Merged PR 1906: Merge master to live

2025-05-12 13:27:23 +00:00 · 2017-06-23 21:21:14 +00:00 · 2017-06-23 21:21:14 +00:00 · 40ca2afabe
commit 40ca2afabe
parent 11bac7ceef
21 changed files with 233 additions and 53 deletions
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@ -9,7 +9,7 @@
      "build_output_subfolder": "mdop-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -25,7 +25,7 @@
      "build_output_subfolder": "windows-manage-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -41,7 +41,7 @@
      "build_output_subfolder": "smb-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -57,7 +57,7 @@
      "build_output_subfolder": "surface-hub-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -73,7 +73,7 @@
      "build_output_subfolder": "microsoft-edge-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -89,7 +89,7 @@
      "build_output_subfolder": "win-development-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -105,7 +105,7 @@
      "build_output_subfolder": "windows-plan-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -121,7 +121,7 @@
      "build_output_subfolder": "win-client-management-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -137,7 +137,7 @@
      "build_output_subfolder": "win-threat-protection-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -153,7 +153,7 @@
      "build_output_subfolder": "win-app-management-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -169,7 +169,7 @@
      "build_output_subfolder": "windows-deploy-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -185,7 +185,7 @@
      "build_output_subfolder": "keep-secure-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -201,7 +201,7 @@
      "build_output_subfolder": "surface-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -217,7 +217,7 @@
      "build_output_subfolder": "windows-hub-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -233,7 +233,7 @@
      "build_output_subfolder": "internet-explorer-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -265,7 +265,7 @@
      "build_output_subfolder": "win-access-protection-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -281,7 +281,7 @@
      "build_output_subfolder": "win-device-security-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -297,7 +297,7 @@
      "build_output_subfolder": "education-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -313,7 +313,7 @@
      "build_output_subfolder": "store-for-business-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -329,7 +329,7 @@
      "build_output_subfolder": "win-configuration-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -345,7 +345,7 @@
      "build_output_subfolder": "windows-update-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -361,7 +361,7 @@
      "build_output_subfolder": "win-whats-new-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -377,7 +377,7 @@
      "build_output_subfolder": "itpro-hololens-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -393,7 +393,7 @@
      "build_output_subfolder": "windows-configure-VSTS",
      "locale": "en-us",
      "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
@ -442,7 +442,7 @@
      "Pdf"
    ]
  },
-  "need_generate_pdf_url_template": false,
+  "need_generate_pdf_url_template": true,
  "Targets": {
    "Pdf": {
      "template_folder": "_themes.pdf"
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@ -50,6 +50,9 @@ When the other Surface Hub receives the link, the recipient can tap on the link,
 After you’re done, you can export a copy of the Whiteboard collaboration for yourself through the Share charm and leave the board for others to continue working. 
 >[!TIP]
 >When you start a collaboration session, Whiteboard creates a folder named **Whiteboard App Data** in your OneDrive for Business to store your shared whiteboards. After some collaboration sessions, this folder may continue to sync or process changes indefinitely. You can fix this by choosing to not sync the **Whiteboard App Data** folder to your device. Disabling sync for this folder won't limit your ability to use Whiteboard for collaboration sessions.
 ## How to control and manage Whiteboard to Whiteboard collaboration
 Whiteboard has settings that can be managed via MDM. These allow you to disable or enable collaboration functionality in case your organization can’t meet the prerequisites or you’d rather not have your organization use this feature. 
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@ -14,7 +14,7 @@ author: nickbrower
 The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
-The following image shows the Windows Defender configuration service provider in tree format
+The following image shows the Windows Defender configuration service provider in tree format.
