Merge branch 'master' into lomayor-ah-renames

CODEOWNERS

@@ -0,0 +1,5 @@
+docfx.json                          @microsoftdocs/officedocs-admin
+.openpublishing.build.ps1           @microsoftdocs/officedocs-admin
+.openpublishing.publish.config.json @microsoftdocs/officedocs-admin
+CODEOWNERS                          @microsoftdocs/officedocs-admin
+.acrolinx-config.edn                @microsoftdocs/officedocs-admin

devices/hololens/hololens-calibration.md

@@ -99,7 +99,7 @@ You can also disable the calibration prompt by following these steps:
 1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**.
 
 > [!IMPORTANT]
-> Please understand that this setting may adversely affect hologram rendering quality and comfort.
+> This setting may adversely affect hologram rendering quality and comfort.  When you turn off this setting, features that depend on eye tracking (such as text scrolling) no longer work in immersive applications.
 
 ### HoloLens 2 eye-tracking technology
 

devices/hololens/hololens-cortana.md

@@ -56,7 +56,7 @@ To use these commands, gaze at a 3D object, hologram, or app window.
 | "Face me" | Turn it to face you |
 | "Move this" | Move it (follow your gaze) |
 | "Close" | Close it |
-| "Follow" / "Stop following" | Make it follow you as you move around |
+| "Follow me" / "Stop following" | Make it follow you as you move around |
 
 ### See it, say it
 
@@ -64,7 +64,7 @@ Many buttons and other elements on HoloLens also respond to your voice—for exa
 
 ### Dictation mode
 
-Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone icon or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that."
+Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone button or say "Start dictating." To stop dictating, select the button again or say "Stop dictating." To delete what you just dictated, say "Delete that."
 
 > [!NOTE]
 > To use dictation mode, you have to have an internet connection.

devices/hololens/hololens-recovery.md

@@ -106,6 +106,14 @@ The Advanced Recovery Companion is a new app in Microsoft Store restore the oper
 5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.)
 6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device.
 
+>[!TIP]
+>In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion:
+
+1.	Connect the HoloLens 2 to a PC with Advanced Recovery Companion installed.
+1.	Press and hold the **Volume Up and Power buttons** until the device reboots.  Release the Power button, but continue to hold the Volume Up button until the third LED is lit. It will the the only lit LED.
+   1.	The device should be visible in **Device Manager** as a **Microsoft HoloLens Recovery** device:
+1.	Launch Advanced Recovery Companion, and follow the on-screen prompts to reflash the OS to the HoloLens 2.
+
 ### HoloLens (1st gen)
 
 If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool.

devices/hololens/hololens2-basic-usage.md

@@ -105,8 +105,8 @@ To **close** the Start menu, do the Start gesture when the Start menu is open.
 > [!IMPORTANT]
 > For the one-handed Start gesture to work:
 >
-> 1. You must update to the November 2019 update (build 18363) or later.
+> 1. You must update to the November 2019 update (build 18363.1039) or later.
-> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not calibrated on the device.
+> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/hololens/hololens-calibration#calibrating-your-hololens-2) on the device.
 
 You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together.
 

devices/hololens/hololens2-fit-comfort-faq.md

@@ -43,6 +43,15 @@ Try adjusting the position of your device visor so the holographic frame matches
 - **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame.
 - **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame.
 
+## Hologram image color or brightness does not look right
+
+For HoloLens 2, take the following steps to ensure the highest visual quality of holograms presented in displays:
+
+- **Increase brightness of the display.** Holograms look best when the display is at its brightest level.
+- **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes.
+- **Shift visor down.** Try moving the brow pad on your forehead down, which will result in the visor moving down closer to your nose.
+- **Run eye calibration.** The display uses your IPD and eye gaze to optimize images on the display. If you don't run eye calibration, the image quality may be made worse.
+
 ## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure
 
 The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit).

devices/hololens/hololens2-language-support.md

@@ -17,7 +17,7 @@ appliesto:
 
 # Supported languages for HoloLens 2
 
-HoloLens 2 supports the following languages. This support includes voice commands and dictation features.
+HoloLens 2 supports the following languages, including voice commands and dictation features, keyboard layouts, and OCR recognition within apps.
 
 - Chinese Simplified (China)
 - English (Australia)
@@ -37,9 +37,37 @@ HoloLens 2 is also available in the following languages. However, this support d
 - Dutch (Netherlands)
 - Korean (Korea)
 
-## Changing language or keyboard
+# Changing language or keyboard
+
+The setup process configures your HoloLens for a region and language. You can change this configuration by using the **Time & language** section of **Settings**.
 
 > [!NOTE]
 > Your speech and dictation language depends on the Windows display language.
->  
+
-To change the Windows display language, region, or keyboard settings, use the start gesture to open the **Start** menu, and then select **Settings** > **Time and Language** > **Language**.
+## To change the Windows display language
+
+1. Go to the **Start** menu, and then select **Settings** > **Time and language** > **Language**.
+2. Select **Windows display language**, and then select a language.  
+
+If the supported language you’re looking for is not in the menu, follow these steps: 
+
+1. Under **Preferred languages** select **Add a language**. 
+2. Search for and add the language.
+3. Select the **Windows display language** menu again and choose the language you added.
+
+The Windows display language affects the following settings for Windows and for apps that support localization:
+
+- The user interface text language.
+- The speech language.
+- The default layout of the on-screen keyboard.
+
+## To change the keyboard layout
+
+To add or remove a keyboard layout, open the **Start** menu and then select **Settings** > **Time & language** > **Keyboard**.
+
+If your HoloLens has more than one keyboard layout, use the **Layout** key to switch between them. The **Layout** key is in the lower right corner of the on-screen keyboard.
+
+> [!NOTE]
+> The on-screen keyboard can use Input Method Editor (IME) to enter characters in languages such as Chinese. However, HoloLens does not support external Bluetooth keyboards that use IME.
+> 
+> While you use IME with the on-screen keyboard, you can continue to use a Bluetooth keyboard to type in English. To switch between keyboards, press ~.

devices/hololens/index.md

@@ -55,4 +55,4 @@ appliesto:
 ## Related resources
 
 * [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
-* [HoloLens release notes](https://developer.microsoft.com/windows/mixed-reality/release_notes)
+* [HoloLens release notes](https://docs.microsoft.com/hololens/hololens-release-notes)

devices/surface-hub/TOC.md

@@ -7,6 +7,7 @@
 ### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) 
 ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
 ### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md)
+### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
 
 ## Plan
 ### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md) 
@@ -58,6 +59,7 @@
 ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
 ### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
 ### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
+### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
 
 ## Plan
 ### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)

devices/surface-hub/index.md

@@ -30,7 +30,6 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
                         <p><a href="https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099" target="_blank">Behind the design: Surface Hub 2S</a></p>
                         <p><a href="surface-hub-2s-whats-new.md">What's new in Surface Hub 2S</a></p>
                         <p><a href="differences-between-surface-hub-and-windows-10-enterprise.md">Operating system essentials</a></p>
-                        <p><a href="https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d">Enable Microsoft Whiteboard on Surface Hub</a></p>
                     </div>
                 </div>
             </div>

devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md

@@ -49,6 +49,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
    ```PowerShell
    New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
    ```
+[!IMPORTANT] ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods.
 
 3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
 

devices/surface-hub/surface-hub-2s-manage-intune.md

@@ -28,7 +28,7 @@ Surface Hub 2S allows IT administrators to manage settings and policies using a
 
 ### Auto registration — Azure Active Directory Affiliated
 
-When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods).
+During the initial setup process, when affiliating a Surface Hub with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune. 
 
