update from master

windows/manage/.vscode/settings.json

@@ -0,0 +1,3 @@
+// Place your settings in this file to overwrite default and user settings.
+{
+}

windows/manage/TOC.md

@@ -20,6 +20,9 @@
 ### [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 ### [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 ### [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md)
+### [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md)
+#### [Get started with Update Compliance](update-compliance-get-started.md)
+#### [Use Update Compliance](update-compliance-using.md)
 ### [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
 #### [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 #### [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
@@ -159,6 +162,7 @@
 ### [Troubleshooting App-V](appv-troubleshooting.md)
 ### [Technical Reference for App-V](appv-technical-reference.md)
 #### [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
+
 #### [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
 #### [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
 #### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
@@ -218,4 +222,5 @@
 #### [Update Windows Store for Business account settings](update-windows-store-for-business-account-settings.md)
 #### [Manage user accounts in Windows Store for Business](manage-users-and-groups-windows-store-for-business.md)
 ### [Troubleshoot Windows Store for Business](troubleshoot-windows-store-for-business.md)
+## [Windows Libraries](windows-libraries.md)
 ## [Change history for Manage and update Windows 10](change-history-for-manage-and-update-windows-10.md)

windows/manage/change-history-for-manage-and-update-windows-10.md

@@ -14,16 +14,27 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
 
 >If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
 
+## February 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Windows Libraries](windows-libraries.md) | New |
+| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | New |
+| [Get started with Update Compliance](update-compliance-get-started.md) | New |
+| [Use Update Compliance to monitor Windows Updates](update-compliance-using.md) | New |
+| [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md) | Added Group Policy setting that blocks user access to Windows Update. |
+| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Added Express updates. |
+| [Distribute offline apps](distribute-offline-apps.md) | General updates to topic. Added links to supporting content for System Center Configuration Manager and Microsoft Intune.  |
+
 ## January 2017
-<<<<<<< HEAD
 
 | New or changed topic | Description |
 | --- | --- |
 | [Cortana integration in your business or enterprise](cortana-at-work-overview.md) | New |
 | [Start layout XML for desktop editions of Windows 10](start-layout-xml-desktop.md) | New (previously published in Hardware Dev Center on MSDN) |
 | [Start layout XML for mobile editions of Windows 10](start-layout-xml-mobile.md) | New (previously published in Hardware Dev Center on MSDN) |
-
-
+| [Quick guide to Windows as a service](waas-quick-start.md) | Added video that explains how Windows as a service works. |
+| [Manage device restarts after updates](waas-restart.md) | Added Registry keys for controlling restarts. |
 
 ## December 2016
 
@@ -70,7 +81,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
 | [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Updated sample XML for combined Start and taskbar layout; added note to explain the difference between applying taskbar configuration by Group Policy and by provisioning package |
 | [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated instructions for exiting assigned access mode. |
 | Application development for Windows as a service  |  Topic moved to MSDN: [Application development for Windows as a service](https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service)
-| Windows 10 servicing options | New content replaced this topic; see [Overview of Windows as a service](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview) |
+| Windows 10 servicing options | New content replaced this topic; see [Overview of Windows as a service](waas-overview.md) |
 
 ## RELEASE: Windows 10, version 1607
 
@@ -175,4 +186,4 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 
 [Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md)
 
- 
+ 

windows/manage/configure-windows-10-taskbar.md

@@ -17,14 +17,14 @@ Starting in Windows 10, version 1607, administrators can pin additional apps to
 
 You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path (the local path to the application). 
 
-If you specify an app to be pinned that is not installed on the computer, it won't appear on the taskbar.
+If you specify an app to be pinned that is not provisioned for the user on the computer, the pinned icon won't appear on the taskbar.
 
-The order of apps in the xml file dictates order of apps on taskbar from left to right, to the right of any existing apps pinned by user.
+The order of apps in the XML file dictates the order of pinned apps on the taskbar from left to right, to the right of any existing apps pinned by the user.
 
 > [!NOTE]
 > In operating systems configured to use a right-to-left language, the taskbar order will be reversed.
 
-The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square).
+The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using the XML file to the right (green square).
 
 ![Windows left, user center, enterprise to the right](images/taskbar-generic.png)
 
@@ -41,21 +41,23 @@ To configure the taskbar:
 3. Apply the layout modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md).
 
 >[!IMPORTANT]
->If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
+>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user then unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration that allows users to make changes that will persist, apply your configuration by using Group Policy.
+>
+>If you use Group Policy and your configuration only contains a taskbar layout, the default Windows tile layout will be applied and cannot be changed by users. If you use Group Policy and your configuration includes taskbar and a full Start layout, users can only make changes to the taskbar. If you use Group Policy and your configuration includes taskbar and a [partial Start layout](https://technet.microsoft.com/itpro/windows/manage/customize-and-export-start-layout#configure-a-partial-start-layout), users can make changes to the taskbar and to tile groups not defined in the partial Start layout.
 
 ### Tips for finding AUMID and Desktop Application Link Path
 
 In the layout modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. 
 
 The easiest way to find this data for an application is to:
-1.	Pin the application to the Start menu
+1.	Pin the application to the Start menu on a reference or testing PC.
 2. 	Open Windows PowerShell and run the `Export-StartLayout` cmdlet. 
 3.	Open the generated XML file. 
-4.	Look for an entry corresponding to the app you pinned .
+4.	Look for an entry corresponding to the app you pinned.
 5.	Look for a property labeled `AppUserModelID` or `DesktopApplicationLinkPath`. 
 
 
-### Sample taskbar configuration XML
+### Sample taskbar configuration XML file
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -75,7 +77,7 @@ The easiest way to find this data for an application is to:
  </CustomTaskbarLayoutCollection>
 </LayoutModificationTemplate>
 ```
-### Sample taskbar configuration added to Start layout XML
+### Sample taskbar configuration added to Start layout XML file
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -139,7 +141,7 @@ The `<CustomTaskbarLayoutCollection>` section will append listed apps to the tas
  
  ![additional apps pinned to taskbar](images/taskbar-default-plus.png)
 
-##Remove default apps and add your own
+## Remove default apps and add your own
 
 By adding `PinListPlacement="Replace"` to `<CustomTaskbarLayoutCollection>`, you remove all default pinned apps; only the apps that you specify will be pinned to the taskbar.
 
@@ -218,7 +220,7 @@ The following example shows you how to configure taskbars by country or region.
 
