update from master

windows/deploy/TOC.md

@@ -1,16 +1,21 @@
 # [Deploy Windows 10](index.md)
 ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-## [Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md)
-### [Upgrade Analytics architecture](upgrade-analytics-architecture.md)
-### [Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-### [Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-### [Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
-### [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
-#### [Prepare your environment](upgrade-analytics-prepare-your-environment.md)
-#### [Resolve application and driver issues](upgrade-analytics-resolve-issues.md)
-#### [Deploy Windows](upgrade-analytics-deploy-windows.md)
-#### [Review site discovery](upgrade-analytics-review-site-discovery.md)
-### [Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
+## [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md)
+### [Upgrade Readiness architecture](upgrade-readiness-architecture.md)
+### [Upgrade Readiness requirements](upgrade-readiness-requirements.md)
+### [Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
+### [Get started with Upgrade Readiness](upgrade-readiness-get-started.md)
+#### [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md)
+### [Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)
+#### [Upgrade overview](upgrade-readiness-upgrade-overview.md)
+#### [Step 1: Identify apps](upgrade-readiness-identify-apps.md)
+#### [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md)
+#### [Step 3: Deploy Windows](upgrade-readiness-deploy-windows.md)
+#### [Additional insights](upgrade-readiness-additional-insights.md)
+### [Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md)
+## [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
+### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
+### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
 ## [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
 ### [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
 #### [Key features in MDT 2013 Update 2](key-features-in-mdt-2013.md)
@@ -46,6 +51,7 @@
 ## [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 ## [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
 ## [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md)
+## [Convert MBR partition to GPT](mbr-to-gpt.md)
 ## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
 ## [Windows 10 upgrade paths](windows-10-upgrade-paths.md)
 ## [Windows 10 edition upgrade](windows-10-edition-upgrades.md)

windows/deploy/change-history-for-deploy-windows-10.md

@@ -11,9 +11,31 @@ author: greg-lindsay
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## March 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Convert MBR partition to GPT](mbr-to-gpt.md) | New | 
+
+## February 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) | Multiple topics updated, name changed from Upgrade Analytics to Upgrade Readiness, and other content updates. | 
+| [USMT Requirements](usmt-requirements.md) | Updated: Vista support removed and other minor changes | 
+| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated structure and content | 
+| [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) | Added as a separate page from get started | 
+| [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md) | Updated with links to new content and information about the target OS setting |
+| [Upgrade Analytics - Upgrade overview](upgrade-analytics-upgrade-overview.md) | New | 
+| [Upgrade Analytics - Step 1: Identify important apps](upgrade-analytics-identify-apps.md) | Updated topic title and content | 
+| [Upgrade Analytics - Step 2: Resolve app and driver issues](upgrade-analytics-resolve-issues.md) | New | 
+| [Upgrade Analytics - Step 3: Deploy Windows](upgrade-analytics-deploy-windows.md) | New | 
+| [Upgrade Analytics - Additional insights](upgrade-analytics-additional-insights.md) | New | 
+
 ## January 2017
 | New or changed topic | Description |
 |----------------------|-------------|
+| [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) | New | 
+| [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) | New | 
+| [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) | New | 
 | [Apply a provisioning package](provisioning-apply-package.md) | New (previously published in other topics) | 
 | [Create a provisioning package for Windows 10](provisioning-create-package.md) | New (previously published in Hardware Dev Center on MSDN) | 
 | [Create a provisioning package with multivariant settings](provisioning-multivariant.md) | New (previously published in Hardware Dev Center on MSDN) | 
@@ -22,7 +44,7 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc
 | [NFC-based device provisioning](provisioning-nfc.md) | New (previously published in Hardware Dev Center on MSDN) | 
 | [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) | New (previously published in Hardware Dev Center on MSDN) | 
 | [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) | New (previously published in Hardware Dev Center on MSDN) |
-|  [Windows ICD command-line interface (reference)](provisioning-command-line.md) | New (previously published in Hardware Dev Center on MSDN) |
+| [Windows ICD command-line interface (reference)](provisioning-command-line.md) | New (previously published in Hardware Dev Center on MSDN) |
 | [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog | 
 | [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) | Instructions for applying the provisioning package moved to [Apply a provisioning package](provisioning-apply-package.md) |
 | [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) | Instructions for applying the provisioning package moved to [Apply a provisioning package](provisioning-apply-package.md) |