 ![defender csp diagram](images/provisioning-csp-defender.png)
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@ -103,6 +103,7 @@ The following Group Policy settings were added in Windows 10, version 1703:
 - Windows Components\Internet Explorer\Accelerators\Restrict Accelerators to those deployed through Group Policy
 - Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode
 - Windows Components\Location and Sensors\Windows Location Provider\Turn off Windows Location Provider
 - Windows Components\Microsoft Account\Block all consumer Microsoft account user authentication
 - Windows Components\Microsoft Edge\Configure Autofill
 - Windows Components\Microsoft Edge\Allow Developer Tools
 - Windows Components\Microsoft Edge\Allow Developer Tools
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@ -59,7 +59,7 @@
 ### [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)
 ### [Use a script to install a desktop app in provisioning packages](provisioning-packages/provisioning-script-to-install-app.md)
 ### [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-packages/provisioning-powershell.md)
-### [Windows ICD command-line interface (reference)](provisioning-packages/provisioning-command-line.md)
+### [Windows Configuration Designer command-line interface (reference)](provisioning-packages/provisioning-command-line.md)
 ### [Create a provisioning package with multivariant settings](provisioning-packages/provisioning-multivariant.md)
 ## [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md)
 ## [User Experience Virtualization (UE-V) for Windows](ue-v/uev-for-windows.md)
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@ -14,6 +14,13 @@ author: jdeckerms
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 ## June 2017
 | New or changed topic | Description |
 | --- | --- |
 | [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Added warning about using Shell Launcher to set a custom shell with an application that launches a different process and then exits |
 | [Windows Configuration Designer command-line interface (reference)](provisioning-packages/provisioning-command-line.md) | Removed references to imaging |
 ## May 2017
 | New or changed topic | Description |
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@ -16,11 +16,11 @@ localizationpriority: high
 - Windows 10
 - Windows 10 Mobile
-You can use the Windows Configuration Designer command-line interface (CLI) to automate the building of provisioning packages and Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) and Windows 10 Mobile or Windows 10 IoT Core (IoT Core) images. 
+You can use the Windows Configuration Designer command-line interface (CLI) to automate the building of provisioning packages. 
 - IT pros can use the Windows Configuration Designer CLI to require less re-tooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
- You must use the Windows Configuration Designer CLI and edit the customizations.xml sources to create an image and/or provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows Configuration Designer CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md). 
+- You must use the Windows Configuration Designer CLI and edit the customizations.xml sources to create a provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows Configuration Designer CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md). 
--- a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@ -220,6 +220,9 @@ Using Shell Launcher, you can configure a kiosk device that runs a Classic Windo
 >[!NOTE]
 >You can also configure a kiosk device that runs a Classic Windows application by using the [Provision kiosk devices wizard](#wizard).
 >[!WARNING]
 >Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.  
 ### Requirements
 -   A domain or local user account.
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@ -106,9 +106,9 @@ For more information, see the following guides:
 The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10.
 [Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md)
-[Change history for Access Protection](/windows/access-protection/change-history-for-access-protection)
+<BR>[Change history for Access Protection](/windows/access-protection/change-history-for-access-protection)
-[Change history for Device Security](/windows/device-security/change-history-for-device-security)
+<BR>[Change history for Device Security](/windows/device-security/change-history-for-device-security)
-[Change history for Threat Protection](/windows/threat-protection/change-history-for-threat-protection)
+<BR>[Change history for Threat Protection](/windows/threat-protection/change-history-for-threat-protection)
 ## Related topics
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@ -19,10 +19,12 @@ localizationpriority: high
 **MBR2GPT.EXE** converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
 MBR2GPT.EXE is located in the **Windows\\System32** directory on a Windows 10 computer running Windows 10 version 1703 or later.
 You can use MBR2GPT to perform the following:
- \[Within the Windows PE environment\]: Convert any attached MBR-formatted disk to GPT, including the system disk.
+- \[Within the Windows PE environment\]: Convert any attached MBR-formatted system disk to the GPT partition format.
- \[From within the currently running OS\]: Convert any attached MBR-formatted disk to GPT, including the system disk.
+- \[From within the currently running OS\]: Convert any attached MBR-formatted system disk to the GPT partition format.
 >MBR2GPT is available in Windows 10 version 1703, also known as Windows 10 Creator's Update, and later versions. 
 >The tool is available in both the full OS environment and Windows PE. 
@ -224,6 +226,7 @@ Before any change to the disk is made, MBR2GPT validates the layout and geometry
  - 16KB + 1 sector at the end of the disk
 - There are at most 3 primary partitions in the MBR partition table
 - One of the partitions is set as active and is the system partition
 - The disk does not have any extended/logical partition
 - The BCD store on the system partition contains a default OS entry pointing to an OS partition
 - The volume IDs can be retrieved for each volume which has a drive letter assigned
 - All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@ -74,7 +74,7 @@ The following steps can resolve many Windows upgrade problems.
 <LI>sfc /scannow</LI>
 </UL>
 </LI>
-<LI>Update Windows so that all available recommended updates are installed.</LI>
+<LI>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update.</LI>
 <LI>Uninstall non-Microsoft antivirus software.
  <UL> 
  <LI>Use Windows Defender for protection during the upgrade. 