 ## Windows 10 Team Edition settings
 

devices/surface/microsoft-surface-brightness-control.md

@@ -21,11 +21,10 @@ When deploying Surface devices in point of sale or other “always-on”
 kiosk scenarios, you can optimize power management using the new Surface
 Brightness Control app.
 
-Available for download with [Surface Tools for
+Available for download with [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703).
-IT](https://www.microsoft.com/download/details.aspx?id=46703), Surface Brightness Control is
+Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices.
-designed to help reduce thermal load and lower the overall carbon
+If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list.
-footprint for deployed Surface devices. The tool automatically dims the screen when not in use and
+The tool automatically dims the screen when not in use and includes the following configuration options:
-includes the following configuration options:
 
 - Period of inactivity before dimming the display.
 

devices/surface/surface-pro-arm-app-management.md

@@ -62,18 +62,19 @@ Some third-party antivirus software cannot be installed on a Windows 10 PC runni
 
 ## Servicing Surface Pro X
 
-Outside of personal devices that rely on Windows Update, servicing devices in most corporate environments requires downloading and managing the deployment of .MSI files to update target devices. Refer to the following documentation, which will be updated later to include guidance for servicing Surface Pro X:
+Surface Pro X supports Windows 10, version 1903 and later. As an ARM-based device, it has specific requirements for maintaining the latest drivers and firmware. 
 
-- [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).  
+Surface Pro X was designed to use Windows Update to simplify the process of keeping drivers and firmware up to date for both home users and small business users. Use the default settings to receive Automatic updates.  To verify:
 
-> [!NOTE]
+1. Go to **Start** > **Settings > Update & Security > Windows Update** > **Advanced Options.**
-> Surface Pro X supports Windows 10, version 1903 and later.
+2. Under **Choose how updates are installed,** select **Automatic (recommended)**.
 
-### Windows Server Update Services
+### Recommendations for commercial customers
-Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
-
-For more information, refer to the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/sum/get-started/configure-classifications-and-products).
 
+- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
+- If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). 
+- For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+- Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
 
 ## Running apps on Surface Pro X
 

mdop/agpm/troubleshooting-agpm40-upgrades.md

@@ -39,3 +39,18 @@ This section lists common issues that you may encounter when you upgrade your Ad
     -   Install the required hotfix.
     
     -   Connect to AGPM using an AGPM client to test that your difference reports are now functioning.
+    
+## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3
+    
+**Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs).
+
+**How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information.
+
+More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button.
+      
+The download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) can be found [here](https://www.microsoft.com/download/details.aspx?id=54967).
+      
+      
+## Reference link
+https://support.microsoft.com/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp
+      

mdop/mbam-v25/deploy-mbam.md

@@ -1,13 +1,14 @@
 ---
 title: Deploying MBAM 2.5 in a stand-alone configuration
 description: Introducing how to deploy MBAM 2.5 in a stand-alone configuration.
-author: delhan
+author: Deland-Han
 ms.reviewer: dcscontentpm
 manager: dansimp
 ms.author: delhan
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/16/2019
+manager: dcscontentpm
 --- 
 
 # Deploying MBAM 2.5 in a standalone configuration

mdop/mbam-v25/troubleshooting-mbam-installation.md

@@ -1,13 +1,14 @@
 ---
 title: Troubleshooting MBAM 2.5 installation problems
 description: Introducing how to troubleshoot MBAM 2.5 installation problems.
-author: delhan
+author: Deland-Han
 ms.reviewer: dcscontentpm
 manager: dansimp
 ms.author: delhan
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/16/2019
+manager: dcscontentpm
 --- 
 
 # Troubleshooting MBAM 2.5 installation problems

windows/client-management/introduction-page-file.md

@@ -8,7 +8,7 @@ author: Deland-Han
 ms.localizationpriority: medium
 ms.author: delhan
 ms.reviewer: greglin
-manager: willchen
+manager: dcscontentpm
 ---
 
 # Introduction to page files

windows/client-management/mdm/accounts-ddf-file.md

@@ -1,6 +1,6 @@
 ---
 title: Accounts DDF file
-description: XML file containing the device description framework
+description: XML file containing the device description framework for the Accounts configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md

@@ -36,8 +36,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
 > -   Bulk-join is not supported in Azure Active Directory Join.
 > -   Bulk enrollment does not work in Intune standalone environment.
 > -   Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console.
-
+> -   To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
- 
 
 ## What you need
 
@@ -169,4 +168,3 @@ Here are links to step-by-step provisioning topics in Technet.
 
 
 
-

windows/client-management/mdm/device-update-management.md

@@ -635,7 +635,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
 
 > [!Important]
-> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Enterprise.
+> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Enterprise.
 
 <p style="margin-left: 20px">Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
 

windows/client-management/mdm/devicemanageability-csp.md

@@ -1,6 +1,6 @@
 ---
 title: DeviceManageability CSP
-description: The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
+description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device. 
 ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/dmclient-csp.md

@@ -1,6 +1,6 @@
 ---
 title: DMClient CSP
-description: The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment.
+description: Understand how the DMClient configuration service provider works. It is used to specify enterprise-specific mobile device management configuration settings.
 ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/eap-configuration.md

@@ -1,6 +1,6 @@
 ---
 title: EAP configuration
-description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10.
+description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, plus info about EAP certificate filtering in Windows 10.
 ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/implement-server-side-mobile-application-management.md

@@ -1,6 +1,6 @@
 ---
 title: Provide server-side support for mobile app management on Windows
-description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP).
+description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/multisim-ddf.md

@@ -1,6 +1,6 @@
 ---
 title: MultiSIM DDF file
-description: XML file containing the device description framework
+description: XML file containing the device description framework for the MultiSIM configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/policy-csp-appruntime.md

@@ -99,14 +99,5 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-Footnotes:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in Windows 10, version 1903.
-
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-update.md

@@ -4248,7 +4248,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 > [!IMPORTANT]
-> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
+> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Mobile.
 
 Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
 

windows/client-management/mdm/tenantlockdown-ddf.md

@@ -1,6 +1,6 @@
 ---
 title: TenantLockdown DDF file
-description: XML file containing the device description framework
+description: XML file containing the device description framework for the TenantLockdown configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/win32compatibilityappraiser-ddf.md

@@ -1,6 +1,6 @@
 ---
 title: Win32CompatibilityAppraiser DDF file
-description: XML file containing the device description framework
+description: XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/configuration/setup-digital-signage.md

@@ -58,7 +58,7 @@ This procedure explains how to configure digital signage using Kiosk Browser on
     - Enter a user name and password, and toggle **Auto sign-in** to **Yes**.
     - Under **Configure the kiosk mode app**, enter the user name for the account that you're creating.
     - For **App type**, select **Universal Windows App**.
-    - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe`.
+    - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`.
 11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**. 
 12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu.
     - In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`.

windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md

@@ -1,6 +1,6 @@
 ---
 title: Create a task sequence with Configuration Manager (Windows 10)
-description: In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
+description: Create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
 ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
 ms.reviewer: 
 manager: laurawi

windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md

@@ -1,177 +1,178 @@
----
+---
-title: Use Orchestrator runbooks with MDT (Windows 10)
+title: Use Orchestrator runbooks with MDT (Windows 10)
-description: This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
+description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
-ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
+ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
-ms.reviewer: 
+ms.reviewer: 
-manager: laurawi
+manager: laurawi
-ms.author: greglin
+ms.author: greglin
-keywords: web services, database
+keywords: web services, database
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.localizationpriority: medium
+ms.localizationpriority: medium
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: mdt
+ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
-ms.topic: article
+author: greg-lindsay
----
+ms.topic: article
-
+---
-# Use Orchestrator runbooks with MDT
+
-
+# Use Orchestrator runbooks with MDT
-This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
+
-MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
+This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
-
+MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
-**Note**  
+
-If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
+**Note**  
- 
+If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
-## <a href="" id="sec01"></a>Orchestrator terminology
+ 
-
+## <a href="" id="sec01"></a>Orchestrator terminology
-Before diving into the core details, here is a quick course in Orchestrator terminology:
+
--   **Orchestrator Server.** This is a server that executes runbooks.
+Before diving into the core details, here is a quick course in Orchestrator terminology:
--   **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
+-   **Orchestrator Server.** This is a server that executes runbooks.
--   **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions.
+-   **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
--   **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook.
+-   **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions.
--   **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default.
+-   **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook.
--   **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default.
+-   **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default.
--   **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
+-   **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default.
-
+-   **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
-**Note**  
+
-To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554).
+**Note**  
- 
+To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554).
-## <a href="" id="sec02"></a>Create a sample runbook
+ 
-
+## <a href="" id="sec02"></a>Create a sample runbook
-This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01.
+
-
+This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01.
-1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS).
+
-2. In the **E:\\Logfile** folder, create the DeployLog.txt file.
+1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS).
-   **Note**  
+2. In the **E:\\Logfile** folder, create the DeployLog.txt file.
-   Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt.
+   **Note**  
-     
+   Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt.
-   ![figure 23](../images/mdt-09-fig23.png)
+     
-
+   ![figure 23](../images/mdt-09-fig23.png)
-   Figure 23. The DeployLog.txt file.
+
-
+   Figure 23. The DeployLog.txt file.
-3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder.
+
-
+3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder.
-   ![figure 24](../images/mdt-09-fig24.png)
+
-
+   ![figure 24](../images/mdt-09-fig24.png)
-   Figure 24. Folder created in the Runbooks node.
+
-
+   Figure 24. Folder created in the Runbooks node.
-4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**.
+
-5. On the ribbon bar, click **Check Out**.
+4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**.
-6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**.
+5. On the ribbon bar, click **Check Out**.
-7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane:
+6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**.
-   1.  Runbook Control / Initialize Data
+7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane:
-   2.  Text File Management / Append Line
+   1.  Runbook Control / Initialize Data
-8. Connect **Initialize Data** to **Append Line**.
+   2.  Text File Management / Append Line
-
+8. Connect **Initialize Data** to **Append Line**.
-   ![figure 25](../images/mdt-09-fig25.png)
+
-
+   ![figure 25](../images/mdt-09-fig25.png)
-   Figure 25. Activities added and connected.
+
-
+   Figure 25. Activities added and connected.
-9. Right-click the **Initialize Data** activity, and select **Properties**
+
-10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**.
+9. Right-click the **Initialize Data** activity, and select **Properties**
-
+10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**.
-    ![figure 26](../images/mdt-09-fig26.png)
+
-
+    ![figure 26](../images/mdt-09-fig26.png)
-    Figure 26. The Initialize Data Properties window.
+
-
+    Figure 26. The Initialize Data Properties window.
-11. Right-click the **Append Line** activity, and select **Properties**.
+
-12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**.
+11. Right-click the **Append Line** activity, and select **Properties**.
-13. In the **File** encoding drop-down list, select **ASCII**.
+12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**.
-14. In the **Append** area, right-click inside the **Text** text box and select **Expand**.
+13. In the **File** encoding drop-down list, select **ASCII**.
-
+14. In the **Append** area, right-click inside the **Text** text box and select **Expand**.
-    ![figure 27](../images/mdt-09-fig27.png)
+
-
+    ![figure 27](../images/mdt-09-fig27.png)
-    Figure 27. Expanding the Text area.
+
-
+    Figure 27. Expanding the Text area.
-15. In the blank text box, right-click and select **Subscribe / Published Data**.
+
-
+15. In the blank text box, right-click and select **Subscribe / Published Data**.
-    ![figure 28](../images/mdt-09-fig28.png)
+
-
+    ![figure 28](../images/mdt-09-fig28.png)
-    Figure 28. Subscribing to data.
+
-
+    Figure 28. Subscribing to data.
-16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**.
+
-17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**.
+16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**.
-18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**.
+17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**.
-
+18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**.
-    ![figure 29](../images/mdt-09-fig29.png)
+
-
+    ![figure 29](../images/mdt-09-fig29.png)
-    Figure 29. The expanded text box after all subscriptions have been added.
+
-
+    Figure 29. The expanded text box after all subscriptions have been added.
-19. On the **Append Line Properties** page, click **Finish**.
+
-    ## <a href="" id="sec03"></a>Test the demo MDT runbook
+19. On the **Append Line Properties** page, click **Finish**.
-    After the runbook is created, you are ready to test it.
+    ## <a href="" id="sec03"></a>Test the demo MDT runbook
-20. On the ribbon bar, click **Runbook Tester**.
+    After the runbook is created, you are ready to test it.
-21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**:
+20. On the ribbon bar, click **Runbook Tester**.
-    -   OSDComputerName: PC0010
+21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**:
-22. Verify that all activities are green (for additional information, see each target).
+    -   OSDComputerName: PC0010
-23. Close the **Runbook Tester**.
+22. Verify that all activities are green (for additional information, see each target).
-24. On the ribbon bar, click **Check In**.
+23. Close the **Runbook Tester**.
-
+24. On the ribbon bar, click **Check In**.
-![figure 30](../images/mdt-09-fig30.png)
+
-
+![figure 30](../images/mdt-09-fig30.png)
-Figure 30. All tests completed.
+
-
+Figure 30. All tests completed.
-## Use the MDT demo runbook from MDT
+
-
+## Use the MDT demo runbook from MDT
-1.  On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**.
+
-2.  Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+1.  On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**.
-    1.  Task sequence ID: OR001
+2.  Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
-    2.  Task sequence name: Orchestrator Sample
+    1.  Task sequence ID: OR001
-    3.  Task sequence comments: &lt;blank&gt;
+    2.  Task sequence name: Orchestrator Sample
-    4.  Template: Custom Task Sequence
+    3.  Task sequence comments: &lt;blank&gt;
-3.  In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab.
+    4.  Template: Custom Task Sequence
-4.  Remove the default **Application Install** action.
+3.  In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab.
-5.  Add a **Gather** action and select the **Gather only local data (do not process rules)** option.
+4.  Remove the default **Application Install** action.
-6.  After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings:
+5.  Add a **Gather** action and select the **Gather only local data (do not process rules)** option.
-    1.  Name: Set Task Sequence Variable
+6.  After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings:
-    2.  Task Sequence Variable: OSDComputerName
+    1.  Name: Set Task Sequence Variable
-    3.  Value: %hostname%
+    2.  Task Sequence Variable: OSDComputerName
-7.  After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings:
+    3.  Value: %hostname%
-    1.  Orchestrator Server: OR01.contoso.com
+7.  After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings:
-    2.  Use Browse to select **1.0 MDT / MDT Sample**.
+    1.  Orchestrator Server: OR01.contoso.com
-8.  Click **OK**.
+    2.  Use Browse to select **1.0 MDT / MDT Sample**.
-
+8.  Click **OK**.
-![figure 31](../images/mdt-09-fig31.png)
+
-
+![figure 31](../images/mdt-09-fig31.png)
-Figure 31. The ready-made task sequence.
+
-
+Figure 31. The ready-made task sequence.
-## Run the orchestrator sample task sequence
+
-
+## Run the orchestrator sample task sequence
-Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
+
-**Note**  
+Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
-Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555).
+**Note**  
- 
+Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555).
-1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
+ 
-2.  Using an elevated command prompt (run as Administrator), type the following command:
+1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
-
+2.  Using an elevated command prompt (run as Administrator), type the following command:
-    ``` syntax
+
-    cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
+    ``` syntax
-    ```
+    cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
-3.  Complete the Windows Deployment Wizard using the following information:
+    ```
-    1.  Task Sequence: Orchestrator Sample
+3.  Complete the Windows Deployment Wizard using the following information:
-    2.  Credentials:
+    1.  Task Sequence: Orchestrator Sample
-        1.  User Name: MDT\_BA
+    2.  Credentials:
-        2.  Password: P@ssw0rd
+        1.  User Name: MDT\_BA
-        3.  Domain: CONTOSO
+        2.  Password: P@ssw0rd
-4.  Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated.
+        3.  Domain: CONTOSO
-
+4.  Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated.
-![figure 32](../images/mdt-09-fig32.png)
+
-
+![figure 32](../images/mdt-09-fig32.png)
-Figure 32. The ready-made task sequence.
+
-
+Figure 32. The ready-made task sequence.
-## Related topics
+
-
+## Related topics
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+
-
+[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+
-
+[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+
-
+[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+
-
+[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
+
-
+[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
+
-
+[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-[Use web services in MDT](use-web-services-in-mdt.md)
+
+[Use web services in MDT](use-web-services-in-mdt.md)

windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md

@@ -1,6 +1,6 @@
 ---
 title: Use MDT database to stage Windows 10 deployment info (Windows 10)
-description: This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini).
+description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database.
 ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46
 ms.reviewer: 
 manager: laurawi

windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md

@@ -1,110 +1,111 @@
----
+---
-title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10)
+title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10)
-description: In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines.
+description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
-ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
+ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
-ms.reviewer: 
+ms.reviewer: 
-manager: laurawi
+manager: laurawi
-ms.author: greglin
+ms.author: greglin
-keywords: deploy, task sequence
+keywords: deploy, task sequence
-ms.prod: w10
+ms.prod: w10
-ms.localizationpriority: medium
+ms.localizationpriority: medium
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
-ms.date: 07/27/2017
+author: greg-lindsay
-ms.topic: article
+ms.date: 07/27/2017
----
+ms.topic: article
-
+---
-# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
+
-
+# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
-
+
-**Applies to**
+
-
+**Applies to**
--   Windows 10 versions 1507, 1511
+
-
+-   Windows 10 versions 1507, 1511
->[!IMPORTANT]
+
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>[!IMPORTANT]
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
-
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
-In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
+
-
+In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
-For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
-
+For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
-## <a href="" id="sec01"></a>Add drivers for Windows PE
+
-
+## <a href="" id="sec01"></a>Add drivers for Windows PE
-
+
-This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the E:\\Sources\\OSD\\DriverSources\\WinPE x64 folder on CM01.
+
-
+This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the E:\\Sources\\OSD\\DriverSources\\WinPE x64 folder on CM01.
-1.  On CM01, using the Configuration Manager Console, in the Software Library workspace, right-click the **Drivers** node and select **Import Driver**.
+
-
+1.  On CM01, using the Configuration Manager Console, in the Software Library workspace, right-click the **Drivers** node and select **Import Driver**.
-2.  In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**.
+
-
+2.  In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**.
-3.  On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**.
+
-
+3.  On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**.
-4.  On the **Select the packages to add the imported driver** page, click **Next**.
+
-
+4.  On the **Select the packages to add the imported driver** page, click **Next**.
-5.  On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice.
+
-
+5.  On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice.
-![Add drivers to Windows PE](../images/fig21-add-drivers.png "Add drivers to Windows PE")
+
-
+![Add drivers to Windows PE](../images/fig21-add-drivers.png "Add drivers to Windows PE")
-*Figure 21. Add drivers to Windows PE*
+
-
+*Figure 21. Add drivers to Windows PE*
->[!NOTE]
+
->The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two.
+>[!NOTE]
- 
+>The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two.
-
+ 
-## <a href="" id="sec02"></a>Add drivers for Windows 10
+
-
+## <a href="" id="sec02"></a>Add drivers for Windows 10
-
+
-This section illustrates how to add drivers for Windows 10 through an example in which you want to import Windows 10 drivers for the HP EliteBook 8560w model. For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the E:\\Sources\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w folder on CM01.
+
-
+This section illustrates how to add drivers for Windows 10 through an example in which you want to import Windows 10 drivers for the HP EliteBook 8560w model. For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the E:\\Sources\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w folder on CM01.
-1.  On CM01, using the Configuration Manager Console, right-click the **Drivers** folder and select **Import Driver**.
+
-
+1.  On CM01, using the Configuration Manager Console, right-click the **Drivers** folder and select **Import Driver**.
-2.  In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w** folder and click **Next**.
+
-
+2.  In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w** folder and click **Next**.
-3.  On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**.
+
-
+3.  On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**.
-    ![Create driver categories](../images/fig22-createcategories.png "Create driver categories")
+
-
+    ![Create driver categories](../images/fig22-createcategories.png "Create driver categories")
-    *Figure 22. Create driver categories*
+
-
+    *Figure 22. Create driver categories*
-4.  On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**:
+
-
+4.  On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**:
-    * Name: Windows 10 x64 - HP EliteBook 8560w
+
-
+    * Name: Windows 10 x64 - HP EliteBook 8560w
-    * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w
+
-
+    * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w
-    >[!NOTE]
+
-    >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder.
+    >[!NOTE]
-     
+    >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder.
-
+     
-5.  On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**.
+
-
+5.  On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**.
-    >[!NOTE]
+
-    >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
+    >[!NOTE]
-  
+    >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
-    ![Drivers imported and a new driver package created](../images/mdt-06-fig26.png "Drivers imported and a new driver package created")
+  
-  
+    ![Drivers imported and a new driver package created](../images/mdt-06-fig26.png "Drivers imported and a new driver package created")
-    *Figure 23. Drivers imported and a new driver package created*
+  
-
+    *Figure 23. Drivers imported and a new driver package created*
-## Related topics
+
-
+## Related topics
-
+
-[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
+
-
+[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
-
+
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+
-
+[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+
-
+[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
+
-
+[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+
-
+[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
+
-
+[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
+
-
+[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
-
+[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)

windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Finalize operating system configuration for Windows 10 deployment
-description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
+description: Follow this walk-through to finalize the configuration of your Windows 10 operating deployment.
 ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
 ms.reviewer: 
 manager: laurawi

windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Monitor the Windows 10 deployment with Configuration Manager
-description: In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench.
+description: Learn how to monitor a Windows 10 deployment with Configuration Manager. Use the Deployment Workbench to access the computer remotely.
 ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce
 ms.reviewer: 
 manager: laurawi

windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md

@@ -1,6 +1,6 @@
 ---
 title: Create AppHelp Message in Compatibility Administrator (Windows 10)
-description: The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.
+description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system.
 ms.assetid: 5c6e89f5-1942-4aa4-8439-ccf0ecd02848
 ms.reviewer: 
 manager: laurawi