windows/deploy/configure-a-pxe-server-to-load-windows-pe.md

@@ -163,6 +163,9 @@ ramdisksdidevice        boot
 ramdisksdipath          \boot\boot.sdi
 ```
 
+>[!TIP]
+>If you start the PXE boot process, but receive the error that "The boot configuration data for your PC is missing or contains errors" then verify that \\boot directory is installed under the correct TFTP server root directory.  In the example used here the name of this directory is TFTPRoot, but your TFTP server might be different. 
+
 ## PXE boot process summary
 
 The following summarizes the PXE client boot process.

windows/deploy/index.md

@@ -5,6 +5,7 @@ ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+localizationpriority: high
 author: greg-lindsay
 ---
 
@@ -16,12 +17,14 @@ Learn about deploying Windows 10 for IT professionals.
 |Topic |Description |
 |------|------------|
 |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
-|[Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md) |With Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
+|[Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
+|[Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides: [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
 |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically. |
 |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |
 |[Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) |The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Deployment Toolkit (MDT) 2013 Update 2 task sequence to completely automate the process. |
 |[Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) |The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process. |
 |[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
+|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
 |[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
 |[Windows 10 edition upgrade](windows-10-edition-upgrades.md) |With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. |
 | [Provisioning packages for Windows 10](provisioning-packages.md) | Learn how to use the Windows Imaging and Configuration Designer (ICD) and provisioning packages to easily configure multiple devices. |

windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md

@@ -1,57 +1,4 @@
 ---
 title: Manage Windows upgrades with Upgrade Analytics (Windows 10)
-description: Provides an overview of the process of managing Windows upgrades with Upgrade Analytics.
-ms.prod: w10
-author: MaggiePucciEvans
+redirect_url: manage-windows-upgrades-with-upgrade-readiness
 ---
-
-# Manage Windows upgrades with Upgrade Analytics
-
-Upgrading to new operating systems has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
-
-With the release of Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.  
-
-Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. 
-
-With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
-
-Use Upgrade Analytics to get:
-
--   A visual workflow that guides you from pilot to production
-
--   Detailed computer and application inventory
-
--   Powerful computer level search and drill-downs
-
--   Guidance and insights into application and driver compatibility issues, with suggested fixes
-
--   Data driven application rationalization tools
-
--   Application usage information, allowing targeted validation; workflow to track validation progress and decisions
-
--   Data export to commonly used software deployment tools, including System Center Configuration Manager
-
-The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
-
-**Important**  For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
-
-- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
-
-- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-
-- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
-
-##**Related topics**
-
-[Upgrade Analytics architecture](upgrade-analytics-architecture.md)
-
-[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-
-[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
-
-[Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
-
-[Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
-

windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md

@@ -0,0 +1,43 @@
+---
+title: Manage Windows upgrades with Upgrade Readiness (Windows 10)
+description: Provides an overview of the process of managing Windows upgrades with Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Manage Windows upgrades with Upgrade Readiness
+
+Upgrading to new operating systems has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
+
+With the release of Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released. Windows Upgrade Readiness not only supports upgrade management from Windows 7, Windows 8.1 to Windows 10, but also Windows 10 upgrades in the [Windows as a service](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview) model.  
+
+Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. 
+
+With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
+
+Use Upgrade Readiness to get:
+
+-   A visual workflow that guides you from pilot to production
+-   Detailed computer and application inventory
+-   Powerful computer level search and drill-downs
+-   Guidance and insights into application and driver compatibility issues, with suggested fixes
+-   Data driven application rationalization tools
+-   Application usage information, allowing targeted validation; workflow to track validation progress and decisions
+-   Data export to commonly used software deployment tools, including System Center Configuration Manager
+
+The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
+
+**Important**  For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
+
+- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+
+##**Related topics**
+
+[Upgrade Readiness architecture](upgrade-readiness-architecture.md)<BR>
+[Upgrade Readiness requirements](upgrade-readiness-requirements.md)<BR>
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)<BR>
+[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)<BR>
+[Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)<BR>
+[Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md)<BR>

windows/deploy/mbr-to-gpt.md

@@ -0,0 +1,384 @@
+---
+title: MBR2GPT
+description: How to use the MBR2GPT tool to convert MBR partitions to GPT
+keywords: deploy, troubleshoot, windows, 10, upgrade, partition, mbr, gpt
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+localizationpriority: high
+---
+
+# MBR2GPT.EXE
+
+**Applies to**
+-   Windows 10
+
+## Summary
+
+**MBR2GPT.EXE** converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
+
+You can use MBR2GPT to perform the following:
+
+- \[Within the Windows PE environment\]: Convert any attached MBR-formatted disk to GPT, including the system disk.
+- \[From within the currently running OS\]: Convert any attached MBR-formatted disk to GPT, including the system disk.
+
+>MBR2GPT is available in Windows 10 version 1703, also known as Windows 10 Creator's Update, and later versions. 
+>The tool is available in both the full OS environment and Windows PE. 
+
+You can use MBR2GPT to convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
+
+The MBR2GPT tool can convert operating system disks that have earlier versions of Windows installed, such as Windows 10 versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.
+
+>[!IMPORTANT]
+>After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode. <BR>Make sure that your device supports UEFI before attempting to convert the disk.
+
+## Syntax
+
+<table style="font-family:consolas;font-size:12px" >
+<TR><TD>MBR2GPT /validate|convert [/disk:\<diskNumber\>] [/logs:\<logDirectory\>] [/map:\<source\>=\<destination\>] [/allowFullOS]
+</TABLE>
+
+### Options
+
+| Option | Description |
+|----|-------------|
+|/validate| Instructs MBR2GPT.exe to perform only the disk validation steps and report whether the disk is eligible for conversion. |
+|/convert| Instructs MBR2GPT.exe to perform the disk validation and to proceed with the conversion if all validation tests pass. |
+|/disk:\<diskNumber\>| Specifies the disk number of the disk to be converted to GPT. If not specified, the system disk is used. The mechanism used is the same as that used by the diskpart.exe tool **SELECT DISK SYSTEM** command.|
+|/logs:\<logDirectory\>| Specifies the directory where MBR2GPT.exe logs should be written. If not specified, **%windir%** is used. If specified, the directory must already exist, it will not be automatically created or overwritten.|
+|/map:\<source\>=\<destination\>| Specifies additional partition type mappings between MBR and GPT. The MBR partition number is specified in decimal notation, not hexidecimal. The GPT GUID can contain brackets, for example: **/map:42={af9b60a0-1431-4f62-bc68-3311714a69ad}**. Multiple /map options can be specified if multiple mappings are required. |
+|/allowFullOS| By default, MBR2GPT.exe is blocked unless it is run from Windows PE. This option overrides this block and enables disk conversion while running in the full Windows environment.|
+
+## Examples
+
+### Validation example
+
+In the following example, disk 0 is validated for conversion. Errors and warnings are logged to the default location, **%windir%**.
+
+```
+X:\>mbr2gpt /validate /disk:0
+MBR2GPT: Attempting to validate disk 0
+MBR2GPT: Retrieving layout of disk
+MBR2GPT: Validating layout, disk sector size is: 512
+MBR2GPT: Validation completed successfully
+```
+
+### Conversion example
+
+In the following example:
+
+1. The current disk partition layout is displayed prior to conversion - three partitions are present on the MBR disk (disk 0): a system reserved partition, a Windows partition, and a recovery partition. A DVD-ROM is also present as volume 0.
+2. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](https://msdn.microsoft.com/library/windows/desktop/aa363990.aspx) is **07** corresponding to the installable file system (IFS) type. 
+2. The MBR2GPT tool is used to convert disk 0.
+3. The DISKPART tool displays that disk 0 is now using the GPT format.
+4. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3).
+5. The OS volume is selected again, and detail displays that it has been converted to the [GPT partition type](https://msdn.microsoft.com/library/windows/desktop/aa365449.aspx) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type. 
+
+>As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition will boot properly.
+
+```
+DISKPART> list volume
+
+  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
+  ----------  ---  -----------  -----  ----------  -------  ---------  --------
+  Volume 0     F   CENA_X64FRE  UDF    DVD-ROM     4027 MB  Healthy
+  Volume 1     C   System Rese  NTFS   Partition    499 MB  Healthy
+  Volume 2     D   Windows      NTFS   Partition     58 GB  Healthy
+  Volume 3     E   Recovery     NTFS   Partition    612 MB  Healthy    Hidden
+
+DISKPART> select volume 2
+
+Volume 2 is the selected volume.
+
+DISKPART> list partition
+
+  Partition ###  Type              Size     Offset
+  -------------  ----------------  -------  -------
+  Partition 1    Primary            499 MB  1024 KB
+* Partition 2    Primary             58 GB   500 MB
+  Partition 3    Recovery           612 MB    59 GB
+
+DISKPART> detail partition
+
+Partition 2
+Type  : 07
+Hidden: No
+Active: No
+Offset in Bytes: 524288000
+
+  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
+  ----------  ---  -----------  -----  ----------  -------  ---------  --------
+* Volume 2     D   Windows      NTFS   Partition     58 GB  Healthy
+
+DISKPART> exit
+
+Leaving DiskPart...
+
+X:\>mbr2gpt /convert /disk:0
+
+MBR2GPT will now attempt to convert disk 0.
+If conversion is successful the disk can only be booted in GPT mode.
+These changes cannot be undone!
+
+MBR2GPT: Attempting to convert disk 0
+MBR2GPT: Retrieving layout of disk
+MBR2GPT: Validating layout, disk sector size is: 512 bytes
+MBR2GPT: Trying to shrink the system partition
+MBR2GPT: Trying to shrink the OS partition
+MBR2GPT: Creating the EFI system partition
+MBR2GPT: Installing the new boot files
+MBR2GPT: Performing the layout conversion
+MBR2GPT: Migrating default boot entry
+MBR2GPT: Adding recovery boot entry
+MBR2GPT: Fixing drive letter mapping
+MBR2GPT: Conversion completed successfully
+MBR2GPT: Before the new system can boot properly you need to switch the firmware to boot to UEFI mode!
+
+X:\>diskpart
+
+Microsoft DiskPart version 10.0.15048.0
+
+Copyright (C) Microsoft Corporation.
+On computer: MININT-K71F13N
+
+DISKPART> list disk
+
+  Disk ###  Status         Size     Free     Dyn  Gpt
+  --------  -------------  -------  -------  ---  ---
+  Disk 0    Online           60 GB      0 B        *
+
+DISKPART> select disk 0
+
+Disk 0 is now the selected disk.
+
+DISKPART> list volume
+
+  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
+  ----------  ---  -----------  -----  ----------  -------  ---------  --------
+  Volume 0     F   CENA_X64FRE  UDF    DVD-ROM     4027 MB  Healthy
+  Volume 1     D   Windows      NTFS   Partition     58 GB  Healthy
+  Volume 2     C   System Rese  NTFS   Partition    499 MB  Healthy    Hidden
+  Volume 3                      FAT32  Partition    100 MB  Healthy    Hidden
+  Volume 4     E   Recovery     NTFS   Partition    612 MB  Healthy    Hidden
+
+DISKPART> select volume 1
+
+Volume 1 is the selected volume.
+
+DISKPART> list partition
+
+  Partition ###  Type              Size     Offset
+  -------------  ----------------  -------  -------
+  Partition 1    Recovery           499 MB  1024 KB
+* Partition 2    Primary             58 GB   500 MB
+  Partition 4    System             100 MB    59 GB
+  Partition 3    Recovery           612 MB    59 GB
+
+DISKPART> detail partition
+
+Partition 2
+Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
+Hidden  : No
+Required: No
+Attrib  : 0000000000000000
+Offset in Bytes: 524288000
+
+  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
+  ----------  ---  -----------  -----  ----------  -------  ---------  --------
+* Volume 1     D   Windows      NTFS   Partition     58 GB  Healthy
+
+```
+
+## Specifications
+
+### Disk conversion workflow
+
+The following steps illustrate high-level phases of the MBR-to-GPT conversion process:
+
+1. Disk validation is performed.
+2. The disk is repartitioned to create an EFI system partition (ESP) if one does not already exist.
+3. UEFI boot files are installed to the ESP.
+4. GPT metatdata and layout information is applied.
+5. The boot configuration data (BCD) store is updated.
+6. Drive letter assignments are restored.
+
+### Disk validation
+
+Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that:
+- The disk is currently using MBR
+- There is enough space not occupied by partitions to store the primary and secondary GPTs:
+  - 16KB + 2 sectors at the front of the disk
+  - 16KB + 1 sector at the end of the disk
+- There are at most 3 primary partitions in the MBR partition table
+- One of the partitions is set as active and is the system partition
+- The BCD store on the system partition contains a default OS entry pointing to an OS partition
+- The volume IDs can retrieved for each volume which has a drive letter assigned
+- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
+
+If any of these checks fails, the conversion will not proceed and an error will be returned.
+
+### Creating an EFI system partition
+
+For Windows to remain bootable after the conversion, an EFI system partition (ESP) must be in place. MBR2GPT creates the ESP using the following rules:
+
+1. The existing MBR system partition is reused if it meets these requirements:
+  a. It is not also the OS or Windows Recovery Environment partition
+  b. It is at least 100MB (or 260MB for 4K sector size disks) in size
+  c. It is less than or equal to 1GB in size. This is a safety precaution to ensure it is not a data partition.
+  d. If the conversion is being performed from the full OS, the disk being converted is not the system disk.
+2. If the existing MBR system partition cannot be reused, a new ESP is created by shrinking the OS partition. This new partition has a size of 100MB (or 260MB for 4K sector size disks) and is formatted FAT32.
+
+If the existing MBR system partition is not reused for the ESP, it is no longer used by the boot process after the conversion. Other partitions are not modified.
+
+### Partition type mapping and partition attributes
+
+Since GPT partitions use a different set of type IDs than MBR partitions, each partition on the converted disk must be assigned a new type ID. The partition type mapping follows these rules:
+
+1. The ESP is always set to partition type PARTITION_SYSTEM_GUID (c12a7328-f81f-11d2-ba4b-00a0c93ec93b).
+2. If an MBR partition is of a type that matches one of the entries specified in the /map switch, the specified GPT partition type ID is used.
+3. If the MBR partition is of type 0x27, the partition is converted to a GPT partition of type PARTITION_MSFT_RECOVERY_GUID (de94bba4-06d1-4d40-a16a-bfd50179d6ac).
+4. All other MBR partitions recognized by Windows are converted to GPT partitions of type PARTITION_BASIC_DATA_GUID (ebd0a0a2-b9e5-4433-87c0-68b6b72699c7).
+
+In addition to applying the correct partition types, partitions of type PARTITION_MSFT_RECOVERY_GUID also have the following GPT attributes set:
+- GPT_ATTRIBUTE_PLATFORM_REQUIRED (0x0000000000000001)
+- GPT_BASIC_DATA_ATTRIBUTE_NO_DRIVE_LETTER (0x8000000000000000)
+
+For more information about partition types, see:
+- [GPT partition types](https://msdn.microsoft.com/library/windows/desktop/aa365449.aspx)
+- [MBR partition types](https://msdn.microsoft.com/library/windows/desktop/aa363990.aspx)
+
+
+###	Persisting drive letter assignments
+
+The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. **Important**: this code runs after the layout conversion has taken place, so the operation cannot be undone at this stage. 
+
+The conversion tool will obtain volume unique ID data before and after the layout conversion, organizing this information into a lookup table. It will then iterate through all the entries in **HKLM\SYSTEM\MountedDevices**, and for each entry do the following:
+
+1. Check if the unique ID corresponds to any of the unique IDs for any of the volumes that are part of the converted disk.
+2. If found, set the value to be the new unique ID, obtained after the layout conversion.
+3. If the new unique ID cannot be set and the value name starts with \DosDevices, issue a console and log warning about the need for manual intervention in properly restoring the drive letter assignment.
+
+## Troubleshooting
+
+The tool will display status information in its output. Both validation and conversion are clear if any errors are encountered. For example, if one or more partitions do not translate properly, this is displayed and the conversion not performed. To view more detail about any errors that are encountered, see the associated [log files](#logs).
+
+### Logs
+
+Four log files are created by the MBR2GPT tool:
+
+- diagerr.xml
+- diagwrn.xml
+- setupact.log
+- setuperr.log
+
+These files contain errors and warnings encountered during disk validation and conversion. Information in these files can be helpful in diagnosing problems with the tool. The setupact.log and setuperr.log files will have the most detailed information about disk layouts, processes, and other information pertaining to disk validation and conversion. Note: The setupact*.log files are different than the Windows Setup files that are found in the %Windir%\Panther directory.
+
+The default location for all these log files in Windows PE is **%windir%**.
+
+### Interactive help
+
+To view a list of options available when using the tool, type **mbr2gpt /?** 
+
+The following text is displayed:
+
+```
+
+C:\> mbr2gpt /?
+
+Converts a disk from MBR to GPT partitioning without modifying or deleting data on the disk.
+
+MBR2GPT.exe /validate|convert [/disk:<diskNumber>] [/logs:<logDirectory>] [/map:<source>=<destination>] [/allowFullOS]
+
+Where:
+
+ /validate
+         - Validates that the selected disk can be converted
+           without performing the actual conversion.
+
+ /convert
+         - Validates that the selected disk can be converted
+           and performs the actual conversion.
+
+ /disk:<diskNumber>
+         - Specifies the disk number of the disk to be processed.
+           If not specified, the system disk is processed.
+
+ /logs:<logDirectory>
+         - Specifies the directory for logging. By default logs
+           are created in the %windir% directory.
+
+ /map:<source>=<destination>
+         - Specifies the GPT partition type to be used for a
+           given MBR partition type not recognized by Windows.
+           Multiple /map switches are allowed.
+
+ /allowFullOS
+         - Allows the tool to be used from the full Windows
+           environment. By default, this tool can only be used
+           from the Windows Preinstallation Environment.
+
+```
+
+### Return codes
+
+MBR2GPT has the following associated return codes:
+
+| Return code | Description |
+|----|-------------|
+|0| Conversion completed successfully.|
+|1| Conversion was canceled by the user.|
+|2| Conversion failed due to an internal error.|
+|3| Conversion failed due to an initialization error.|
+|4| Conversion failed due to invalid command-line parameters. |
+|5| Conversion failed due to error reading the geometry and layout of the selected disk.|
+|6| Conversion failed because one or more volumes on the disk is encrypted.|
+|7| Conversion failed because the geometry and layout of the selected disk do not meet requirements.|
+|8| Conversion failed due to error while creating the EFI system partition.|
+|9| Conversion failed due to error installing boot files.|
+|10| Conversion failed due to error while applying GPT layout.|
+|100| Conversion to GPT layout succeeded, but some boot configuration data entries could not be restored.|
+
+
+### Determining the partition type
+
+You can type the following command at a Windows PowerShell prompt to display the disk number and partition type. Example output is also shown:
+
+
+```
+PS C:\> Get-Disk | ft -Auto
+
+Number Friendly Name      Serial Number        HealthStatus OperationalStatus Total Size Partition Style
+------ -------------      -------------        ------------ ----------------- ---------- ---------------
+0      MTFDDAK256MAM-1K1  13050928F47C         Healthy      Online             238.47 GB MBR
+1      ST1000DM003-1ER162 Z4Y3GD8F             Healthy      Online             931.51 GB GPT
+```
+
+You can also view the partition type of a disk by opening the Disk Management tool, right-clicking the disk number, clicking **Properties**, and then clicking the **Volumes** tab. See the following example:
+
+![Volumes](images/mbr2gpt-volume.PNG)
+
+
+If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the diskpart tool. To determine the partition style, type **diskpart** and then type **list disk**. See the following example:
+
+```
+DISKPART> list disk
+
+  Disk ###  Status         Size     Free     Dyn  Gpt
+  --------  -------------  -------  -------  ---  ---
+  Disk 0    Online          238 GB      0 B
+  Disk 1    Online          931 GB      0 B        *
+```
+
+In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT.
+
+
+
+
+## Related topics
+
+[Using MBR2GPT with Configuration Manager OSD](https://miketerrill.net/tag/mbr2gpt/)
+<BR>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+<BR>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+<BR>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)

windows/deploy/provisioning-apply-package.md

@@ -94,7 +94,7 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Access work o
     ![Is this package from a source you trust](images/package-trust.png)
 
 
-#
+
 
 
 ## Learn more

windows/deploy/provisioning-create-package.md

@@ -35,6 +35,7 @@ You use Windows Imaging and Configuration Designer (ICD) to create a provisionin
     
     - The **Simple provisioning** and **Provision school devices** options provide wizard-style walkthroughs for creating a provisioning package based on a set of common settings. 
     - The **Advanced provisioning** option opens a new project with all **Runtime settings** available. 
+    
     >[!TIP]
     >You can start a project in the simple editor and then switch the project to the advanced editor.
     >

windows/deploy/provisioning-multivariant.md

@@ -1,6 +1,6 @@
 ---
 title: Create a provisioning package with multivariant settings (Windows 10)
-description: Create a provisioning package with multivariant settings to customize the provisioned settings.
+description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,37 +16,31 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
-Multivariant provisioning packages enable you to create a single provisioning package that can work for multiple locales.
 
-To provision multivariant settings, you must create a provisioning package with defined **Conditions** and **Settings** that are tied to these conditions. When you install this package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
+In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that will apply to devices set up for French and a different set of customization settings for devices set up for Japanese. 
 
-The following events trigger provisioning on Windows 10 devices:
+To provision multivariant settings, you use Windows Imaging and Configuration Designer (ICD) to create a provisioning package that contains all of the customization settings that you want to apply to any of your devices. Next, you manually edit the .XML file for that project to define each set of devices (a **Target**). For each **Target**, you specify at least one **Condition** with a value, which identifies the devices to receive the configuration. Finally, for each **Target**, you provide the customization settings to be applied to those devices.
 
-| Event | Windows 10 Mobile | Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) |
-| --- | --- | --- |
-| System boot | Supported | Supported |
-| Operating system update | Supported | Planned |
-| Package installation during device first run experience | Supported | Supported |
-| Detection of SIM presence or update | Supported | Not supported |
-| Package installation at runtime | Supported | Supported |
-| Roaming detected | Supported | Not supported |
+Let's begin by learning how to define a **Target**.
 
-## Target, TargetState, Condition, and priorities
 
-Targets describe keying for a variant and must be described or pre-declared before being referenced by the variant.
+## Define a target
 
-- You can define multiple **Target** child elements for each **Id** that you need for the customization setting.
+In the XML file, you provide an **Id**, or friendly name, for each **Target**. Each **Target** is defined by at least one **TargetState** which contains at least one **Condition**. A **Condition** element defines the matching type between the condition and the specified value.
 
-- Within a **Target** you can define multiple **TargetState** elements.
+A **Target** can have more than one **TargetState**, and a **TargetState** can have more than one **Condition**. 
 
-- Within a **TargetState** element you can create multiple **Condition** elements.
+![Target with multiple target states and conditions](images/multi-target.png)
 
-- A **Condition** element defines the matching type between the condition and the specified value.
+The following table describes the logic for the target definition.
 
-The following table shows the conditions supported in Windows 10 provisioning:
+<table><tr><td>When all **Condition** elements are TRUE, **TargetState** is TRUE.</td><td>![Target state is true when all conditions are true](images/icd-multi-targetstate-true.png)</td></tr>
+<tr><td>If any of the **TargetState** elements is TRUE, **Target** is TRUE, and the **Id** can be used for setting customizations.</td><td>![Target is true if any target state is true](images/icd-multi-target-true.png)</td></tr></table>
+
+### Conditions
+
+The following table shows the conditions supported in Windows 10 provisioning for a **TargetState**:
 
->[!NOTE]
->You can use any of these supported conditions when defining your **TargetState**.
 
 | Condition Name | Condition priority | Windows 10 Mobile | Windows 10 for desktop editions | Value type | Value description |
 | --- | --- | --- | --- | --- | --- |
@@ -57,54 +51,47 @@ The following table shows the conditions supported in Windows 10 provisioning:
 | GID1 | P0 | Supported | N/A | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
 | ICCID | P0 | Supported | N/A | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
 | Roaming | P0 | Supported | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). | 
-| UICC | P0 | Supported | N/A | Enumeration | Use to specify the UICC state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
+| UICC | P0 | Supported | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
 | UICCSLOT | P0 | Supported | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:</br></br></br>- 0 - Slot 0</br>- 1 - Slot 1 |
 | ProcessorType | P1 | Supported | Supported | String | Use to target settings based on the processor type. |
 | ProcessorName | P1 | Supported | Supported | String | Use to target settings based on the processor name. |
-| AoAc | P1 | Supported | Supported | Boolean | Set the value to 0 or 1. |
-| PowerPlatformRole | P1 | Supported | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the POWER_PLATFORM_ROLE enumeration. |
+| AoAc ("Always On, Always Connected") | P1 | Supported | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
+| PowerPlatformRole | P1 | Supported | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](https://msdn.microsoft.com/library/windows/desktop/aa373174.aspx).  |
 | Architecture | P1 | Supported | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
-| Server | P1 | Supported | Supported | Boolean | Set the value to 0 or 1. |
-| Region | P1 | Supported | Supported | Enumeration | Use to target settings based on country/region. |
-| Lang | P1 | Supported | Supported | Enumeration | Use to target settings based on language code. |
-| ROMLANG | P1 | Supported | N/A | Digit string | Use to specify the PhoneROMLanguage that's set for DeviceTargeting. This condition is used primarily to detect variants for China. For example, you can use this condition and set the value to "0804". |
+| Server | P1 | Supported | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
+| Region | P1 | Supported | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
+| Lang | P1 | Supported | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639).  |
+
 
 The matching types supported in Windows 10 are:
 
 | Matching type | Syntax | Example |
 | --- | --- | --- |
 | Straight match | Matching type is specified as-is | &lt;Condition Name="ProcessorName" Value="Barton" /&gt; |
-| Regex match | Matching type is prefixed by "Pattern:" | &lt;Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /&gt; |
+| Regular expression (Regex) match | Matching type is prefixed by "Pattern:" | &lt;Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /&gt; |
 | Numeric range match | Matching type is prefixed by "!Range:" | &lt;Condition Name="MNC" Value="!Range:400, 550" /&gt; |
  
 
-- When all **Condition** elements are TRUE, **TargetState** is TRUE (**AND** logic).
+### TargetState priorities
 
-- If any of the **TargetState** elements is TRUE, **Target** is TRUE (**OR** logic), and **Id** can be used for the setting customization.
+You can define more than one **TargetState** within a provisioning package to apply settings to devices that match device conditions. When the provisioning engine evalues each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the settings are applied, the system assigns a priority to every **TargetState**. 
 
+A setting that matches a **TargetState** with a lower priority is applied before the setting that matches a **TargetState** with a higher priority. This means that a setting for the **TargetState** with the higher priority can overwrite a setting for the **TargetState** with the lower priority.
 
-You can define more than one **TargetState** within a provisioning package to apply variant settings that match device conditions. When the provisioning engine evalues each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the variant settings are applied, the system assigns a priority to every **TargetState**. 
+Settings that match more than one **TargetState** with equal priority are applied according to the order that each **TargetState** is defined in the provisioning package.
 
-A variant setting that matches a **TargetState** with a lower priority is applied before the variant that matches a **TargetState** with a higher priority. Variant settings that match more than one **TargetState** with equal priority are applied according to the order that each **TargetState** is defined in the provisioning package.
+The **TargetState** priority is assigned based on the condition's priority (see the [Conditions table](#conditions) for priorities). The priority evaluation rules are as followed:
 
-The **TargetState** priority is assigned based on the conditions priority and the priority evaluation rules are as followed:
+1. A **TargetState** with P0 conditions is higher than a **TargetState** without P0 conditions.
 
-1. T**TargetState** with P0 conditions is higher than **TargetState** without P0 conditions.
+2. A **TargetState** with both P0 and P1 conditions is higher than a **TargetState** with only P0 conditions.
 
+2. A **TargetState** with a greater number of matched P0 conditions is higher than **TargetState** with fewer matched P0 conditions, regardless of the number of P1 conditions matched.
 
-2. **TargetState** with P1 conditions is higher than **TargetState** without P0 and P1 conditions.
+2. If the number of P0 conditions matched are equivalent, then the **TargetState** with the most matched P1 conditions has higher priority.
 
+3. If both P0 and P1 conditions are equally matched, then the **TargetState** with the greatest total number of matched conditions has highest priority.
 
-3. If N₁>N₂>0, the **TargetState** priority with N₁ P0 conditions is higher than the **TargetState** with N₂ P1 conditions.
-
-
-4. For **TargetState** without P0 conditions, if N₁>N₂>0 **TargetState** with N₁ P1 conditions is higher than the **TargetState** with N₂ P1 conditions.
-
-
-5. For **TargetState** without P0 and P1 conditions, if N₁>N₂>0 **TargetState** priority with N₁ P2 conditions is higher than the **TargetState** with N₂ P2 conditions.
-
-
-6. For rules 3, 4, and 5, if N₁=N₂, **TargetState** priorities are considered equal.
 
 
 ## Create a provisioning package with multivariant settings
@@ -112,17 +99,15 @@ The **TargetState** priority is assigned based on the conditions priority and th
 Follow these steps to create a provisioning package with multivariant capabilities.
 
 
-1. Build a provisioning package and configure the customizations you need to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
-
+1. Build a provisioning package and configure the customizations you want to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
 
 2. After you've [configured the settings](provisioning-create-package.md#configure-settings), save the project.
 
-
-3. Open the project folder and copy the customizations.xml file. 
+3. Open the project folder and copy the customizations.xml file to any local location. 
 
 4. Use an XML or text editor to open the customizations.xml file.
 
-    The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The Customizations node contains a Common section, which contains the customization settings.
+    The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The **Customizations** node of the file contains a **Common** section, which contains the customization settings.
 
     The following example shows the contents of a sample customizations.xml file.
 
@@ -153,7 +138,7 @@ Follow these steps to create a provisioning package with multivariant capabiliti
