Merge branch 'master' into 7087905

2025-06-15 10:23:37 +00:00 · 2016-05-04 13:20:16 -07:00
parent 3ba2a8517e 37da37dc47
commit 3ec059b53e
25 changed files with 386 additions and 1098 deletions
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@ -16,9 +16,9 @@ title: Collect data using Enterprise Site Discovery
 -   Windows 8.1 Update
 -   Windows 7 with Service Pack 1 (SP1)
-Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
+Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
-## Requirements
+## Before you begin
 Before you start, you need to make sure you have the following:
 -   Latest cumulative security update (for all supported versions of Internet Explorer):
@ -43,7 +43,7 @@ Before you start, you need to make sure you have the following:
        You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
-Both the PowerShell script and .mof file need to be copied to the same location on the client computer, before you run the scripts.
+Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
 ## What data is collected?
 Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
@ -67,7 +67,7 @@ Data is collected on the configuration characteristics of IE and the sites it br
 The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
 ## Where is the data stored and how do I collect it?
-The data is stored locally, in an industry-standard WMI class, Managed Object Format (.MOF) file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
+The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
 -   **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
@ -80,48 +80,55 @@ On average, a website generates about 250bytes of data for each visit, causing o
 <p>**Important**<br>The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
 ## Getting ready to use Enterprise Site Discovery
 Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
 - Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
 -OR-
 - Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
 -OR-
 - Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
 ### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
 You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
 <p>**Important**<br>You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
- ![](images/wedge.gif) **To set up Enterprise Site Discovery**
+![](images/wedge.gif) **To set up Enterprise Site Discovery**
-   Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
 ### Optional: Set up your firewall for WMI data
 ### WMI only: Set up your firewall for WMI data
 If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
- ![](images/wedge.gif) **To set up your firewall**
+![](images/wedge.gif) **To set up your firewall**
-1.  In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
+1.	In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-2.  In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
+2.	In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-3.  Restart your computer to start collecting your WMI data.
+3.	Restart your computer to start collecting your WMI data.
-## Setting up Enterprise Site Discovery using PowerShell
+## Use PowerShell to finish setting up Enterprise Site Discovery
-After you finish the initial setup for Site Discovery using PowerShell, you have the option to continue with PowerShell or to switch to Group Policy.
+You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
 <p>**Important**<br>The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
-### Setting up zones or domains for data collection
+- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
 You can determine which zones or domains are used for data collection, using PowerShell.
-   **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
+- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
 -   **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
 ![](images/wedge.gif) **To set up data collection using a domain allow list**
-
+ 
-   Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
+ - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
-<p>**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
+ 
    **Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
 ![](images/wedge.gif) **To set up data collection using a zone allow list**
 - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
    **Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-   Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
+## Use Group Policy to finish setting up Enterprise Site Discovery
-<p>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
+You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
 ## Setting up Enterprise Site Discovery using Group Policy
 If you don’t want to continue using PowerShell, you can switch to Group Policy after the initial Site Discovery setup.
 <p>**Note**<br> All of the Group Policy settings can be used individually or as a group.
 ![](images/wedge.gif) **To set up Enterprise Site Discovery using Group Policy**
@ -136,7 +143,6 @@ If you don’t want to continue using PowerShell, you can switch to Group Policy
 |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:<p>microsoft.sharepoint.com<br>outlook.com<br>onedrive.com<br>timecard.contoso.com<br>LOBApp.contoso.com |
 ### Combining WMI and XML Group Policy settings
 You can use both the WMI and XML settings individually or together, based on:
 ![](images/wedge.gif) **To turn off Enterprise Site Discovery**
@ -163,12 +169,17 @@ You can use both the WMI and XML settings individually or together, based on:
  <li><b>Turn on Site Discovery XML output:</b> XML file path</li>
 </ul>
 ## Use Configuration Manager to collect your data
-After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, in one of the following ways.
+After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
-### Collect your hardware inventory using the MOF Editor while connecting to a computer
+- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
-You can collect your hardware inventory using the MOF Editor, while you’re connected to your client computers.
+-OR-
 - Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
 -OR-
 - Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
 ### Collect your hardware inventory using the MOF Editor while connected to a client device
 You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
 ![](images/wedge.gif) **To collect your inventory**
@ -193,8 +204,8 @@ You can collect your hardware inventory using the MOF Editor, while you’re con
 5.  Click **OK** to close the default windows.<br>
 Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the MOF Editor with a MOF import file
+### Collect your hardware inventory using the MOF Editor with a .MOF import file
-You can collect your hardware inventory using the MOF Editor and a MOF import file.
+You can collect your hardware inventory using the MOF Editor and a .MOF import file.
 ![](images/wedge.gif) **To collect your inventory**
@ -207,8 +218,8 @@ You can collect your hardware inventory using the MOF Editor and a MOF import fi
 4.  Click **OK** to close the default windows.<br>
 Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file
+### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file.
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
 ![](images/wedge.gif) **To collect your inventory**
@ -281,7 +292,7 @@ You can collect your hardware inventory using the using the Systems Management S
 3.  Save the file and close it to the same location.<br>
 Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Viewing the sample reports
+## View the sample reports with your collected data
 The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
 ### SCCM Report Sample – ActiveX.rdl
@ -336,7 +347,7 @@ Each site is validated and if successful, added to the global site list when you
 3.  Click **OK** to close the **Bulk add sites to the list** menu.
-## Turn off data collection on your client computers
+## Turn off data collection on your client devices
 After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
 ![](images/wedge.gif) **To stop collecting data, using PowerShell**
--- a/mdop/appv-v5/about-client-configuration-settings51.md
+++ b/mdop/appv-v5/about-client-configuration-settings51.md
@ -15,444 +15,46 @@ The Microsoft Application Virtualization (App-V) 5.1 client stores its configura
 The following table displays information about the App-V 5.1 client configuration settings:
-<table style="width:100%;">
+|Setting name | Setup Flag | Description | Setting Options | Registry Key Value | Disabled Policy State Keys and Values |
-<colgroup>
+|-------------|------------|-------------|-----------------|--------------------|--------------------------------------|
-<col width="16%" />
+| PackageInstallationRoot | PACKAGEINSTALLATIONROOT | Specifies directory where all new applications and updates will be installed. | String | Streaming\PackageInstallationRoot | Policy value not written (same as Not Configured) |
-<col width="16%" />
+| PackageSourceRoot | PACKAGESOURCEROOT | Overrides source location for downloading package content. | String | Streaming\PackageSourceRoot | Policy value not written (same as Not Configured) |
-<col width="16%" />
+| AllowHighCostLaunch | Not available. |This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | True (enabled); False (Disabled state) | Streaming\AllowHighCostLaunch | 0 |
-<col width="16%" />
+| ReestablishmentRetries | Not available. | Specifies the number of times to retry a dropped session. | Integer (0-99) | Streaming\ReestablishmentRetries | Policy value not written (same as Not Configured) |
-<col width="16%" />
+| ReestablishmentInterval | Not available. | Specifies the number of seconds between attempts to reestablish a dropped session. | Integer (0-3600) | Streaming\ReestablishmentInterval | Policy value not written (same as Not Configured) |
-<col width="16%" />
+| LocationProvider | Not available. | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | String | Streaming\LocationProvider | Policy value not written (same as Not Configured) |
-</colgroup>
+| CertFilterForClientSsl | Not available. | Specifies the path to a valid certificate in the certificate store. | String | Streaming\CertFilterForClientSsl | Policy value not written (same as Not Configured) |
-<thead>
+| VerifyCertificateRevocationList | Not available. | Verifies Server certificate revocation status before steaming using HTTPS. | True(enabled); False(Disabled state) | Streaming\VerifyCertificateRevocationList | 0 |
-<tr class="header">
+| SharedContentStoreMode | SHAREDCONTENTSTOREMODE | Specifies that streamed package contents will be not be saved to the local hard disk. | True(enabled); False(Disabled state) | Streaming\SharedContentStoreMode | 0 |
-<th align="left">Setting Name</th>
+| Name<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERNAME | Displays the name of publishing server. | String | Publishing\Servers\{serverId}\FriendlyName | Policy value not written (same as Not Configured) |