 ```
 
-When the preceding example XML is applied, the resulting taskbar for computers in the US or UK:
+When the preceding example XML file is applied, the resulting taskbar for computers in the US or UK:
 
 ![taskbar for US and UK locale](images/taskbar-region-usuk.png)
 

windows/manage/cortana-at-work-o365.md

@@ -57,7 +57,7 @@ Cortana can only access data in your Office 365 org when it’s turned on. If yo
 **To turn off Cortana with Office 365**
 1.	[Sign in to Office 365](http://www.office.com/signin) using your Azure AD account.
 
-2.	Go to the [Office 365 admin center](https://support.office.com/en-us/article/Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547).
+2.	Go to the [Office 365 admin center](https://support.office.com/article/Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547).
 
 3.	Expand **Service Settings**, and select **Cortana**.
 

windows/manage/cortana-at-work-overview.md

@@ -59,6 +59,6 @@ Cortana is covered under the [Microsoft Privacy Statement](https://privacy.micro
 
 - [Cortana and Windows](http://go.microsoft.com/fwlink/?LinkId=717384)
 
-- [Known issues for Windows Desktop Search and Cortana in Windows 10](http://support.microsoft.com/kb/3206883/EN-US)
+- [Known issues for Windows Desktop Search and Cortana in Windows 10](https://support.microsoft.com/help/3206883/known-issues-for-windows-desktop-search-and-cortana-in-windows-10)
 
 - [Cortana for developers](http://go.microsoft.com/fwlink/?LinkId=717385)

windows/manage/cortana-at-work-powerbi.md

@@ -19,7 +19,7 @@ localizationpriority: high
 Integration between Cortana and Power BI shows how Cortana can work with custom business analytics solutions to enable you to get answers directly from your key business data, including introducing new features that let you create custom Cortana “answers” using the full capabilities of Power BI Desktop.
 
 >[!Note]
->Cortana for Power BI is currently only available in English. For more info about Cortana and Power BI, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-cortana-desktop-entity-cards/).
+>Cortana for Power BI is currently only available in English. For more info about Cortana and Power BI, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/documentation/powerbi-service-cortana-desktop-entity-cards/).
 
 ## Before you begin
 To use this walkthrough, you’ll need:
@@ -135,4 +135,4 @@ Now that you’ve set up your device, you can use Cortana to show your info from
     ![Cortana at work, showing your custom report from Power BI](images/cortana-powerbi-myreport.png)
  	 
 >[!NOTE]
->For more info about how to connect your own data, build your own custom Power BI cards and Answer Pages for Cortana, and how to share the cards with everyone in your organization, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-cortana-desktop-entity-cards/).
+>For more info about how to connect your own data, build your own custom Power BI cards and Answer Pages for Cortana, and how to share the cards with everyone in your organization, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/documentation/powerbi-service-cortana-desktop-entity-cards/).

windows/manage/cortana-at-work-voice-commands.md

@@ -19,7 +19,7 @@ localizationpriority: high
 Working with a developer, you can create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps. These voice-enabled actions can reduce the time necessary to access your apps and to complete simple actions.
 
 >[!NOTE]
->For more info about how your developer can extend your current apps to work directly with Cortana, see [Cortana interactions in UWP apps](https://msdn.microsoft.com/en-us/windows/uwp/input-and-devices/cortana-interactions).
+>For more info about how your developer can extend your current apps to work directly with Cortana, see [The Cortana Skills Kit](https://docs.microsoft.com/cortana/getstarted).
 
 ## High-level process
 Cortana uses a Voice Command Definition (VCD) file, aimed at an installed app, to define the actions that are to happen during certain vocal commands. A VCD file can be very simple to very complex, supporting anything from a single sound to a collection of more flexible, natural language sounds, all with the same intent.
@@ -30,9 +30,9 @@ To enable voice commands in Cortana
 
     Cortana can perform actions on apps in the foreground (taking focus from Cortana) or in the background (allowing Cortana to keep focus). We recommend that you decide where an action should happen, based on what your voice command is intended to do. For example, if your voice command requires employee input, it’s best for that to happen in the foreground. However, if the app only uses basic commands and doesn’t require interaction, it can happen in the background.
 
-    - **Start Cortana with focus on your app, using specific voice-enabled statements.** [Create and install a VCD file that starts a foreground app using voice commands and Cortana](https://msdn.microsoft.com/en-us/windows/uwp/input-and-devices/launch-a-foreground-app-with-voice-commands-in-cortana).
+    - **Start Cortana with focus on your app, using specific voice-enabled statements.** [Create and install a VCD file that starts a foreground app using voice commands and Cortana](https://docs.microsoft.com/cortana/voicecommands/launch-a-foreground-app-with-voice-commands-in-cortana).
 
-    - **Start Cortana removing focus from your app, using specific voice-enabled statements.** [Create and install a VCD file that starts a background app using voice commands and Cortana](https://msdn.microsoft.com/en-us/windows/uwp/input-and-devices/launch-a-background-app-with-voice-commands-in-cortana).
+    - **Start Cortana removing focus from your app, using specific voice-enabled statements.** [Create and install a VCD file that starts a background app using voice commands and Cortana](https://docs.microsoft.com/cortana/voicecommands/launch-a-background-app-with-voice-commands-in-cortana).
 
 2.	**Install the VCD file on employees' devices**. You can use System Center Configuration Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
 

windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md

@@ -15,17 +15,18 @@ localizationpriority: medium
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 10 Mobile
 
 **Looking for consumer information?**
 
 -   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
-In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
+In Windows 10 Mobile, Windows 10 Enterprise, and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
 
 > **Note:** Customized taskbar configuration cannot be applied using MDM at this time.
 
-**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md)
+**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions or [create a Start layout XML](start-layout-xml-mobile.md) for mobile.
 