 </WindowsCustomizatons> 
     ```
 
-4. Edit the customizations.xml file and create a **Targets** section to describe the conditions that will handle your multivariant settings. 
+4. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings. 
 
     The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
     
@@ -210,10 +195,10 @@ Follow these steps to create a provisioning package with multivariant capabiliti
 
     c. Move compliant settings from the **Common** section to the **Variant** section.
 
-    If any of the TargetRef elements matches the Target, all settings in the Variant are applied (OR logic).
+    If any of the **TargetRef** elements matches the **Target**, all settings in the **Variant** are applied.
 
     >[!NOTE]
-    >You can define multiple Variant sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
+    >You can define multiple **Variant** sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
 
     The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
 
@@ -289,7 +274,20 @@ In this example, the **StoreFile** corresponds to the location of the settings s
 
  
 
+## Events that trigger provisioning
 
+When you install the multivariant provisioning package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
+
+The following events trigger provisioning on Windows 10 devices:
+
+| Event | Windows 10 Mobile | Windows 10 for desktop editions |
+| --- | --- | --- |
+| System boot | Supported | Supported |
+| Operating system update | Supported | Planned |
+| Package installation during device first run experience | Supported | Supported |
+| Detection of SIM presence or update | Supported | Supported |
+| Package installation at runtime | Supported | Supported |
+| Roaming detected | Supported | Not supported |
  
 
  

windows/deploy/provisioning-packages.md

@@ -25,13 +25,13 @@ Provisioning packages are simple enough that with a short set of written instruc
 
 The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Imaging and Configuration Designer (ICD), a tool for configuring provisioning packages. 
 
-## New in Windows 10, Version 1607
+## New in Windows 10, version 1607
 
-Windows ICD for Windows 10, Version 1607, simplifies common provisioning scenarios. 
+Windows ICD for Windows 10, version 1607, simplifies common provisioning scenarios. 
 
 ![Configuration Designer options](images/icd.png)
 
-Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT administrators:
+Windows ICD in Windows 10, version 1607, supports the following scenarios for IT administrators:
 
 * **Simple provisioning** – Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. 
 
@@ -49,7 +49,7 @@ Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT
     * Other MDMs (cert-based enrollment) 
 
 > [!NOTE]
-> Windows ICD in Windows 10, Version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
+> Windows ICD in Windows 10, version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
 
 ## Benefits of provisioning packages
 

windows/deploy/troubleshoot-upgrade-analytics.md

@@ -1,33 +1,4 @@
----
-title: Troubleshoot Upgrade Analytics (Windows 10)
-description: Provides troubleshooting information for Upgrade Analytics.
-ms.prod: w10
-author: MaggiePucciEvans
 ---
-
-# Troubleshoot Upgrade Analytics
-
-If you’re having issues seeing data in Upgrade Analytics after running the Upgrade Analytics Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error. 
-
-If you still don’t see data in Upgrade Analytics, follow these steps:
-
-1.  Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
-
-2.  Edit the script as described in [Run the Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script).
-
-3.  Check that isVerboseLogging is set to $true.
-
-4.  Run the script again. Log files will be saved to the directory specified in the script.
-
-5.  Open a support case with Microsoft Support through your regular channel and provide this information.
-
-## Disable Upgrade Analytics
-
-If you want to stop using Upgrade Analytics and stop sending telemetry data to Microsoft, follow these steps:
-
-1.  Unsubscribe from the Upgrade Analytics solution in the OMS portal.
-
-2.  Disable the Customer Experience Improvement Program on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to Security.
-
-3.  Delete the CommercialDataOptin key in *HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\DataCollection*
-
+title: Troubleshoot Upgrade Analytics (Windows 10)
+redirect_url: troubleshoot-upgrade-readiness
+---

windows/deploy/troubleshoot-upgrade-readiness.md

@@ -0,0 +1,38 @@
+---
+title: Troubleshoot Upgrade Readiness (Windows 10)
+description: Provides troubleshooting information for Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Troubleshoot Upgrade Readiness
+
+If you’re having issues seeing data in Upgrade Readiness after running the Upgrade Readiness Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error.
+
+If you still don’t see data in Upgrade Readiness, follow these steps:
+
+1.  Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
+
+2.  Edit the script as described in [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md).
+
+3.  Check that isVerboseLogging is set to $true.
+
+4.  Run the script again. Log files will be saved to the directory specified in the script.
+
+5.  Open a support case with Microsoft Support through your regular channel and provide this information.
+
+## Disable Upgrade Readiness
+
+If you want to stop using Upgrade Readiness and stop sending telemetry data to Microsoft, follow these steps:
+
+1.  Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
+
+  ![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png)
+
+2.  Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**:
+
+  **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
+  **Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic.
+
+3.	If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0".  The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
+4.	You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**.

windows/deploy/update-windows-10-images-with-provisioning-packages.md

@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages
 ---
 
 # Update Windows 10 images with provisioning packages

windows/deploy/upgrade-analytics-additional-insights.md

@@ -0,0 +1,4 @@
+---
+title: Upgrade Analytics - Additional insights
+redirect_url: upgrade-readiness-additional-insights
+---

windows/deploy/upgrade-analytics-architecture.md

@@ -1,34 +1,4 @@
 ---
 title: Upgrade Analytics architecture (Windows 10)
-description: Describes Upgrade Analytics architecture.
-ms.prod: w10
-author: MaggiePucciEvans
+redirect_url: upgrade-readiness-architecture
 ---
-
-# Upgrade Analytics architecture
-
-Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Analytics components work together in a typical installation. 
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE 
-<img src="media/image1.png" width="624" height="401" />
--->
-
-![Upgrade Analytics architecture](images/upgrade-analytics-architecture.png)
-
-After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Analytics, telemetry data is analyzed by the Upgrade Analytics Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Analytics solution (5) to plan and manage Windows upgrades.
-
-For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
-
-[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
-
-[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-
-[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
-
-##**Related topics**
-
-[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-
-[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)

windows/deploy/upgrade-analytics-deploy-windows.md

@@ -1,26 +1,4 @@
 ---
 title: Upgrade Analytics - Get a list of computers that are upgrade-ready (Windows 10)
-description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Analytics.
-ms.prod: w10
-author: MaggiePucciEvans
+redirect_url: upgrade-readiness-deploy-windows
 ---
-
-# Upgrade Analytics - Get a list of computers that are upgrade ready
-
-All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready.
-
-The blades in the **Deploy** section are:
-
-## Deploy eligible computers
-
-Computers grouped by deployment decision are listed.
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
-<img src="media/image9.png" width="195" height="316" />
--->
-
-![Deploy eligible computers](images/upgrade-analytics-deploy-eligible.png)
-
-Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers.
-
->**Important**<br> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.

windows/deploy/upgrade-analytics-deployment-script.md

@@ -0,0 +1,4 @@
+---
+title: Upgrade Analytics deployment script (Windows 10)
+redirect_url: upgrade-readiness-deployment-script
+---

windows/deploy/upgrade-analytics-get-started.md

@@ -1,213 +1,4 @@
 ---
 title: Get started with Upgrade Analytics (Windows 10)
-description: Explains how to get started with Upgrade Analytics.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
----
-
-# Get started with Upgrade Analytics
-
-This topic explains how to obtain and set up Upgrade Analytics components. If you haven’t done so already, see [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements) for information about requirements for using Upgrade Analytics. Also, check out the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/UpgradeAnalytics) for new announcements and helpful tips for using Upgrade Analytics.  
-
-You can use Upgrade Analytics to plan and manage your upgrade project end to end. After you’ve established communications between user computers and Microsoft, Upgrade Analytics collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft.
-
-To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
-
-- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
-- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
-
-To configure Upgrade Analytics, you’ll need to:
-
--   Add the Upgrade Analytics solution to a workspace in the Operations Management Suite portal
--   Establish communications and enable data sharing between your organization and Microsoft
-
-Each task is explained in detail in the following sections.
-
-## Add Upgrade Analytics to Operations Management Suite
-
-Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
-
-If you are already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Select the **Upgrade Analytics** tile in the gallery and then click **Add** on the solution's details page. Upgrade Analytics is now visible in your workspace.
-
-If you are not using OMS:
-
-1.  Go to the [Upgrade Analytics page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
-
-2.  Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
-
-3.  Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
-
-4.  If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator.
-
-    > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
-
-1.  To add the Upgrade Analytics solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Analytics** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Analytics.
-
-2.  Click the **Upgrade Analytics** tile to configure the solution. The **Settings Dashboard** opens.
-
-## Enable data sharing between your organization and Upgrade Analytics
-
-After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, complete the following tasks to establish communication and enable data sharing between user computers, Microsoft secure data centers, and Upgrade Analytics.
-
-## Generate your commercial ID key
-
-Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers.
-
-1.  On the Settings Dashboard, navigate to the **Windows telemetry** panel.
-
-    ![upgrade-analytics-telemetry](images/upgrade-analytics-telemetry.png)
-
-2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Analytics deployment script later so it can be deployed to user computers.
-
-    >**Important**<br> Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again.
-
-## Subscribe to Upgrade Analytics
-
-For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Analytics.
-
-1.  On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Analytics solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic.
-
-1.  Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Analytics tile now displays summary data. Click the tile to open Upgrade Analytics.
-
-## Whitelist select endpoints
-
-To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this.
-
-Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account.
-
-| **Endpoint**  | **Function**  |
-|---------------------------------------------------------|-----------|
-| `https://v10.vortex-win.data.microsoft.com/collect/v1`  <br><br>                       `https://Vortex-win.data.microsoft.com/health/keepalive`                                                                                                      | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint.             |
-| `https://settings.data.microsoft.com/qos`                                                                                                                                  | Enables the compatibility update KB to send data to Microsoft.                                                                       |
-| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`                                         | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
-
-
-## Deploy the compatibility update and related KBs
-
-The compatibility update KB scans your computers and enables application usage tracking. If you don’t already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
-
-| **Operating System** | **KBs** |
-|----------------------|-----------------------------------------------------------------------------|
-| Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2976978><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2976978 must be installed before you can download and install KB3150513.   |
-| Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2952664><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2952664 must be installed before you can download and install KB3150513. |
-
-IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
-
-If you are planning to enable IE Site Discovery, you will need to install a few additional KBs.
-
-| **Site discovery** | **KB** |
-|----------------------|-----------------------------------------------------------------------------|
-| [Review site discovery](upgrade-analytics-review-site-discovery.md)         | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)<br>Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices. <br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br><br>Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update.  |
-
-
-
-### Automate data collection
-
-To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
-
--   Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
--   Schedule the Upgrade Analytics deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated. Computers are re-scanned only when the compatibility KBs are updated, so if your inventory changes significantly between KB releases you won’t see the changes in Upgrade Analytics until you run the script again.
--   Schedule monthly user computer scans to view monthly active computer and usage information.
-
-## Run the Upgrade Analytics deployment script
-
-To automate many of the steps outlined above and to troubleshoot data sharing issues, you can run the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft.
-
-> The following guidance applies to version 11.11.16 or later of the Upgrade Analytics deployment script. If you are using an older version, please download the latest from [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
-
-The Upgrade Analytics deployment script does the following:
-
-1.  Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
-
-2.  Verifies that user computers can send data to Microsoft.
-
-3.  Checks whether the computer has a pending restart.  
-
-4.  Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
-
-5.  If enabled, turns on verbose mode for troubleshooting.
-
-6.  Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness.
-
-7.  If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
-
-To run the Upgrade Analytics deployment script:
-
-1.  Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly.  Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
-
-2.  Edit the following parameters in RunConfig.bat:
-
-    1.  Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics
-
-    2.  Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry.
-
-    3.  By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
-
-        > *logMode = 0 log to console only*
->
-        > *logMode = 1 log to file and console*
->
-        > *logMode = 2 log to file only*
-
-3.  To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
-
-    > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
-    >
-    > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
-    >
-    > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
-    >
-    > *IEOptInLevel = 3 Data collection is enabled for all sites*
-
-4.  After you finish editing the parameters in RunConfig.bat, you are ready to run the script.  If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
-
-The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
-
-<div style='font-size:10.0pt'>
-
-<TABLE border=1 cellspacing=0 cellpadding=0>
-<TR><TH BGCOLOR="#a0e4fa">Exit code<TH BGCOLOR="#a0e4fa">Meaning<TH BGCOLOR="#a0e4fa">Suggested fix
-<TR><TD>0<TD>Success<TD>
-<TR><TD>1<TD>Unexpected error occurred while executing the script<TD> The files in the deployment script are likely corrupted.  Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
-<TR><TD>2<TD>Error when logging to console. $logMode = 0.<TD> Try changing the $logMode value to **1** and try again.
-<TR><TD>3<TD>Error when logging to console and file. $logMode = 1.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
-<TR><TD>4<TD>Error when logging to file. $logMode = 2.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
-<TR><TD>5<TD>Error when logging to console and file. $logMode = unknown.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
-<TR><TD>6<TD>The commercialID parameter is set to unknown. Modify the script.<TD>Set the value for CommercialID in runconfig.bat file.
-<TR><TD>8<TD>Failure to create registry key path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection. <TD> Verify that the configuration script has access to this location.
-<TR><TD>9<TD>Error when writing CommercialId to registry.<TD>Verify that the configuration script has access to this location.
-<TR><TD>10<TD>Error when writing CommercialDataOptIn to registry.<TD>Verify that the configuration script has access to this location.
-<TR><TD>11<TD>Function -SetupCommercialId: Unexpected failure.<TD>Verify that the configuration script has access to this location.
-<TR><TD>12<TD>Can’t connect to Microsoft – Vortex. Check your network/proxy settings.<TD>Verify that the required endpoints are whitelisted correctly.
-<TR><TD>13<TD>Can’t connect to Microsoft – setting. <TD>Verify that the required endpoints  are whitelisted correctly.
-<TR><TD>14<TD>Can’t connect to Microsoft – compatexchange.<TD> Verify that the required endpoints are whitelisted.
-<TR><TD>15<TD>Error connecting to Microsoft:Unexpected failure.<TD>
-<TR><TD>16<TD>Machine requires reboot.<TD> The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
-<TR><TD>17<TD>Function -CheckRebootRequired: Unexpected failure.<TD>The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
-<TR><TD>18<TD>Outdated compatibility update KB package. Update via Windows Update/WSUS.<TD>
-The configuration script detected a version of the Compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Analytics solution. Use the latest version of the Compatibility update for Windows 7 SP1/Windows 8.1.
-<TR><TD>19<TD>The compatibility update failed with unexpected exception.<TD> The files in the deployment script are likely corrupted.  Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
-<TR><TD>20<TD>Error writing RequestAllAppraiserVersions registry key.<TD> This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
-<TR><TD>21<TD>Function – SetRequestAllAppraiserVersions: Unexpected failure.<TD>This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
-<TR><TD>22<TD>RunAppraiser failed with unexpected exception.<TD> Check %windir%\System32 directory for a file called CompatTelRunner.exe.  If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization group policy to make sure it does not remove this file.
-<TR><TD>23<TD>Error finding system variable %WINDIR%.<TD> Make sure that this environment variable is available on the machine.
-<TR><TD>24<TD>SetIEDataOptIn failed when writing IEDataOptIn to registry.<TD> Verify that the deployment script in running in a context that has access to the registry key.
-<TR><TD>25<TD>SetIEDataOptIn failed with unexpected exception.<TD> The files in the deployment script are likely corrupted.  Download the latest script from the [download center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and try again.
-<TR><TD>26<TD>The operating system is Server or LTSB SKU.<TD> The script does not support Server or LTSB SKUs.
-<TR><TD>27<TD>The script is not running under System account.<TD>The Upgrade Analytics configuration script must be run as system.  
-<TR><TD>28<TD>Could not create log file at the specified logPath.<TD> Make sure the deployment script has access to the location specified in the logPath parameter.
-<TR><TD>29<TD> Connectivity check failed for proxy authentication. <TD> Install the cumulative updates on the machine and enable the `DisableEnterpriseAuthProxy` authentication proxy setting. The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7.  For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
-<TR><TD>30<TD>Connectivity check failed. Registry key property `DisableEnterpriseAuthProxy` is not enabled.<TD> The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7.  For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
-<TR><TD>31<TD>There is more than one instance of the Upgrade Analytics data collector running at the same time on this machine. <TD>  Use the Windows Task Manager to check if CompatTelRunner.exe is running, and wait until it has completed to rerun the script.  
-**The Upgrade Analytics task is scheduled to run daily at 3 a.m.**
-</TABLE>
-
-</div>
-
-## Seeing data from computers in Upgrade Analytics
-
-After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Analytics. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Analytics. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
+redirect_url: upgrade-readiness-get-started
+---

windows/deploy/upgrade-analytics-identify-apps.md

@@ -0,0 +1,5 @@
+---
+title: Upgrade Analytics - Identify important apps (Windows 10)
+redirect_url: upgrade-readiness-identify-apps
+---
+

windows/deploy/upgrade-analytics-prepare-your-environment.md

@@ -1,116 +1,4 @@
 ---
-title: Upgrade Analytics - Prepare your environment (Windows 10)
-description: Describes how to prepare your environment so that you can use Upgrade Analytics to manage Windows upgrades.
-ms.prod: w10
-author: MaggiePucciEvans
----
-
-# Upgrade Analytics - Prepare your environment
-
-This section of the Upgrade Analytics workflow reports your computer and application inventory and lists computers that you can use in a pilot with no known issues or with fixable driver issues. Additionally, you can determine the priority level of applications to indicate which applications the team should focus on to get them upgrade ready.
-
-The blades in the **Prepare your environment** section are:
-
-## Upgrade overview
-
-Displays the total count of computers sharing data with Microsoft and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
-
-Check this blade for data refresh status, including the date and time of the most recent data update and whether user changes are reflected. If a user change is pending when changing the upgrade assessment or importance level of an application or driver, **Data refresh pending** is displayed in orange. User changes are processed once every 24 hours and read **Up to date** in green when there are no pending changes.
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
-<img src="media/image3.png" width="214" height="345" />
--->
-
-![Upgrade overview](images/upgrade-analytics-overview.png)
-
-Select **Total computers** for a list of computers and details about them, including:
-
--   Computer ID and computer name
-
--   Computer manufacturer
-
--   Computer model
-
--   Operating system version and build
-
--   Count of system requirement, application, and driver issues per computer
-
--   Upgrade assessment based on analysis of computer telemetry data
-
--   Upgrade decision status
-
-Select **Total applications** for a list of applications discovered on user computers and details about them, including:
-
--   Application vendor
-
--   Application version
-
--   Count of computers the application is installed on
-
--   Count of computers that opened the application at least once in the past 30 days
-
--   Percentage of computers in your total computer inventory that opened the application in the past 30 days
-
--   Issues detected, if any
-
--   Upgrade assessment based on analysis of application data
-   
--   Roll up level
-
-## Run a pilot
-
-Computers with no known issues and computers with fixable driver issues are listed, grouped by upgrade assessment. We recommend that you use these computers to test the impact of upgrading.
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
-<img src="media/image4.png" width="203" height="326" />
--->
-
-![Run a pilot](images/upgrade-analytics-pilot.png)
-
-Before you start your pilot project, be sure to review upgrade assessment and guidance details, explained in more detail in the table below.
-
-| Upgrade assessment    | Action required before or after upgrade pilot? | Issue    | What it means   | Guidance      |
-|-----------------------|------------------------------------------------|----------|-----------------|---------------|
-| No known issues                                 | No                                             | None                                             | Computers will upgrade seamlessly.<br>                                                                                                                                         | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
-| OK to pilot, fixed during upgrade               | No, for awareness only                         | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
-| OK to pilot with new driver from Windows Update | Yes                                            | Driver will not migrate to new OS                | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update.                    | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update. <br><br>If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading. <br> <br> |
-
-Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
-
->**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
-
-See [Plan for Windows 10 deployment](http://technet.microsoft.com/itpro/windows/plan/index) for more information about ways to deploy Windows in your organization. Read about [how Microsoft IT deployed Windows as an in-place upgrade](https://www.microsoft.com/itshowcase/Article/Content/668/Deploying-Windows-10-at-Microsoft-as-an-inplace-upgrade) for best practices using the in-place upgrade method.
-
-## Prioritize applications
-
-Applications are listed, grouped by importance level. Prioritizing your applications allows you to identify the ones that you will focus on preparing for upgrade.
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
-<img src="media/image5.png" width="213" height="345" />
--->
-
-![Prioritize applications](images/upgrade-analytics-prioritize.png)
-
-Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
-
-To change an application’s importance level:
-
-1.  Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level. Select **Table** to view the list in a table.
-
-2.  Select **User changes** to enable user input.
-
-3.  Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
-
-4.  Click **Save** when finished.
-
-Importance levels include:
-
-| Importance level   | When to use it   | Recommendation   |
-|--------------------|------------------|------------------|
-| Low install count  | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]<br><br>Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.<br> | Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br><br>                                                                                                                                                                                                 |
-| Not reviewed       | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you change the importance level.<br><br>These applications are also marked as **Not reviewed** in the **UpgradeDecision** column. <br>                                                                                                                                              | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.                                                                                                                                                                      |
-| Business critical  | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**. <br><br>                                                                                                                                                                    | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
-| Important          | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**.                                                                                                                                                                          | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>         |
-| Ignore             | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**. <br>                                  | Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing.<br><br>You may also want to change the application’s status to **Not reviewed** or **Ready to upgrade** in the **UpgradeDecision** column. <br>                                                                           |
-| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.<br>                                                                                                                                                                                 | As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.<br><br>Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**. <br>                                               |
-
+title: Upgrade Analytics - Identify important apps (Windows 10)
+redirect_url: upgrade-readiness-identify-apps
+---

windows/deploy/upgrade-analytics-release-notes.md

@@ -1,5 +1,4 @@
 ---
 title: Upgrade Analytics release notes (Windows 10)
-description: Provides tips and limitations about Upgrade Analytics.
-redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements#important-information-about-this-release
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release
 ---

windows/deploy/upgrade-analytics-requirements.md

@@ -1,90 +1,5 @@
 ---
 title: Upgrade Analytics requirements (Windows 10)
-description: Provides requirements for Upgrade Analytics.
-ms.prod: w10
-author: MaggiePucciEvans
+redirect_url: upgrade-readiness-requirements
 ---
 
-# Upgrade Analytics requirements
-
-This article introduces concepts and steps needed to get up and running with Upgrade Analytics. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Analytics.
-
-## Supported upgrade paths 
-
-To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Analytics performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
-
-The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Analytics cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
-
-<!--With Windows 10, edition 1607, the compatibility update KB is installed automatically.-->
-
-If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
-
-Note: Upgrade Analytics is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Analytics insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
-
-See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements.
-
-## Operations Management Suite
-
-Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
-
-If you’re already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Click the Upgrade Analytics tile in the gallery and then click Add on the solution’s details page. Upgrade Analytics is now visible in your workspace.
-
-If you are not using OMS, go to [the Upgrade Analytics page on Microsoft.com](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Analytics solution to it.
-
-Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
-
-## Telemetry and data sharing 
-
-After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Analytics.
-
-See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
-
-**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
-
-`https://v10.vortex-win.data.microsoft.com/collect/v1`
-
-`https://vortex-win.data.microsoft.com/health/keepalive`
-
-`https://settings-win.data.microsoft.com/settings`
-
-`https://vortex.data.microsoft.com/health/keepalive`
-
-`https://settings.data.microsoft.com/qos`
-
-`https://go.microsoft.com/fwlink/?LinkID=544713`
-
-`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`
-
->**Note** The compatibility update KB runs under the computer’s system account and does not support user authentication in this release.
-
-**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. You’ll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as you’ll need it later.
-
-**Subscribe your OMS workspace to Upgrade Analytics.** For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Analytics.
-
-**Enable telemetry and connect data sources.** To allow Upgrade Analytics to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Analytics and user computers. You’ll need to connect Upgrade Analytics to your data sources and enable telemetry to establish communication.
-
-**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
-
->**Important**<br> The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated. 
-
-**Configure and deploy Upgrade Analytics deployment script.** Configure and deploy the Upgrade Analytics deployment script to user computers to finish setting up.
-
-## Important information about this release
-
-Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release.
-
-**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints.
-
-**Upgrade Analytics does not support on-premises Windows deployments.** Upgrade Analytics is built as a cloud service, which allows Upgrade Analytics to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
-
-**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Analytics solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported.
-
-### Tips
-
-- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items.
-
-- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby).
-
-## Get started
-
-See [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Analytics and getting started on your Windows upgrade project.

windows/deploy/upgrade-analytics-resolve-issues.md

@@ -1,149 +1,5 @@
 ---
 title: Upgrade Analytics - Resolve application and driver issues (Windows 10)
-description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Analytics.
-ms.prod: w10
-author: MaggiePucciEvans
+redirect_url: upgrade-readiness-resolve-issues
 ---
 
-# Upgrade Analytics - Resolve application and driver issues
-
-This section of the Upgrade Analytics workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
-
-You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
-
-Upgrade decisions include:
-
-| Upgrade decision   | When to use it    | Guidance    |
-|--------------------|-------------------|-------------|