@ -573,7 +573,7 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-8000405 - 0x20007
+800040005 - 0x20007
 </TABLE>
@ -667,6 +667,39 @@ The installation failed during the second boot phase while attempting the MIGRAT
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
 8007001F - 0x3000D
 </TABLE>
 <P><TABLE cellspacing=0 cellpadding=0>
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
 The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DATA operation.  
 </TABLE>
 </TD>
 <TD align="left" valign="top" style='border:solid #000000 1.0pt;'>
 <TABLE cellspacing=0 cellpadding=0>
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
 [Analyze log files](#analyze-log-files) in order to determine the files that are blocking data migration. 
 Note: This error can occur if Active Directory integrated user accounts exist on the computer, but these accounts are no longer present in Active Directory. To repair this error, delete the invalid accounts from the **Users** directory on the local computer and restart the upgrade process.
 </TABLE>
 </TD>
 </TR>
 <TR><TD align="left" valign="top" style='border:solid #000000 1.0pt;'>
 <TABLE cellspacing=0 cellpadding=0>
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
 <TR><TD style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
 8007001F - 0x4000D
 </TABLE>
--- a/windows/deployment/upgrade/upgrade-readiness-get-started.md
+++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md
@ -40,6 +40,9 @@ To enable system, application, and driver data to be shared with Microsoft, you
 Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
 >[!IMPORTANT]
 >Upgrade Readiness is a free solution.  When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure.  Upgrade Readiness data **do not** count toward OMS daily upload limits.
 If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace.
 If you are not using OMS:
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@ -1,10 +1,11 @@
 ---
-title: Deploy Windows 10 using System Center Configuration Manager
+title: Step by step - Deploy Windows 10 using System Center Configuration Manager
-description: Deploy Windows 10 in a test lab using System Center Configuration Manager 
+description: Deploy Windows 10 in a test lab using System Center Configuration Manager
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: deploykeywords: deployment, automate, tools, configure, sccm, configuration manager
+ms.pagetype: deploy
 keywords: deployment, automate, tools, configure, sccm
 localizationpriority: high
 author: greg-lindsay
 ---
@ -14,6 +15,7 @@ author: greg-lindsay
 **Applies to**
 -   Windows 10
 **Important**: This guide leverages the proof of concept (PoC) environment, and some settings that are configured in the following guides:
 - [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md)
 - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@ -54,11 +54,8 @@ Topics and procedures in this guide are summarized in the following table. An es
 <TR><TD>[Convert PC to VM](#convert-pc-to-vm)<TD>Convert a physical computer on your network to a VM hosted in Hyper-V.<TD>30 minutes
 <TR><TD>[Resize VHD](#resize-vhd)<TD>Increase the storage capacity for one of the Windows Server VMs.<TD>5 minutes
 <TR><TD>[Configure Hyper-V](#configure-hyper-v)<TD>Create virtual switches, determine available RAM for virtual machines, and add virtual machines.<TD>15 minutes
 <<<<<<< HEAD:windows/deployment/windows-10-poc.md
 <TR><TD>[Configure service and user accounts](#configure-service-and-user-accounts)<TD>Start virtual machines and configure all services and settings.<TD>60 minutes
 =======
 <TR><TD>[Configure VMs](#configure-vms)<TD>Start virtual machines and configure all services and settings.<TD>60 minutes
 >>>>>>> bb842731e73d0f219d021f0869d9b36c8aba222c:windows/deploy/windows-10-poc.md
 <TR><TD>[Appendix A: Verify the configuration](#appendix-a-verify-the-configuration)<TD>Verify and troubleshoot network connectivity and services in the PoC environment.<TD>30 minutes
 <TR><TD>[Appendix B: Terminology in this guide](#appendix-b-terminology-used-in-this-guide)<TD>Terms used in this guide.<TD>Informational
 </TABLE>
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@ -127,11 +127,9 @@
 #### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
 #### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
 #### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
 ## [Windows Defender SmartScreen](windows-defender-smartscreen\windows-defender-smartscreen-overview.md)
 ### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen\windows-defender-smartscreen-available-settings.md)
 ### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen\windows-defender-smartscreen-set-individual-device.md)
 ## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md)
 ### [Create a Windows Information Protection (WIP) policy](windows-information-protection\overview-create-wip-policy.md)
 #### [Create a Windows Information Protection (WIP) using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
@ -152,13 +150,9 @@
 #### [Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](windows-information-protection\app-behavior-with-wip.md)
 #### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](windows-information-protection\recommended-network-definitions-for-wip.md)
 #### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md)
 ## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
 ## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
-
+## [Secure the windows 10 boot process](secure-the-windows-10-boot-process.md)
 ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
 ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-
+## [Change history for Threat Protection](change-history-for-threat-protection.md)
 ## [Change history for Threat Protection](change-history-for-threat-protection.md)
--- a/windows/threat-protection/change-history-for-threat-protection.md
+++ b/windows/threat-protection/change-history-for-threat-protection.md
@ -18,6 +18,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
 [Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
 [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
 |[List of enlightened Microsoft apps for use with Windows Information Protection (WIP)](windows-information-protection\enlightened-microsoft-apps-and-wip.md)|Updated to include newly enlightened and supported apps.|
 [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Updated from existing applicable and relevant Windows 8.1 content |
 ## March 2017
--- a/windows/threat-protection/images/dn168167.boot_process(en-us,MSDN.10).png
+++ b/windows/threat-protection/images/dn168167.boot_process(en-us,MSDN.10).png
--- a/windows/threat-protection/images/dn168167.measure_boot(en-us,MSDN.10).png
+++ b/windows/threat-protection/images/dn168167.measure_boot(en-us,MSDN.10).png
--- a/windows/threat-protection/secure-the-windows-10-boot-process.md
+++ b/windows/threat-protection/secure-the-windows-10-boot-process.md
@ -0,0 +1,129 @@
 ---
 title: Secure the Windows 10 boot process 
 description: This article describes how Windows 10 security features helps protect your PC from malware, including rootkits and other applications
 keywords: trusted boot, windows 10 boot proces
 ms.prod: w10
 ms.mktglfcycl: Explore
 ms.pagetype: security
 ms.sitesec: library
 localizationpriority: medium
 author: brianlic-msft
 ---
 # Secure the Windows 10 boot process
 **Applies to:** 
 -  Windows 10
 -  Windows 8.1
 The Windows operating system has many features to help protect you from malware, and it does an amazingly good job. Except for apps that businesses develop and use internally, all Windows Store apps must meet a series of requirements to be certified and included in the Windows Store. This certification process examines several criteria, including security, and is an effective means of preventing malware from entering the Windows Store. Even if a malicious app does get through, the Windows 10 operating system includes a series of security features that can mitigate the impact. For instance, Windows Store apps are sandboxed and lack the privileges necessary to access user data or change system settings.
 Windows 10 has multiple levels of protection for desktop apps and data, too. Windows Defender uses signatures to detect and quarantine apps that are known to be malicious. The SmartScreen Filter warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
 Those are just some of the ways that Windows 10 protects you from malware. However, those security features protect you only after Windows 10 starts. Modern malware—and bootkits specifically—are capable of starting before Windows, completely bypassing operating system security, and remaining completely hidden.
 When you run Windows 10 on a PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power on your PC until your anti-malware starts. In the unlikely event that malware does infect a PC, it can’t remain hidden; Trusted Boot can prove the system’s integrity to your infrastructure in a way that malware can’t disguise. Even on PCs without UEFI, Windows 10 provides even better startup security than previous versions of Windows.
 First, let’s examine what rootkits are and how they work. Then, we’ll show you how Windows 10 can protect you.
 ## The threat: rootkits
 *Rootkits* are a sophisticated and dangerous type of malware that run in kernel mode, using the same privileges as the operating system. Because rootkits have the same rights as the operating system and start before it, they can completely hide themselves and other applications. Often, rootkits are part of an entire suite of malware that can bypass local logins, record passwords and keystrokes, transfer private files, and capture cryptographic data.
 Different types of rootkits load during different phases of the startup process:
 -  **Firmware rootkits.** These kits overwrite the firmware of the PC’s basic input/output system or other hardware so the rootkit can start before Windows.
 -  **Bootkits.** These kits replace the operating system’s bootloader (the small piece of software that starts the operating system) so that the PC loads the bootkit before the operating system.
 -  **Kernel rootkits.** These kits replace a portion of the operating system kernel so the rootkit can start automatically when the operating system loads.
 -  **Driver rootkits.** These kits pretend to be one of the trusted drivers that Windows uses to communicate with the PC hardware.
 ## The countermeasures
 Windows 10 supports four features to help prevent rootkits and bootkits from loading during the startup process:
 -  **Secure Boot.** PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted operating system bootloaders.
 -  **Trusted Boot.** Windows checks the integrity of every component of the startup process before loading it.