-<th align="left">Setup Flag</th>
+| URL<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERURL | Displays the URL of publishing server. | String | Publishing\Servers\{serverId}\URL | Policy value not written (same as Not Configured) |
-<th align="left">Description</th>
+| GlobalRefreshEnabled<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHENABLED | Enables global publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalEnabled | False |
-<th align="left">Setting Options</th>
+| GlobalRefreshOnLogon<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHONLOGON | Triggers a global publishing refresh on logon. ( Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalLogonRefresh | False |
-<th align="left">Registry Key Value</th>
+| GlobalRefreshInterval<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVAL | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | Integer (0-744) | Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval | 0 |
-<th align="left">Disabled Policy State Keys and Values</th>
+| GlobalRefreshIntervalUnit <br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVALUNI | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit | 1 |
-</tr>
+| UserRefreshEnabled<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHENABLED | Enables user publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserEnabled | False |
-</thead>
+| UserRefreshOnLogon<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHONLOGON | Triggers a user publishing refresh onlogon. ( Boolean)<br>Word count (with spaces): 60 | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserLogonRefresh | False |
-<tbody>
+| UserRefreshInterval<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVAL | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | Word count (with spaces): 85<br>Integer (0-744 Hours) | Publishing\Servers\{serverId}\UserPeriodicRefreshInterval | 0 |
-<tr class="odd">
+| UserRefreshIntervalUnit<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVALUNIT | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit | 1 |
-<td align="left"><p>PackageInstallationRoot</p></td>
+| MigrationMode | MIGRATIONMODE | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | True(enabled state); False (disabled state) | Coexistence\MigrationMode | |
-<td align="left"><p>PACKAGEINSTALLATIONROOT</p></td>
+| CEIPOPTIN | CEIPOPTIN | Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application. | 0 for disabled; 1 for enabled | SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable | 0 | 
-<td align="left"><p>Specifies directory where all new applications and updates will be installed.</p></td>
+| EnablePackageScripts | ENABLEPACKAGESCRIPTS | Enables scripts defined in the package manifest of configuration files that should run. | True(enabled); False(Disabled state) | \Scripting\EnablePackageScripts | | 
-<td align="left"><p>String</p></td>
+| RoamingFileExclusions | ROAMINGFILEEXCLUSIONS | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | | | |
-<td align="left"><p>Streaming\PackageInstallationRoot</p></td>
+| RoamingRegistryExclusions | ROAMINGREGISTRYEXCLUSIONS | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | String | Integration\RoamingReglstryExclusions | Policy value not written (same as Not Configured) |
-<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
+| IntegrationRootUser | Not available. | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.| String | Integration\IntegrationRootUser | Policy value not written (same as Not Configured) |
-</tr>
+|IntegrationRootGlobal | Not available.| Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration | String | Integration\IntegrationRootGlobal | Policy value not written (same as Not Configured) |
-<tr class="even">
+| VirtualizableExtensions | Not available. | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.<br>When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually.<br>For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md). | String | Integration\VirtualizableExtensions | Policy value not written |
-<td align="left"><p>PackageSourceRoot</p></td>
+| ReportingEnabled | Not available. | Enables the client to return information to a reporting server. | True (enabled); False (Disabled state) | Reporting\EnableReporting | False |
-<td align="left"><p>PACKAGESOURCEROOT</p></td>
+| ReportingServerURL | Not available. | Specifies the location on the reporting server where client information is saved. | String | Reporting\ReportingServer | Policy value not written (same as Not Configured) |
-<td align="left"><p>Overrides source location for downloading package content.</p></td>
+| ReportingDataCacheLimit | Not available. | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Integer [0-1024] | Reporting\DataCacheLimit | Policy value not written (same as Not Configured) |
-<td align="left"><p>String</p></td>
+| ReportingDataBlockSize| Not available. | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Integer [1024 - Unlimited] | Reporting\DataBlockSize | Policy value not written (same as Not Configured) |
-<td align="left"><p>Streaming\PackageSourceRoot</p></td>
+| ReportingStartTime | Not available. | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.<br>**Note** You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline. | Integer (0 – 23) | Reporting\ StartTime | Policy value not written (same as Not Configured) |
-<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
+| ReportingInterval | Not available. | Specifies the retry interval that the client will use to resend data to the reporting server. | Integer | Reporting\RetryInterval | Policy value not written (same as Not Configured) |
-</tr>
+| ReportingRandomDelay | Not available. | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Integer [0 - ReportingRandomDelay] | Reporting\RandomDelay | Policy value not written (same as Not Configured) |
-<tr class="odd">
+| EnableDynamicVirtualization<br>**Important** This setting is available only with App-V 5.0 SP2 or later. | Not available. | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization | |
-<td align="left"><p>AllowHighCostLaunch</p></td>
+| EnablePublishingRefreshUI<br>**Important** This setting is available only with App-V 5.0 SP2. | Not available. | Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing | |
-<td align="left"><p>Not available.</p></td>
+| HideUI<br>**Important**  This setting is available only with App-V 5.0 SP2.| Not available. | Hides the publishing refresh progress bar. | 1 (Enabled), 0 (Disabled) | | |
-<td align="left"><p>This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G).</p></td>
+| ProcessesUsingVirtualComponents | Not available. | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | String | Virtualization\ProcessesUsingVirtualComponents | Empty string. |
 <td align="left"><p>True (enabled); False (Disabled state)</p></td>
 <td align="left"><p>Streaming\AllowHighCostLaunch</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ReestablishmentRetries</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the number of times to retry a dropped session.</p></td>
 <td align="left"><p>Integer (0-99)</p></td>
 <td align="left"><p>Streaming\ReestablishmentRetries</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReestablishmentInterval</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the number of seconds between attempts to reestablish a dropped session.</p></td>
 <td align="left"><p>Integer (0-3600)</p></td>
 <td align="left"><p>Streaming\ReestablishmentInterval</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>AutoLoad</p></td>
 <td align="left"><p>AUTOLOAD</p></td>
 <td align="left"><p>Specifies how new packages should be loaded automatically by App-V on a specific computer.</p></td>
 <td align="left"><p>(0x0) None; (0x1) Previously used; (0x2) All</p></td>
 <td align="left"><p>Streaming\AutoLoad</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>LocationProvider</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Streaming\LocationProvider</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>CertFilterForClientSsl</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the path to a valid certificate in the certificate store.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Streaming\CertFilterForClientSsl</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>VerifyCertificateRevocationList</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Verifies Server certificate revocation status before steaming using HTTPS.</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Streaming\VerifyCertificateRevocationList</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>SharedContentStoreMode</p></td>
 <td align="left"><p>SHAREDCONTENTSTOREMODE</p></td>
 <td align="left"><p>Specifies that streamed package contents will be not be saved to the local hard disk.</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Streaming\SharedContentStoreMode</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Name</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>PUBLISHINGSERVERNAME</p></td>
 <td align="left"><p>Displays the name of publishing server.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\FriendlyName</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>URL</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>PUBLISHINGSERVERURL</p></td>
 <td align="left"><p>Displays the URL of publishing server.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\URL</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>GlobalRefreshEnabled</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>GLOBALREFRESHENABLED</p></td>
 <td align="left"><p>Enables global publishing refresh (Boolean)</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\GlobalEnabled</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>GlobalRefreshOnLogon</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>GLOBALREFRESHONLOGON</p></td>
 <td align="left"><p>Triggers a global publishing refresh on logon. ( Boolean)</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\GlobalLogonRefresh</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>GlobalRefreshInterval</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>GLOBALREFRESHINTERVAL  </p></td>
 <td align="left"><p>Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.</p></td>
 <td align="left"><p>Integer (0-744</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>GlobalRefreshIntervalUnit</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>GLOBALREFRESHINTERVALUNI</p></td>
 <td align="left"><p>Specifies the interval unit (Hour 0-23, Day 0-31). </p></td>
 <td align="left"><p>0 for hour, 1 for day</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>UserRefreshEnabled</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>USERREFRESHENABLED </p></td>