-| Not reviewed       | When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress.** <br><br> <br>                                                                                                                                                                                      | Some applications are automatically assigned upgrade decisions based on information known to Microsoft. <br><br>All drivers are marked not reviewed by default.<br><br>                                                                                                                                                                                           |
-| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.<br><br>Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**. <br><br> | Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>                                                                                                                                                                                                          |
-| Ready to upgrade   | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is.                                                                                                                                                          | Applications with no known issues or with low installation rates are marked **Ready to upgrade** by default.<br><br>Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br><br>All drivers are marked **Not reviewed** by default. <br> |
-| Won’t upgrade      | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination. <br><br>Use **Won’t upgrade** for applications and drivers you don’t want to upgrade. <br>                                                                                                                                                        | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**. <br><br>                                                                                                                                                                                                                    |
-
-The blades in the **Resolve issues** section are:
-
-- Review applications with known issues
-- Review applications with no known issues
-- Review drivers with known issues
-
-As you review applications with known issues, you can also see ISV support of applications for [Ready for Windows](https://www.readyforwindows.com/).
-
-## Review applications with known issues
-
-Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**.
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
-<img src="media/image6.png" width="192" height="321" />
--->
-
-![Review applications with known issues](images/upgrade-analytics-apps-known-issues.png)
-
-To change an application's upgrade decision:
-
-1. Select **Decide upgrade readiness** to view applications with issues. 
-
-2. In the table view, sort on **UpgradeAssessment** to group applications into **Attention needed** and **Fix available**. 
-
-3. Select **User changes** to change the upgrade decision for each application.
-
-4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
-
-5. Click **Save** when finished.  
-
-IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
-
-For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible.
-
-| Upgrade Assessment | Action required prior to upgrade? | Issue     | What it means   | Guidance   |
-|--------------------|-----------------------------------|-----------|-----------------|------------|
-| Attention needed   | No                                | Application is removed during upgrade              | Compatibility issues were detected and the application will not migrate to the new operating system. <br>                                                                                                                                             | No action is required for the upgrade to proceed.                                                                                                                                                                                                                                                                                                                                         |
-| Attention needed   | Yes                               | Blocking upgrade                                   | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade. <br><br>The application may work on the new operating system.<br>                                                                       | Remove the application before upgrading, and reinstall and test on new operating system.                                                                                                                                                                                                                                                                                                  |
-| Attention needed   | No                                | Evaluate application on new OS                     | The application will migrate, but issues were detected that may impact its performance on the new operating system.                                                                                                                                     | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.<br>                                                                                                                                                                                                                                                                  |
-| Attention needed   | No                                | Does not work with new OS, but won’t block upgrade | The application is not compatible with the new operating system, but won’t block the upgrade.                                                                                                                                                           | No action is required for the upgrade to proceed, however, you’ll have to install a compatible version of the application on the new operating system.<br>                                                                                                                                                                                                                              |
-| Attention needed   | Yes                               | Does not work with new OS, and will block upgrade  | The application is not compatible with the new operating system and will block the upgrade.                                                                                                                                                             | Remove the application before upgrading. <br><br>A compatible version of the application may be available.<br>                                                                                                                                                                                                                                                                      |
-| Attention needed   | Yes                               | May block upgrade, test application                | Issues were detected that may interfere with the upgrade, but need to be investigated further.<br>                                                                                                                                                    | Test the application’s behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.<br>                                                                                                                                                                                                                         |
-| Attention needed   | Maybe                             | Multiple                                           | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. |
-
-For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft.
-
-| Upgrade Assessment | Action required prior to upgrade? | Issue    | What it means   | Guidance    |
-|--------------------|-----------------------------------|----------|-----------------|-------------|
-| Fix available      | Yes                               | Blocking upgrade, update application to newest version   | The existing version of the application is not compatible with the new operating system and won’t migrate. A compatible version of the application is available.   | Update the application before upgrading.                                                             |
-| Fix available      | No                                | Reinstall application after upgrading                    | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.<br> | No action is required for the upgrade to proceed. Reinstall application on the new operating system. |
-| Fix available      | Yes                               | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but won’t migrate.                                                                                    | Remove the application before upgrading and reinstall on the new operating system.<br>             |
-| Fix available      | Yes                               | Disk encryption blocking upgrade                         | The application’s encryption features are blocking the upgrade.                                                                                                    | Disable the encryption feature before upgrading and enable it again after upgrading.<br>           |
-
-### ISV support for applications with Ready for Windows
-
-[Ready for Windows](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installations and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/). 
-
-Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows and corresponding guidance. For example:
-
-![Upgrade analytics Ready for Windows status](images/upgrade-analytics-ready-for-windows-status.png)
-
-If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance.
-
-![Upgrade analytics Ready for Windows status guidance precedence](images/upgrade-analytics-ready-for-windows-status-guidance-precedence.png)
-
-If you query with RollupLevel="NamePublisher", each version of the application can have a different status for Ready for Windows. In this case, different values appear for Ready for Windows. 
-
-![Name publisher rollup](images/upgrade-analytics-namepub-rollup.png)
-
-The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses)
-
-| Ready for Windows Status | Query rollup level | What this means | Guidance |
-|-------------------|--------------------------|-----------------|----------|
-|Supported version available    | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. |
-|  Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. | 
-| Adopted   | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. |
-| Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A |
-| Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.|
-|Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.|
-|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.|
-| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A |
-
-## Review applications with no known issues
-
-Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
-
-![Review applications with no known issues](images/upgrade-analytics-apps-no-known-issues.png)
-
-Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
-
-Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates. 
-
-To change an application's upgrade decision:
-
-1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table. 
-
-2. Select **User changes** to change the upgrade decision for each application.
-
-3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
-
-4. Click **Save** when finished.  
-
-## Review drivers with known issues
-
-Drivers that won’t migrate to the new operating system are listed, grouped by availability.
-
-![Review drivers with known issues](images/upgrade-analytics-drivers-known.png)
-
-Availability categories are explained in the table below.
-
-| Driver availability   | Action required before or after upgrade? | What it means  | Guidance     |
-|-----------------------|------------------------------------------|----------------|--------------|
-| Available in-box                         | No, for awareness only                   | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system.<br>                         | No action is required for the upgrade to proceed.                                                                                                                     |
-| Import from Windows Update               | Yes                                      | The currently installed version of a driver won’t migrate to the new operating system; however, a compatible version is available from Windows Update.<br>                                                   | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
-| Available in-box and from Windows Update | Yes                                      | The currently installed version of a driver won’t migrate to the new operating system. <br><br>Although a new driver is installed during upgrade, a newer version is available from Windows Update. <br> | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
-| Check with vendor                        | Yes                                      | The driver won’t migrate to the new operating system and we are unable to locate a compatible version. <br>                                                                                                  | Check with the independent hardware vendor (IHV) who manufactures the driver for a solution.                                                                          |
-
-To change a driver’s upgrade decision:
-
-1.  Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table.
-
-2.  Select **User changes** to enable user input.
-
-3.  Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list.
-
-4.  Click **Save** when finished.
-

windows/deploy/upgrade-analytics-review-site-discovery.md

@@ -1,68 +1,7 @@
 ---
 title: Review site discovery
-description: Explains how to review internet web site discovery with Upgrade Analytics.
-ms.prod: w10
-author: Justinha
+redirect_url: upgrade-readiness-additional-insights
 ---
 
-# Review site discovery
-
-This section of the Upgrade Analytics workflow provides an inventory of web sites that are being used by client computers that run Internet Explorer on Windows 8.1 and Windows 7 in your environment. This inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. Data from Microsoft Edge is not collected. 
-
-> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
-
-## Install prerequisite security update for Internet Explorer
-
-Ensure the following prerequisites are met before using site discovery:
-
-1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. 
-2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
-3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script) to allow Internet Explorer data collection before you run it. 
-
-    If necessary, you can also enable it by creating the following registry entry. 
-
-    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection 
-
-    Entry name: IEDataOptIn
-
-    Data type: DWORD
-
-    Values:
-
-    > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
-    >
-    > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
-    >
-    > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
-    >
-    > *IEOptInLevel = 3 Data collection is enabled for all sites*
-
-    For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx). 
-
-    ![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png)
-
-## Review most active sites
-
-This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
-
-For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL. 
-
-![Most active sites](Images/upgrade-analytics-most-active-sites.png) 
-
-Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name. 
-
-![Site domain detail](images/upgrade-analytics-site-domain-detail.png)
-
-## Review document modes in use 
-
-This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
-
-![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png)
-
-## Run browser-related queries 
-
-You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries. 
-
-![](images/upgrade-analytics-query-activex-name.png)
 
 

windows/deploy/upgrade-analytics-upgrade-overview.md

@@ -0,0 +1,4 @@
+---
+title: Upgrade Analytics - Upgrade Overview (Windows 10)
+redirect_url: upgrade-readiness-upgrade-overview
+---

windows/deploy/upgrade-readiness-additional-insights.md

@@ -0,0 +1,81 @@
+---
+title: Upgrade Readiness - Additional insights
+description: Explains additional features of Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Additional insights
+
+This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include:
+
+- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7 or Windows 8.1 using Internet Explorer.
+- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
+
+## Site discovery
+
+The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
+
+> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
+
+### Install prerequisite security update for Internet Explorer
+
+Ensure the following prerequisites are met before using site discovery:
+
+1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. 
+2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
+3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. 
+
+    If necessary, you can also enable it by creating the following registry entry. 
+
+    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection 
+
+    Entry name: IEDataOptIn
+
+    Data type: DWORD
+
+    Values:
+
+    > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
+    >
+    > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
+    >
+    > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
+    >
+    > *IEOptInLevel = 3 Data collection is enabled for all sites*
+
+    For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx). 
+
+    ![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png)
+
+### Review most active sites
+
+This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
+
+For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL. 
+
+![Most active sites](Images/upgrade-analytics-most-active-sites.png) 
+
+Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name. 
+
+![Site domain detail](images/upgrade-analytics-site-domain-detail.png)
+
+### Review document modes in use 
+
+This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
+
+![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png)
+
+### Run browser-related queries 
+
+You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries. 
+
+![](images/upgrade-analytics-query-activex-name.png)
+
+## Office add-ins
+
+Office add-ins provides a list of the Microsoft Office add-ins in your environment, and enumerates the computers that have these add-ins installed.  This information should not affect the upgrade decision workflow, but can be helpful to an administrator.
+
+## Related topics
+
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)

windows/deploy/upgrade-readiness-architecture.md

@@ -0,0 +1,30 @@
+---
+title: Upgrade Readiness architecture (Windows 10)
+description: Describes Upgrade Readiness architecture.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness architecture
+
+Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation. 
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE 
+<img src="media/image1.png" width="624" height="401" />
+-->
+
+![Upgrade Readiness architecture](images/upgrade-analytics-architecture.png)
+
+After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Readiness, telemetry data is analyzed by the Upgrade Readiness Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Readiness solution (5) to plan and manage Windows upgrades.
+
+For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
+
+[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)<BR>
+[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)<BR>
+[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)<BR>
+
+##**Related topics**
+
+[Upgrade Readiness requirements](upgrade-readiness-requirements.md)<BR>
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)<BR>
+[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)<BR>

windows/deploy/upgrade-readiness-deploy-windows.md

@@ -0,0 +1,97 @@
+---
+title: Upgrade Readiness - Get a list of computers that are upgrade-ready (Windows 10)
+description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Step 3: Deploy Windows
+
+All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready. 
+The blades in the **Deploy** section are:
+
+- [Deploy eligible computers](#deploy-eligible-computers)
+- [Deploy computers by group](#computer-groups) 
+
+>Computers that are listed in this step are assigned an **UpgradeDecision** value, and the total count of computers in each upgrade decision category is displayed. Additionally, computers are assigned an **UpgradeAssessment** value. This value is displayed by drilling down into a specific upgrade decision category. For information about upgrade assessment values, see [Upgrade assessment](#upgrade-assessment).
+
+## Deploy eligible computers
+
+In this blade, computers grouped by upgrade decision are listed. The upgrade decision on the machines is a calculated value based on the upgrade decision status for the apps and drivers installed on the computer.  This value cannot be modified directly. The upgrade decision is calculated in the following ways:
+- **Review in progress**:  At least one app or driver installed on the computer is marked **Review in progress**.
+- **Ready to upgrade**:  All apps and drivers installed on the computer are marked as **Ready to Upgrade**.
+- **Won’t upgrade**:  At least one app or driver installed on the computer is marked as **Won’t upgrade**, or a system requirement is not met.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image9.png" width="195" height="316" />
+-->
+
+![Deploy eligible computers](images/ua-cg-16.png)
+
+Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers.
+
+>**Important**<br> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
+
+## Computer groups
+
+Computer groups allow you to segment your environment by creating device groups based on OMS log search results, or by importing groups from Active Directory, WSUS or System Center Configuration Manager. Computer groups are an OMS feature. For more information, see [Computer groups in OMS](https://blogs.technet.microsoft.com/msoms/2016/04/04/computer-groups-in-oms/).
+
+Query based computer groups are recommended in the initial release of this feature. A feature known as **Configuration Manager Upgrade Readiness Connector** is anticipated in a future release that will enable synchronization of **ConfigMgr Collections** with computer groups in OMS.
+
+### Getting started with Computer Groups
+
+When you sign in to OMS, you will see a new blade entitled **Computer Groups**. See the following example:
+
+![Computer groups](images/ua-cg-01.png)
+
+To create a computer group, open **Log Search** and create a query based on **Type=UAComputer**, for example:
+
+```
+Type=UAComputer Manufacturer=DELL
+```
+
+![Computer groups](images/ua-cg-02.png)
+
+When you are satisfied that the query is returning the intended results, add the following text to your search:
+
+```
+| measure count() by Computer
+```
+
+This will ensure every computer only shows up once. Then, save your group by clicking **Save** and **Yes**. See the following example:
+
+![Computer groups](images/ua-cg-03.png)
+
+Your new computer group will now be available in Upgrade Readiness. See the following example:
+
+![Computer groups](images/ua-cg-04.png)
+
+### Using Computer Groups
+
+When you drill into a computer group, you will see that computers are categorized by **UpgradeDecision**. For computers with the status **Review in progress** or **Won’t upgrade** you can drill down to view issues that cause a computer to be in each category, or you can simply display a list of the computers in the category. For computers that are designated **Ready to upgrade**, you can go directly to the list of computers that are ready.
+
+![Computer groups](images/ua-cg-05.png)
+
+Viewing a list of computers in a certain status is self-explanatory, Let’s look at what happens when you click the details link on **Review in progress**:
+
+![Computer groups](images/ua-cg-06.png)
+
+Next, select if you want to see application issues (**UAApp**) or driver issues (**UADriver**). See the following example of selecting **UAApp**:
+
+![Computer groups](images/ua-cg-07.png)
+
+A list of apps that require review so that Dell Computers are ready for upgrade to Windows 10 is displayed.
+
+### Upgrade assessment
+
+Upgrade assessment and guidance details are explained in the following table.
+
+| Upgrade assessment    | Action required before or after upgrade pilot? | Issue    | What it means   | Guidance      |
+|-----------------------|------------------------------------------------|----------|-----------------|---------------|
+| No known issues                                 | No                                             | None                                             | Computers will upgrade seamlessly.<br>                                                                                                                                         | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
+| OK to pilot, fixed during upgrade               | No, for awareness only                         | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
+| OK to pilot with new driver from Windows Update | Yes                                            | Driver will not migrate to new OS                | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update.                    | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update. <br><br>If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading. <br> <br> |
+
+Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
+
+>**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.

windows/deploy/upgrade-readiness-deployment-script.md

@@ -0,0 +1,265 @@
+---
+title: Upgrade Readiness deployment script (Windows 10)
+description: Deployment script for Upgrade Readiness.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+# Upgrade Readiness deployment script
+
+To automate the steps provided in [Get started with Upgrade Readiness](upgrade-readiness-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft.
+
+>[!IMPORTANT]
+>Upgrade Readiness was previously called Upgrade Analytics.  References to Upgrade Analytics in any scripts or online content pertain to the Upgrade Readiness solution.
+
+For detailed information about using the Upgrade Readiness (also known as upgrade analytics) deployment script, see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).
+
+> The following guidance applies to version 11.11.16 or later of the Upgrade Readiness deployment script. If you are using an older version, please download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
+
+The Upgrade Readiness deployment script does the following:
+
+1.  Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
+2.  Verifies that user computers can send data to Microsoft.
+3.  Checks whether the computer has a pending restart.  
+4.  Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
+5.  If enabled, turns on verbose mode for troubleshooting.
+6.  Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness.
+7.  If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
+
+To run the Upgrade Readiness deployment script:
+
+1.  Download the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly.  Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
+
+2.  Edit the following parameters in RunConfig.bat:
+
+    1.  Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics
+
+    2.  Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry.
+
+    3.  By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
+
+        > *logMode = 0 log to console only*
+>
+        > *logMode = 1 log to file and console*
+>
+        > *logMode = 2 log to file only*
+
+3.  To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
+
+    > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
+    >
+    > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
+    >
+    > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
+    >
+    > *IEOptInLevel = 3 Data collection is enabled for all sites*
+
+4.  After you finish editing the parameters in RunConfig.bat, you are ready to run the script.  If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
+
+The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
+
+<div style='font-size:8.0pt'>
+
+<TABLE border=1 cellspacing=0 cellpadding=0>
+
+<TR><TD BGCOLOR="#a0e4fa" width=5>Exit code</TD>
+<TD BGCOLOR="#a0e4fa">Meaning
+<TD BGCOLOR="#a0e4fa">Suggested fix
+
+<TR><TD>0</TD>
+<TD>Success
+<TD>N/A
+
+<TR><TD>1</TD>
+<TD>Unexpected error occurred while executing the script.
+<TD> The files in the deployment script are likely corrupted.  Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
+
+<TR><TD>2</TD>
+<TD>Error when logging to console. $logMode = 0.<BR>(console only)
+<TD>Try changing the $logMode value to **1** and try again.<BR>$logMode value 1 logs to both console and file.
+
+<TR><TD>3</TD>
+<TD>Error when logging to console and file. $logMode = 1.
+<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+
+<TR><TD>4</TD>
+<TD>Error when logging to file. $logMode = 2.
+<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+
+<TR><TD>5</TD>
+<TD>Error when logging to console and file. $logMode = unknown.
+<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+
+<TR><TD>6</TD>
+<TD>The commercialID parameter is set to unknown. <BR>Modify the runConfig.bat file to set the CommercialID value.
+<TD>The value for parameter in the runconfig.bat file should match the Commercial ID key for your workspace. 
+<BR>See [Generate your Commercial ID key](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#generate-your-commercial-id-key) for instructions on generating a Commercial ID key for your workspace.
+
+<TR><TD>8</TD>
+<TD>Failure to create registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div> 
+<TD>The Commercial Id property is set at the following registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
+<BR>Verify that the context under which the script in running has access to the registry key.
+
+<TR><TD>9</TD>
+<TD>The script failed to write Commercial Id to registry.
+<BR>Error creating or updating registry key: **CommercialId** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div> 
+<TD>Verify that the context under which the script in running has access to the registry key.
+
+<TR><TD>10</TD>
+<TD>Error when writing **CommercialDataOptIn** to the registry at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
+<TD>Verify that the deployment script is running in a context that has access to the registry key.
+
+<TR><TD>11</TD>
+<TD>Function **SetupCommercialId** failed with an unexpected exception.
+<TD>The **SetupCommercialId** function updates the Commercial Id at the registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div> <BR>Verify that the configuration script has access to this location.
+
+<TR><TD>12</TD>
+<TD>Can’t connect to Microsoft - Vortex. Check your network/proxy settings.
+<TD>**Http Get** on the end points did not return a success exit code.<BR>
+For Windows 10, connectivity is verified by connecting to https://v10.vortex-win.data.microsoft.com/health/keepalive.<BR>
+For previous operating systems, connectivity is verified by connecting to https://vortex-win.data.microsoft.com/health/keepalive.  
+<BR>If there is an error verifying connectivity, this will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
+
+
+<TR><TD>13</TD>
+<TD>Can’t connect to Microsoft - setting. 
+<TD>An error occurred connecting to  https://settings.data.microsoft.com/qos. This error will prevent the collected data from being sent to Upgrade Readiness.  To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
+
+
+<TR><TD>14</TD>
+<TD>Can’t connect to Microsoft - compatexchange.
+<TD>An error occurred connecting to https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc . This error will prevent the collected data from being sent to Upgrade Readiness.  To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
+
+<TR><TD>15</TD>
+<TD>Function CheckVortexConnectivity failed with an unexpected exception.
+<TD>This error will prevent the collected data from being sent to Upgrade Readiness.  To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). Check the logs for the exception message and the HResult.
+
+<TR><TD>16</TD>
+<TD>The computer requires a reboot before running the script.
+<TD>A reboot is required to complete the installation of the compatibility update and related KBs. Reboot the computer before running the Upgrade Readiness deployment script.
+
+<TR><TD>17</TD>
+<TD>Function **CheckRebootRequired** failed with an unexpected exception.
+<TD>A reboot is required to complete installation of the compatibility update and related KBs. Check the logs for the exception message and the HResult.
+
+<TR><TD>18</TD>
+<TD>Appraiser KBs not installed or **appraiser.dll** not found.
+<TD>Either the Appraiser KBs are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser telemetry events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic.
+
+<TR><TD>19</TD>
+<TD>Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception.
+<TD>Check the logs for the Exception message and HResult. The script will not run further if this error is not fixed. 
+
+<TR><TD>20</TD>
+<TD>An error occurred when creating or updating the registry key **RequestAllAppraiserVersions** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser**</div> 
+<TD>The registry key is required for data collection to work correctly. Verify that the script is running in a context that has access to the registry key. 
+
+<TR><TD>21</TD>
+<TD>Function **SetRequestAllAppraiserVersions** failed with an unexpected exception.
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>22</TD>
+<TD>**RunAppraiser** failed with unexpected exception.
+<TD>Check the logs for the exception message and HResult. Check the **%windir%\System32*8 directory for the file **CompatTelRunner.exe**. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization's Group Policy to verify it does not remove this file.
+
+<TR><TD>23</TD>
+<TD>Error finding system variable **%WINDIR%**.
+<TD>Verify that this environment variable is configured on the computer.
+
+<TR><TD>24</TD>
+<TD>The script failed when writing **IEDataOptIn** to the registry. An error occurred when creating registry key **IEOptInLevel** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
+<TD>This is a required registry key for IE data collection to work correctly. Verify that the deployment script in running in a context that has access to the registry key. Check the logs for the exception message and HResult.
+
+<TR><TD>25</TD>
+<TD>The function **SetIEDataOptIn** failed with unexpected exception.
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>26</TD>
+<TD>The operating system is Server or LTSB SKU.
+<TD> The script does not support Server or LTSB SKUs.
+
+<TR><TD>27</TD>
+<TD>The script is not running under **System** account.
+<TD>The Upgrade Readiness configuration script must be run as **System**.  
+
+<TR><TD>28</TD>
+<TD>Could not create log file at the specified **logPath**.
+<TD> Make sure the deployment script has access to the location specified in the **logPath** parameter.
+
+<TR><TD>29</TD>
+<TD>Connectivity check failed for proxy authentication. 
+<TD>Install the cumulative updates on the computer and enable the **DisableEnterpriseAuthProxy** authentication proxy setting.
+<BR>The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.  
+<BR>For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled). 