 -  **Early Launch Anti-Malware (ELAM).** ELAM tests all drivers before they load and prevents unapproved drivers from loading.
 -  **Measured Boot.** The PC’s firmware logs the boot process, and Windows can send it to a trusted server that can objectively assess the PC’s health.
 Figure 1 shows the Windows 10 startup process.
 ![Windows 10 startup process](./images/dn168167.boot_process(en-us,MSDN.10).png)
 **Figure 1. Secure Boot, Trusted Boot, and Measured Boot block malware at every stage**
 Secure Boot and Measured Boot are only possible on PCs with UEFI 2.3.1 and a TPM chip. Fortunately, all Windows 10 PCs that meet Windows Hardware Compatibility Program requirements have these components, and many PCs designed for earlier versions of Windows have them as well.
 The sections that follow describe Secure Boot, Trusted Boot, ELAM, and Measured Boot.
 ## Secure Boot
 When a PC starts, it first finds the operating system bootloader. PCs without Secure Boot simply run whatever bootloader is on the PC’s hard drive. There’s no way for the PC to tell whether it’s a trusted operating system or a rootkit.
 When a PC equipped with UEFI starts, the PC first verifies that the firmware is digitally signed, reducing the risk of firmware rootkits. If Secure Boot is enabled, the firmware examines the bootloader’s digital signature to verify that it hasn’t been modified. If the bootloader is intact, the firmware starts the bootloader only if one of the following conditions is true:
 -  **The bootloader was signed using a trusted certificate.** In the case of PCs certified for Windows 10, the Microsoft® certificate is trusted.
 -  **The user has manually approved the bootloader’s digital signature.** This allows the user to load non-Microsoft operating systems.
 All x86-based Certified For Windows 10 PCs must meet several requirements related to Secure Boot:
 -  They must have Secure Boot enabled by default.
 -  They must trust Microsoft’s certificate (and thus any bootloader Microsoft has signed).
 -  They must allow the user to configure Secure Boot to trust other bootloaders.
 -  They must allow the user to completely disable Secure Boot.
 These requirements help protect you from rootkits while allowing you to run any operating system you want. You have three options for running non-Microsoft operating systems:
 -  **Use an operating system with a certified bootloader.** Because all Certified For Windows 10 PCs must trust Microsoft’s certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows 10 PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to <http://sysdev.microsoft.com>.
 -  **Configure UEFI to trust your custom bootloader.** All Certified For Windows 10 PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
 -  **Turn off Secure Boot.** All Certified For Windows 10 PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however.
 To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software cannot change the Secure Boot settings. For more information about Secure Boot, read the blog, [Protecting the pre-OS environment with UEFI](http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx).
 Like most mobile devices, ARM-based Certified For Windows RT devices, such as the Microsoft Surface RT device, are designed to run only Windows 8.1. Therefore, Secure Boot cannot be turned off, and you cannot load a different operating system. Fortunately, there is a large market of ARM devices designed to run other operating systems.
 ## Trusted Boot
 Trusted Boot takes over where Secure Boot leaves off. The bootloader verifies the digital signature of the Windows 10 kernel before loading it. The Windows 10 kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM. If a file has been modified, the bootloader detects the problem and refuses to load the corrupted component. Often, Windows 10 can automatically repair the corrupted component, restoring the integrity of Windows and allowing the PC to start normally.
 ## Early Launch Anti-Malware
 Because Secure Boot has protected the bootloader and Trusted Boot has protected the Windows kernel, the next opportunity for malware to start is by infecting a non-Microsoft boot driver. Traditional anti-malware apps don’t start until after the boot drivers have been loaded, giving a rootkit disguised as a driver the opportunity to work.
 Early Launch Anti-Malware (ELAM) can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the operating system hasn’t started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: examine every boot driver and determine whether it is on the list of trusted drivers. If it’s not trusted, Windows won’t load it.
 An ELAM driver isn’t a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows 10) supports ELAM, as does [Microsoft System Center 2012 Endpoint Protection](https://www.microsoft.com/en-us/server-cloud/system-center/endpoint-protection-2012.aspx) and several non-Microsoft anti-malware apps.
 ## Measured Boot
 If a PC in your organization does become infected with a rootkit, you need to know about it. Enterprise anti-malware apps can report malware infections to the IT department, but that doesn’t work with rootkits that hide their presence. In other words, you can’t trust the client to tell you whether it’s healthy.
 As a result, PCs infected with rootkits appear to be healthy, even with anti-malware running. Infected PCs continue to connect to the enterprise network, giving the rootkit access to vast amounts of confidential data and potentially allowing the rootkit to spread across the internal network.