 <td align="left"><p>Enables user publishing refresh (Boolean)</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\UserEnabled</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>UserRefreshOnLogon</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>USERREFRESHONLOGON</p></td>
 <td align="left"><p>Triggers a user publishing refresh onlogon. ( Boolean)</p>
 <p>Word count (with spaces): 60</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\UserLogonRefresh</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>UserRefreshInterval</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>USERREFRESHINTERVAL     </p></td>
 <td align="left"><p>Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.</p>
 <p>Word count (with spaces): 85</p></td>
 <td align="left"><p>Integer (0-744 Hours)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\UserPeriodicRefreshInterval</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>UserRefreshIntervalUnit</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>USERREFRESHINTERVALUNIT  </p></td>
 <td align="left"><p>Specifies the interval unit (Hour 0-23, Day 0-31). </p></td>
 <td align="left"><p>0 for hour, 1 for day</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>MigrationMode</p></td>
 <td align="left"><p>MIGRATIONMODE</p></td>
 <td align="left"><p>Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V.</p></td>
 <td align="left"><p>True(enabled state); False (disabled state)</p></td>
 <td align="left"><p>Coexistence\MigrationMode</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>CEIPOPTIN</p></td>
 <td align="left"><p>CEIPOPTIN</p></td>
 <td align="left"><p>Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application.</p></td>
 <td align="left"><p>0 for disabled; 1 for enabled</p></td>
 <td align="left"><p>SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>EnablePackageScripts</p></td>
 <td align="left"><p>ENABLEPACKAGESCRIPTS</p></td>
 <td align="left"><p>Enables scripts defined in the package manifest of configuration files that should run.</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>\Scripting\EnablePackageScripts</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>RoamingFileExclusions</p></td>
 <td align="left"><p>ROAMINGFILEEXCLUSIONS</p></td>
 <td align="left"><p>Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures'</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>RoamingRegistryExclusions</p></td>
 <td align="left"><p>ROAMINGREGISTRYEXCLUSIONS</p></td>
 <td align="left"><p>Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Integration\RoamingReglstryExclusions</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>IntegrationRootUser</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Integration\IntegrationRootUser</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>IntegrationRootGlobal</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Integration\IntegrationRootGlobal</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>VirtualizableExtensions</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.</p>
 <p>When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the <strong>RunVirtual</strong> command line parameter will be added, and the application will run virtually.</p>
 <p>For more information about the <strong>RunVirtual</strong> parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md).</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Integration\VirtualizableExtensions</p></td>
 <td align="left"><p>Policy value not written</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReportingEnabled</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Enables the client to return information to a reporting server.</p></td>
 <td align="left"><p>True (enabled); False (Disabled state)</p></td>
 <td align="left"><p>Reporting\EnableReporting</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ReportingServerURL</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the location on the reporting server where client information is saved.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Reporting\ReportingServer</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReportingDataCacheLimit</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.</p></td>
 <td align="left"><p>Integer [0-1024]</p></td>
 <td align="left"><p>Reporting\DataCacheLimit</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ReportingDataBlockSize</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.</p></td>
 <td align="left"><p>Integer [1024 - Unlimited]</p></td>
 <td align="left"><p>Reporting\DataBlockSize</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReportingStartTime</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the <strong>ReportingStartTime</strong> will start on the current day at 10 P.M.or 22.</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>Integer (0 – 23)</p></td>
 <td align="left"><p>Reporting\ StartTime</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ReportingInterval</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the retry interval that the client will use to resend data to the reporting server.</p></td>
 <td align="left"><p>Integer</p></td>
 <td align="left"><p>Reporting\RetryInterval</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReportingRandomDelay</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and <strong>ReportingRandomDelay</strong> and will wait the specified duration before sending data. This can help to prevent collisions on the server.</p></td>
 <td align="left"><p>Integer [0 - ReportingRandomDelay]</p></td>
 <td align="left"><p>Reporting\RandomDelay</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>EnableDynamicVirtualization</p>
 <div class="alert">
 <strong>Important</strong>  
 <p>This setting is available only with App-V 5.0 SP2 or later.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.</p></td>
 <td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
 <td align="left"><p>HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>EnablePublishingRefreshUI</p>
 <div class="alert">
 <strong>Important</strong>  
 <p>This setting is available only with App-V 5.0 SP2.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client.</p></td>
 <td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
 <td align="left"><p>HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>HideUI</p>
 <div class="alert">
 <strong>Important</strong>  
 <p>This setting is available only with App-V 5.0 SP2.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Hides the publishing refresh progress bar.</p></td>
 <td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ProcessesUsingVirtualComponents</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Virtualization\ProcessesUsingVirtualComponents</p></td>
 <td align="left"><p>Empty string.</p></td>
 </tr>
 </tbody>
 </table>
 ## Got a suggestion for App-V?
--- a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
+++ b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
@ -11,9 +11,7 @@ author: jamiejdt
 After you have properly deployed the Microsoft Application Virtualization (App-V) 5.1 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
 **Note**  
-For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
 ## Sequencing an application
@ -28,9 +26,7 @@ You can use the App-V 5.1 Sequencer to perform the following tasks:
    **Note**  
    You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V 5.1 client.
-
+ 
 -   Convert existing virtual packages.
 The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing.
@ -48,18 +44,14 @@ When you use the sequencer to create a new virtual application, the following li
 -   User configuration file. The user configuration file determines how the virtual application will run on target computers.
 **Important**  
-You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process.
+You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process. 
 The **Options** dialog box in the sequencer console contains the following tabs:
 -   **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization.
    **Important**  
-    Package Accelerators created using App-V 4.6 are not supported by App-V 5.1.
+    Package Accelerators created using App-V 4.6 are not supported by App-V 5.1.     
 -   **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**.
@ -137,134 +129,25 @@ The following table lists the supported shell extensions:
 </tbody>
 </table>
 ## Copy on Write (CoW) file extension support
 Copy on write (CoW) file extensions allow App-V 5.1 to dynamically write to specific locations contained in the virtual package while it is being used.
 The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V 5.1 client. All other files and directories can be modified.
-.acm
+| File Type  	|             	|             	|            	|            	|            	|
 |------------	|-------------	|-------------	|------------	|------------	|------------	|
 | .acm       	| .asa        	| .asp        	| .aspx      	| .ax        	| .bat       	|
 | .cer       	| .chm        	| .clb        	| .cmd       	| .cnt       	| .cnv       	|
 | .com       	| .cpl        	| .cpx        	| .crt       	| .dll       	| .drv       	|
 | .esc       	| .exe        	| .fon        	| .grp       	| .hlp       	| .hta       	|
 | .ime       	| .inf        	| .ins        	| .isp       	| .its       	| .js        	|
 | .jse       	| .lnk        	| .msc        	| .msi       	| .msp       	| .mst       	|
 | .mui       	| .nls        	| .ocx        	| .pal       	| .pcd       	| .pif       	|
 | .reg       	| .scf        	| .scr        	| .sct       	| .shb       	| .shs       	|
 | .sys       	| .tlb        	| .tsp        	| .url       	| .vb        	| .vbe       	|
 | .vbs       	| .vsmacros   	| .ws         	| .wsf       	| .wsh       	|            	|
 .asa
 .asp
 .aspx
 .ax
 .bat
 .cer
 .chm
 .clb
 .cmd
 .cnt
 .cnv
 .com
 .cpl
 .cpx
 .crt
 .dll
 .drv
 .exe
 .fon
 .grp
 .hlp
 .hta
 .ime
 .inf
 .ins
 .isp
 .its
 .js
 .jse
 .lnk
 .msc
 .msi
 .msp
 .mst
 .mui
 .nls
 .ocx
 .pal
 .pcd
 .pif
 .reg
 .scf
 .scr
 .sct
 .shb
 .shs
 .sys
 .tlb
 .tsp
 .url
 .vb
 .vbe
 .vbs
 .vsmacros
 .ws
 .esc
 .wsf
 .wsh
 ## Modifying an existing virtual application package
@ -296,8 +179,6 @@ A template can specify and store multiple settings as follows:
 **Note**  
 Package accelerators created using a previous version of App-V must be recreated using App-V 5.1.
 You can use App-V 5.1 package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator.
 In some situations, to create the package accelerator, you might have to install the application locally on the computer that runs the sequencer. In such cases, you should first try to create the package accelerator with the installation media. If multiple missing files are required, you should install the application locally to the computer that runs the sequencer, and then create the package accelerator.
@ -315,21 +196,9 @@ The App-V 5.1 Sequencer can detect common sequencing issues during sequencing. T
 You can also find additional information about sequencing errors using the Windows Event Viewer.