+<BR>For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
+
+<TR><TD>30</TD>
+<TD>Connectivity check failed. Registry key property **DisableEnterpriseAuthProxy** is not enabled.
+<TD>The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.  
+<BR>For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled). 
+<BR>For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
+
+<TR><TD>31</TD>
+<TD>There is more than one instance of the Upgrade Readiness data collector running at the same time on this computer. 
+<TD>Use the Windows Task Manager to check if **CompatTelRunner.exe** is running, and wait until it has completed to rerun the script.  The Upgrade Readiness task is scheduled to run daily at 3 a.m.
+
+<TR><TD>32</TD>
+<TD>Appraiser version on the machine is outdated. 
+<TD>The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#deploy-the-compatibility-update-and-related-kbs) for Windows 7 SP1/Windows 8.1.
+
+<TR><TD>33</TD>
+<TD>**CompatTelRunner.exe** exited with an exit code 
+<TD>**CompatTelRunner.exe** runs the appraise task on the machine. If it fails, it will provide a specific exit code. The script will return exit code 33 when **CompatTelRunner.exe** itself exits with an exit code. Please check the logs for more details.
+
+<TR><TD>34</TD>
+<TD>Function **CheckProxySettings** failed with an unexpected exception. 
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>35</TD>
+<TD>Function **CheckAuthProxy** failed with an unexpected exception.
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>36</TD>
+<TD>Function **CheckAppraiserEndPointsConnectivity** failed with an unexpected exception.
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>37</TD>
+<TD>**Diagnose_internal.cmd** failed with an unexpected exception.
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>38</TD>
+<TD>Function **Get-SqmID** failed with an unexpected exception. 
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>39</TD>
+<TD>For Windows 10: AllowTelemetry property is not set to 1 or higher at registry key path <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**</div>
+or <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
+<TD>For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).
+
+<TR><TD>40</TD>
+<TD>Function **CheckTelemetryOptIn** failed with an unexpected exception. 
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>41</TD>
+<TD>The script failed to impersonate the currently logged on user. 
+<TD>The script mimics the UTC client to collect upgrade readiness data. When auth proxy is set, the UTC client impersonates the logged on user. The script also tries to mimic this, but the process failed.
+
+<TR><TD>42</TD>
+<TD>Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception.  
+<TD>Check the logs for the exception message and HResult.
+
+<TR><TD>43</TD>
+<TD>Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception. 
+<TD>Check the logs for the exception message and HResult.
+
+</TABLE>
+
+</div>
+
+
+
+
+

windows/deploy/upgrade-readiness-get-started.md

@@ -0,0 +1,133 @@
+---
+title: Get started with Upgrade Readiness (Windows 10)
+description: Explains how to get started with Upgrade Readiness.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+# Get started with Upgrade Readiness
+
+This topic explains how to obtain and configure Upgrade Readiness for your organization. 
+
+You can use Upgrade Readiness to plan and manage your upgrade project end-to-end. Upgrade Readiness works by establishing communications between computers in your organization and Microsoft. Upgrade Readiness collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft.
+
+Before you begin, consider reviewing the following helpful information:<BR>
+    - [Upgrade Readiness requirements](upgrade-readiness-requirements.md): Provides detailed requirements to use Upgrade Readiness.<BR>
+    - [Upgrade Readiness blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Readiness.
+
+>If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Readiness with Configuration Manager: [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
+
+When you are ready to begin using Upgrade Readiness, perform the following steps:
+
+1. Review [data collection and privacy](#data-collection-and-privacy) information.
+2. [Add Upgrade Readiness to OMS](#add-upgrade-readiness-to-operations-management-suite).
+3. [Enable data sharing](#enable-data-sharing).
+4. [Deploy required updates](#deploy-the-compatibility-update-and-related-kbs) to computers, and validate using a pilot deployment.
+5. [Deploy Upgrade Readiness at scale](#deploy-upgrade-readiness-at-scale).
+
+## Data collection and privacy 
+
+To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
+
+- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+
+## Add Upgrade Readiness to Operations Management Suite
+
+Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
+
+If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace.
+
+If you are not using OMS:
+
+1.  Go to the [Upgrade Readiness page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
+2.  Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
+3.  Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
+4.  If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator.
+
+    > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
+
+1.  To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness.
+
+2.  Click the **Upgrade Readiness** tile to configure the solution. The **Settings Dashboard** opens.
+
+### Generate your commercial ID key
+
+Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers.
+
+1.  On the Settings Dashboard, navigate to the **Windows telemetry** panel.
+
+    ![upgrade-readiness-telemetry](images/upgrade-analytics-telemetry.png)
+
+2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Readiness deployment script later so it can be deployed to user computers.
+
+    >**Important**<br> Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again.
+
+### Subscribe to Upgrade Readiness
+
+For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Readiness.
+
+1.  On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Readiness solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic.
+
+1.  Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Readiness tile now displays summary data. Click the tile to open Upgrade Readiness.
+
+## Enable data sharing
+
+To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this.
+
+Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account.
+
+| **Endpoint**  | **Function**  |
+|---------------------------------------------------------|-----------|
+| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive`                                                                                                      | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint.             |
+| `https://settings.data.microsoft.com/qos`                                                                                                                                  | Enables the compatibility update KB to send data to Microsoft.                                                                       |
+| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`                                         | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
+
+
+## Deploy the compatibility update and related KBs
+
+The compatibility update KB scans your computers and enables application usage tracking. If you don’t already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
+
+| **Operating System** | **KBs** |
+|----------------------|-----------------------------------------------------------------------------|
+| Windows 10        | The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed.  You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com) <P>Note: Windows 10 LTSB is not supported by Upgrade Readiness. See [Upgrade readiness requirements](upgrade-readiness-requirements.md) for more information. |
+| Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2976978><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2976978 must be installed before you can download and install KB3150513.   |
+| Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2952664><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2952664 must be installed before you can download and install KB3150513. |
+
+IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
+
+If you are planning to enable IE Site Discovery, you will need to install a few additional KBs.
+
+| **Site discovery** | **KB** |
+|----------------------|-----------------------------------------------------------------------------|
+| [Review site discovery](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-additional-insights#site-discovery)         | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)<br>Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices. <br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br><br>Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update.  |
+
+### Deploy the Upgrade Readiness deployment script
+
+You can use the Upgrade Readiness deployment script to automate and verify your deployment. 
+
+See [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) for information on obtaining and running the script, and for a description of the error codes that can be displayed.
+
+>After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Readiness. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Readiness. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
+
+## Deploy Upgrade Readiness at scale
+
+When you have completed a pilot deployment, you are ready to automate data collection and distribute the deployment script to the remaining computers in your organization.
+
+### Automate data collection
+
+To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
+
+- Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
+- Schedule the Upgrade Readiness deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated. 
+- Schedule monthly user computer scans to view monthly active computer and usage information.
+
+>When you run the deployment script, it initiates a full scan. The daily scheduled task to capture the deltas are created when the update package is installed. A full scan averages to about 2 MB, but the delta scans are very small. For Windows 10 devices, its already part of the OS. This is the **Windows Compat Appraiser** task. Deltas are invoked via the nightly scheduled task.  It attempts to run around 3AM, but if system is off at that time, the task will run when the system is turned on. 
+
+### Distribute the deployment script at scale
+
+Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Readiness deployment script at scale. For more information, see the [Upgrade Readiness blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).

windows/deploy/upgrade-readiness-identify-apps.md

@@ -0,0 +1,36 @@
+---
+title: Upgrade Readiness - Identify important apps (Windows 10)
+description: Describes how to prepare your environment so that you can use Upgrade Readiness to manage Windows upgrades.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Step 1: Identify important apps
+
+This is the first step of the Upgrade Readiness workflow. In this step, applications are listed and grouped by importance level. Setting the importance level enables you to prioritize applications for upgrade.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image5.png" width="213" height="345" />
+-->
+
+![Prioritize applications](images/upgrade-analytics-prioritize.png)
+
+Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
+
+To change an application’s importance level:
+
+1.  Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level.
+2.  Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
+3.  Click **Save** when finished.
+
+Importance levels include:
+
+| Importance level   | When to use it   | Recommendation   |
+|--------------------|------------------|------------------|
+| Low install count  | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]<br><br>Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.<br> | Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. For example, payroll apps or tax accounting apps tend to be installed on a relatively small number of machines but are still considered business critical applications.<br><br>                                                                                                                                                                                                 |
+| Not reviewed       | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you set their importance level.<br><br>                                                                                                                                              | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.                                                                                                                                                                      |
+| Business critical  | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**. <br><br>                                                                                                                                                                    | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
+| Important          | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**.                                                                                                                                                                          | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>         |
+| Ignore             | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**. <br>                                  | Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing. If you set the importance level to ignore, and this is an app that you are not planning on testing or validating, consider changing the upgrade decision to **Ready to upgrade**.  By marking these apps ready to upgrade, you are indicating that you are comfortable upgrading with the app remaining in its current state.<br><br>                                                                       |
+| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.<br>                                                                                                                                                                                 | As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.<br><br>Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**. <br>                                               |
+

windows/deploy/upgrade-readiness-release-notes.md

@@ -0,0 +1,5 @@
+---
+title: Upgrade Readiness release notes (Windows 10)
+description: Provides tips and limitations about Upgrade Readiness.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release
+---

windows/deploy/upgrade-readiness-requirements.md

@@ -0,0 +1,95 @@
+---
+title: Upgrade Readiness requirements (Windows 10)
+description: Provides requirements for Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness requirements
+
+This article introduces concepts and steps needed to get up and running with Upgrade Readiness. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Readiness.
+
+## Supported upgrade paths 
+
+### Windows 7 and Windows 8.1
+
+To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Readiness performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
+
+The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Readiness cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
+
+<!--With Windows 10, edition 1607, the compatibility update KB is installed automatically.-->
+
+If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
+
+Note: Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
+
+See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements.
+
+### Windows 10
+
+Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
+The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed.  You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). 
+
+Windows 10 LTSB is not supported by Upgrade Readiness. The LTSB (long term servicing branch) of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness.  See [Windows as a service overview](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview#long-term-servicing-branch) to understand more about LTSB.
+
+## Operations Management Suite
+
+Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
+
+If you’re already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Click the Upgrade Readiness tile in the gallery and then click Add on the solution’s details page. Upgrade Readiness is now visible in your workspace.
+
+If you are not using OMS, go to the [Upgrade Readiness page](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) on Microsoft.com and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Readiness solution to it.
+
+Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace.  The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account.  Once the link has been established, you can revoke the administrator permissions.
+
+## System Center Configuration Manager integration
+
+Upgrade Readiness can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
+
+## Telemetry and data sharing 
+
+After you’ve signed in to Operations Management Suite and added the Upgrade Readiness solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Readiness.
+
+See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
+
+**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
+
+`https://v10.vortex-win.data.microsoft.com/collect/v1`<BR>
+`https://vortex-win.data.microsoft.com/health/keepalive`<BR>
+`https://settings.data.microsoft.com/qos`<BR>
+`https://go.microsoft.com/fwlink/?LinkID=544713`<BR>
+`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`<BR>
+
+>**Note** The compatibility update KB runs under the computer’s system account and does not support user authentication in this release.
+
+**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. You’ll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as you’ll need it later.
+
+**Subscribe your OMS workspace to Upgrade Readiness.** For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Readiness.
+
+**Enable telemetry and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Readiness and user computers. You’ll need to connect Upgrade Readiness to your data sources and enable telemetry to establish communication.
+
+**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
+
+>**Important**<br> The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated. 
+
+**Configure and deploy Upgrade Readiness deployment script.** Configure and deploy the Upgrade Readiness deployment script to user computers to finish setting up.
+
+## Important information about this release
+
+Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release.
+
+**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints.
+
+**Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
+
+**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported.
+
+### Tips
+
+- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items.
+
+- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby).
+
+## Get started
+
+See [Get started with Upgrade Readiness](upgrade-readiness-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Readiness and getting started on your Windows upgrade project.

windows/deploy/upgrade-readiness-resolve-issues.md

@@ -0,0 +1,152 @@
+---
+title: Upgrade Readiness - Resolve application and driver issues (Windows 10)
+description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Step 2: Resolve app and driver issues
+
+This section of the Upgrade Readiness workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
+
+You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
+
+Upgrade decisions include:
+
+| Upgrade decision   | When to use it    | Guidance    |
+|--------------------|-------------------|-------------|
+| Not reviewed       | All drivers are marked as Not reviewed by default.<br><br>Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default. <br>                                                                                                                                                                                      | Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.<br><br>                                                                                                                                                                                           |
+| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.<br><br>Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**. <br><br> | Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>                                                                                                                                                                                                          |
+| Ready to upgrade   | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is.                                                                                                                                                          | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.<br><br>In Step 1, you might have marked some of your apps as **Ignore**.  These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default.  Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br> |
+| Won’t upgrade      | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination. <br><br>Use **Won’t upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.<br>                                                                                                                                                        | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**. <br><br>                                                                                                                                                                                                                    |
+
+The blades in the **Resolve issues** section are:
+
+- Review applications with known issues
+- Review applications with no known issues
+- Review drivers with known issues
+
+As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/).
+
+## Review applications with known issues
+
+Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image6.png" width="192" height="321" />
+-->
+
+![Review applications with known issues](images/upgrade-analytics-apps-known-issues.png)
+
+To change an application's upgrade decision:
+
+1. Select **Decide upgrade readiness** to view applications with issues. 
+2. In the table view, select an **UpgradeDecision** value. 
+3. Select **Decide upgrade readiness** to change the upgrade decision for each application.
+4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
+5. Click **Save** when finished.  
+
+IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
+
+For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible.
+
+| Upgrade Assessment | Action required prior to upgrade? | Issue     | What it means   | Guidance   |
+|--------------------|-----------------------------------|-----------|-----------------|------------|
+| Attention needed   | No                                | Application is removed during upgrade              | Compatibility issues were detected and the application will not migrate to the new operating system. <br>                                                                                                                                             | No action is required for the upgrade to proceed.                                                                                                                                                                                                                                                                                                                                         |
+| Attention needed   | Yes                               | Blocking upgrade                                   | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade. <br><br>The application may work on the new operating system.<br>                                                                       | Remove the application before upgrading, and reinstall and test on new operating system.                                                                                                                                                                                                                                                                                                  |
+| Attention needed   | No                                | Evaluate application on new OS                     | The application will migrate, but issues were detected that may impact its performance on the new operating system.                                                                                                                                     | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.<br>                                                                                                                                                                                                                                                                  |
+| Attention needed   | No                                | Does not work with new OS, but won’t block upgrade | The application is not compatible with the new operating system, but won’t block the upgrade.                                                                                                                                                           | No action is required for the upgrade to proceed, however, you’ll have to install a compatible version of the application on the new operating system.<br>                                                                                                                                                                                                                              |
+| Attention needed   | Yes                               | Does not work with new OS, and will block upgrade  | The application is not compatible with the new operating system and will block the upgrade.                                                                                                                                                             | Remove the application before upgrading. <br><br>A compatible version of the application may be available.<br>                                                                                                                                                                                                                                                                      |
+| Attention needed   | Yes                               | May block upgrade, test application                | Issues were detected that may interfere with the upgrade, but need to be investigated further.<br>                                                                                                                                                    | Test the application’s behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.<br>                                                                                                                                                                                                                         |
+| Attention needed   | Maybe                             | Multiple                                           | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. |
+
+For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft.
+
+| Upgrade Assessment | Action required prior to upgrade? | Issue    | What it means   | Guidance    |
+|--------------------|-----------------------------------|----------|-----------------|-------------|
+| Fix available      | Yes                               | Blocking upgrade, update application to newest version   | The existing version of the application is not compatible with the new operating system and won’t migrate. A compatible version of the application is available.   | Update the application before upgrading.                                                             |
+| Fix available      | No                                | Reinstall application after upgrading                    | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.<br> | No action is required for the upgrade to proceed. Reinstall application on the new operating system. |
+| Fix available      | Yes                               | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but won’t migrate.                                                                                    | Remove the application before upgrading and reinstall on the new operating system.<br>             |
+| Fix available      | Yes                               | Disk encryption blocking upgrade                         | The application’s encryption features are blocking the upgrade.                                                                                                    | Disable the encryption feature before upgrading and enable it again after upgrading.<br>           |
+
+### ISV support for applications with Ready for Windows
+
+[Ready for Windows](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installations and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/). 
+
+Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows and corresponding guidance. For example:
+
+![Upgrade analytics Ready for Windows status](images/upgrade-analytics-ready-for-windows-status.png)
+
+If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance.
+
+![Upgrade analytics Ready for Windows status guidance precedence](images/upgrade-analytics-ready-for-windows-status-guidance-precedence.png)
+
+If you query with RollupLevel="NamePublisher", each version of the application can have a different status for Ready for Windows. In this case, different values appear for Ready for Windows. 
+
+![Name publisher rollup](images/upgrade-analytics-namepub-rollup.png)
+
+>[!TIP]
+>Within the Upgrade Readiness data model, an object of Type **UAApp** refers to a particular application installed on a specific computer.  
+
+>To support dynamic aggregation and summation of data the Upgrade Readiness solution "rolls up" (aggregates) data in preprocessing.  Rolling up to the **Granular** level enables display of the **App** level.  In Upgrade Readiness terminology, an **App** is a unique combination of: app name, app vendor, app version, and app language.  Thus, at the Granular level, you can see attributes such as **total install count**, which is the number of machines with a specific **App** installed.
+
+>Upgrade Readiness also has a roll up level of **NamePublisher**, This level enables you to ignore different app versions within your organization for a particular app.  In other words, **NamePublisher** displays statistics about a given app, aggregated across all versions.
+
+The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses)
+
+| Ready for Windows Status | Query rollup level | What this means | Guidance |
+|-------------------|--------------------------|-----------------|----------|
+|Supported version available    | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. |
+|  Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. | 
+| Adopted   | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. |
+| Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A |
+| Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.|
+|Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.|
+|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.|
+| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A |
+
+## Review applications with no known issues
+
+Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
+
+![Review applications with no known issues](images/upgrade-analytics-apps-no-known-issues.png)
+
+Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
+
+Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates. 
+
+To change an application's upgrade decision:
+
+1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table. 
+
+2. Select **User changes** to change the upgrade decision for each application.
+
+3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
+
+4. Click **Save** when finished.  
+
+## Review drivers with known issues
+
+Drivers that won’t migrate to the new operating system are listed, grouped by availability.
+
+![Review drivers with known issues](images/upgrade-analytics-drivers-known.png)
+
+Availability categories are explained in the table below.
+
+| Driver availability   | Action required before or after upgrade? | What it means  | Guidance     |
+|-----------------------|------------------------------------------|----------------|--------------|
+| Available in-box                         | No, for awareness only                   | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system.<br>                         | No action is required for the upgrade to proceed.                                                                                                                     |
+| Import from Windows Update               | Yes                                      | The currently installed version of a driver won’t migrate to the new operating system; however, a compatible version is available from Windows Update.<br>                                                   | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
+| Available in-box and from Windows Update | Yes                                      | The currently installed version of a driver won’t migrate to the new operating system. <br><br>Although a new driver is installed during upgrade, a newer version is available from Windows Update. <br> | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
+| Check with vendor                        | Yes                                      | The driver won’t migrate to the new operating system and we are unable to locate a compatible version. <br>                                                                                                  | Check with the independent hardware vendor (IHV) who manufactures the driver for a solution.                                                                          |
+
+To change a driver’s upgrade decision:
+
+1.  Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table.
+
+2.  Select **User changes** to enable user input.
+
+3.  Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list.
+
+4.  Click **Save** when finished.
+

windows/deploy/upgrade-readiness-upgrade-overview.md

@@ -0,0 +1,62 @@
+---
+title: Upgrade Readiness - Upgrade Overview (Windows 10)
+description: Displays the total count of computers sharing data and upgraded.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Upgrade overview
+
+The first blade in the Upgrade Readiness solution is the upgrade overview blade. This blade displays the total count of computers sharing data with Microsoft, and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
+
+The upgrade overivew blade displays data refresh status, including the date and time of the most recent data update and whether user changes are reflected. The upgrade overview blade also displays the current target OS version.  For more information about the target OS version, see [target version](use-upgrade-readiness-to-manage-windows-upgrades.md).
+
+The following color-coded status changes are reflected on the upgrade overview blade:
+
+- The "Last updated" banner:
+    - No delay in processing device inventory data = "Last updated" banner is displayed in green.
+    - Delay processing device inventory data = "Last updated" banner is displayed in amber.
+- Computers with incomplete data:
+    - Less than 4% = Count is displayed in black.
+    - 4% - 10% = Count is displayed in amber.
+    - Greater than 10%  = Count is displayed in red.
+- User changes:
+    - Pending user changes = User changes count displays "Data refresh pending" in amber.
+    - No pending user changes = User changes count displays "Up to date" in green.