 Working with the TPM and non-Microsoft software, Measured Boot in Windows 10 allows a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot uses the following process:
 1. The PC’s UEFI firmware stores in the TPM a hash of the firmware, bootloader, boot drivers, and everything that will be loaded before the anti-malware app.
 2. At the end of the startup process, Windows starts the non-Microsoft remote attestation client. The trusted attestation server sends the client a unique key.
 3. The TPM uses the unique key to digitally sign the log recorded by the UEFI.
 4. The client sends the log to the server, possibly with other security information.
 Depending on the implementation and configuration, the server can now determine whether the client is healthy and grant the client access to either a limited quarantine network or to the full network.
 Figure 2 illustrates the Measured Boot and remote attestation process.
 ![Measured Boot and remote attestation process](./images/dn168167.measure_boot(en-us,MSDN.10).png)
 **Figure 2. Measured Boot proves the PC’s health to a remote server**
 Windows 10 includes the application programming interfaces to support Measured Boot, but you’ll need non-Microsoft tools to implement a remote attestation client and trusted attestation server to take advantage of it. For an example of such a tool, download the [TPM Platform Crypto-Provider Toolkit](http://research.microsoft.com/en-us/downloads/74c45746-24ad-4cb7-ba4b-0c6df2f92d5d/) from Microsoft Research or Microsoft Enterprise Security MVP Dan Griffin’s [Measured Boot Tool](http://mbt.codeplex.com/).
 Measured Boot uses the power of UEFI, TPM, and Windows 10 to give you a way to confidently assess the trustworthiness of a client PC across the network.
 ## Summary
 Secure Boot, Trusted Boot, and Measured Boot create an architecture that is fundamentally resistant to bootkits and rootkits. In Windows 10, these features have the potential to eliminate kernel-level malware from your network. This is the most ground-breaking anti-malware solution that Windows has ever had; it’s leaps and bounds ahead of everything else. With Windows 10, you can truly trust the integrity of your operating system.
 For more information:
 -  Watch a [video demonstration of Secure Boot](https://technet.microsoft.com/en-us/windows/jj737995.aspx)
 ## Additional resources
 -  [Windows 10 Enterprise Evaluation](https://technet.microsoft.com/evalcenter/hh699156.aspx?ocid=wc-tn-wctc)
--- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@ -17,7 +17,7 @@ author: iaanw
 **Applies to:**
- Windows 10, version 1703
+- Windows 10 (some instructions are only applicable for Windows 10, version 1703)
 **Audience**
@ -130,6 +130,7 @@ Used by Windows to send client telemetry, Windows Defender Antivirus uses this f
 <td>
 This update uses SSL (TCP Port 443) to download manifests and upload telemetry to Microsoft that uses the following DNS endpoints:  <ul><li>vortex-win.data.microsoft.com</li><li>settings-win.data.microsoft.com</li></ul></td>
 </tr>
 </table>
 <a id="validate"></a>
@ -147,7 +148,7 @@ Use the following argument with the Windows Defender AV command line utility (*m
 MpCmdRun - ValidateMapsConnection 
 ```
 > [!NOTE]
-> You may need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+> You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703.
 See [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender Antivirus](command-line-arguments-windows-defender-antivirus.md) for more information on how to use the *mpcmdrun.exe* utility.
@ -185,6 +186,9 @@ You will also see a detection under **Quarantined threats** in the **Scan histor
    ![Screenshot of quarantined items in the Windows Defender Security Center app](images/defender/wdav-quarantined-history-wdsc.png)
 >[!NOTE]
 >Versions of Windows 10 before version 1703 have a different user interface. See the [Windows Defender Antivirus in the Windows Defender Security Center](windows-defender-security-center-antivirus.md) topic for more information about the differences between versions, and instructions on how to perform common tasks in the different interfaces.
 The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-windows-defender-antivirus.md).
 >[!IMPORTANT]
--- a/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
@ -48,7 +48,7 @@ Topic | Description
 :---|:---
 [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection
 [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md)|Enable behavior-based, heuristic, and real-time protection in Windows Defender AV
-[Configure end-user interaction with WDAM](configure-end-user-interaction-windows-defender-antivirus.md)|Configure how end-users interact with Windows Defender AV, what notifications they see, and if they can override settings
+[Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md)|Configure how end-users interact with Windows Defender AV, what notifications they see, and if they can override settings