 ## Got a suggestion for App-V?
 Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 ## <a href="" id="other-resources-for-the-app-v-5-1-sequencer-"></a>Other resources for the App-V 5.1 sequencer
 -   [Operations for App-V 5.1](operations-for-app-v-51.md)
--- a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
+++ b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
@ -27,8 +27,8 @@ In the following sections, complete the instructions that correspond to the vers
    // Microsoft BitLocker Administration and Monitoring 
    //===================================================
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
    [ SMS_Report (TRUE),
      SMS_Group_Name ("BitLocker Encryption Details"),
      SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
@ -66,8 +66,8 @@ In the following sections, complete the instructions that correspond to the vers
        String     EnforcePolicyDate;
    };
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    [ SMS_Report(TRUE),
      SMS_Group_Name("BitLocker Policy"),
      SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")]
@ -110,8 +110,8 @@ In the following sections, complete the instructions that correspond to the vers
    };
    //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    [ SMS_Report     (TRUE),
      SMS_Group_Name ("Operating System Ex"),
      SMS_Class_ID   ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
@ -124,8 +124,8 @@ In the following sections, complete the instructions that correspond to the vers
    };
    //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    [ SMS_Report     (TRUE),
      SMS_Group_Name ("Computer System Ex"),
      SMS_Class_ID   ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]
@ -193,8 +193,8 @@ In the following sections, complete the instructions that correspond to the vers
    // Microsoft BitLocker Administration and Monitoring 
    //===================================================
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
    [ SMS_Report (TRUE),
      SMS_Group_Name ("BitLocker Encryption Details"),
      SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
@ -232,8 +232,8 @@ In the following sections, complete the instructions that correspond to the vers
        String     EnforcePolicyDate;
    };
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    [ SMS_Report(TRUE),
      SMS_Group_Name("BitLocker Policy"),
      SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
@ -278,8 +278,8 @@ In the following sections, complete the instructions that correspond to the vers
        string    EncodedComputerName;
    };
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
    [ SMS_Report(TRUE),
      SMS_Group_Name("BitLocker Policy"),
      SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
@ -325,8 +325,8 @@ In the following sections, complete the instructions that correspond to the vers
    };
    //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    [ SMS_Report     (TRUE),
      SMS_Group_Name ("Operating System Ex"),
      SMS_Class_ID   ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
@ -339,8 +339,8 @@ In the following sections, complete the instructions that correspond to the vers
    };
    //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    [ SMS_Report     (TRUE),
      SMS_Group_Name ("Computer System Ex"),
      SMS_Class_ID   ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]
--- a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
+++ b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
@ -25,8 +25,8 @@ To enable the client computers to report BitLocker compliance details through th
    // Microsoft BitLocker Administration and Monitoring 
    //===================================================
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
    [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class Win32_BitLockerEncryptionDetails
    {
@ -62,8 +62,8 @@ To enable the client computers to report BitLocker compliance details through th
        String     EnforcePolicyDate;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    [DYNPROPS]
    Class Win32Reg_MBAMPolicy
    {
@ -124,8 +124,8 @@ To enable the client computers to report BitLocker compliance details through th
        EncodedComputerName;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class CCM_OperatingSystemExtended
@ -136,8 +136,8 @@ To enable the client computers to report BitLocker compliance details through th
        uint32     SKU;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class CCM_ComputerSystemExtended
@ -168,8 +168,8 @@ To enable the client computers to report BitLocker compliance details through th
    // Microsoft BitLocker Administration and Monitoring 
    //===================================================
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
    [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class Win32_BitLockerEncryptionDetails
    {
@ -205,8 +205,8 @@ To enable the client computers to report BitLocker compliance details through th
        String     EnforcePolicyDate;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    [DYNPROPS]
    Class Win32Reg_MBAMPolicy
    {
@ -267,8 +267,8 @@ To enable the client computers to report BitLocker compliance details through th
        EncodedComputerName;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
    [DYNPROPS]
    Class Win32Reg_MBAMPolicy_64
    {
@ -329,8 +329,8 @@ To enable the client computers to report BitLocker compliance details through th
        EncodedComputerName;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class CCM_OperatingSystemExtended
@ -341,8 +341,8 @@ To enable the client computers to report BitLocker compliance details through th
        uint32     SKU;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class CCM_ComputerSystemExtended
--- a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
+++ b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
@ -50,275 +50,73 @@ This topic explains how to enable BitLocker on an end user's computer by using M
    -   Robust error handling
-    You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=48698). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server.
+   You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=48698). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server.
-    **WMI deployment methods for MBAM:** The following WMI methods have been added in MBAM 2.5 SP1 to support enabling BitLocker by using the `Invoke-MbamClientDeployment.ps1` PowerShell script.
+   **WMI deployment methods for MBAM:** The following WMI methods have been added in MBAM 2.5 SP1 to support enabling BitLocker by using the `Invoke-MbamClientDeployment.ps1` PowerShell script.
-    <a href="" id="mbam-machine-wmi-class"></a>**MBAM\_Machine WMI Class**  
+   <a href="" id="mbam-machine-wmi-class"></a>**MBAM\_Machine WMI Class**  
-    **PrepareTpmAndEscrowOwnerAuth:** Reads the TPM OwnerAuth and sends it to the MBAM recovery database by using the MBAM recovery service. If the TPM is not owned and auto-provisioning is not on, it generates a TPM OwnerAuth and takes ownership. If it fails, an error code is returned for troubleshooting.
+   **PrepareTpmAndEscrowOwnerAuth:** Reads the TPM OwnerAuth and sends it to the MBAM recovery database by using the MBAM recovery service. If the TPM is not owned and auto-provisioning is not on, it generates a TPM OwnerAuth and takes ownership. If it fails, an error code is returned for troubleshooting.
-    <table>
+| Parameter | Description |
-    <colgroup>
+| -------- | ----------- |
-    <col width="50%" />
+| RecoveryServiceEndPoint | A string specifying the MBAM recovery service endpoint. |
    <col width="50%" />
    </colgroup>
    <thead>
    <tr class="header">
    <th align="left">Parameter</th>
    <th align="left">Description</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p>RecoveryServiceEndPoint</p></td>
    <td align="left"><p>A string specifying the MBAM recovery service endpoint.</p></td>
    </tr>
    </tbody>
    </table>
-     
+Here are a list of common error messages:
-    <table>
+| Common return values | Error message |
-    <colgroup>
+| -------------------- | ------------- |
-    <col width="50%" />
+|  **S_OK**<br />0 (0x0) | The method was successful. |
-    <col width="50%" />
+| **MBAM_E_TPM_NOT_PRESENT**<br />2147746304 (0x80040200) | TPM is not present in the computer or is disabled in the BIOS configuration. |
-    </colgroup>
+| **MBAM_E_TPM_INCORRECT_STATE**<br />2147746305 (0x80040201) | TPM is not in the correct state (enabled, activated and owner installation allowed). |
-    <thead>
+| **MBAM_E_TPM_AUTO_PROVISIONING_PENDING**<br />2147746306 (0x80040202) | MBAM cannot take ownership of TPM because auto-provisioning is pending. Try again after auto-provisioning is completed. |
-    <tr class="header">
+| **MBAM_E_TPM_OWNERAUTH_READFAIL**<br />2147746307 (0x80040203) | MBAM cannot read the TPM owner authorization value. The value might have been removed after a successful escrow. On Windows 7, MBAM cannot read the value if the TPM is owned by others. |
-    <th align="left">Common return values</th>
+| **MBAM_E_REBOOT_REQUIRED**<br />2147746308 (0x80040204) | The computer must be restarted to set TPM to the correct state. You might need to manually reboot the computer. |
-    <th align="left">Error message</th>
+| **MBAM_E_SHUTDOWN_REQUIRED**<br />2147746309 (0x80040205) | The computer must be shut down and turned back on to set TPM to the correct state. You might need to manually reboot the computer. |
-    </tr>
+| **WS_E_ENDPOINT_ACCESS_DENIED**<br />2151481349 (0x803D0005) | Access was denied by the remote endpoint. |
-    </thead>
+| **WS_E_ENDPOINT_NOT_FOUND**<br />2151481357 (0x803D000D) | The remote endpoint does not exist or could not be located. |
-    <tbody>
+| **WS_E_ENDPOINT_FAILURE<br />2151481357 (0x803D000F) | The remote endpoint could not process the request. |
-    <tr class="odd">
+| **WS_E_ENDPOINT_UNREACHABLE**<br />2151481360 (0x803D0010) | The remote endpoint was not reachable. |
-    <td align="left"><p><strong>S_OK</strong></p>
+| **WS_E_ENDPOINT_FAULT_RECEIVED**<br />2151481363 (0x803D0013) | A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. |
-    <p>0 (0x0)</p></td>
+| **WS_E_INVALID_ENDPOINT_URL** 2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. |
    <td align="left"><p>The method was successful</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>MBAM_E_TPM_NOT_PRESENT</strong></p>
    <p>2147746304 (0x80040200)</p></td>
    <td align="left"><p>TPM is not present in the computer or is disabled in the BIOS configuration.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>MBAM_E_TPM_INCORRECT_STATE</strong></p>
    <p>2147746305 (0x80040201)</p></td>
    <td align="left"><p>TPM is not in the correct state (enabled, activated and owner installation allowed).</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>MBAM_E_TPM_AUTO_PROVISIONING_PENDING</strong></p>
    <p>2147746306 (0x80040202)</p></td>
    <td align="left"><p>MBAM cannot take ownership of TPM because auto-provisioning is pending. Try again after auto-provisioning is completed.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>MBAM_E_TPM_OWNERAUTH_READFAIL</strong></p>
    <p>2147746307 (0x80040203)</p></td>
    <td align="left"><p>MBAM cannot read the TPM owner authorization value. The value might have been removed after a successful escrow. On Windows 7, MBAM cannot read the value if the TPM is owned by others.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>MBAM_E_REBOOT_REQUIRED</strong></p>
    <p>2147746308 (0x80040204)</p></td>
    <td align="left"><p>The computer must be restarted to set TPM to the correct state. You might need to manually reboot the computer.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>MBAM_E_SHUTDOWN_REQUIRED</strong></p>
    <p>2147746309 (0x80040205)</p></td>
    <td align="left"><p>The computer must be shut down and turned back on to set TPM to the correct state. You might need to manually reboot the computer.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_ACCESS_DENIED</strong></p>
    <p>2151481349 (0x803D0005)</p></td>
    <td align="left"><p>Access was denied by the remote endpoint.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_ENDPOINT_NOT_FOUND</strong></p>
    <p>2151481357 (0x803D000D)</p></td>
    <td align="left"><p>The remote endpoint does not exist or could not be located.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_FAILURE</strong></p>
    <p>2151481357 (0x803D000F)</p></td>
    <td align="left"><p>The remote endpoint could not process the request.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_ENDPOINT_UNREACHABLE</strong></p>
    <p>2151481360 (0x803D0010)</p></td>
    <td align="left"><p>The remote endpoint was not reachable.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_FAULT_RECEIVED</strong></p>
    <p>2151481363 (0x803D0013)</p></td>
    <td align="left"><p>A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_INVALID_ENDPOINT_URL</strong></p>
    <p>2151481376 (0x803D0020)</p></td>
    <td align="left"><p>The endpoint address URL is not valid. The URL must start with “http” or “https”.</p></td>
    </tr>
    </tbody>
    </table>
-     
+   **ReportStatus:** Reads the compliance status of the volume and sends it to the MBAM compliance status database by using the MBAM status reporting service. The status includes cipher strength, protector type, protector state and encryption state. If it fails, an error code is returned for troubleshooting.