windows/deployment/planning/using-the-sua-tool.md

@@ -1,92 +1,93 @@
----
+---
-title: Using the SUA Tool (Windows 10)
+title: Using the SUA Tool (Windows 10)
-description: By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
+description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
-ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03
+ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03
-ms.reviewer: 
+ms.reviewer: 
-manager: laurawi
+manager: laurawi
-ms.author: greglin
+ms.author: greglin
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: plan
+ms.mktglfcycl: plan
-ms.pagetype: appcompat
+ms.pagetype: appcompat
-ms.sitesec: library
+ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
-ms.date: 04/19/2017
+author: greg-lindsay
-ms.topic: article
+ms.date: 04/19/2017
----
+ms.topic: article
-
+---
-# Using the SUA Tool
+
-
+# Using the SUA Tool
-
+
-**Applies to**
+
-
+**Applies to**
--   Windows 10
+
--   Windows 8.1
+-   Windows 10
--   Windows 8
+-   Windows 8.1
--   Windows 7
+-   Windows 8
--   Windows Server 2012
+-   Windows 7
--   Windows Server 2008 R2
+-   Windows Server 2012
-
+-   Windows Server 2008 R2
-By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
+
-
+By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
-The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md).
+
-
+The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md).
-In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®.
+
-
+In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®.
-In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues.
+
-
+In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues.
-## Testing an Application by Using the SUA Tool
+
-
+## Testing an Application by Using the SUA Tool
-
+
-Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later.
+
-
+Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later.
-The following flowchart shows the process of using the SUA tool.
+
-
+The following flowchart shows the process of using the SUA tool.
-![act sua flowchart](images/dep-win8-l-act-suaflowchart.jpg)
+
-
+![act sua flowchart](images/dep-win8-l-act-suaflowchart.jpg)
-**To collect UAC-related issues by using the SUA tool**
+
-
+**To collect UAC-related issues by using the SUA tool**
-1.  Close any open instance of the SUA tool or SUA Wizard on your computer.
+
-
+1.  Close any open instance of the SUA tool or SUA Wizard on your computer.
-    If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues.
+
-
+    If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues.
-2.  Run the Standard User Analyzer.
+
-
+2.  Run the Standard User Analyzer.
-3.  In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it.
+
-
+3.  In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it.
-4.  Clear the **Elevate** check box, and then click **Launch**.
+
-
+4.  Clear the **Elevate** check box, and then click **Launch**.
-    If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning.
+
-
+    If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning.
-5.  Exercise the aspects of the application for which you want to gather information about UAC issues.
+
-
+5.  Exercise the aspects of the application for which you want to gather information about UAC issues.
-6.  Exit the application.
+
-
+6.  Exit the application.
-7.  Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md).
+
-
+7.  Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md).
-**To review and apply the recommended mitigations**
+
-
+**To review and apply the recommended mitigations**
-1.  In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**.
+
-
+1.  In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**.
-2.  Review the recommended compatibility fixes.
+
-
+2.  Review the recommended compatibility fixes.
-3.  Click **Apply**.
+
-
+3.  Click **Apply**.
-    The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked.
+
-
+    The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked.
-## Related topics
+
-[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md)
+## Related topics
-
+[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md)
-[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md)
+
-
+[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md)
-[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md)
+
-
+[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md)
-[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
+
-
+[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
- 
+
-
+ 
- 
+
-
+ 
-
+
-
+
-
+
-
+
+

windows/deployment/planning/windows-to-go-overview.md

@@ -1,6 +1,6 @@
 ---
 title: Windows To Go feature overview (Windows 10)
-description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
+description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive.
 ms.assetid: 9df82b03-acba-442c-801d-56db241f8d42
 ms.reviewer: 
 manager: laurawi

windows/deployment/upgrade/upgrade-readiness-data-sharing.md

@@ -33,7 +33,7 @@ In order to use the direct connection scenario, set the parameter **ClientProxy=
 
 ### Connection through the WinHTTP proxy
 
-This is the first and most simple proxy scenario. The WinHTTP stack was designed for use in services and does not support proxy autodetection, PAC scripts or authentication.
+This is the first and most simple proxy scenario.
 
 In order to set the WinHTTP proxy system-wide on your computers, you need to
 - Use the command netsh winhttp set proxy \<server\>:\<port\>

windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. Use a System Center Configuration Manager task sequence to completely automate the process.
+description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a SCCM task sequence.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 ms.reviewer: 
 manager: laurawi

windows/deployment/volume-activation/vamt-known-issues.md

@@ -1,25 +1,69 @@
----
+---
-title: VAMT Known Issues (Windows 10)
+title: VAMT known issues (Windows 10)
-description: VAMT Known Issues
+description: Volume Activation Management Tool (VAMT) known issues
-ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f
+ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f
-ms.reviewer: 
+ms.reviewer: 
-manager: laurawi
+manager: laurawi
-ms.author: greglin
+ms.author: greglin
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: activation
+ms.pagetype: activation
-audience: itpro
author: greg-lindsay
+audience: itpro
-ms.date: 04/25/2017
+author: greg-lindsay
-ms.topic: article
+ms.date: 12/17/2019
----
+ms.topic: article
-
+ms.custom: 
-# VAMT Known Issues
+- CI 111496
-
+- CSSTroubleshooting
-The following list contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0.
+---
--   The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state.
+
--   Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668).
+# VAMT known issues
--   When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information.
+
--   The remaining activation count can only be retrieved for MAKs.
+The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1.
- 
+
- 
+- VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state.
+- When opening a Computer Information List (CIL file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information.
+- The remaining activation count can only be retrieved for MAKs.
+
+## Can't add CSVLKs for Windows 10 activation to VAMT 3.1
+
+When you try to add a Windows 10 Key Management Service (KMS) Host key (CSVLK) or a Windows Server 2012 R2 for Windows 10 CSVLK into VAMT 3.1 (version 10.0.10240.0), you receive the following error message:
+
+> The specified product key is invalid, or is unsupported by this version of VAMT. An update to support additional products may be available online.
+
+![VAMT error message](./images/vamt-known-issue-message.png)
+
+This issue occurs because VAMT 3.1 does not contain the correct Pkconfig files to recognize this kind of key.
+
+### Workaround
+
+To work around this issue, use one of the following methods.
+
+**Method 1**
+
+Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options).
+
+**Method 2**
+
+On the KMS host computer, follow these steps:
+
+1. Download the hotfix from [July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/3172614/).
+
+1. In Windows Explorer, right-click **485392_intl_x64_zip**, and then extract the hotfix to **C:\KB3058168**.
+
+1. To extract the contents of the update, open a Command Prompt window and run the following command:
+
+   ```cmd
+   expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\
+   ```
+
+1. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command:
+
+   ```cmd
+   expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168
+   ```
+
+1. In the "C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716\" folder, copy the **pkeyconfig-csvlk.xrm-ms** file. Paste this file to the "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig" folder.
+
+1. Restart VAMT.

windows/deployment/windows-autopilot/autopilot-faq.md

@@ -39,6 +39,7 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
 |  Must I become a CSP to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API.  All others who choose to use MPC to register devices must become CSPs in order to access MPC.  |
 | Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot?   |  For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority and access: <br><br>1. <b>Direct CSP</b>: Gets direct authorization from the customer to register devices. <br><br>2. <b>Indirect CSP Provider</b>: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer.  Indirect CSP Providers register devices through Microsoft Partner Center. <br><br>3. <b>Indirect CSP Reseller</b>: Gets direct authorization from the customer to register devices.  At the same time, their indirect CSP Provider partner also gets authorization, which means that either the Indirect Provider or the Indirect Reseller can register devices for the customer.  However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. |
 
+
 ## Manufacturing
 
 | Question | Answer |

windows/deployment/windows-autopilot/registration-auth.md

@@ -51,7 +51,8 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
 
     ![Global admin](images/csp3.png)
 
-    NOTE: A user without global admin privileges who clicks the link will see a message similar to the following:
+    > [!NOTE]
+    > A user without global admin privileges who clicks the link will see a message similar to the following:
 
     ![Not global admin](images/csp4.png)
 
@@ -69,14 +70,17 @@ Each OEM has a unique link to provide to their respective customers, which the O
 
     ![Global admin](images/csp6.png)
 
-    NOTE: A user without global admin privileges who clicks the link will see a message similar to the following:
+    > [!NOTE]
+    > A user without global admin privileges who clicks the link will see a message similar to the following:
 
     ![Not global admin](images/csp7.png)
 3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done.  Authorization happens instantaneously.
 