 **Warning**  
 When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups.

windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md

@@ -15,18 +15,19 @@ localizationpriority: medium
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 10 Mobile
 
 **Looking for consumer information?**
 
 -   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
-In Windows 10 Enterprise and Windows 10 Education, version 1607, you can use a provisioning package that you create with Windows Imaging and Configuration Designer (ICD) tool to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
+In Windows 10 Mobile, Windows 10 Enterprise, and Windows 10 Education, version 1607, you can use a provisioning package that you create with Windows Imaging and Configuration Designer (ICD) tool to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
 
 >[!IMPORTANT]
 >If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
 
-**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md)
+**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions or [create a Start layout XML](start-layout-xml-mobile.md) for mobile.
 
 ## <a href="" id="bkmk-howstartscreencontrolworks"></a>How Start layout control works
 
@@ -48,14 +49,12 @@ Three features enable Start and taskbar layout control:
 
 Use the [Imaging and Configuration Designer (ICD) tool](https://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
-> **Important**
-When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+>[!IMPORTANT]
+>When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
 1.  Open ICD (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
 2. Choose **Advanced provisioning**.
 
-
-
 3.  Name your project, and click **Next**.
 
 4.  Choose **All Windows desktop editions** and click **Next**.

windows/manage/distribute-offline-apps.md

@@ -33,50 +33,49 @@ Offline-licensed apps offer an alternative to online apps, and provide additiona
 
 ## Distribution options for offline-licensed apps
 
+You can't distribute offline-licensed apps directly from the Store for Business. Once you download the items for the offline-licensed app, you have options for distributing the apps:
 
-You can't distribute offline-licensed apps directly from the Store for Business. Once you download the items for the offline-licensed app, you have three options for distributing the apps:
+-   **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft Windows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
 
--   **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft WindowsWindows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
+-   **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://technet.microsoft.com/itpro/windows/deploy/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages).
 
--   **Windows ICD**. ICD is GUI tool that you can use to create Windows provisioning answer files, and add third-party drivers, apps, or other assets to an answer file. For more information, see [Windows Imaging and Configuration Designer](https://msdn.microsoft.com/library/windows/hardware/dn916113.aspx).
+-   **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics:
+    - [Manage apps from Windows Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+    - [Manage apps from Windows Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)<br>
 
--   **Management server.**
+For third-party MDM providers or management servers, check your product documentation. 
 
 ## Download an offline-licensed app
 
+There are several items to download or create for offline-licensed apps. The app package and app license are required; app metadata and app frameworks are optional. This section includes more info on each item, and tells you how to download an offline-licensed app.
 
-There are several items to download or create for offline-licensed apps. You'll need all of these items to distribute offline apps to your employees. This section includes more info on each item, and tells you how to download an offline-licensed app.
+-   **App metadata** - App metadata is optional. The metadata includes app details, links to icons, product id, localized product ids, and other items. Devs who plan to use an app as part of another app or tool, might want the app metadata. 
 
--   **App metadata** -- App metadata is required for distributing offline apps. The metadata includes app details, links to icons, product id, localized product ids, and other items.
+-   **App package** - App packages are required for distributing offline apps. There are app packages for different combinations of app platform and device architecture. You'll need to know what device architectures you have in your organization to know if there are app packages to support your devices.
 
--   **App package** -- App packages are required for distributing offline apps. There are app packages for different combinations of app platform and device architecture. You'll need to know what device architectures you have in your organization to know if there are app packages to support your devices.
+-   **App license** - App licenses are required for distributing offline apps. Use encoded licenses when you distribute offline-licensed apps using a management tool or ICD. Use unencoded licenses when you distribute offline-licensed apps using DISM.
 
--   **App license** -- App licenses are required for distributing offline apps. Use encoded licenses when you distribute offline-licensed apps using a management tool or ICD. Use unencoded licenses when you distribute offline-licensed apps using DISM.
-
--   **App frameworks** -- App frameworks are required for distributing offline apps, but you might not need to download one. If you already have the required framework, you don't need to download another copy. The Store for Business will select the app framework needed for the app platform and architecture that you selected.
+-   **App frameworks** - App frameworks are optional. If you already have the required framework, you don't need to download another copy. The Store for Business will select the app framework needed for the app platform and architecture that you selected.
 
 <a href="" id="download-offline-licensed-app"></a>
 **To download an offline-licensed app**
 
-1.  Sign in to the Store for Business
+1.  Sign in to the [Store for Business](http://businessstore.microsoft.com/).
 
 2.  Click **Manage**, and then choose **Inventory**.
 
 3.  Click **Refine**, and then choose **Offline**.
 
 4.  Find the app you want to download, click the ellipses under **Actions**, and then choose **Download for offline use**.
+    - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional. 
+    - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required. 
+    - **To download an app license**: Choose either **Encoded**, or **Unencoded**, and then click **Generate license**. Save the downloaded license. This is required. 
+    - **To download an app framework**: Find the framework you need to support your app package, and click **Download**. This is optional. 
+ 
+> [!NOTE]
+> You need the framework to support your app package, but if you already have a copy, you don't need to download it again. Frameworks are backward compatible.
 
-5.  To download app metadata: choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata.
-
-6.  To download app package for offline use: click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package.
-
-7.  To download an app license: choose either **Encoded**, or **Unencoded**, and then click **Generate license**. Save the downloaded license.
-
-8.  To download an app framework: find the framework you need to support your app package, and click **Download**.
-    **Note**  
-    You need the framework to support your app package, but if you already have a copy, you don't need to download it again.
-
-    Frameworks are backward compatible.
+    
 
      
 

windows/manage/group-policies-for-enterprise-and-education-editions.md

@@ -28,7 +28,7 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W
 | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md)  |
 | **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
 | **Only display the private store within the Windows Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app<br><br>User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app | For more info, see [Manage access to private store](manage-access-to-private-store.md) |
-| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) |
+| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](cortana-at-work-overview.md) |
 