-
+   
-    **ReportStatus:** Reads the compliance status of the volume and sends it to the MBAM compliance status database by using the MBAM status reporting service. The status includes cipher strength, protector type, protector state and encryption state. If it fails, an error code is returned for troubleshooting.
+   | Parameter | Description |
-
+   | --------- | ----------- |
-    <table>
+   | ReportingServiceEndPoint | A string specifying the MBAM status reporting service endpoint. |
-    <colgroup>
+   
-    <col width="50%" />
+   Here are a list of common error messages:
-    <col width="50%" />
+   
-    </colgroup>
+   | Common return values | Error message |
-    <thead>
+   | -------------------- | ------------- |
-    <tr class="header">
+   | **S_OK**<br /> 0 (0x0) | The method was successful |
-    <th align="left">Parameter</th>
+   | **WS_E_ENDPOINT_ACCESS_DENIED**<br />2151481349 (0x803D0005) | Access was denied by the remote endpoint.|
-    <th align="left">Description</th>
+   | **WS_E_ENDPOINT_NOT_FOUND**<br />2151481357 (0x803D000D) | The remote endpoint does not exist or could not be located. |
-    </tr>
+   | **WS_E_ENDPOINT_FAILURE**<br /> 2151481357 (0x803D000F) | The remote endpoint could not process the request. |
-    </thead>
+   | **WS_E_ENDPOINT_UNREACHABLE**<br />2151481360 (0x803D0010) | The remote endpoint was not reachable. |
-    <tbody>
+   | **WS_E_ENDPOINT_FAULT_RECEIVED**<br />2151481363 (0x803D0013) | A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. |
-    <tr class="odd">
+   | **WS_E_INVALID_ENDPOINT_URL**<br />2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. |
    <td align="left"><p>ReportingServiceEndPoint</p></td>
    <td align="left"><p>A string specifying the MBAM status reporting service endpoint.</p></td>
    </tr>
    </tbody>
    </table>
    <table>
    <colgroup>
    <col width="50%" />
    <col width="50%" />
    </colgroup>
    <thead>
    <tr class="header">
    <th align="left">Common return values</th>
    <th align="left">Error message</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p><strong>S_OK</strong></p>
    <p>0 (0x0)</p></td>
    <td align="left"><p>The method was successful</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_ACCESS_DENIED</strong></p>
    <p>2151481349 (0x803D0005)</p></td>
    <td align="left"><p>Access was denied by the remote endpoint.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_ENDPOINT_NOT_FOUND</strong></p>
    <p>2151481357 (0x803D000D)</p></td>
    <td align="left"><p>The remote endpoint does not exist or could not be located.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_FAILURE</strong></p>
    <p>2151481357 (0x803D000F)</p></td>
    <td align="left"><p>The remote endpoint could not process the request.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_ENDPOINT_UNREACHABLE</strong></p>
    <p>2151481360 (0x803D0010)</p></td>
    <td align="left"><p>The remote endpoint was not reachable.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_FAULT_RECEIVED</strong></p>
    <p>2151481363 (0x803D0013)</p></td>
    <td align="left"><p>A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_INVALID_ENDPOINT_URL</strong></p>
    <p>2151481376 (0x803D0020)</p></td>
    <td align="left"><p>The endpoint address URL is not valid. The URL must start with “http” or “https”.</p></td>
    </tr>
    </tbody>
    </table>
    <a href="" id="mbam-volume-wmi-class"></a>**MBAM\_Volume WMI Class**  
    **EscrowRecoveryKey:** Reads the recovery numerical password and key package of the volume and sends them to the MBAM recovery database by using the MBAM recovery service. If it fails, an error code is returned for troubleshooting.
    <table>
    <colgroup>
    <col width="50%" />
    <col width="50%" />
    </colgroup>
    <thead>
    <tr class="header">
    <th align="left">Parameter</th>
    <th align="left">Description</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p>RecoveryServiceEndPoint</p></td>
    <td align="left"><p>A string specifying the MBAM recovery service endpoint.</p></td>
    </tr>
    </tbody>
    </table>
    <table>
    <colgroup>
    <col width="50%" />
    <col width="50%" />
    </colgroup>
    <thead>
    <tr class="header">
    <th align="left">Common return values</th>
    <th align="left">Error message</th>
    </tr>
    </thead>
    <tbody>
    <tr class="odd">
    <td align="left"><p><strong>S_OK</strong></p>
    <p>0 (0x0)</p></td>
    <td align="left"><p>The method was successful</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>FVE_E_LOCKED_VOLUME</strong></p>
    <p>2150694912 (0x80310000)</p></td>
    <td align="left"><p>The volume is locked.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>FVE_E_PROTECTOR_NOT_FOUND</strong></p>
    <p>2150694963 (0x80310033)</p></td>
    <td align="left"><p>A Numerical Password protector was not found for the volume.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_ACCESS_DENIED</strong></p>
    <p>2151481349 (0x803D0005)</p></td>
    <td align="left"><p>Access was denied by the remote endpoint.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_ENDPOINT_NOT_FOUND</strong></p>
    <p>2151481357 (0x803D000D)</p></td>
    <td align="left"><p>The remote endpoint does not exist or could not be located.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_FAILURE</strong></p>
    <p>2151481357 (0x803D000F)</p></td>
    <td align="left"><p>The remote endpoint could not process the request.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_ENDPOINT_UNREACHABLE</strong></p>
    <p>2151481360 (0x803D0010)</p></td>
    <td align="left"><p>The remote endpoint was not reachable.</p></td>
    </tr>
    <tr class="even">
    <td align="left"><p><strong>WS_E_ENDPOINT_FAULT_RECEIVED</strong></p>
    <p>2151481363 (0x803D0013)</p></td>
    <td align="left"><p>A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint.</p></td>
    </tr>
    <tr class="odd">
    <td align="left"><p><strong>WS_E_INVALID_ENDPOINT_URL</strong></p>
    <p>2151481376 (0x803D0020)</p></td>
    <td align="left"><p>The endpoint address URL is not valid. The URL must start with “http” or “https”.</p></td>
    </tr>
    </tbody>
    </table>
   <a href="" id="mbam-volume-wmi-class"></a>**MBAM\_Volume WMI Class**  
   **EscrowRecoveryKey:** Reads the recovery numerical password and key package of the volume and sends them to the MBAM recovery database by using the MBAM recovery service. If it fails, an error code is returned for troubleshooting.
   | Parameter | Description |
   | --------- | ----------- |
   | RecoveryServiceEndPoint | A string specifying the MBAM recovery service endpoint. |
   Here are a list of common error messages:
   | Common return values | Error message |
   | -------------------- | ------------- |
   | **S_OK**<br />0 (0x0) | The method was successful |
   | **FVE_E_LOCKED_VOLUME**<br />2150694912 (0x80310000) | The volume is locked. |
   | **FVE_E_PROTECTOR_NOT_FOUND**<br />2150694963 (0x80310033) | A Numerical Password protector was not found for the volume. | 
   | **WS_E_ENDPOINT_ACCESS_DENIED**<br />2151481349 (0x803D0005) | Access was denied by the remote endpoint. |
   | **WS_E_ENDPOINT_NOT_FOUND**<br />2151481357 (0x803D000D) | The remote endpoint does not exist or could not be located. |
   | **WS_E_ENDPOINT_FAILURE**<br />2151481357 (0x803D000F) | The remote endpoint could not process the request. |
   | **WS_E_ENDPOINT_UNREACHABLE**<br />2151481360 (0x803D0010) | The remote endpoint was not reachable. |
   | **WS_E_ENDPOINT_FAULT_RECEIVED**<br />2151481363 (0x803D0013) | A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. |
   | **WS_E_INVALID_ENDPOINT_URL**<br />2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. |
 2.  **Deploy MBAM by using Microsoft Deployment Toolkit (MDT) and PowerShell**
@ -328,13 +126,9 @@ This topic explains how to enable BitLocker on an end user's computer by using M
        **Note**  
        The `Invoke-MbamClientDeployment.ps1` PowerShell script can be used with any imaging process or tool. This section shows how to integrate it by using MDT, but the steps are similar to integrating it with any other process or tool.