 4. The OEM can use the Validate Device Submission Data API to verify the consent has completed.  This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
 
+    > [!NOTE]
+    > During the OEM authorization registration process, no delegated admin permissions are granted to the OEM.
+
 ## Summary
 
 At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer.  And, it all happens instantaneously - as quickly as buttons are clicked.
-

windows/privacy/manage-windows-1709-endpoints.md

@@ -1,6 +1,6 @@
 ---
 title: Connection endpoints for Windows 10 Enterprise, version 1709
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact.
+description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1709.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
 ms.mktglfcycl: manage

windows/privacy/manage-windows-1803-endpoints.md

@@ -1,6 +1,6 @@
 ---
 title: Connection endpoints for Windows 10, version 1803
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact.
+description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1803.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
 ms.mktglfcycl: manage

windows/privacy/manage-windows-1809-endpoints.md

@@ -1,6 +1,6 @@
 ---
 title: Connection endpoints for Windows 10, version 1809
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact.
+description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1809.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
 ms.mktglfcycl: manage

windows/privacy/manage-windows-1903-endpoints.md

@@ -1,6 +1,6 @@
 ---
 title: Connection endpoints for Windows 10 Enterprise, version 1903
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact.
+description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
 ms.mktglfcycl: manage

windows/security/identity-protection/credential-guard/additional-mitigations.md

@@ -1,6 +1,6 @@
 ---
 title: Additional mitigations
-description: Scripts listed in this topic for obtaining the available issuance policies on the certificate authority for Windows Defender Credential Guard on Windows 10.
+description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library

windows/security/identity-protection/credential-guard/credential-guard-scripts.md

@@ -1,6 +1,6 @@
 ---
 title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows 10)
-description: Scripts listed in this topic for obtaining the available issuance policies on the certificate authority for Windows Defender Credential Guard on Windows 10.
+description:  Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows 10.
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library

windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md

@@ -31,7 +31,7 @@ ms.reviewer:
 
 Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system.
 
-Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals, administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. 
+Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. 
 
 Which organizations can take advantage of Multi-factor unlock? Those who:
 * Have expressed that PINs alone do not meet their security needs.
@@ -101,7 +101,7 @@ Each rule element has a **signal** element.  All signal elements have a **type**
 | type| "wifi" (Windows 10, version 1803)
 
 #### Bluetooth
-You define the bluetooth signal with additional attribute in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>".
+You define the bluetooth signal with additional attributes in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>".
 