+- Target version:
+    - If the current value matches the recommended value, the version is displayed in green.
+    - If the current value is an older OS version than the recommended value, but not deprecated, the version is displayed in amber.
+    - If the current value is a deprecated OS version, the version is displayed in red.
+
+In the following example, there is no delay in data processing, less than 4% of computers (6k\294k) have incomplete data, there are no pending user changes, and the currently selected target OS version is the same as the recommended version:
+
+![Upgrade overview](images/ur-overview.png)
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image3.png" width="214" height="345" />
+-->
+
+If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours.
+
+If there are computers with incomplete data, verify that you have installed the latest compatibilty update and run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center.
+
+Select **Total computers** for a list of computers and details about them, including:
+
+-   Computer ID and computer name
+-   Computer manufacturer
+-   Computer model
+-   Operating system version and build
+-   Count of system requirement, application, and driver issues per computer
+-   Upgrade assessment based on analysis of computer telemetry data
+-   Upgrade decision status
+
+Select **Total applications** for a list of applications discovered on user computers and details about them, including:
+
+-   Application vendor
+-   Application version
+-   Count of computers the application is installed on
+-   Count of computers that opened the application at least once in the past 30 days
+-   Percentage of computers in your total computer inventory that opened the application in the past 30 days
+-   Issues detected, if any
+-   Upgrade assessment based on analysis of application data
+-   Rollup level

windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md

@@ -1,28 +1,4 @@
 ---
 title: Use Upgrade Analytics to manage Windows upgrades (Windows 10)
-description: Describes how to use Upgrade Analytics to manage Windows upgrades.
-ms.prod: w10
-author: MaggiePucciEvans
+redirect_url: use-upgrade-readiness-to-manage-windows-upgrades
 ---
-
-# Use Upgrade Analytics to manage Windows upgrades
-
-This topic explains how to use the Upgrade Analytics solution to plan, manage, and deploy Windows upgrades.
-
-Based on telemetry data from user computers, Upgrade Analytics identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness.
-
-You and your IT team can use the Upgrade Analytics workflow to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. You can then export the list of upgrade-ready computers and start deploying Windows with confidence, knowing that you’ve addressed potential blocking issues.
-
-Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
-
-The Upgrade Analytics workflow gives you compatibility and usage information about computers, applications, and drivers and walks you through these high-level tasks. Each task is described in more detail in the topics that follow.
-
-1.  [Preparing your environment](upgrade-analytics-prepare-your-environment.md)
-
-2.  [Resolving application and driver issues](upgrade-analytics-resolve-issues.md)
-
-3.  [Identifying computers that are upgrade ready](upgrade-analytics-deploy-windows.md)
-
-4.  [Review site discovery](upgrade-analytics-review-site-discovery.md)
-
-

windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md

@@ -0,0 +1,54 @@
+---
+title: Use Upgrade Readiness to manage Windows upgrades (Windows 10)
+description: Describes how to use Upgrade Readiness to manage Windows upgrades.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Use Upgrade Readiness to manage Windows upgrades
+
+You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues.
+
+- Based on telemetry data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness.
+- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
+
+When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. 
+
+<A HREF="images/ua-cg-15.png">![Workflow](images/ua-cg-15.png)</A>
+
+Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step.
+
+>**Important**: You can use the [Target version](#target-version) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Readiness workflow. By default, the Target version is configured to the released version of Windows 10 for the Current Branch for Business (CBB).
+
+The following information and workflow is provided:
+
+- [Upgrade overview](upgrade-readiness-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers.
+- [Step 1: Identify important apps](upgrade-readiness-identify-apps.md): Assign importance levels to prioritize your applications.
+- [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md): Identify and resolve problems with applications.
+- [Step 3: Deploy](upgrade-readiness-deploy-windows.md): Start the upgrade process.
+
+Also see the following topic for information about additional items that can be affected by the upgrade process: 
+
+- [Additional insights](upgrade-readiness-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity.
+
+## Target version
+
+The target version setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. The target version of Windows 10 is displayed on the upgrade overview tile. See the following example:
+
+![Target version](images/ur-target-version.png)
+
+As mentioned previously, the default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. 
+
+The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target version. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Readiness is based on the target operating system version.
+
+You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610.
+
+To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution:
+
+![Target version](images/ua-cg-08.png)
+
+>You must be signed in to Upgrade Readiness as an administrator to view settings.
+
+On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace.
+
+![Target version](images/ua-cg-09.png)

windows/deploy/usmt-overview.md

@@ -35,7 +35,7 @@ USMT provides the following benefits to businesses that are deploying Windows op
 -   Increases employee satisfaction with the migration experience.
 
 ## Limitations
-USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](https://go.microsoft.com/fwlink/p/?LinkId=140248).
+USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [PCmover Express](http://go.microsoft.com/fwlink/?linkid=620915). PCmover Express is a tool created by Microsoft's partner, Laplink.
 
 There are some scenarios in which the use of USMT is not recommended. These include:
 

windows/deploy/usmt-requirements.md

@@ -15,11 +15,11 @@ author: greg-lindsay
 
 
 -   [Supported Operating Systems](#bkmk-1)
-
--   [Software Requirements](#bkmk-2)
-
+-   [Windows PE](#windows-pe)
+-   [Credentials](#credentials)
+-   [Config.xml](#config-xml)
+-   [LoadState](#loadstate)
 -   [Hard Disk Requirements](#bkmk-3)
-
 -   [User Prerequisites](#bkmk-userprereqs)
 
 ## <a href="" id="bkmk-1"></a>Supported Operating Systems
@@ -44,16 +44,6 @@ The following table lists the operating systems supported in USMT.
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>32-bit versions of Windows Vista</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>64-bit versions of Windows Vista</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
 <td align="left"><p>32-bit versions of Windows 7</p></td>
 <td align="left"><p>X</p></td>
 <td align="left"><p>X</p></td>
@@ -95,45 +85,42 @@ USMT does not support any of the Windows Server® operating systems, Windows 20
 
  
 
-## <a href="" id="bkmk-2"></a>Software Requirements
-
+## Windows PE
 
 -   **Must use latest version of Window PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](http://msdn.microsoft.com/library/windows/hardware/dn938350.aspx).
 
--   **Must run in Administrator Mode** When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8 or Windows 10 you must run them in Administrator mode from an account with administrative credentials to ensure that all specified users are migrated. This is because User Access Control (UAC) is enabled by default. If you do not run USMT in Administrator mode, only the user profile that is logged on will be included in the migration.
+## Credentials
 
-    To run in Administrator mode:
+-  **Run as administrator** 
+    When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8 or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration.
 
-    1.  Click **Start**.
+To open an elevated command prompt:
 
-    2.  Click **All Programs**.
+1. Click **Start**.
+2. Enter **cmd** in the search function.
+3. Depending on the OS you are using, **cmd** or **Command Prompt** is displayed.
+3. Right-click **cmd** or **Command Prompt**, and then click **Run as administrator**.
+4. If the current user is not already an administrator, you will be prompted to enter administrator credentials.
 
-    3.  Click **Accessories**.
+**Important**<BR>
+You must run USMT using an account with full administrative permissions, including the following privileges:
 
-    4.  Right-click **Command Prompt**.
+- SeBackupPrivilege (Back up files and directories)
+- SeDebugPrivilege (Debug programs)
+- SeRestorePrivilege (Restore files and directories)
+- SeSecurityPrivilege (Manage auditing and security log)
+- SeTakeOwnership Privilege (Take ownership of files or other objects)
 
-    5.  Click **Run as administrator**.
 
-    6.  At the command prompt, type the `ScanState` or `LoadState` command.
+## Config.xml
 
-    **Important**  
-    You must run USMT in Administrator mode from an account with full administrative permissions, including the following privileges:
+-  **Specify the /c option and &lt;ErrorControl&gt; settings in the Config.xml file.**<BR>
+    USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **&lt;ErrorControl&gt;** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
 
-    -   SeBackupPrivilege (Back up files and directories)
+## LoadState
 
-    -   SeDebugPrivilege (Debug programs)
-
-    -   SeRestorePrivilege (Restore files and directories)
-
-    -   SeSecurityPrivilege (Manage auditing and security log)
-
-    -   SeTakeOwnership Privilege (Take ownership of files or other objects)
-
-     
-
--   **Specify the /c option and &lt;ErrorControl&gt; settings in the Config.xml file.** USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **&lt;ErrorControl&gt;** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
-
--   **Install applications before running the LoadState command.** Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
+-  **Install applications before running the LoadState command.**<BR>
+    Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
 
 ## <a href="" id="bkmk-3"></a>Hard-Disk Requirements
 
@@ -146,21 +133,16 @@ Ensure that there is enough available space in the migration-store location and
 This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following:
 
 -   The navigation and hierarchy of the Windows registry.
-
 -   The files and file types that applications use.
-
 -   The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software vendors.
-
 -   XML-authoring basics.
 
 ## Related topics
 
 
-[Plan Your Migration](usmt-plan-your-migration.md)
-
-[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)
-
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+[Plan Your Migration](usmt-plan-your-migration.md)<BR>
+[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)<BR>
+[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)<BR>
 
  
 

windows/deploy/windows-10-poc-mdt.md

@@ -0,0 +1,646 @@
+---
+title: Step by step - Deploy Windows 10 in a test lab using MDT
+description: Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT)
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+
+# Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit
+
+**Applies to**
+
+-   Windows 10
+
+**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide: 
+- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
+
+Please complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide:
+- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
+
+The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
+- **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
+- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
+- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been shadow-copied from a physical computer on your corporate network.
+
+>This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work.
+
+## In this guide
+
+This guide provides instructions to install and configure the Microsoft Deployment Toolkit (MDT) to deploy a Windows 10 image.
+
+Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
+
+<div style='font-size:9.0pt'>
+
+<TABLE border=1 cellspacing=0 cellpadding=0>
+<TR><TD BGCOLOR="#a0e4fa"><B>Topic</B><TD BGCOLOR="#a0e4fa"><B>Description</B><TD BGCOLOR="#a0e4fa"><B>Time</B>
+
+<TR><TD>[About MDT](#about-mdt)<TD>A high-level overview of the Microsoft Deployment Toolkit (MDT).<TD>Informational
+<TR><TD>[Install MDT](#install-mdt)<TD>Download and install MDT.<TD>40 minutes
+<TR><TD>[Create a deployment share and reference image](#create-a-deployment-share-and-reference-image)<TD>A reference image is created to serve as the template for deploying new images.<TD>90 minutes
+<TR><TD>[Deploy a Windows 10 image using MDT](#deploy-a-windows-10-image-using-mdt)<TD>The reference image is deployed in the PoC environment.<TD>60 minutes
+<TR><TD>[Refresh a computer with Windows 10](#refresh-a-computer-with-windows-10)<TD>Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.<TD>60 minutes
+<TR><TD>[Replace a computer with Windows 10](#replace-a-computer-with-windows-10)<TD>Back up an existing client computer, then restore this backup to a new computer.<TD>60 minutes
+<TR><TD>[Troubleshooting logs, events, and utilities](#troubleshooting-logs-events-and-utilities)<TD>Log locations and troubleshooting hints.<TD>Informational
+</TABLE>
+
+</div>
+
+## About MDT
+
+MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch Installation (ZTI), and User-Driven Installation (UDI) deployment methods. 
+- LTI is the deployment method used in the current guide, requiring only MDT and performed with a minimum amount of user interaction.
+- ZTI is fully automated, requiring no user interaction and is performed using MDT and System Center Configuration Manager. After completing the steps in the current guide, see [Step by step: Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) to use the ZTI deployment method in the PoC environment.
+- UDI requires manual intervention to respond to installation prompts such as machine name, password and language settings. UDI requires MDT and System Center Configuration Manager. 
+
+## Install MDT
+
+1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
+
+    ```
+    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
+    Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
+    Stop-Process -Name Explorer
+    ```
+2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/en-us/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443.
+
+3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1607. Installation might require several minutes to acquire all components.
+
+3. If desired, re-enable IE Enhanced Security Configuration:
+
+    ```
+    Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1
+    Stop-Process -Name Explorer
+    ```
+
+## Create a deployment share and reference image
+
+A reference image serves as the foundation for Windows 10 devices in your organization.
+
+1. In [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md), the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1.  To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command:
+
+    ```
+    Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
+    ```
+2. On SRV1, verify that the Windows Enterprise installation DVD is mounted as drive letter D.
+
+3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**.
+
+4. To enable quick access to the application, right-click **Deployment Workbench** on the taskbar and then click **Pin this program to the taskbar**.
+
+5. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
+
+6. Use the following settings for the New Deployment Share Wizard:
+    - Deployment share path: **C:\MDTBuildLab**<BR>
+    - Share name: **MDTBuildLab$**<BR>
+    - Deployment share description: **MDT build lab**<BR>
+    - Options: click **Next** to accept the default<BR>
+    - Summary: click **Next**<BR>
+    - Progress: settings will be applied<BR>
+    - Confirmation: click **Finish**
+
+
+7. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
+
+8. Right-click the **Operating Systems** node, and then click **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**.
+
+9. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+
+10. Use the following settings for the Import Operating System Wizard: 
+    - OS Type: **Full set of source files**<BR>
+    - Source: **D:\\** <BR>
+    - Destination: **W10Ent_x64**<BR>
+    - Summary: click **Next**
+    - Progress: wait for files to be copied
+    - Confirmation: click **Finish**
+
+    >For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](https://technet.microsoft.com/en-us/itpro/windows/deploy/create-a-windows-10-reference-image#sec03) section of the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic in the TechNet library.
+
+11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+    - Task sequence ID: **REFW10X64-001**<BR>
+    - Task sequence name: **Windows 10 Enterprise x64 Default Image** <BR>
+    - Task sequence comments: **Reference Build**<BR>
+    - Template: **Standard Client Task Sequence**
+    - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
+    - Specify Product Key: **Do not specify a product key at this time**
+    - Full Name: **Contoso**
+    - Organization: **Contoso**
+    - Internet Explorer home page: **http://www.contoso.com**
+    - Admin Password: **Do not specify an Administrator password at this time**
+    - Summary: click **Next**
+    - Confirmation: click **Finish**
+
+
+12. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
+
+13. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**.
+
+14. On the Properties tab of the group that was created in the previous step, change the Name from **New Group** to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. Click another location in the window to see the name change.
+
+15. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**.
+
+16. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**.
+
+17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
+    
+    >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
+
+18. Click **OK** to complete editing the task sequence.
+
+19. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click **MDT build lab (C:\MDTBuildLab)** and click **Properties**, and then click the **Rules** tab.
+
+20. Replace the default rules with the following text:
+
+    ```
+    [Settings]
+    Priority=Default
+
+    [Default]
+    _SMSTSORGNAME=Contoso
+    UserDataLocation=NONE
+    DoCapture=YES
+    OSInstall=Y
+    AdminPassword=pass@word1
+    TimeZoneName=Pacific Standard Time
+    OSDComputername=#Left("PC-%SerialNumber%",7)#
+    JoinWorkgroup=WORKGROUP
+    HideShell=YES
+    FinishAction=SHUTDOWN
+    DoNotCreateExtraPartition=YES
+    ApplyGPOPack=NO
+    SkipAdminPassword=YES
+    SkipProductKey=YES
+    SkipComputerName=YES
+    SkipDomainMembership=YES
+    SkipUserData=YES
+    SkipLocaleSelection=YES
+    SkipTaskSequence=NO
+    SkipTimeZone=YES
+    SkipApplications=YES
+    SkipBitLocker=YES
+    SkipSummary=YES
+    SkipRoles=YES
+    SkipCapture=NO
+    SkipFinalSummary=NO
+    ```
+
+21. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
+
+    ```
+    [Settings]
+    Priority=Default
+
+    [Default]
+    DeployRoot=\\SRV1\MDTBuildLab$
+    UserDomain=CONTOSO
+    UserID=MDT_BA
+    UserPassword=pass@word1
+    SkipBDDWelcome=YES
+    ```
+
+22. Click **OK** to complete the configuration of the deployment share.
+
+23. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**.
+
+24. Accept all default values in the Update Deployment Share Wizard by clicking **Next** twice.  The update process will take 5 to 10 minutes. When it has completed, click **Finish**.
+
+25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
+
+    >Hint: To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
+
+26. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands:
+
+    <div style='font-size:8.0pt'>
+    <pre style="overflow-y: visible">
+
+    New-VM REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
+    Set-VMMemory REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
+    Set-VMDvdDrive REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
+    Start-VM REFW10X64-001
+    vmconnect localhost REFW10X64-001
+	</pre>
+    </div>
+    
+    The VM will require a few minutes to prepare devices and boot from the LiteTouchPE_x86.iso file. 
+
+27. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**.
+
+28. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes, and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated.
+
+	Additional system restarts will occur to complete updating and preparing the operating system. Setup will complete the following procedures:
+
+	- Install the Windows 10 Enterprise operating system.
+	- Install added applications, roles, and features.
+	- Update the operating system using Windows Update (or WSUS if optionally specified).
+	- Stage Windows PE on the local disk.
+	- Run System Preparation (Sysprep) and reboot into Windows PE.
+	- Capture the installation to a Windows Imaging (WIM) file.
+	- Turn off the virtual machine.<BR><BR>
+
+    This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server (SRV1). The file name is **REFW10X64-001.wim**.
+
+## Deploy a Windows 10 image using MDT
+
+This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT.
+
+1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then click **New Deployment Share**. Use the following values in the New Deployment Share Wizard:
+     - **Deployment share path**: C:\MDTProd
+     - **Share name**: MDTProd$
+     - **Deployment share description**: MDT Production
+     - **Options**: accept the default
+
+
+2. Click **Next**, verify the new deployment share was added successfully, then click **Finish**.
+
+3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values.
+
+4. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+
+5. On the **OS Type** page, choose **Custom image file** and then click **Next**.
+
+6. On the Image page, browse to the **C:\MDTBuildLab\Captures\REFW10X64-001.wim** file created in the previous procedure, click **Open**, and then click **Next**.
+
+7. On the Setup page, select **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path**. 
+
+8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** click **OK** and then click **Next**.
+
+9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, click **Next** twice, wait for the import process to complete, and then click **Finish**.
+
+10. In the **Operating Systems** > **Windows 10** node, double-click the operating system that was added to view its properties. Change the operating system name to **Windows 10 Enterprise x64 Custom Image** and then click **OK**. See the following example:
+
+    ![custom image](images/image.png)
+
+
+### Create the deployment task sequence
+
+1. Using the Deployment Workbench, right-click **Task Sequences** under the **MDT Production** node, click **New Folder** and create a folder with the name: **Windows 10**.
+
+2. Right-click the **Windows 10** folder created in the previous step, and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+    - Task sequence ID: W10-X64-001
+    - Task sequence name: Windows 10 Enterprise x64 Custom Image
+    - Task sequence comments: Production Image
+    - Select Template: Standard Client Task Sequence
+    - Select OS: Windows 10 Enterprise x64 Custom Image
+    - Specify Product Key: Do not specify a product key at this time
+    - Full Name: Contoso
+    - Organization: Contoso
+    - Internet Explorer home page: http://www.contoso.com
+    - Admin Password: pass@word1 
+    
+### Configure the MDT production deployment share
+
+1. On SRV1, open an elevated Windows PowerShell prompt and type the following commands:
+
+    ```
+    copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force
+    copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force
+    ``` 
+2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then click **Properties**.
+
+3. Click the **Rules** tab and replace the rules with the following text (don't click OK yet):
+
+    ```
+    [Settings]
+    Priority=Default
+    
+    [Default]
+    _SMSTSORGNAME=Contoso
+    OSInstall=YES
+    UserDataLocation=AUTO
+    TimeZoneName=Pacific Standard Time
+    OSDComputername=#Left("PC-%SerialNumber%",7)#
+    AdminPassword=pass@word1
+    JoinDomain=contoso.com
+    DomainAdmin=administrator
+    DomainAdminDomain=CONTOSO
+    DomainAdminPassword=pass@word1
+    ScanStateArgs=/ue:*\* /ui:CONTOSO\*
+    USMTMigFiles001=MigApp.xml
+    USMTMigFiles002=MigUser.xml
+    HideShell=YES
+    ApplyGPOPack=NO
+    SkipAppsOnUpgrade=NO
+    SkipAdminPassword=YES
+    SkipProductKey=YES
+    SkipComputerName=YES
+    SkipDomainMembership=YES
+    SkipUserData=YES
+    SkipLocaleSelection=YES
+    SkipTaskSequence=NO
+    SkipTimeZone=YES
+    SkipApplications=NO
+    SkipBitLocker=YES
+    SkipSummary=YES
+    SkipCapture=YES
+    SkipFinalSummary=NO
+    EventService=http://SRV1:9800
+    ```
+    **Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini.
+    
+    >In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified.
+
+    If desired, edit the follow line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (ue) all users except for CONTOSO users specified by the user include option (ui):
+    
+    ```
+    ScanStateArgs=/ue:*\* /ui:CONTOSO\*
+    ```
+
+    For example, to migrate **all** users on the computer, replace this line with the following:
+
+    ```
+    ScanStateArgs=/all
+    ```   
+
+    For more information, see [ScanState Syntax](https://technet.microsoft.com/library/cc749015.aspx).
+
+4. Click **Edit Bootstap.ini** and replace text in the file with the following text:
+
+    ```
+    [Settings]
+    Priority=Default
+    
+    [Default]
+    DeployRoot=\\SRV1\MDTProd$
+    UserDomain=CONTOSO
+    UserID=MDT_BA
+    UserPassword=pass@word1
+    SkipBDDWelcome=YES
+    ```
+5. Click **OK** when finished. 
+
+### Update the deployment share
+
+1. Right-click the **MDT Production** deployment share and then click **Update Deployment Share**.
+
+2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete.
+
+3. Click **Finish** when the update is complete.
+
+### Enable deployment monitoring
+
+1. In the Deployment Workbench console, right-click **MDT Production** and then click **Properties**.
+
+2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**.
+
+3. Verify the monitoring service is working as expected by opening the following link on SRV1 in Internet Explorer: [http://localhost:9800/MDTMonitorEvent/](http://localhost:9800/MDTMonitorEvent/). If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](https://blogs.technet.microsoft.com/mniehaus/2012/05/10/troubleshooting-mdt-2012-monitoring/).
+
+4. Close Internet Explorer.
+
+### Configure Windows Deployment Services
+
+1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1:
+
+    ```
+    WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall"
+    WDSUTIL /Set-Server /AnswerClients:All
+    ```
+
+2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**.
+
+3. In the Windows Deployment Services console, expand **Servers**, expand **SRV1.contoso.com**, right-click **Boot Images**, and then click **Add Boot Image**.
+
+4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, click **Next**, and accept the defaults in the Add Image Wizard. Click **Finish** to complete adding a boot image.
+
+### Deploy the client image
+
+1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway. 
+
+    >**Note**: Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress**
+    
+    Assuming the external interface is named "Ethernet 2", to disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command:
+
+    ```
+    Disable-NetAdapter "Ethernet 2" -Confirm:$false
+    ```
+
+    >Wait until the disable-netadapter command completes before proceeding.
+
+
+2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt:
+
+    ```
+    New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+    Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20
+    ```
+
+    >Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle.
+
+3. Start the new VM and connect to it:
+
+    ```
+    Start-VM PC2
+    vmconnect localhost PC2
+    ```
+4. When prompted, hit ENTER to start the network boot process.
+
+5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+
+6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command:
+
+    ```
+    Enable-NetAdapter "Ethernet 2"
+    ```
+7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. Right-click **Monitoring** and click **Refresh** if no data is displayed.
+8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes.  When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator.
+    
+    ![finish](images/deploy-finish.png)
+
+
+This completes the demonstration of how to deploy a reference image to the network. To conserve resources, turn off the PC2 VM before starting the next section.
+
+## Refresh a computer with Windows 10
+
+This section will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). 
+
+1. If the PC1 VM is not already running, then start and connect to it:
+    
+    ```
+    Start-VM PC1
+    vmconnect localhost PC1
+    ```
+
+2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios.  Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    Checkpoint-VM -Name PC1 -SnapshotName BeginState
+    ```
+
+3. Sign on to PC1 using the CONTOSO\Administrator account.
+
+    >Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
+
+4. Open an elevated command prompt on PC1 and type the following:
+
+    ```
+    cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
+    ```
+
+    **Note**: Litetouch.vbs must be able to create the C:\MININT directory on the local computer.
+
+5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+
+6. Choose **Do not back up the existing computer** and click **Next**.
+
+    **Note**: The USMT will still back up the computer.
+
+7. Lite Touch Installation will perform the following actions:
+    - Back up user settings and data using USMT.
+    - Install the Windows 10 Enterprise X64 operating system.
+    - Update the operating system via Windows Update.
+    - Restore user settings and data using USMT.
+
+    You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings.
+
+8. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system, or other user accounts as specified [previously](#configure-the-mdt-production-deployment-share).
+
+9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    Checkpoint-VM -Name PC1 -SnapshotName RefreshState
+    ```
+
+10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false
+    Start-VM PC1
+    vmconnect localhost PC1
+    ```
+    
+11. Sign in to PC1 using the contoso\administrator account.
+
+## Replace a computer with Windows 10
+
+At a high level, the computer replace process consists of:<BR>
+- A special replace task sequence that runs the USMT backup and an optional full Window Imaging (WIM) backup.<BR>
+- A standard OS deployment on a new computer. At the end of the deployment, the USMT backup from the old computer is restored.
+
+### Create a backup-only task sequence
+
+1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**.
+2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share.
+3. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
+
+    ```
+    New-Item -Path C:\MigData -ItemType directory
+    New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE
+    icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)'
+    ```
+4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**.
+5. Name the new folder **Other**, and complete the wizard using default options.
+6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard:
+    - **Task sequence ID**: REPLACE-001
+    - **Task sequence name**: Backup Only Task Sequence
+    - **Task sequence comments**: Run USMT to back up user data and settings
+    - **Template**: Standard Client Replace Task Sequence (note: this is not the default template)
+7. Accept defaults for the rest of the wizard and then click **Finish**. The replace task sequence will skip OS selection and settings.
+8. Open the new task sequence that was created and review it. Note the type of capture and backup tasks that are present. Click **OK** when you are finished reviewing the task sequence.
+
+### Run the backup-only task sequence
+
+1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt:
+
+    ```
+    whoami
+    ```
+2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt on PC1:
+
+    ```
+    Remove-Item c:\minint -recurse
+    Remove-Item c:\_SMSTaskSequence -recurse
+    Restart-Computer
+    ```
+2. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt:
+
+    ```
+    cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
+    ```
+3. Complete the deployment wizard using the following:
+    - **Task Sequence**: Backup Only Task Sequence
+    - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1**
+    - **Computer Backup**: Do not back up the existing computer.
+4. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks.  
+5. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete.
+6. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example:
+
+    ```
+    PS C:\> dir C:\MigData\PC1\USMT
+
+        Directory: C:\MigData\PC1\USMT
+
+    Mode                LastWriteTime     Length Name
+    ----                -------------     ------ ----
+    -a---          9/6/2016  11:34 AM   14248685 USMT.MIG
+    ```
+### Deploy PC3 
+
+1. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt:
+
+    ```
+    New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+    Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
+    ```
+2. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+    ```
+    Disable-NetAdapter "Ethernet 2" -Confirm:$false
+    ```
+
+    >As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
+
+
+3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    Start-VM PC3
+    vmconnect localhost PC3
+    ```
+
+4. When prompted, press ENTER for network boot.
+
+6. On PC3, use the following settings for the Windows Deployment Wizard:
+    - **Task Sequence**: Windows 10 Enterprise x64 Custom Image
+    - **Move Data and Settings**: Do not move user data and settings
+    - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1**
+
+5. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
+
+    ```
+    Enable-NetAdapter "Ethernet 2"
+    ```
+7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1.
+
+8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**.
+
+9. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
+
+10. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure.
+
+## Troubleshooting logs, events, and utilities
+
+Deployment logs are available on the client computer in the following locations:
+- Before the image is applied: X:\MININT\SMSOSD\OSDLOGS
+- After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS
+- After deployment: %WINDIR%\TEMP\DeploymentLogs
+
+You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**.
+
+Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/en-us/download/details.aspx?id=50012)
+
+Also see [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information.
+
+## Related Topics
+
+[Microsoft Deployment Toolkit](https://technet.microsoft.com/en-US/windows/dn475741)<BR>
+[Prepare for deployment with MDT 2013](prepare-for-windows-deployment-with-mdt-2013.md)
+
+ 
+
+
+
+
+