        **Caution**  
        If you are using BitLocker pre-provisioning (WinPE) and want to maintain the TPM owner authorization value, you must add the `SaveWinPETpmOwnerAuth.wsf` script in WinPE immediately before the installation reboots into the full operating system. **If you do not use this script, you will lose the TPM owner authorization value on reboot.**
-
+        
    2.  Copy `Invoke-MbamClientDeployment.ps1` to **&lt;DeploymentShare&gt;\\Scripts**. If you are using pre-provisioning, copy the `SaveWinPETpmOwnerAuth.wsf` file into **&lt;DeploymentShare&gt;\\Scripts**.
    3.  Add the MBAM 2.5 SP1 client application to the Applications node in the deployment share.
@ -467,46 +261,40 @@ This topic explains how to enable BitLocker on an end user's computer by using M
    **Caution**  
    This step describes how to modify the Windows registry. Using Registry Editor incorrectly can cause serious issues that can require you to reinstall Windows. We cannot guarantee that issues resulting from the incorrect use of Registry Editor can be resolved. Use Registry Editor at your own risk.
    1.  Set the TPM for **Operating system only encryption**, run Regedit.exe, and then import the registry key template from C:\\Program Files\\Microsoft\\MDOP MBAM\\MBAMDeploymentKeyTemplate.reg.
    2.  In Regedit.exe, go to HKLM\\SOFTWARE\\Microsoft\\MBAM, and configure the settings that are listed in the following table.
        **Note**  
        You can set Group Policy settings or registry values related to MBAM here. These settings will override previously set values.
        Registry entry
        Configuration settings
-         
+        DeploymentTime
-    Registry entry
+        0 = Off
-    Configuration settings
+        1 = Use deployment time policy settings (default) – use this setting to enable encryption at the time Windows is deployed to the client computer.
-    DeploymentTime
+        UseKeyRecoveryService
-    0 = Off
+        0 = Do not use key escrow (the next two registry entries are not required in this case)
-    1 = Use deployment time policy settings (default) – use this setting to enable encryption at the time Windows is deployed to the client computer.
+        1 = Use key escrow in Key Recovery system (default)
-    UseKeyRecoveryService
+        This is the recommended setting, which enables MBAM to store the recovery keys. The computer must be able to communicate with the MBAM Key Recovery service. Verify that the computer can communicate with the service before you proceed.
-    0 = Do not use key escrow (the next two registry entries are not required in this case)
+        KeyRecoveryOptions
-    1 = Use key escrow in Key Recovery system (default)
+        0 = Uploads Recovery Key only
-    This is the recommended setting, which enables MBAM to store the recovery keys. The computer must be able to communicate with the MBAM Key Recovery service. Verify that the computer can communicate with the service before you proceed.
+        1 = Uploads Recovery Key and Key Recovery Package (default)
-    KeyRecoveryOptions
+        KeyRecoveryServiceEndPoint
-    0 = Uploads Recovery Key only
+        Set this value to the URL for the server running the Key Recovery service, for example, http://&lt;computer name&gt;/MBAMRecoveryAndHardwareService/CoreService.svc.
    1 = Uploads Recovery Key and Key Recovery Package (default)
    KeyRecoveryServiceEndPoint
    Set this value to the URL for the server running the Key Recovery service, for example, http://&lt;computer name&gt;/MBAMRecoveryAndHardwareService/CoreService.svc.
 6.  The MBAM Client will restart the system during the MBAM Client deployment. When you are ready for this restart, run the following command at a command prompt as an administrator:
@ -522,20 +310,8 @@ This topic explains how to enable BitLocker on an end user's computer by using M
 9.  To delete the bypass registry values, run Regedit.exe, and go to the HKLM\\SOFTWARE\\Microsoft registry entry. Right-click the **MBAM** node, and then click **Delete**.
    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopmbam).
 ## Related topics
 [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)
 [Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md)
--- a/windows/keep-secure/audit-removable-storage.md
+++ b/windows/keep-secure/audit-removable-storage.md
@ -1,6 +1,6 @@
 ---
 title: Audit Removable Storage (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines .
+description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive.
 ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26
 ms.prod: W10
 ms.mktglfcycl: deploy
@ -15,9 +15,9 @@ author: brianlic-msft
 -   Windows 10
-This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Removable Storage**, which determines .
+This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Removable Storage**, which determines when there is a read or a write to a removable drive.
-Event volume:
+Event volume: Low
 Default: Not configured
--- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
@ -196,7 +196,11 @@ To create a self-signed certificate, do the following:
    Exportable=true
    RequestType=Cert
    KeyUsage="CERT_KEY_ENCIPHERMENT_KEY_USAGE"
    KeyUsageProperty="NCRYPT_ALLOW_DECRYPT_FLAG"
    KeyLength=2048
    Keyspec="AT_KEYEXCHANGE"
    SMIME=FALSE
    HashAlgorithm=sha512
    [Extensions]
    1.3.6.1.4.1.311.21.10 = "{text}"
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |New or changed topic | Description |
 |----------------------|-------------|
 |[Protect derived domain credentials with Credential Guard](credential-guard.md) |Clarified Credential Guard protections |
 |[Windows 10 security overview](windows-10-security-guide.md) |Added SMB hardening improvements for SYSVOL and NETLOGON connections |
 ## March 2016
--- a/windows/keep-secure/index.md
+++ b/windows/keep-secure/index.md
@ -62,7 +62,7 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.
 </tr>
 <tr class="odd">
 <td align="left"><p>[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md)</p></td>
-<td align="left"><p>With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.</p></td>
+<td align="left"><p>With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)</p></td>
--- a/windows/keep-secure/protect-enterprise-data-using-edp.md
+++ b/windows/keep-secure/protect-enterprise-data-using-edp.md
@ -17,7 +17,7 @@ author: eross-msft
 <span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.
+With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
 Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside EDP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
--- a/windows/keep-secure/tpm-recommendations.md
+++ b/windows/keep-secure/tpm-recommendations.md
@ -31,7 +31,15 @@ Trusted Platform Module (TPM) technology is designed to provide hardware-based,
 The most common TPM functions are used for system integrity measurements and for key creation and use. During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM. The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system.
-Different versions of the TPM are defined in specifications by the Trusted Computing Group (TCG).
+Traditionally, TPMs have been discrete chips soldered to a computer’s motherboard. Such implementations allow the computer’s original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Although discrete TPM implementations are still common, they can be problematic for integrated devices that are small or have low power consumption. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips.
 TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, however, a TPM must be provisioned. Windows 10 automatically provisions a TPM, but if the user reinstalls the operating system, he or she may need to tell the operating system to explicitly provision the TPM again before it can use all the TPM’s features.
 The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards that support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone cannot achieve. For example, software alone cannot reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust—that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key truly cannot leave the TPM.
 The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments have clearly defined security requirements for TPMs whereas others do not.
 **Note**  
 Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@ -41,11 +49,10 @@ Some information relates to pre-released product which may be substantially modi
 ## TPM 1.2 vs. 2.0 comparison
-From an industry standard, Microsoft has been an industry leader in moving and standardizing on TPM 2.0. As indicated in the table below, TPM 2.0 has many key realized benefits across algorithms, crypto, hierarchy, root keys, authorization and NV RAM.
+From an industry standard, Microsoft has been an industry leader in moving and standardizing on TPM 2.0, which has many key realized benefits across algorithms, crypto, hierarchy, root keys, authorization and NV RAM.
 ## Why TPM 2.0?
 TPM 2.0 products and systems have important security advantages over TPM 1.2, including:
 -   The TPM 1.2 spec only allows for the use of RSA and the SHA-1 hashing algorithm.
@ -65,7 +72,6 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in
 ## Discrete or firmware TPM?
 Windows uses discrete and firmware TPM in the same way. Windows gains no functional advantage or disadvantage from either option.
 From a security standpoint, discrete and firmware share the same characteristics;
@ -77,20 +83,22 @@ From a security standpoint, discrete and firmware share the same characteristics
 For more info, see [fTPM: A Firmware-based TPM 2.0 Implementation](http://research.microsoft.com/apps/pubs/?id=258236).
-## TPM 2.0 Compliance for Windows 10 in the future
+## Is there any importance for TPM for consumer?
 For end consumers, TPM is behind the scenes but still very relevant for Hello, Passport and in the future, many other key features in Windows 10. It offers the best Passport experience, helps encrypt passwords, secures streaming high quality 4K content and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
-
+## TPM 2.0 Compliance for Windows 10
 All shipping devices for Windows 10 across all SKU types must be using TPM 2.0 discrete or firmware from **July 28, 2016**. This requirement will be enforced through our Windows Hardware Certification program.
 ### Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)
-   With Windows 10 as with Windows 8, all connected standby systems are required to include TPM 2.0 support.
+- As of July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx)
-   For Windows 10 and later, if a SoC is chosen that includes an integrated fTPM2.0, the device must ship with the fTPM FW support or a discrete TPM 1.2 or 2.0.
+ 
-   Starting **July 28th, 2016** all devices shipping with Windows 10 desktop must implement TPM 2.0 and ship with the TPM enabled.