 |Attribute|Value|Required|
 |---------|-----|--------|
@@ -117,7 +117,7 @@ Example:
     <signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
 </rule>
 ```
-The **classofDevice** attribute defaults Phones and uses the values from the following table 
+The **classofDevice** attribute defaults to Phone and uses the values from the following table:
 
 |Description|Value|
 |:-------------|:-------:|
@@ -138,7 +138,7 @@ The **rssiMin** attribute value signal indicates the strength needed for the dev
 RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other.
 
 >[!IMPORTANT]
->Microsoft recommends using the default values for this policy settings.  Measurements are relative, based on the varying conditions of each environment.  Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting.  Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values.
+>Microsoft recommends using the default values for this policy setting.  Measurements are relative, based on the varying conditions of each environment.  Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting.  Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values.
 
 #### IP Configuration
 You define IP configuration signals using one or more ipConfiguration elements.  Each element has a string value.  IpConfiguration elements do not have attributes or nested elements.
@@ -198,7 +198,7 @@ The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IP
 <ipv6DnsServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DnsServer>
 ```
 ##### dnsSuffix
-The fully qualified domain name of your organizations internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix.  The **signal** element may contain one or more **dnsSuffix** elements.<br>
+The fully qualified domain name of your organization's internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix.  The **signal** element may contain one or more **dnsSuffix** elements.<br>
 **Example**
 ```
 <dnsSuffix>corp.contoso.com</dnsSuffix>

windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md

@@ -1,6 +1,6 @@
 ---
 title: Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business
-description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on
+description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them.
 keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, 
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

@@ -1,6 +1,6 @@
 ---
 title: Using Certificates for AADJ On-premises Single-sign On single sign-on
-description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on
+description: If you want to use certificates for on-premises single-sign on for Azure Active Directory joined devices, then follow these additional steps.
 keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, 
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md

@@ -1,6 +1,6 @@
 ---
 title: Azure AD Join Single Sign-on Deployment
-description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on
+description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory joined devices, using Windows Hello for Business.
 keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, 
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md

@@ -1,6 +1,6 @@
 ---
 title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business)
-description: Configuring Windows Hello for Business Settings in Hybrid deployment
+description: Configuring Windows Hello for Business settings in hybrid certificate trust deployment.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md

@@ -1,6 +1,6 @@
 ---
 title: Configure Hybrid Windows Hello for Business key trust Settings
-description: Configuring Windows Hello for Business Settings in Hybrid deployment
+description: Configuring Windows Hello for Business settings in hybrid key trust deployment.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md

@@ -1,6 +1,6 @@
 ---
 title: Microsoft-compatible security key 
-description: Windows 10 enables users to sign in to their device using a security key. How is  a Microsoft-compatible security key different (and better) than any other FIDO2 security key
+description: Learn how a Microsoft-compatible security key for Windows 10 is different (and better) than any other FIDO2 security key.
 keywords: FIDO2, security key, CTAP, Hello, WHFB
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md

@@ -185,7 +185,7 @@ Certificate requirements are listed by versions of the Windows operating system.
 The smart card certificate has specific format requirements when it is used with Windows XP and earlier operating systems. You can enable any certificate to be visible for the smart card credential provider.
 
 
-|            **Component**             |                                                                **Requirements for Windows 8.1, Windows 8, Windows 7, and Windows Vista**                                                                 |                                                                                                **Requirements for Windows XP**                                                                                                 |
+|            **Component**             |                                                                **Requirements for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows 10**                                                                 |                                                                                                **Requirements for Windows XP**                                                                                                 |
 |--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 |   CRL distribution point location    |                                                                                               Not required                                                                                               |             The location must be specified, online, and available, for example:<br>\[1\]CRL Distribution Point<br>Distribution Point Name:<br>Full Name:<br>URL=<http://server1.contoso.com/CertEnroll/caname.crl>             |
 |              Key usage               |                                                                                            Digital signature                                                                                             |                                                                                                       Digital signature                                                                                                        |

windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md

@@ -1,6 +1,6 @@
 ---
 title: User Account Control security policy settings (Windows 10)
-description: You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy.
+description: You can use security policies to configure how User Account Control works in your organization.
 ms.assetid: 3D75A9AC-69BB-4EF2-ACB3-1769791E1B98
 ms.reviewer: 
 ms.prod: w10

windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md

@@ -1,6 +1,6 @@
 ---
 title: BitLocker Key Management FAQ (Windows 10)
-description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
+description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
 ms.reviewer: 
 ms.prod: w10

windows/security/information-protection/tpm/tpm-fundamentals.md

@@ -1,6 +1,6 @@
 ---
 title: TPM fundamentals (Windows 10)
-description: This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks.
+description: Inform yourself about the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and how they are used to mitigate dictionary attacks.
 ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000
 ms.reviewer: 
 ms.prod: w10

windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md

@@ -1,6 +1,6 @@
 ---
 title: Create a Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10)
-description: Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
+description: Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy.
 ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6
 ms.reviewer: 
 ms.prod: w10

windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md

@@ -1,6 +1,6 @@
 ---
 title: Protect your enterprise data using Windows Information Protection (WIP) (Windows 10)
-description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control.
+description: Learn how to prevent accidental enterprise data leaks through apps and services, such as email, social media, and the public cloud.
 ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032
 ms.reviewer: 
 keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, DLP, data loss prevention, data leakage protection
@@ -59,7 +59,7 @@ To help address this security insufficiency, companies developed data loss preve
 
 - **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
 
-Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss preventions systems is that it provides a jarring experience that interrupts the employees’ natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand.
+Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees’ natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand.
 
 ### Using information rights management systems
 To help address the potential data loss prevention system problems, companies developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on. 

windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md

@@ -35,7 +35,7 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc
 |-----------------------------|---------------------------------------------------------------------|
 |Office 365 for Business |<ul><li>contoso.sharepoint.com</li><li>contoso-my.sharepoint.com</li><li>contoso-files.sharepoint.com</li><li>tasks.office.com</li><li>protection.office.com</li><li>meet.lync.com</li><li>teams.microsoft.com</li></ul> |
 |Yammer |<ul><li>www.yammer.com</li><li>yammer.com</li><li>persona.yammer.com</li></ul> |
-|Outlook Web Access (OWA) |attachments.office.net |
+|Outlook Web Access (OWA) |<ul><li>outlook.office.com</li><li>outlook.office365.com</li><li>attachments.office.net</li></ul> |
 |Microsoft Dynamics |contoso.crm.dynamics.com |
 |Visual Studio Online |contoso.visualstudio.com |
 |Power BI |contoso.powerbi.com |

windows/security/threat-protection/TOC.md

@@ -459,7 +459,8 @@
 ##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
 
 #### [Reporting]()
-##### [Create and build Power BI reports using Microsoft Defender ATP data (deprecated)](microsoft-defender-atp/powerbi-reports.md)
+##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
+##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
 ##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
 ##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
 

windows/security/threat-protection/auditing/advanced-security-auditing.md

@@ -1,6 +1,6 @@
 ---
 title: Advanced security audit policies (Windows 10)
-description: Advanced security audit policy settings are found in Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies and appear to overlap with basic security audit policies, but they are recorded and applied differently.
+description: Advanced security audit policy settings may appear to overlap with basic policies, but they are recorded and applied differently. Learn more about them here.
 ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC
 ms.reviewer: 
 ms.author: dansimp

windows/security/threat-protection/auditing/audit-application-generated.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Application Generated (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).
+description: The policy setting, Audit Application Generated, determines if audit events are generated when applications attempt to use the Windows Auditing APIs.
 ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-audit-policy-change.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Audit Policy Change (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy.
+description: The Advanced Security Audit policy setting, Audit Audit Policy Change, determines if audit events are generated when changes are made to audit policy.
 ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-central-access-policy-staging.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Central Access Policy Staging (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy.
+description: The Advanced Security Audit policy setting, Audit Central Access Policy Staging, determines permissions on a Central Access Policy.
 ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-distribution-group-management.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Distribution Group Management (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks.
+description: The policy setting, Audit Distribution Group Management, determines if audit events are generated for specific distribution-group management tasks.
 ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Filtering Platform Policy Change (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions.
+description: The policy setting, Audit Filtering Platform Policy Change, determines if audit events are generated for certain IPsec and Windows Filtering Platform actions.
 ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-ipsec-main-mode.md

@@ -1,6 +1,6 @@
 ---
 title: Audit IPsec Main Mode (Windows 10)
-description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
+description: Learn about the policy setting, Audit IPsec Main Mode, which determines if the results of certain protocols generate events during Main Mode negotiations.
 ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Kerberos Authentication Service (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
+description: The policy setting Audit Kerberos Authentication Service decides if audit events are generated for Kerberos authentication ticket-granting ticket (TGT) requests
 ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-network-policy-server.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Network Policy Server (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock).
