Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2icd

devices/surface-hub/use-room-control-system-with-surface-hub.md

@@ -267,6 +267,9 @@ The current volume level is a range from 0 to 100.
 
 Changes to volume levels can be sent by a room control system, or other system.
 
+>[!NOTE]
+>The Volume command will only control the volume for embedded or Replacement PC mode, not from [Guest sources](connect-and-display-with-surface-hub.md).
+
 <table>
 <colgroup>
 <col width="33%" />

windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md

@@ -17,9 +17,9 @@ author: brianlic-msft
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Display user information when the session is locked** security policy setting.
 
 ## Reference
-This setting controls whether details such as email address or domain\username appear with the username on the sign-in screen. 
+This security setting controls whether details such as email address or domain\username appear with the username on the sign-in screen. 
 For clients that run Windows 10 version 1511 and 1507 (RTM), this setting works similarly to previous versions of Windows. 
-Due to a new **Privacy** setting in Windows 10 version 1607, this setting affects those clients differently. 
+However, because of a new **Privacy** setting introduced in Windows 10 version 1607, this security setting affects those clients differently. 
 
 ### Changes in Windows 10 version 1607
 
@@ -36,7 +36,7 @@ This setting has these possible values:
 -   **User display name, domain and user names**
 
     For a local logon, the user's full name is displayed. 
-    If the user signed in using a Microsoft Account, the user's email address is displayed. 
+    If the user signed in using a Microsoft account, the user's email address is displayed. 
     For a domain logon, the domain\username is displayed. 
     This has the same effect as turning on the **Privacy** setting. 
 
@@ -51,7 +51,7 @@ This setting has these possible values:
     Beginning with Windows 10 version 1607, this option is not supported. 
     If this option is chosen, the full name of the user who locked the session is displayed instead. 
     This change makes this setting consistent with the functionality of the new **Privacy** setting. 
-    To have no user information displayed, enable the Group Policy setting **Interactive logon: Don't display last signed-in**.
+    To display no user information, enable the Group Policy setting **Interactive logon: Don't display last signed-in**.
 
 -   Blank.
 
@@ -71,7 +71,7 @@ There are related Group Policy settings:
 
 - **Computer Configuration\Policies\Administrative Templates\System\Logon\Block user from showing account details on sign-in** prevents users from showing account details on the sign-in screen. 
 - **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Don’t display last signed-in** prevents the username of the last user to sign in from being shown.
-- **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Don’t display user name at sign in** prevents the username from being shown at Windows sign-in and immediately after credentials are entered and before the desktop appears. 
+- **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Don’t display username at sign-in** prevents the username from being shown at Windows sign-in and immediately after credentials are entered and before the desktop appears. 
 
 ### Interaction with related Group Policy settings
 

windows/manage/windows-store-for-business-overview.md

@@ -89,49 +89,11 @@ For more information, see [Sign up for the Store for Business](../manage/sign-up
 
 After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions.
 
-<table>
-<colgroup>
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Permission</th>
-<th align="left">Account settings</th>
-<th align="left">Acquire apps</th>
-<th align="left">Distribute apps</th>
-<th align="left">Device Guard signing</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Admin</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Purchaser</p></td>
-<td align="left"></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Device Guard signer</p></td>
-<td align="left"></td>
-<td align="left"></td>
-<td align="left"></td>
-<td align="left"><p>X</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+| Permission | Account settings | Acquire apps | Distribute apps | Device Guard signing |
+| ---------- | ---------------- | ------------ | --------------- | -------------------- |
+| Admin | X | X | X |  |
+| Purchaser |  | X | X |  |
+| Device Guard signer |  |  |  | X |
  
 In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](../manage/manage-users-and-groups-windows-store-for-business.md).
 
@@ -367,6 +329,18 @@ Store for Business is currently available in these markets.
    </tr>
 </table>
 
+## Privacy notice
+
+Microsoft Store for Business services get names and email addresses of people in your organization from Azure Active Directory. This information is needed for these admin functions:
+- Granting and managing permissions
+- Managing app licenses 
+- Distributing apps to people (names appear in a list that admins can select from)
+ 
+Store for Business does not save names, or email addresses.
+
+Your use of Store for Business is also governed by the Store for Business Terms of Use. 
+
+Information sent to Store for Business is subject to the [Store for Business Privacy Statement](https://privacy.microsoft.com/privacystatement/).
 
 ## <a href="" id="isv-wsfb"></a>ISVs and the Store for Business