+## Two implementation options: 
 •	Discrete TPM chip as a separate discrete component 
 •	Firmware TPM solution using Intel PTT (platform trust technology) or AMD 
 ### Windows 10 Mobile
-   All devices shipping with Windows 10 Mobile must implement TPM 2.0 and ship with the TPM enabled.
+-   All devices shipping with Windows 10 Mobile must implement TPM 2.0 and ship with the TPM 2.0 enabled.
 ### IoT Core
@ -102,7 +110,6 @@ All shipping devices for Windows 10 across all SKU types must be using TPM 2.0 d
 ## TPM and Windows Features
 The following table defines which Windows features require TPM support. Some features are not applicable to Windows 7/8/8.1 and are noted accordingly.
 <table>
@ -124,7 +131,7 @@ The following table defines which Windows features require TPM support. Some fea
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left">Measure Boot</td>
+<td align="left">Measured Boot</td>
 <td align="left">Required</td>
 <td align="left">Required</td>
 <td align="left">Required</td>
@ -147,7 +154,7 @@ The following table defines which Windows features require TPM support. Some fea
 <tr class="even">
 <td align="left">Passport: MSA or Local Account</td>
 <td align="left">n/a</td>
-<td align="left">Not Required</td>
+<td align="left">Required</td>
 <td align="left">Required</td>
 <td align="left">TPM 2.0 is required with HMAC and EK certificate for key attestation support.</td>
 </tr>
@ -175,7 +182,7 @@ The following table defines which Windows features require TPM support. Some fea
 <tr class="even">
 <td align="left">Device Health Attestation</td>
 <td align="left">n/a</td>
-<td align="left">Not Required</td>
+<td align="left">Required</td>
 <td align="left">Required</td>
 <td align="left"></td>
 </tr>
@ -240,6 +247,7 @@ There are a variety of TPM manufacturers for both discrete and firmware.
 <td align="left"><ul>
 <li>Infineon</li>
 <li>Nuvoton</li>
 <li>Atmel</li>
 <li>NationZ</li>
 <li>ST Micro</li>
 </ul></td>
@ -274,11 +282,12 @@ There are a variety of TPM manufacturers for both discrete and firmware.
 <tr class="even">
 <td align="left">Intel</td>
 <td align="left"><ul>
-<li>Clovertrail</li>
+<li>Atom (CloverTrail)
 <li>Haswell</li>
 <li>Broadwell</li>
 <li>Skylake</li>
 <li>Baytrail</li>
 <li>4th generation(Haswell)</li>
 <li>5th generation(Broadwell)</li>
 <li>Braswell</li>
 <li>Skylake</li>
 </ul></td>
 </tr>
 <tr class="odd">
@ -301,7 +310,7 @@ There are a variety of TPM manufacturers for both discrete and firmware.
 ### Certified TPM parts
-Government customers and enterprise customers in regulated industries may have acquisition standards that require use of common certified TPM parts. As a result, OEMs, who provide the devices, may be required to use only certified TPM components on their commercial class systems. Discrete TPM 2.0 vendors have targeted completion of certification by the end of 2015.
+Government customers and enterprise customers in regulated industries may have acquisition standards that require use of common certified TPM parts. As a result, OEMs, who provide the devices, may be required to use only certified TPM components on their commercial class systems. Discrete TPM 2.0 vendors have completion certification.
 ### Windows 7 32-bit support
--- a/windows/keep-secure/windows-10-security-guide.md
+++ b/windows/keep-secure/windows-10-security-guide.md
@ -345,17 +345,16 @@ Table 3 lists specific malware threats and the mitigation that Windows 10 provi
 Table 3. Threats and Windows 10 mitigations
 <table>
 <colgroup>
 <col width="50%" />
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Threat</th>
 <th align="left">Windows 10 mitigation</th>
 </tr>
 </thead>
-<tbody>
+<tbody><tr class="odd">
 <td align="left"><p>"Man in the middle" attacks, when an attacker reroutes communications between two users through the attacker's computer without the knowledge of the two communicating users</p></td>
 <td align="left"><p>Client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require SMB signing and mutual authentication (such as Kerberos).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Firmware bootkits replace the firmware with malware.</p></td>
 <td align="left"><p>All certified PCs include a UEFI with Secure Boot, which requires signed firmware for updates to UEFI and Option ROMs.</p></td>
@ -395,6 +394,22 @@ Table 3. Threats and Windows 10 mitigations
 The sections that follow describe these improvements in more detail.
 **SMB hardening improvements for SYSVOL and NETLOGON connections**
 In Windows 10 and Windows Server 2016 Technical Preview, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require Server Message Block (SMB) signing and mutual authentication (such as Kerberos).
 - **What value does this change add?**
 This change reduces the likelihood of man-in-the-middle attacks.
 - **What works differently?**
 If SMB signing and mutual authentication are unavailable, a Windows 10 or Windows Server 2016 computer won’t process domain-based Group Policy and scripts.
 > **Note:** The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values.
 For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](http://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=789215).
 **Secure hardware**
 Although Windows 10 is designed to run on almost any hardware capable of running Windows 8, Windows 7, or Windows Vista, taking full advantage of Windows 10 security requires advancements in hardware-based security, including UEFI with Secure Boot, CPU virtualization features (for example, Intel VT-x), CPU memory-protection features (for example, Intel VT-d), TPM, and biometric sensors.
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@ -37,6 +37,7 @@
 #### [Settings reference: Windows Store for Business](settings-reference-windows-store-for-business.md)
 ### [Find and acquire apps](find-and-acquire-apps-overview.md)
 #### [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md)
 #### [Acquire apps in the Windows Store for Business](acquire-apps-windows-store-for-business.md)
 #### [Working with line-of-business apps](working-with-line-of-business-apps.md)
 ### [Distribute apps to your employees from the Windows Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md)
 #### [Distribute apps using your private store](distribute-apps-from-your-private-store.md)
@ -44,8 +45,9 @@
 #### [Distribute apps with a management tool](distribute-apps-with-management-tool.md)
 #### [Distribute offline apps](distribute-offline-apps.md)
 ### [Manage apps](manage-apps-windows-store-for-business-overview.md)
 #### [Manage access to private store](manage-access-to-private-store.md)
 #### [App inventory managemement for Windows Store for Business](app-inventory-managemement-windows-store-for-business.md)
 #### [Manage app orders in Windows Store for Business](manage-orders-windows-store-for-business.md)
 #### [Manage access to private store](manage-access-to-private-store.md)
 #### [Manage private store settings](manage-private-store-settings.md)
 #### [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md)
 ### [Device Guard signing portal](device-guard-signing-portal.md)
--- a/windows/manage/app-inventory-managemement-windows-store-for-business.md
+++ b/windows/manage/app-inventory-managemement-windows-store-for-business.md
@ -105,11 +105,6 @@ Each app in the Store for Business has an online, or an offline license. For mor
 **Note**  
 Removing apps from inventory is not currently supported.
 The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
 ### Distribute apps
@ -122,15 +117,45 @@ For online-licensed apps, there are a couple of ways to distribute apps from you
 If you use a management tool that supports Store for Business, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your managment tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md).
-### Assign apps
+Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
-You can assign apps directly to people in your organization. You can assign apps to individuals, a few people, or to a group. For more information, see [Assign apps to employees](assign-apps-to-employees.md).
+**To make an app in inventory available in your private store**
-### Private store
+1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
 4.	From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
-The private store is a feature in the Store for Business. Once an online-licensed app is in your inventory, you can make it available in your private store. When you add apps to the private store, all employees in your organization can view and download the app. Employees access the private store as a page in Windows Store app.
+The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store. 
-For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
+Employees can claim apps that admins added to the private store by doing the following.
 **To claim an app from the private store**
 1.	Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
 2.	Click the private store tab.
 3.	Click the app you want to install, and then click **Install**.
 Another way to distribute apps is by assigning them to people in your organization.
 If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store.
 **To remove an app from the private store**
 1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
 The app will still be in your inventory, but your employees will not have access to the app from your private store. 
 **To assign an app to an employee**
 1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
 4.	Type the email address for the employee that you're assigning the app to, and click **Confirm**.
 Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
 ### Manage app licenses
--- a/windows/manage/apps-in-windows-store-for-business.md
+++ b/windows/manage/apps-in-windows-store-for-business.md
@ -47,6 +47,13 @@ Apps in your inventory will have at least one of these supported platforms liste
 Apps that you acquire from the Store for Business only work on Windows 10-based devices. Even though an app might list Windows 8 as its supported platform, that tells you what platform the app was originally written for. Apps developed for Windows 8, or Windows phone 8 will work on Windows 10.
 Some apps are free, and some apps charge a price. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time.
 Some apps which are available to consumers in the Windows Store might not be available to organizations in the Windows Store for Business. App developers can opt-out their apps, and they also need to meet eligibility requirements for Windows Store for Business. For more information, read this info on [Organizational licensing options](https://msdn.microsoft.com/en-us/windows/uwp/publish/organizational-licensing). 