windows/index.md

@@ -3,6 +3,7 @@ title: Windows 10 and Windows 10 Mobile (Windows 10)
 description: This library provides the core content that IT pros need to evaluate, plan, deploy, and manage devices running Windows 10 or Windows 10 Mobile.
 ms.assetid: 345A4B4E-BC1B-4F5C-9E90-58E647D11C60
 ms.prod: w10
+localizationpriority: high
 author: brianlic-msft
 ---
 

windows/keep-secure/TOC.md

@@ -1,14 +1,15 @@
 # [Keep Windows 10 secure](index.md)
 ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-## [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
-### [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
-### [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md)
-### [Why a PIN is better than a password](why-a-pin-is-better-than-a-password.md)
-### [Prepare people to use Windows Hello](prepare-people-to-use-microsoft-passport.md)
-### [Windows Hello and password changes](microsoft-passport-and-password-changes.md)
-### [Windows Hello errors during PIN creation](microsoft-passport-errors-during-pin-creation.md)
-### [Event ID 300 - Windows Hello successfully created](passport-event-300.md)
-### [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)
+## [Windows Hello for Business](hello-identity-verification.md)
+### [How Windows Hello for Business works](hello-how-it-works.md)
+### [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
+### [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
+### [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
+### [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
+### [Windows Hello and password changes](hello-and-password-changes.md)
+### [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
+### [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
+### [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
 ## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md)
 ## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
 ## [Device Guard deployment guide](device-guard-deployment-guide.md)
@@ -31,6 +32,7 @@
 ##### [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md)
 #### [Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md)
 #### [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md)
+#### [Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md)
 ### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md)
 ### [Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md)
 ### [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)
@@ -196,7 +198,7 @@
 ###### [Monitor claim types](monitor-claim-types.md)
 ##### [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
 ###### [Audit Credential Validation](audit-credential-validation.md)
-####### [Event 4774 S: An account was mapped for logon.](event-4774.md)
+####### [Event 4774 S, F: An account was mapped for logon.](event-4774.md)
 ####### [Event 4775 F: An account could not be mapped for logon.](event-4775.md)
 ####### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](event-4776.md)
 ####### [Event 4777 F: The domain controller failed to validate the credentials for an account.](event-4777.md)
@@ -720,6 +722,7 @@
 #### [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md)
 ### [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
 #### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
+#### [Preview features](preview-windows-defender-advanced-threat-protection.md)
 #### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
 #### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
 #### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md)
@@ -733,22 +736,61 @@
 ##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
-##### [View the  Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 ##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
 ##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+###### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
+###### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph)
+###### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline)
 ##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
 ##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
 ##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
+##### [View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+###### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
+###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
 ##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
-#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md)
+##### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
+###### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+####### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+####### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
+####### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
+####### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+###### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
+####### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+####### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+####### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+####### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+####### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+######## [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+######## [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+######## [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
 #### [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
 ##### [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
 ##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
 ##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
 ##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-#### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
+##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
+##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+#### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
+##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
+#### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
+##### [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
+##### [Turn on preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
+#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md)
 #### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
 #### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
 #### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md)
@@ -873,7 +915,6 @@
 ###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
 ## [Enterprise security guides](windows-10-enterprise-security-guides.md)
 ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
-### [Microsoft Passport guide](microsoft-passport-guide.md)
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 ### [Windows 10 security overview](windows-10-security-guide.md)
 ### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)

windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md

@@ -0,0 +1,30 @@
+---
+title: Turn on advanced features in Windows Defender Advanced Threat Protection
+description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
+keywords: advanced features, preferences setup, block file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+# Turn on advanced features in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+1. In the navigation pane, select **Preferences setup** > **Advanced features**.
+2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**.
+3. Click **Save preferences**.
+
+## Related topics
+- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
+- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
+- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)

windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md

@@ -21,55 +21,99 @@ localizationpriority: high
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-As a security operations team member, you can manage Windows Defender ATP alerts as part of your routine activities. Alerts will appear in queues according to their current status.
+The **Alerts queue** shows a list of alerts that were flagged from endpoints in your network. Alerts are displayed in queues according to their current status. In any of the queues, you'll see details such as the severity of alerts and the number of machines where the alerts were seen.
+
+Alerts are organized in queues by their workflow status or assignment:
+
+- **New**
+- **In progress**
+- **Resolved**
+- **Assigned to me**
 
 To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
 
 > [!NOTE]
 > By default, the queues are sorted from newest to oldest.
 