+description: The policy setting, Audit Network Policy Server, determines if audit events are generated for RADIUS (IAS) and NAP activity on user access requests.
 ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-process-termination.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Process Termination (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process.
+description: The Advanced Security Audit policy setting, Audit Process Termination, determines if audit events are generated when an attempt is made to end a process.
 ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-registry.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Registry (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Registry, which determines whether the operating system generates audit events when users attempt to access registry objects.
+description: The Advanced Security Audit policy setting, Audit Registry, determines if audit events are generated when users attempt to access registry objects.
 ms.assetid: 02bcc23b-4823-46ac-b822-67beedf56b32
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-sam.md

@@ -1,6 +1,6 @@
 ---
 title: Audit SAM (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager (SAM) objects.
+description: The Advanced Security Audit policy setting, Audit SAM, enables you to audit events generated by attempts to access Security Account Manager (SAM) objects.
 ms.assetid: 1d00f955-383d-4c95-bbd1-fab4a991a46e
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-security-group-management.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Security Group Management (Windows 10)
-description: This topic for the IT professional describes the advanced security audit policy setting, Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed.
+description: The policy setting, Audit Security Group Management, determines if audit events are generated when specific security group management tasks are performed.
 ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-security-system-extension.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Security System Extension (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security System Extension, which determines whether the operating system generates audit events related to security system extensions.
+description: The Advanced Security Audit policy setting, Audit Security System Extension, determines if audit events related to security system extensions are generated.
 ms.assetid: 9f3c6bde-42b2-4a0a-b353-ed3106ebc005
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md

@@ -1,6 +1,6 @@
 ---
 title: Audit Sensitive Privilege Use (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Sensitive Privilege Use, which determines whether the operating system generates audit events when sensitive privileges (user rights) are used.
+description: The policy setting, Audit Sensitive Privilege Use, determines if the operating system generates audit events when sensitive privileges (user rights) are used.
 ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d
 ms.reviewer: 
 manager: dansimp

windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md

@@ -1,6 +1,6 @@
 ---
 title: Monitor central access policies on a file server (Windows 10)
-description: This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects.
+description: Learn how to monitor changes to the central access policies that apply to a file server, when using advanced security auditing options.
 ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c
 ms.reviewer: 
 ms.author: dansimp

windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md

@@ -1,6 +1,6 @@
 ---
 title: Deployment guidelines for Windows Defender Device Guard (Windows 10)
-description: To help you plan a deployment of Microsoft Windows Defender Device Guard, this article describes hardware requirements for Windows Defender Device Guard, outlines deployment approaches, and describes methods for code signing and code integrity policies.
+description: Plan your deployment of Windows Defender Device Guard. Learn about hardware requirements, deployment approaches, code signing and code integrity policies.
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/threat-protection/fips-140-validation.md

@@ -57,7 +57,7 @@ The cadence for starting module validation aligns with the feature updates of Wi
 
 ### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”?
 
-“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
+“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
 
 ### I need to know if a Windows service or application is FIPS 140-2 validated.
 
@@ -7191,4 +7191,4 @@ Version 6.3.9600</p></td>
 
 \[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised)
 
-\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
+\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

windows/security/threat-protection/intelligence/prevent-malware-infection.md

@@ -85,6 +85,8 @@ To further ensure that data is protected from malware as well as other threats:
 
 * Do not use untrusted devices to log on to email, social media, and corporate accounts.
 
+* Avoid downloading or running older apps. Some of these apps might have vulnerabilities. Also, older file formats for Office 2003 (.doc, .pps, and .xls) allow macros or run. This could be a security risk.
+
 ## Software solutions
 
 Microsoft provides comprehensive security capabilities that help protect against threats. We recommend:

windows/security/threat-protection/intelligence/understanding-malware.md

@@ -1,7 +1,7 @@
 ---
 title: Understanding malware & other threats
 ms.reviewer: 
-description: Learn about the most prevalent viruses, malware, and other threats. Understand how they arrive, their detailed behaviors, infection symptoms, and how to prevent & remove them.
+description: Learn about the most prevalent viruses, malware, and other threats. Understand how they infect systems, how they behave, and how to prevent and remove them.
 keywords: security, malware, virus, malware, threat, analysis, research, encyclopedia, dictionary, glossary, ransomware, support scams, unwanted software, computer infection, virus infection, descriptions, remediation, latest threats, mmpc, microsoft malware protection center, wdsi
 ms.prod: w10
 ms.mktglfcycl: secure

windows/security/threat-protection/intelligence/virus-initiative-criteria.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Virus Initiative
 ms.reviewer: 
-description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share antimalware telemetry data with Microsoft.
+description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share telemetry with Microsoft.
 keywords: security, malware, MVI, Microsoft Malware Protection Center, MMPC, alliances, WDSI
 ms.prod: w10
 ms.mktglfcycl: secure

windows/security/threat-protection/microsoft-defender-atp/alerts.md

@@ -1,6 +1,6 @@
 ---
 title: Get alerts API
-description: Retrieves top recent alerts.
+description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md

@@ -121,6 +121,12 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a
 
 - You also can use OData queries for queries filters, see [Using OData Queries](exposed-apis-odata-samples.md)
 
+
+## Power BI dashboard samples in GitHub
+For more information see the [Power BI report templates](https://github.com/microsoft/MDATP-PowerBI-Templates).
+
+
+
 ## Related topic
 - [Microsoft Defender ATP APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)

windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md

@@ -68,7 +68,7 @@ You can configure the following levels of automation:
 
 |Automation level | Description|
 |---|---|
-|Not protected | Machines do not get any automated investigations run on them. |
+|No automated response | Machines do not get any automated investigations run on them. |
 |Semi - require approval for any remediation | This is the default automation level.<br><br>  An approval is needed for any remediation action. |
 |Semi - require approval for non-temp folders remediation | An approval is required on files or executables that are not in temporary folders. <br><br> Files or executables in temporary folders, such as the user's download folder or the user's temp folder, will automatically be remediated if needed.|
 |Semi - require approval for core folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder. <br><br> Files or executables in all other folders will  automatically be remediated if needed.|

windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md

@@ -1,6 +1,6 @@
 ---
 title: Configure alert notifications in Microsoft Defender ATP
-description: Send email notifications to specified recipients to receive new alerts based on severity with Microsoft Defender ATP on Windows 10 Enterprise, Pro, and Education editions.
+description: You can use Microsoft Defender Advanced Threat Protection to configure email notification settings for security alerts, based on severity and other criteria.
 keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md

@@ -80,6 +80,13 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
 
     b.  Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_
 
+    If you are using a [Central Store for Group Policy Administrative Templates](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra), copy the following files from the
+    configuration package:
+    
+     a.  Copy _AtpConfiguration.admx_ into _\\\\\<forest.root\>\\SysVol\\\<forest.root\>\\Policies\\PolicyDefinitions_
+
+     b.  Copy _AtpConfiguration.adml_ into _\\\\\<forest.root\>\\SysVol\\\<forest.root\>\\Policies\\PolicyDefinitions\\en-US_
+
 2.  Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**.
 
 3.  In the **Group Policy Management Editor**, go to **Computer configuration**.

windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md

@@ -1,7 +1,7 @@
 ---
 title: Compare the features in Exploit protection with EMET
 keywords: emet, enhanced mitigation experience toolkit, configuration, exploit, compare, difference between, versus, upgrade, convert
-description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET.
+description: Exploit protection in Microsoft Defender ATP is our successor to Enhanced Mitigation Experience Toolkit (EMET) and provides stronger protection, more customization, an easier user interface, and better configuration and management options.
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md

@@ -1,7 +1,7 @@
 ---
 title: Turn on exploit protection to help mitigate against attacks
 keywords: exploit, mitigation, attacks, vulnerability
-description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET.
+description: Learn how to enable exploit protection in Windows 10. Exploit protection helps protect your device against malware.
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md

@@ -1,7 +1,7 @@
 ---
 title: Apply mitigations to help prevent attacks through vulnerabilities
 keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
-description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET.
+description: Protect devices against exploits with Windows 10. Windows 10 has advanced exploit protection capabilities, building upon and improving the settings available in Enhanced Mitigation Experience Toolkit (EMET).
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/files.md

@@ -1,6 +1,6 @@
 ---
 title: File resource type
-description: Retrieves information associated with files alerts.
+description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts related to files.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/get-alerts.md

@@ -1,6 +1,6 @@
 ---
 title: List alerts API
-description: Retrieves top recent alerts.
+description: Retrieve a collection of recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/live-response.md

@@ -55,6 +55,9 @@ You'll need to enable the live response capability in the [Advanced features set
 - **Ensure that you have the appropriate permissions**<br>
 	Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments see, [Create and manage roles](user-roles.md). 
 
+    > [!IMPORTANT]
+    > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions.
+
     Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. 
 
 ## Live response dashboard overview
@@ -250,4 +253,3 @@ Each command is tracked with full details such as:
 
 
 
-

windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md

@@ -31,6 +31,10 @@ To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app di
 >[!NOTE]
 >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
 
+> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. 
+
+## Enable Microsoft Cloud App Security in Microsoft Defender ATP
+
 1. In the navigation pane, select **Preferences setup** > **Advanced features**.
 2. Select **Microsoft Cloud App Security** and switch the toggle to **On**.
 3. Click **Save preferences**.
@@ -39,21 +43,7 @@ Once activated, Microsoft Defender ATP will immediately start forwarding discove
 
 ## View the data collected
 
-1. Browse to the [Cloud App Security portal](https://portal.cloudappsecurity.com).
+To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate machines in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security).
-
-2. Navigate to the Cloud Discovery dashboard.
-
-    ![Image of menu to cloud discovery dashboard](images/atp-cloud-discovery-dashboard-menu.png)
-
-3. Select **Win10 Endpoint Users report**, which contains the data coming from Microsoft Defender ATP.
-
-    ![Win10 endpoint users](./images/win10-endpoint-users.png)
-
-This report is similar to the existing discovery report with one major difference: you can now benefit from visibility to the machine context.
-
-Notice the new **Machines** tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (for example, when drilling down to a specific cloud app).
-
-![Cloud discovery](./images/cloud-discovery.png)
 
 
 For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).