **Default setting** | Disabled |
-| **Recommended** | Disabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge |
+>| **Policy Name** | Configure Do Not Track |
+>| **Default setting** | Disabled |
+>| **Recommended** | Disabled |
 
-| | |
-|:-|:-|
-| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Microsoft Edge |
-| **Policy Name** | Configure Do Not Track |
-| **Default setting** | Disabled |
-| **Recommended** | Disabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Microsoft Edge |
+>| **Policy Name** | Configure Do Not Track |
+>| **Default setting** | Disabled |
+>| **Recommended** | Disabled |
 
 #### Registry
 
-| | |
-|:-|:-|
-| **Registry key** | HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main |
-| **Value** | DoNotTrack |
-| **Type** | REG_DWORD |
-| **Setting** | "00000000" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main |
+>| **Value** | DoNotTrack |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000000" |
 
-| | |
-|:-|:-|
-| **Registry key** | HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main |
-| **Value** | DoNotTrack |
-| **Type** | REG_DWORD |
-| **Setting** | "00000000" |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Registry key** | HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main |
+>| **Value** | DoNotTrack |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000000" |
 
 #### MDM
 
-| | |
-|:-|:-|
-| **MDM CSP** | Browser |
-| **Policy** | AllowDoNotTrack (scope: device + user)  |
-| **Default setting** | 0 (default) – Not allowed |
-| **Recommended** | 0 – Not allowed |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **MDM CSP** | Browser |
+>| **Policy** | AllowDoNotTrack (scope: device + user)  |
+>| **Default setting** | 0 (default) – Not allowed |
+>| **Recommended** | 0 – Not allowed |
 
 ### Internet Explorer
 
@@ -304,41 +330,46 @@ These settings whether employees send “Do Not Track” header from the Microso
 
 #### Group Policy
 
-| | |
-|:-|:-|
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
-| **Policy Name** | Always send Do Not Track header |
-| **Default setting** | Disabled |
-| **Recommended** | Disabled |
+> [!div class="mx-tableFixed"]
+>| | |
+>|:-|:-|
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
+>| **Policy Name** | Always send Do Not Track header |
+>| **Default setting** | Disabled |
+>| **Recommended** | Disabled |
 
-|||
-|:-|:-|
-| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
-| **Policy Name** | Always send Do Not Track header |
-| **Default setting** | Disabled |
-| **Recommended** | Disabled |
+> [!div class="mx-tableFixed"]
+>|||
+>|:-|:-|
+>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
+>| **Policy Name** | Always send Do Not Track header |
+>| **Default setting** | Disabled |
+>| **Recommended** | Disabled |
 
 #### Registry
 
-|||
-|:-|:-|
-| **Registry key** | HKLM\Software\Policies\Microsoft\Internet Explorer\Main |
-| **Value** | DoNotTrack |
-| **Type** | REG_DWORD |
-| **Setting** | "00000000" |
+> [!div class="mx-tableFixed"]
+>|||
+>|:-|:-|
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Internet Explorer\Main |
+>| **Value** | DoNotTrack |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000000" |
 
-|||
-|:-|:-|
-| **Registry key** | HKCU\Software\Policies\Microsoft\Internet Explorer\Main |
-| **Value** | DoNotTrack |
-| **Type** | REG_DWORD |
-| **Setting** | "00000000" |
+> [!div class="mx-tableFixed"]
+>|||
+>|:-|:-|
+>| **Registry key** | HKCU\Software\Policies\Microsoft\Internet Explorer\Main |
+>| **Value** | DoNotTrack |
+>| **Type** | REG_DWORD |
+>| **Setting** | "00000000" |
 
 #### MDM
 
-|||
-|:-|:-|
-| **MDM CSP** | N/A |
+> [!div class="mx-tableFixed"]
+>|||
+>|:-|:-|
+>| **MDM CSP** | N/A |
 
 ## Additional resources