-The following table and screenshot demonstrate the main areas of the **Alerts queue**.
+## Sort and filter the alerts
+You can sort and filter the alerts by using the available filters or clicking columns that allows you to sort the view in ascending or descending order.
 
-![Screenshot of the Dashboard showing the New Alerts list and navigation bar](images/alertsq2.png)
+![Alerts queue with numbers](images/alerts-queue-numbered.png)
 
 Highlighted area|Area name|Description
 :---|:---|:---
-(1)|**Alerts queue**| Select to show **New**, **In Progress**, or **Resolved alerts**
-(2)|Alerts|Each alert shows:<ul><li>The severity of an alert as a colored bar</li><li>A short description of the alert, including the name of the threat actor (in cases where the attribution is possible)</li><li>The last occurrence of the alert on any machine</li><li>The number of days the alert has been in the queue</li><li>The severity of the alert</li><li>The general category or type of alert, or the alert's kill-chain stage</li><li>The affected machine (if there are multiple machines, the number of affected machines will be shown)</li><li>A **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) that allows you to update the alert's status and add comments</li></ul>Clicking an alert expands to display more information about the threat and brings you to the date in the timeline when the alert was detected.
-(3)|Alerts sorting and filters | You can sort alerts by: <ul><li>**Newest** (when the threat was last seen on your network)</li><li>**Time in queue** (how long the threat has been in your queue)</li><li>**Severity**</li></ul>You can also filter the displayed alerts by:<ul><li>Severity</li><li>Time period</li></ul>See [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) for more details.
+1 | Alert filters | Filter the list of alerts by severity, detection source, time period, or change the view from flat to grouped.
+2 | Alert selected | Select an alert to bring up the **Alert management** to manage and see details about the alert.
+3 | Alert management pane | View and manage alerts without leaving the alerts queue view.
 
-##Sort and filter the Alerts queue
-You can filter and sort (or "pivot") the Alerts queue to identify specific alerts based on certain criteria.
-There are three mechanisms to pivot the queue against:
+### Sort, filter, and group the alerts list
+You can use the following filters to limit the list of alerts displayed during an investigation:
 
-1. Sort the queue by opening the drop-down menu in the **Sort by** field and choosing:
+**Severity**</br>
 
-  - **Newest** - Sorts alerts based on when the alert was last seen on an endpoint.
-  - **Time in queue** - Sorts alerts by the length of time an alert has been in the queue.
-  - **Severity** - Sorts alerts by their level of severity.
+Alert severity | Description
+:---|:---
+High </br>(Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
+Medium </br>(Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
+Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
+Informational </br>(Grey) | Informational alerts are those that might not be considered harmful to the network but might be good to keep track of.
 
-2. Filter alerts by their **Severity** by opening the drop-down menu in the **Filter by** field and selecting one or more of the check boxes:
+Reviewing the various alerts and their severity can help you decide on the appropriate action to protect your organization's endpoints.
 
-  - High (Red) - Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
-  - Medium (Orange) - Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
-  - Low (Yellow) - Threats associated with prevalent malware and hack-tools that do not appear to indicate an advanced threat targeting the organization.
+**Detection source**</br>
+- Windows Defender AV
+- Windows Defender ATP
 
-3. Limit the queue to see alerts from various set periods by clicking the drop-down menu in the date range field (by default, this is selected as **6 months**):
+>[!NOTE]
+>The Windows Defender AV filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product.
 
-  - **1 day**
-  - **3 days**
-  - **7 days**
-  - **30 days**
-  - **6 months**
+**Time period**</br>
+- 1 day
+- 3 days
+- 7 days
+- 30 days
+- 6 months
 
-  > [!NOTE]
-  > You can change the sort order (for example, from most recent to least recent) by clicking the sort order icon ![the sort order icon looks like two arrows on top of each other](images/sort-order-icon.png)
+**View**</br>
+- **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top.
+- **Grouped view** - Groups alerts by alert ID, file hash, malware family, or other attribute to enable more efficient alert triage and management. Alert grouping reduces the number of rows in the queue by aggregating alerts together.
 
-### Related topics
+The group view allows for efficient alert triage and management.
+
+### Use the Alert management pane
+Selecting an alert brings up the **Alert management** pane where you can manage and see details about the alert.
+
+You can take immediate action on an alert and see details about an alert in the **Alert management** pane:
+
+- Change the status of an alert from new, to in progress, or resolved.
+- Specify the alert classification from true alert or false alert.
+  Selecting true alert displays the **Determination** drop-down list to provide additional information about the true alert:
+    - APT
+    - Malware
+    - Security personnel
+    - Security testing
+    - Unwanted software
+    - Other
+- Assign the alert to yourself if the alert is not yet assigned.
+- View related activity on the machine.
+- Add and view comments about the alert.
+
+>[!NOTE]
+>You can also access the **Alert management** pane from the machine details view by selecting an alert in the **Alerts related to this machine** section.
+
+### Bulk edit alerts
+Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together, which allows resolving multiple similar alerts in one action.
+
+![Alerts queue bulk edit](images/alerts-q-bulk.png)
+
+## Related topics
 - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
 - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)

windows/keep-secure/app-behavior-with-wip.md

@@ -38,8 +38,8 @@ This table includes info about how unenlightened apps might behave, based on you
    </tr>
    <tr>
         <th>&nbsp;</th>
-        <th align="center">Name-based policies, without the <code>/*AppCompat*/</code> string</th>
-        <th align="center">Name-based policies, using the <code>/*AppCompat*/</code> string or proxy-based policies</th>
+        <th align="center">Name-based policies, without the /&#42;AppCompat&#42;/ string</th>
+        <th align="center">Name-based policies, using the /&#42;AppCompat&#42;/ string or proxy-based policies</th>
     </tr>
    <tr align="left">
      <td><strong>Not required.</strong> App connects to enterprise cloud resources directly, using an IP address.</td>
@@ -96,7 +96,7 @@ This table includes info about how enlightened apps might behave, based on your
 <table>
    <tr>
      <th>App rule setting</th>
-     <th>Networking policy configuration for name-based policies, possibly using the <code>/*AppCompat*/</code> string, or proxy-based policies</th>
+     <th>Networking policy configuration for name-based policies, possibly using the /&#42;AppCompat&#42;/ string, or proxy-based policies</th>
    </tr>
     <tr>
         <td><strong>Not required.</strong> App connects to enterprise cloud resources, using an IP address or a hostname.</td>

windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md

@@ -1,5 +1,5 @@
 ---
-title: Assign user access to the Windows Defender Advanced Threat Protection portal
+title: Assign user access to the Windows Defender ATP portal
 description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh

windows/keep-secure/audit-credential-validation.md

@@ -42,7 +42,7 @@ The main reason to enable this auditing subcategory is to handle local accounts
 
 **Events List:**
 
--   [4774](event-4774.md)(S): An account was mapped for logon.
+-   [4774](event-4774.md)(S, F): An account was mapped for logon.
 
 -   [4775](event-4775.md)(F): An account could not be mapped for logon.
 

windows/keep-secure/bitlocker-countermeasures.md

@@ -23,9 +23,9 @@ The sections that follow provide more detailed information about the different t
 
 ### Protection before startup
 
-Before Windows starts, you must rely on security features implemented as part of the device hardware, including TPM andSecure Boot. Fortunately, many modern computers feature TPM.
+Before Windows starts, you must rely on security features implemented as part of the device hardware, including TPM and Secure Boot. Fortunately, many modern computers feature TPM.
 
-**Trusted Platform Module**
+#### Trusted Platform Module
 
 Software alone isn’t sufficient to protect a system. After an attacker has compromised software, the software might be unable to detect the compromise. Therefore, a single successful software compromise results in an untrusted system that might never be detected. Hardware, however, is much more difficult to modify.
 
@@ -33,7 +33,7 @@ A TPM is a microchip designed to provide basic security-related functions, prima
 By binding the BitLocker encryption key with the TPM and properly configuring the device, it’s nearly impossible for an attacker to gain access to the BitLocker-encrypted data without obtaining an authorized user’s credentials. Therefore, computers with a TPM can provide a high level of protection against attacks that attempt to directly retrieve the BitLocker encryption key.
 For more info about TPM, see [Trusted Platform Module](trusted-platform-module-overview.md).
 
-**UEFI and Secure Boot**
+#### UEFI and Secure Boot
 
 No operating system can protect a device when the operating system is offline. For that reason, Microsoft worked closely with hardware vendors to require firmware-level protection against boot and rootkits that might compromise an encryption solution’s encryption keys.
 
@@ -53,7 +53,7 @@ Using the digital signature, UEFI verifies that the bootloader was signed using
 
 If the bootloader passes these two tests, UEFI knows that the bootloader isn’t a bootkit and starts it. At this point, Trusted Boot takes over, and the Windows bootloader, using the same cryptographic technologies that UEFI used to verify the bootloader, then verifies that the Windows system files haven’t been changed.
 
-All Windows 8–certified devices must meet several requirements related to UEFI-based Secure Boot:
+Starting with Windows 8, certified devices must meet several requirements related to UEFI-based Secure Boot:
 
 -   They must have Secure Boot enabled by default.
 -   They must trust Microsoft’s certificate (and thus any bootloader Microsoft has signed).
@@ -115,7 +115,11 @@ Windows 10 uses Trusted Boot on any hardware platform: It requires neither UEFI
 
 Because UEFI-based Secure Boot has protected the bootloader and Trusted Boot has protected the Windows kernel or other Windows startup components, the next opportunity for malware to start is by infecting a non-Microsoft boot-related driver. Traditional antimalware apps don’t start until after the boot-related drivers have been loaded, giving a rootkit disguised as a driver the opportunity to work.
 
-The purpose of ELAM is to load an antimalware driver before drivers that are flagged as boot-start can be executed. This approach provides the ability for an antimalware driver to register as a trusted boot-critical driver. It is launched during the Trusted Boot process, and with that, Windows ensures that it is loaded before any other non-Microsoft software.
+Early Launch Antimalware (ELAM) is designed to enable the antimalware solution to start before all non-Microsoft drivers and apps. ELAM checks the integrity of non-Microsoft drivers to determine whether the drivers are trustworthy. Because Windows needs to start as fast as possible, ELAM cannot be a complicated process of checking the driver files against known malware signatures. Instead, ELAM has the simple task of examining every boot driver and determining whether it is on the list of trusted drivers. If malware modifies a boot-related driver, ELAM will detect the change, and Windows will prevent the driver from starting, thus blocking driver-based rootkits. ELAM also allows the registered antimalware provider to scan drivers that are loaded after the boot process is complete.
+
+Windows Defender in Windows 10 supports ELAM, as do Microsoft System Center 2012 Endpoint Protection and non-Microsoft antimalware apps.
+
+To do this, ELAM loads an antimalware driver before drivers that are flagged as boot-start can be executed. This approach provides the ability for an antimalware driver to register as a trusted boot-critical driver. It is launched during the Trusted Boot process, and with that, Windows ensures that it is loaded before any other non-Microsoft software.
 
 With this solution in place, boot drivers are initialized based on the classification that the ELAM driver returns according to an initialization policy. IT pros have the ability to change this policy through Group Policy.
 ELAM classifies drivers as follows:

windows/keep-secure/bitlocker-group-policy-settings.md

@@ -32,6 +32,7 @@ The following sections provide a comprehensive list of BitLocker Group Policy se
 
 The following policy settings can be used to determine how a BitLocker-protected drive can be unlocked.
 
+-   [Allow devices with Secure Boot and protect DMS ports to opt out of preboot PIN](#bkmk-hstioptout)
 -   [Allow network unlock at startup](#bkmk-netunlock)
 -   [Require additional authentication at startup](#bkmk-unlockpol1)
 -   [Allow enhanced PINs for startup](#bkmk-unlockpol2)
@@ -85,6 +86,55 @@ The following policies are used to support customized deployment scenarios in yo
 -   [Allow access to BitLocker-protected fixed data drives from earlier versions of Windows](#bkmk-depopt4)
 -   [Allow access to BitLocker-protected removable data drives from earlier versions of Windows](#bkmk-depopt5)
 
+### <a href="" id="bkmk-hstioptout"></a>Allow devices with Secure Boot and protect DMS ports to opt out of preboot PIN
+
+This policy setting allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication.
+ 
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p>With this policy setting, you can allow TPM-only protection for newer, more secure devices, such as devices that support InstantGo or HSTI, while requiring PIN on older devices.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p>Windows 10, version 1703</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p>Operating system drives</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p>This setting overrides the <b>Require startup PIN with TPM</b> option of the [Require additional authentication at startup](#bkmk-unlockpol1) policy on compliant hardware. 
+
+</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p>Users on InstantGo and HSTI compliant devices will have the choice to turn on BitLocker without preboot authentication.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p>The options of the [Require additional authentication at startup](#bkmk-unlockpol1) policy apply.</p></td>
+</tr>
+</tbody>
+</table>
+ 
+**Reference**
+
+The preboot authentication option <b>Require startup PIN with TPM</b> of the [Require additional authentication at startup](#bkmk-unlockpol1) policy is often enabled to help ensure security for older devices that do not support InstantGo. 
+But visually impaired users have no audible way to know when to enter a PIN. 
+This setting enables an exception to the PIN-required policy on secure hardware. 
+
 ### <a href="" id="bkmk-netunlock"></a>Allow network unlock at startup
 
 This policy controls a portion of the behavior of the Network Unlock feature in BitLocker. This policy is required to enable BitLocker Network Unlock on a network because it allows clients running BitLocker to create the necessary network key protector during encryption. This policy is used in addition to the BitLocker Drive Encryption Network Unlock Certificate security policy (located in the **Public Key Policies** folder of Local Computer Policy) to allow systems that are connected to a trusted network to properly utilize the Network Unlock feature.

windows/keep-secure/bitlocker-overview.md

@@ -42,7 +42,7 @@ BitLocker control panel, and they are appropriate to use for automated deploymen
 
 ## <a href="" id="bkmk-new"></a>New and changed functionality
 
-To find out what's new in BitLocker for Windows 10, see the [BitLocker](https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bitlocker) section in "What's new in Windows 10, versions 1507 and 1511."
+To find out what's new in BitLocker for Windows 10, such as support for the XTS-AES encryption algorithm, see the [BitLocker](https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bitlocker) section in "What's new in Windows 10, versions 1507 and 1511."
  
 ## System requirements
 

windows/keep-secure/change-history-for-keep-windows-10-secure.md

@@ -12,11 +12,22 @@ author: brianlic-msft
 # Change history for Keep Windows 10 secure
 This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+
+## March 2017
+|New or changed topic |Description |
+|---------------------|------------|
+|[Protect derived domain credentials with Credential Guard](credential-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
+|[Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
+
+
 ## January 2017
 |New or changed topic |Description |
 |---------------------|------------|
+|[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |New |
+|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Updated to include info about USB drives and Azure RMS (Windows Insider Program only) and to add more info about Work Folders and Offline files. |
 |[Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](recommended-network-definitions-for-wip.md) |New |
 |[Using Outlook Web Access with Windows Information Protection (WIP)](using-owa-with-wip.md) |New |
+| Microsoft Passport guide | Content merged into [Windows Hello for Business](hello-identity-verification.md) topics |
 
 ## December 2016
 |New or changed topic |Description |
@@ -24,6 +35,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |[Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md) |Added filter examples for Windows 10 and Windows Server 2016. |
 
 
+
 ## November 2016
 | New or changed topic | Description |
 | --- | --- |
@@ -31,6 +43,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) |Changed WIPModeID to EDPModeID, to match the CSP. |
 
 
+
 ## October 2016
 
 | New or changed topic | Description |
@@ -42,6 +55,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |[VPN technical guide](vpn-guide.md) | Multiple new topics, replacing previous **VPN profile options** topic |
 |[Windows security baselines](windows-security-baselines.md) | Added Windows 10, version 1607 and Windows Server 2016 baseline |
 
+
 ## September 2016
 
 | New or changed topic | Description |

windows/keep-secure/change-the-tpm-owner-password.md

@@ -44,10 +44,7 @@ To change to a new TPM owner password, in TPM.msc, click **Change Owner Password
 
 ## Use the TPM cmdlets
 
-If you are using Windows PowerShell to manage your computers, you can also manage the TPM by using Windows PowerShell. To install the TPM cmdlets, type the following command:
-**dism /online /enable-feature /FeatureName:tpm-psh-cmdlets**
-
-For details about the individual cmdlets, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
+You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
 
 ## Related topics