 
 

windows/manage/index.md

@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: jdeckerMS
 ---
 
@@ -34,7 +35,7 @@ Learn about managing and updating Windows 10.
 <tr class="odd">
 <td align="left"><p>[Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md)</p></td>
 <td align="left"><p>The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.</p></td></tr>
-<tr><td>[Update Windows 10 in the enterprise](waas-update-windows-10.md) </td><td>Learn how to manage updates to Windows 10 in your organization, including Windows Update for Business. </td></tr>
+<tr><td>[Update Windows 10 in the enterprise](waas-update-windows-10.md) </td><td>Learn how to manage updates to Windows 10 in your organization, including Update Compliance, and Windows Update for Business. </td></tr>
 <tr><td align="left"><p>[Manage corporate devices](manage-corporate-devices.md)</p></td>
 <td align="left"><p>You can use the same management tools to manage all device types running Windows 10: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions.</p></td>
 </tr>
@@ -71,6 +72,10 @@ Learn about managing and updating Windows 10.
 <td align="left"><p>[Windows Store for Business](windows-store-for-business.md)</p></td>
 <td align="left"><p>Welcome to the Windows Store for Business! You can use the Store for Business, to find, acquire, distribute, and manage apps for your organization.</p></td>
 </tr>
+<tr class="even">
+<td align="left"><p>[Windows Libraries](windows-libraries.md)</p></td>
+<td align="left"><p>Libraries are virtual containers for users’ content. A library can contain files and folders stored on the local computer or in a remote storage location. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music).</p></td>
+</tr>
 <tr class="odd">
 <td align="left"><p>[Change history for Manage and update Windows 10](change-history-for-manage-and-update-windows-10.md)</p></td>
 <td align="left"><p>This topic lists new and updated topics in the Manage and update Windows 10 documentation for [Windows 10 and Windows 10 Mobile](../index.md).</p></td>

windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -25,8 +25,9 @@ If you want to minimize connections from Windows to Microsoft services, or confi
 
 You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
 
-We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
+To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](../keep-secure/windows-security-baselines.md) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article.
 
+We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
 
 ## What's new in Windows 10, version 1607 and Windows Server 2016
 
@@ -1359,5 +1360,3 @@ You can turn off automatic updates by doing one of the following. This is not re
     -   **5**. Turn off automatic updates.
 
 To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx).
-
-To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](../keep-secure/windows-security-baselines.md) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying.

windows/manage/manage-windows-10-in-your-organization-modern-management.md

@@ -81,7 +81,7 @@ You can envision user and device management as falling into these two categories
 
     Domain joined PCs and tablets can continue to be managed with the [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/understand/introduction) client or Group Policy.
 
-For more information about how Windows 10 and Azure AD optimize access to work resources across a mix of devices and scenarios, see [Using Windows 10 devices in your workplace](https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-windows10-devices/).
+For more information about how Windows 10 and Azure AD optimize access to work resources across a mix of devices and scenarios, see [Using Windows 10 devices in your workplace](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-windows10-devices/).
 
 As you review the roles in your organization, you can use the following generalized decision tree to begin to identify users or devices that require domain join. Consider switching the remaining users to Azure AD.
 

windows/manage/mandatory-user-profile.md

@@ -60,7 +60,7 @@ First, you create a default user profile with the customizations that you want,
 
 3. [Create an answer file (Unattend.xml)](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx) that sets the [CopyProfile](https://msdn.microsoft.com/library/windows/hardware/dn922656.aspx) parameter to **True**. The CopyProfile parameter causes Sysprep to copy the currently signed-on user’s profile folder to the default user profile. You can use [Windows System Image Manager](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx), which is part of the Windows Assessment and Deployment Kit (ADK) to create the Unattend.xml file. 
  
-3. Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the following applications: 
+3. For devices running Windows 10, use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the following applications: 
  
      - Microsoft.windowscommunicationsapps_8wekyb3d8bbwe
      - Microsoft.BingWeather_8wekyb3d8bbwe
@@ -146,14 +146,14 @@ It may take some time for this change to replicate to all domain controllers.
 
 ## Apply policies to improve sign-in time
 
-When a user is configured with a mandatory profile, Windows 10 starts as though it was the first sign-in each time the user signs in. To improve sign-in performance for users with mandatory user profiles, apply the following Group Policy settings.
-
-- Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled
-- Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled
-- Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled
-
+When a user is configured with a mandatory profile, Windows 10 starts as though it was the first sign-in each time the user signs in. To improve sign-in performance for users with mandatory user profiles, apply the Group Policy settings shown in the following table. (The table shows which operating system versions each policy setting can apply to.)
 
 
+| Group Policy setting | Windows 10 | Windows Server 2016 | Windows 8.1 | Windows Server 2012 |
+| --- | --- | --- | --- | --- |
+| Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) |
+| Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png)  | ![not supported](images/crossmark.png)  |
+| Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) |
 
 
 

windows/manage/start-layout-xml-desktop.md

@@ -26,6 +26,9 @@ On Windows 10 for desktop editions, the customized Start works by:
     - 2 groups that are 6 columns wide, or equivalent to the width of 3 medium tiles.
     - 2 medium-sized tile rows in height. Windows 10 ignores any tiles that are pinned beyond the second row. 
     - No limit to the number of apps that can be pinned. There is a theoretical limit of 24 tiles per group (4 small tiles per medium square x 3 columns x 2 rows). 
+    
+>[!NOTE]
+>Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx).
 
 ## LayoutModification XML
 
@@ -158,33 +161,32 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap
 
     The following example shows how to pin the Command Prompt:
 
-```XML
-<start:DesktopApplicationTile
+    ```XML
+    <start:DesktopApplicationTile
           DesktopApplicationLinkPath="%appdata%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk"
           Size="2x2"
           Row="0"
           Column="4"/>
-```
-
+    ```
     
     You must set the **DesktopApplicationLinkPath** attribute to the .lnk file that points to the Windows desktop application. The path also supports environment variables.
 
     If you are pointing to a third-party Windows desktop application, you must put the .lnk file in a legacy Start Menu directory before first boot; for example, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\" or the all users profile "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\".
 
-
 - By using the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option.
 