 **Note**<br>
 We are still setting up the catalog of apps for Windows Store for Business. If you are searching for an app and it isn’t available, please check again in a couple of days.
 Line-of-business (LOB) apps are also supported using the Store for Business. Admins can invite IT devs and ISVs to be LOB publishers. Apps developed by your LOB publishers that are submitted to the Store are only available to your organization. Once an administrator accepts an app submitted by one of their LOB publishers, the app can be distributed just like any other app from Store for Business. For more information, see Working with Line-of-Business apps.
 ## <a href="" id="iap"></a>In-app purchases
--- a/windows/manage/assign-apps-to-employees.md
+++ b/windows/manage/assign-apps-to-employees.md
@ -28,7 +28,7 @@ Administrators can assign online-licensed apps to employees in their organizatio
 4.  Type the email address for the employee that you're assigning the app to, and click **Confirm**.
-Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**.
+Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@ -13,6 +13,11 @@ author: jdeckerMS
 This topic lists new and updated topics in the [Manage and update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 ## May 2016
 New or changed topic | Description |
 ---|---|
 [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Corrected script for setting a custom shell using Shell Launcher | 
 ## April 2016
--- a/windows/manage/distribute-offline-apps.md
+++ b/windows/manage/distribute-offline-apps.md
@ -34,7 +34,7 @@ Offline-licensed apps offer an alternative to online apps, and provide additiona
 You can't distribute offline-licensed apps directly from the Store for Business. Once you download the items for the offline-licensed app, you have three options for distributing the apps:
-   **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft WindowsWindows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/library/windows/hardware/dn898558.aspx).
+-   **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft WindowsWindows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
 -   **Windows ICD**. ICD is GUI tool that you can use to create Windows provisioning answer files, and add third-party drivers, apps, or other assets to an answer file. For more information, see [Windows Imaging and Configuration Designer](https://msdn.microsoft.com/library/windows/hardware/dn916113.aspx).
--- a/windows/manage/manage-inventory-windows-store-for-business.md
+++ b/windows/manage/manage-inventory-windows-store-for-business.md
@ -1,6 +1,7 @@
 ---
 title: Manage inventory in Windows Store for Business (Windows 10)
 description: When you acquire apps from the Windows Store for Business, we add them to the Inventory for your organization. Once an app is part of your inventory, you can distribute the app, and manage licenses.
 redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/app-inventory-management-windows-store-for-business
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
@ -38,7 +39,7 @@ Another way to distribute apps is by assigning them to people in your organizati
 3.	Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
 4.	Type the email address for the employee that you're assigning the app to, and click **Confirm**.
-Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **MyLibrary**. 
+Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**. 
 ## Manage licenses
 For apps in inventory, when you assign an app to an employee, a license for the app is assigned to them. You can manage these licenses, either by assigning them, or reclaiming them so you can assign them to another employee. You can also remove an app from the private store. 
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@ -350,7 +350,9 @@ Modify the following PowerShell script as appropriate. The comments in the sampl
    $ShellLauncherClass.SetEnabled($TRUE)
-    “`nEnabled is set to “ + $DefaultShellObject.IsEnabled()
+    $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
    “`nEnabled is set to “ + $IsShellLauncherEnabled.Enabled
    # Remove the new custom shells.
--- a/windows/manage/settings-reference-windows-store-for-business.md
+++ b/windows/manage/settings-reference-windows-store-for-business.md
@ -5,6 +5,7 @@ ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
 ---
 # Settings reference: Windows Store for Business
--- a/windows/manage/update-windows-store-for-business-account-settings.md
+++ b/windows/manage/update-windows-store-for-business-account-settings.md
@ -133,6 +133,6 @@ Offline licensing is a new licensing option for Windows 10. With offline license
 You have the following distribution options for offline-licensed apps:
 - Include the app in a provisioning package, and then use it as part of imaging a device.
 - Distribute the app through a management tool. 
-For more information, see Distribute apps to your employees from the Store for Business.
+For more information, see [Distribute apps to your employees from the Store for Business](distribute-apps-with-management-tool.md).
--- a/windows/manage/windows-10-start-layout-options-and-policies.md
+++ b/windows/manage/windows-10-start-layout-options-and-policies.md
@ -57,7 +57,7 @@ The following table lists the different parts of Start and any applicable policy
 <p>-and-</p>
 <p>Dynamically inserted app tile</p></td>
 <td align="left"><p>MDM: <strong>Allow Windows Consumer Features</strong></p>
-<p>Group Policy: <strong>Computer Configuration</strong>\<strong>Administrative Templates</strong>\<strong>Windows Components</strong>\<strong>Cloud Content</strong>\<strong>Turn off Microsoft consumer experiences</strong></p>
+<p>Group Policy: <strong>Computer Configuration</strong>\\<strong>Administrative Templates</strong>\\<strong>Windows Components</strong>\\<strong>Cloud Content</strong>\\<strong>Turn off Microsoft consumer experiences</strong></p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This policy also enables or disables notifications for a user's Microsoft account and app tiles from Microsoft dynamically inserted in the default Start menu.</p>
--- a/windows/whats-new/windows-store-for-business-overview.md
+++ b/windows/whats-new/windows-store-for-business-overview.md
@ -85,7 +85,7 @@ For more information, see [Sign up for the Store for Business](../manage/sign-up
 ### Set up
-After your admin signs up for the Store for Business, they can assign roles to other employees in your company. These are the roles and their permissions.
+After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions.
 <table>
 <colgroup>
@ -137,7 +137,7 @@ Also, if your organization plans to use a management tool, you’ll need to conf
 ### Get apps and content
-Once signed in to the Store for Business, you can browse and search for all products in the Store for Business catalog. For now, apps in the Store for Business are free. Over time, when paid apps are available, you’ll have more options for paying for apps.
+Once signed in to the Store for Business, you can browse and search for all products in the Store for Business catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time. 
 **App types** -- These app types are supported in the Store for Business:
@ -212,96 +212,54 @@ For more information, see [Manage settings in the Store for Business](../manage/
 Store for Business is currently available in these markets.
-   Argentina
+|Country or locale|Paid apps|Free apps|
-
+|-----------------|---------|---------|
-   Australia
+|Argentina|X|X|
-
+|Australia|X|X|
-   Austria
+|Austria|X|X|
-
+|Belgium (Dutch, French)|X|X|
-   Belgium (Dutch, French)
+|Brazil| |X|
-
+|Canada (English, French)|X|X|
-   Brazil
+|Chile|X|X|
-
+|Columbia|X|X|
-   Canada (English, French)
+|Croatia|X|X|
-
+|Czech Republic|X|X|
-   Chile
+|Denmark|X|X|
-
+|Finland|X|X|
-   Columbia
+|France|X|X|
-
+|Germany|X|X|
-   Croatia
+|Greece|X|X|
-
+|Hong Kong SAR|X|X|
-   Czech Republic
+|Hungary|X|X|
-
+|India| |X|
-   Denmark
+|Indonesia|X|X|
-
+|Ireland|X|X|
-   Finland
+|Italy|X|X|
-
+|Japan|X|X|
-   France
+|Malaysia|X|X|
-
+|Mexico|X|X|
-   Germany
+|Netherlands|X|X|
-
+|New Zealand|X|X|
-   Greece
+|Norway|X|X|
-
+|Philippines|X|X|
-   Hong Kong SAR
+|Poland|X|X|
-
+|Portugal|X|X|
-   Hungary
+|Romania|X|X|
-
+|Russia| |X|
-   India
+|Singapore|X|X|
-
+|Slovakia|X|X|
-   Indonesia
+|South Africa|X|X|
-
+|Spain|X|X|
-   Ireland
+|Sweden|X|X|
-
+|Switzerland (French, German)|X|X|
-   Italy
+|Taiwan| |X|
-
+|Thailand|X|X|
-   Japan
+|Turkey|X|X|
-
+|Ukraine| |X|
-   Malaysia
+|United Kingdom|X|X|
-
+|United States|X|X|
-   Mexico
+|Vietnam|X|X|
-
+  
 -   Netherlands
 -   New Zealand
 -   Norway
 -   Philippines
 -   Poland
 -   Portugal
 -   Romania
 -   Russia
 -   Singapore
 -   Slovakia
 -   South Africa
 -   Spain
 -   Sweden
 -   Switzerland (French, German)
 -   Taiwan
 -   Thailand
 -   Turkey
 -   Ukraine
 -   United Kingdom
 -   United States
 -   Vietnam
 ## <a href="" id="isv-wsfb"></a>ISVs and the Store for Business
`@ -28,7 +28,7 @@ Administrators can assign online-licensed apps to employees in their organizatio`

	`4. Type the email address for the employee that you're assigning the app to, and click Confirm.`	`4. Type the email address for the employee that you're assigning the app to, and click Confirm.`

	`Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click Install.`	`Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click Install. Also, in the Windows Store app, they can find the app under My Library.`