     To pin a Windows desktop application through this method, you must set the **DesktopApplicationID** attribute to the application user model ID that's associated with the corresponding app. 
 
     The following example shows how to pin the Internet Explorer Windows desktop application:
 
-```XML
-<start:DesktopApplicationTile
+    ```XML
+    <start:DesktopApplicationTile
           DesktopApplicationID="Microsoft.Windows.Explorer"
           Size="2x2"
           Row="0"
           Column="2"/>
-```
+    ```
+    
 
 You can also use the **start:DesktopApplicationTile** tag as one of the methods for pinning a Web link to Start. The other method is to use a Microsoft Edge secondary tile.
 

windows/manage/stop-employees-from-using-the-windows-store.md

@@ -29,8 +29,8 @@ You can use these tools to configure access to Windows Store: AppLocker or Group
 
 ## <a href="" id="block-store-applocker"></a>Block Windows Store using AppLocker
 
+Applies to: Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile
 
-Applies to: Windows 10 Enterprise, Windows 10 Mobile
 
 AppLocker provides policy-based access control management for applications. You can block access to Windows Store app with AppLocker by creating a rule for packaged apps. You'll give the name of the Windows Store app as the packaged app that you want to block from client computers.
 
@@ -59,7 +59,10 @@ For more information on AppLocker, see [What is AppLocker?](../keep-secure/what-
 ## <a href="" id="block-store-group-policy"></a>Block Windows Store using Group Policy
 
 
-Applies to: Windows 10 Enterprise, version 1511
+Applies to: Windows 10 Enterprise, version 1511, Windows 10 Education 
+
+> [!Note]
+> Not supported on Windows 10 Pro.
 
 You can also use Group Policy to manage access to Windows Store.
 
@@ -89,7 +92,7 @@ When your MDM tool supports Windows Store for Business, the MDM can use these CS
 For more information, see [Configure an MDM provider](configure-mdm-provider-windows-store-for-business.md).
 
 ## Show private store only using Group Policy 
-Applies to Windows 10 Enterprise, version 1607.
+Applies to Windows 10 Enterprise, version 1607, Windows 10 Education
 
 If you're using Windows Store for Business and you want employees to only see apps you're managing in your private store, you can use Group Policy to show only the private store. Windows Store app will still be available, but employees can't view or purchase apps. Employees can view and install apps that the admin has added to your organization's private store. 
 

windows/manage/troubleshoot-windows-store-for-business.md

@@ -53,7 +53,7 @@ The private store for your organization is a page in the Windows Store app that
 
 ## Still having trouble?
 
-If you are still having trouble using WSfB or installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757).
+If you are still having trouble using WSfB or installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799386).
                                 
  
 

windows/manage/update-compliance-get-started.md

@@ -0,0 +1,130 @@
+---
+title: Get started with Update Compliance (Windows 10)
+description: Explains how to configure Update Compliance.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+# Get started with Update Compliance
+
+This topic explains the steps necessary to configure your environment for Windows Analytics: Update Compliance. 
+
+Steps are provided in sections that follow the recommended setup process:
+1.	Ensure that [prerequisites](#update-compliance-prerequisites) are met.
+2.	[Add Update Compliance](#add-update-compliance-to-microsoft-operatiions-management-suite) to Microsoft Operations Management Suite
+3.	[Deploy your Commercial ID](#deploy-your-commercial-id-to-your-windows-10-devices) to your organization’s devices
+
+## Update Compliance Prerequisites
+
+Update Compliance has the following requirements: 
+1. Update Compliance is currently only compatible with Windows 10 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops). 
+2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md). 
+3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for different aspects of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint:
+
+    <TABLE BORDER=1>
+    <TR><TD BGCOLOR="#cceeff">Service<TD BGCOLOR="#cceeff">Endpoint
+    <TR><TD>Connected User Experience and Telemetry component<TD>v10.vortex-win.data.microsoft.com
+    <BR>settings-win.data.microsoft.com
+    <TR><TD>Windows Error Reporting	<TD>watson.telemetry.microsoft.com
+    <TR><TD>Online Crash Analysis	<TD>oca.telemetry.microsoft.com
+    </TABLE>
+
+## Add Update Compliance to Microsoft Operations Management Suite
+
+Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). 
+
+If you are already using OMS, you’ll find Update Compliance in the Solutions Gallery. Select the **Update Compliance** tile in the gallery and then click **Add** on the solution's details page. Update Compliance is now visible in your workspace.
+
+If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance:
+
+1.	Go to [Operations Management Suite’s page](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**.
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-02.png"><img src="images/uc-02a.png"></A>
+    <TABLE>
+
+2.	Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-03.png"><img src="images/uc-03a.png"></A>
+    <TABLE>
+
+3.	Create a new OMS workspace. 
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-04.png"><img src="images/uc-04a.png"></A>
+    <TABLE>
+
+4.	Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click **Create**.
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-05.png"><img src="images/uc-05a.png"></A>
+    <TABLE>
+
+5.	If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow [this guide](https://blogs.technet.microsoft.com/upgradeanalytics/2016/11/08/linking-operations-management-suite-workspaces-to-microsoft-azure/) to create and link an Azure subscription to an OMS workspace.
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-06.png"><img src="images/uc-06a.png"></A>
+    <TABLE>
+
+6.	To add the Update Compliance solution to your workspace, go to the Solutions Gallery.
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-07.png"><img src="images/uc-07a.png"></A>
+    <TABLE>
+
+7.	Select the **Update Compliance** tile in the gallery and then select **Add** on the solution’s details page. You might need to scroll to find **Update Compliance**. The solution is now visible on your workspace. 
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-08.png"><img src="images/uc-08a.png"></A>
+    <TABLE>
+
+8.	Click the **Update Compliance** tile to configure the solution. The **Settings Dashboard** opens.
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-09.png"><img src="images/uc-09a.png"></A>
+    <TABLE>
+
+9.	Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below.
+
+    <P><TABLE BORDER=1><TR><TD>
+    <A HREF="images/uc-10.png"><img src="images/uc-10a.png"></A>
+    <TABLE>
+
+After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices.
+
+>You can unsubscribe from the Update Compliance solution if you no longer want to monitor your organization’s devices. User device data will continue to be shared with Microsoft while the opt-in keys are set on user devices and the proxy allows traffic.
+
+## Deploy your Commercial ID to your Windows 10 devices
+
+In order for your devices to show up in Windows Analytics: Update Compliance, they must be configured with your organization’s Commercial ID. This is so that Microsoft knows that a given device is a member of your organization and to feed that device’s data back to you. There are two primary methods for widespread deployment of your Commercial ID: Group Policy and Mobile Device Management (MDM). 
+
+- Using Group Policy<BR><BR>
+    Deploying your Commercial ID using Group Policy can be accomplished by configuring domain Group Policy Objects with the Group Policy Management Editor, or by configuring local Group Policy using the Local Group Policy Editor.
+    1. In the console tree, navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**
+    2. Double-click **Configure the Commercial ID**
+    3. In the **Options** box, under **Commercial Id**, type the Commercial ID GUID, and then click **OK**.<P>
+
+- Using Microsoft Mobile Device Management (MDM)<BR><BR>
+    Microsoft’s Mobile Device Management can be used to deploy your Commercial ID to your organization’s devices. The Commercial ID is listed under **Provider/ProviderID/CommercialID**. More information on deployment using MDM can be found [here](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dmclient-csp). 
+    
+    For information on how to use MDM configuration CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/en-us/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers).
+
+    When using the Intune console, you can use the OMA-URI settings of a [custom policy](https://go.microsoft.com/fwlink/p/?LinkID=616316) to configure the commercial ID. The OMA-URI (case sensitive) path for configuring the commerical ID is: <PRE>./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID</PRE>
+
+    For example, you can use the following values in **Add or edit OMA-URI Setting**:
+    
+    **Setting Name**: Windows Analytics Commercial ID<BR>
+    **Setting Description**: Configuring commercial id for Windows Analytics solutions<BR>
+    **Data Type**: String<BR>
+    **OMA-URI (case sensitive)**: ./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID<BR>
+    **Value**: \<Use the GUID shown on the Windows Telemetry tab in your OMS workspace\><BR>
+
+
+
+## Related topics
+
+[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)

windows/manage/update-compliance-monitor.md

@@ -0,0 +1,59 @@
+---
+title: Monitor Windows Updates with Update Compliance (Windows 10)
+description: Introduction to Update Compliance.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+# Monitor Windows Updates with Update Compliance
+
+## Introduction
+
+With Windows 10, organizations need to change the way they approach monitoring and deploying updates. Update Compliance is a powerful set of tools that enable organizations to monitor and track all important aspects of Microsoft’s new servicing strategy: [Windows as a Service](waas-overview.md).
+
+Update Compliance is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service which has a flexible servicing subscription based off data usage/retention. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
+
+Update Compliance uses the Windows telemetry that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution. 
+
+Update Compliance provides the following:
+
+- An overview of your organization’s devices that just works.
+- Dedicated drill-downs for devices that might need attention.
+- An inventory of devices, including the version of Windows they are running and their update status.
+- An overview of WUfB deferral configurations (Windows 10 Anniversary Update [1607] and later).
+- Powerful built-in [log analytics](https://www.microsoft.com/en-us/cloud-platform/insight-and-analytics?WT.srch=1&WT.mc_id=AID529558_SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=log%20analytics&utm_campaign=Hybrid_Cloud_Management) to create useful custom queries.
+- Cloud-connected access utilizing Windows 10 telemetry means no need for new complex, customized infrastructure.
+
+See the following topics in this guide for detailed information about configuring and use the Update Compliance solution:
+
+- [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
+- [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
+
+An overview of the processes used by the Update Compliance solution is provided below.
+
+## Update Compliance architecture
+ 
+The Update Compliance architecture and data flow is summarized by the following five step process:
+
+**(1)** User computers send telemetry data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
+**(2)** Telemetry data is analyzed by the Update Compliance Data Service.<BR>
+**(3)** Telemetry data is pushed from the Update Compliance Data Service to your OMS workspace.<BR>
+**(4)** Telemetry data is available in the Update Compliance solution.<BR>
+**(5)** You are able to monitor and troubleshoot Windows updates on your network.<BR>
+
+These steps are illustrated in following diagram:
+
+![Update Compliance architecture](images/uc-01.png)
+
+>This process assumes that Windows telemetry is enabled and devices are assigned your Commercial ID.
+
+
+
+ 
+## Related topics
+
+[Get started with Update Compliance](update-compliance-get-started.md)<BR>
+[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)

windows/manage/update-compliance-using.md

@@ -0,0 +1,354 @@
+---
+title: Using Update Compliance (Windows 10)
+description: Explains how to begin usihg Update Compliance.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+# Use Update Compliance to monitor Windows Updates
+
+This section describes how to use Update Compliance to monitor Windows Updates and troubleshoot update failures on your network.
+
+
+Update Compliance: 
+- Uses telemetry gathered from user devices to form an all-up view of Windows 10 devices in your organization. 
+- Enables you to maintain a high-level perspective on the progress and status of updates across all devices.
+- Provides a workflow that can be used to quickly identify which devices require attention. 
+- Enables you to track deployment compliance targets for updates.
+
+>Information is refreshed daily so that update progress can be monitored. Changes will be displayed about 24 hours after their occurrence, so you always have a recent snapshot of your devices.
+
+In OMS, the aspects of a solution's dashboard are usually divided into <I>blades</I>. Blades are a slice of information, typically with a summarization tile and an enumeration of the items that makes up that data. All data is presented through <I>queries</I>. <I>Perspectives</I> are also possible, wherein a given query has a unique view designed to display custom data. The terminology of blades, tiles, and perspectives will be used in the sections that follow. 
+
+Update Compliance has the following primary blades: 
+
+
+1. [OS Update Overview](#os-update-overview)
+2. [Overall Quality Update Status](#overall-quality-update-status)
+3. [Latest and Previous Security Update Status](#latest-and-previous-security-update-status)
+4. [Overall Feature Update Status](#overall-feature-update-status)
+5. [CB, CBB, LTSB Deployment Status](#cb-cbb-ltsb-deployment-status)
+6. [List of Queries](#list-of-queries)
+
+
+## OS Update Overview
+
+The first blade of OMS Update Compliance is the General **OS Update Overview** blade: 
+
+![OS Update Overview](images/uc-11.png)
+
+
+This blade is divided into three sections: 
+- Device Summary: 
+- Needs Attention Summary
+- Update Status Summary
+
+The **Device Summary** displays the total number of devices in your organization. These devices have the commercial ID configured, telemetry enabled, and have sent telemetry to Microsoft within the last 28 days. The tile also shows the devices that Need Attention. 
+
+
+The **Needs Attention Summary** summarizes devices that require action on your part. There are multiple reasons why a device might need attention, and these reasons are categorized and summarized in the tile. You can view details about devices that are categorized as Needs Attention using a table view. The following **Needs Attention** states are defined:
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Needs Attention<TD BGCOLOR="#cceeff" ALIGN=left>Definition
+<TR><TD>Out of Support<TD>Total number of devices that are no longer receiving servicing updates
+<TR><TD>Update failed<TD>When a device has reported a failure at some stage in its update deployment process, it will report that the Update Failed. You can click on this to see the full set of devices with more details about the stage at which a failure was reported, when the device reported a failure, and other data.
+<TR><TD>Missing 2+ Security Updates<TD>Total number of devices that are missing two or more security updates
+<TR><TD>Update Progress Stalled<TD>Total number of devices where an update installation has been “in progress” for more than 7 days
+</TABLE>
+
+
+The **Update Status Summary** summarizes your organization's devices per the Windows 10 "Windows as a Service" (WaaS) model. For more information about WaaS, see [Overview of Windows as a service](waas-overview.md). Devices are categorized as: **Current**, **Up-to-date**, and **Not up-to-date**. See the following graphical representation of this model:<BR>
+
+
+![Device states](images/uc-12.png)
+
+
+Update Status Summary definitions:
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Update Status<TD BGCOLOR="#cceeff" ALIGN=left>Definition
+<TR><TD>Current and Up-to-date<TD>A device that is current is on the latest and greatest Microsoft offers. It is on the very newest feature update (ex. The Windows Anniversary Update, RS1), on the very latest quality update for its servicing branch.
+<TR><TD>Up-to-date<TD>A device that is up-to-date is on the latest quality update for its servicing option (CB, CBB, LTSB), and the device is running an OS that is supported by Microsoft.
+<TR><TD>Not up-to-date<TD>A device does not have the latest quality update for its servicing option.  
+</TABLE>
+
+
+## Overall Quality Update Status
+
+**Overall Quality Update Status** is the second blade in Update Compliance. It has a donut data tile and lists the breakdown of the Up-to-date status of devices pivoted on OS version. See the following example: 
+
+
+![OS Quality Update Status](images/uc-13.png)
+
+
+The donut tile offers a summary of all devices in your organization, divided into **Up-to-date** and **Not up-to-date**. Recall that devices that are current are also up-to-date.
+
+
+The list view contains the breakdown of Up-to-date, Not up-to-date, and Update failed, all pivoted on OS version (e.g., 1507, 1511, 1607). Clicking on any of the rows of this list view will display the **OS Quality Update Summary Perspective** for that OS version. 
+ 
+ 
+## Latest and Previous Security Update Status
+
+Security updates are extremely important to your organization, so in addition to an overall view of Quality Updates, the deployment status for the latest two security updates are displayed for each supported OS build offered by Microsoft. 
+
+
+![Latest security update status](images/uc-14.png)
+
+
+For the latest security update, a doughnut chart is displayed across all OS builds with a count of installed, in progress/deferred, update failed, and unknown status relative to that update. Two table views are provided below the doughnut displaying the same breakdown for each OS build supported by Microsoft. 
+
+See the following definitions:
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Term<TD BGCOLOR="#cceeff" ALIGN=left>Definition
+<TR><TD>OS Build<TD>The OS build + Revision for the OS Version. The build + revision is a one-to-one mapping of the given security update in this context.
+<TR><TD>Version<TD>The OS Version corresponding to the OS build.
+<TR><TD>Installed<TD>The count of devices that have the given security update installed. In the case that the latest security update is not latest quality update (that is, an update has since been released but it did not contain any security fixes), then devices that are on a newer update will also be counted.
+<BR><BR>For the previous security update, a device will display as **Installed** until it has at least installed the latest security update.
+<TR><TD>In Progress or Deferred<TD>The count of devices that are either currently in the process of installing the given security update, or are deferring the install as per their WUFB policy.
+<BR><BR> All devices in this category for Previous Security Update Status are missing 2 or more security updates, and therefore qualify as needing attention.
+<TR><TD>Update Failed<TD>The count of devices that were **In Progress** for the given security update, but failed at some point in the process. They will no longer be shown as **In Progress or deferred** in this case, and only be counted as **Update failed**.
+<TR><TD>Status Unknown<TD>If a device should be, in some way, progressing toward this security update, but it’s status cannot be inferred, it will count as **Status Unknown**. Devices that are not using Windows Update are the most likely devices to fall into this category.
+</TABLE>
+
+
+## Overall Feature Update Status
+
+Windows 10 has two main update types: Quality and Feature updates. The third blade in Update Compliance provides the most essential data about your organization’s devices for feature updates. 
+
+Microsoft has developed terms to help specify the state of a given device for how it fits into the Windows as a Service (WaaS) model. There are three update states for a device: 
+- Current 
+- Up-to-date
+- Not up-to-date
+
+
+See the **Update Status Summary** description under [OS Update Overview](#os-update-overview) in this guide for definitions of these terms. 
+
+
+The Overall Feature Update Status blade focuses around whether or not your devices are considered Current. See the following example:
+
+
+![Overall feature update status](images/uc-15.png)
+
+
+Devices are evaluated by OS Version (e.g., 1607) and the count of how many are Current, Not Current, and have Update Failures is displayed. Clicking on any of these counts will allow you to view all those devices, as well as select the **Update Deployment Status** perspective, described below. 
+
+
+## CB, CBB, LTSB Deployment Status
+
+Following the overview with respect to how current your organization’s devices are, there are three tables that show feature update deployment for all devices. The devices are split up by which branch they are on, as this directly impacts whether they are supported (for example, 1607 may be supported under CBB, but not under CB). This allows you a quick glance at how deployment is progressing across your organization with respect to feature updates. 
+
+See the following example:
+
+
+![CB deployment status](images/uc-16.png)
+
+
+The three tables break down devices by feature update. For each OS version, the following columns provide counts of the possible device states:
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Deployment Status<TD BGCOLOR="#cceeff" ALIGN=left>Description
+<TR><TD>Feature Update<TD>A concatenation of servicing branch (CB, CBB, LTSB) and OS Version (e.g., 1607)
+<TR><TD>Installed<TD>The number of devices that have reported to be on the given servicing train and feature update.
+<TR><TD>In progress<TD>The number of devices that have reported to be at some stage in the installation process for the given feature update.
+<BR><BR>Example: Device X running CB 1507 could be installing CB 1607. In this example, X would count as both **Installed** for **CB 1507** and **In Progress** for **CB 1607**. 
+<TR><TD>Scheduled next 7 days<TD>The total number of devices that are set to have a deferral period expire within 7 days, and after that deferral period expires are targeted to install the given update.
+<BR><BR>Example: Device Y running CB 1507 could be scheduled to install CB 1607 in 5 days. In this example, X would count as both **Installed** for **CB 1507** and **Scheduled next 7 days** for **CB 1607**
+<TR><TD>Update Failed<TD>The total number of devices that were **In progress** with the installation for the given feature update, but encountered a failure.
+<BR><BR>Example: Device X running CB 1507 could be installing CB 1607. X then encounters an error during installation. In this example, X would count as both **Installed** for **CB 1507** and **Update failed** for **CB 1607**, but not as **In progress** for **CB 1607**.
+<TR><TD>Status Unknown<TD>For devices not using Windows Update to get updates, some information on deployment progress cannot be known. It is possible to know the current installed Feature Update for a device, but not which devices are **In Progress**, **Scheduled next 7 days**, or devices with **Update Failed**.
+<BR><BR>Devices that Update Compliance knows belongs to your organization, but it does not know update failures or installation progress, will be counted here. 
+</TABLE>
+
+
+## Quality Update Perspective
+
+The Quality Update Deployment Status perspective is a breakdown of the most essential data the user should know about the status of their devices with respect to being Up-to-date. The perspective shows a summary of the organization’s devices for one specific OS version, or build. 
+ 
+### Quality Update Build Summary
+
+The build summary blade attempts to summarize the most important data points to the user for the given build. It is divided into two sections. The first section is a summary of devices for that build – the total number of devices, and the amount that need attention. Each row within the table below is a breakdown of why each device requires attention. The rows can be interacted with to be taken to a larger table view that shows detailed information about all the devices that meet the given criteria. See the following example:
+
+
+![Quality update build summary](images/uc-17.png)
+
+ 
+### Quality Update Deferral Configurations
+
+The next blade is the Deferral configuration blade, which shows the WUFB Deferral configurations for all devices that are using WUFB and are reporting to Update Compliance. If no information can be gathered from a device or it is not configured to use WUFB, it will show up as **Not configured (-1)**. See the following example:
+
+
+![Quality Update Deferral Configurations](images/uc-18.png)
+
+ 
+### Quality Update Deployment Status
+
+Under the three top-level blades is the deployment status for the newest quality update for the given build. It provides information on the revision number as well as how many days it has been since that revision has been released. See the following example:
+
+
+![Quality Update Deployment Status](images/uc-19.png)
+
+
+See the following table for a description of last reported states for devices deploying that quality update. 
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Deployment State<TD BGCOLOR="#cceeff" ALIGN=left>Description
+<TR><TD>Update Completed<TD>When a device has finished the update process and is on the given update, it will display here as **Update completed**.
+<TR><TD>In Progress<TD>Devices that are “in progress” installing an update will fall within this category. This category is detailed in the following blade: **Detailed Deployment Status**.
+<TR><TD>Deferred<TD>If a device’s WUfB deferral policy dictates that it is not set to receive this update, the device will show as Update deferred.
+<TR><TD>Cancelled<TD>A device will report that the update has been cancelled if the user, at some point, cancelled the update on the device.
+<TR><TD>Blocked<TD>Devices that are blocked are prevented from proceeding further with the given update. This could be because another update is paused, or some other task on the device must be performed before the update process can proceed.
+</TABLE>
+
+<P>
+
+
+### Quality Update Detailed Deployment Status
+
+This blade provides more detail on the deployment process for the update in the Deployment Status blade. This blade is more of a deployment funnel for devices, enabling you to see at a more granular level how devices are progressing along in their deployment. See the following example:
+
+
+![Quality Update Detailed Deployment Status](images/uc-20.png)
+
+
+>Devices that are not managed using Windows Update (Windows Update for Business or otherwise) will not have detailed deployment information. 
+
+
+The following table provides a list of the detailed deployment states a device can report:
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Detailed Deployment State<TD BGCOLOR="#cceeff" ALIGN=left>Description
+<TR><TD>Update deferred<TD>The WUfB policy of the device dictates the update is deferred. 
+<TR><TD>Pre-Download Tasks Passed<TD>The device has finished all tasks necessary prior to downloading the update. 
+<TR><TD>Download Started<TD>The update has begun downloading on the device. 
+<TR><TD>Download Succeeded<TD>The device has successfully downloaded the update. 
+<TR><TD>Pre-Install Tasks Passed<TD>The device has downloaded the update successfully, and successfully passed all checks prior to beginning installation of the update. 
+<TR><TD>Install Started<TD>The device has begun installing the update. 
+<TR><TD>Reboot Required<TD>The device has finished installing the update, and a reboot is required before the update can be completed. 
+<TR><TD>Reboot Pending<TD>The device is pending a scheduled reboot before the update can be completed. 
+<TR><TD>Reboot Initiated<TD>The device has reported to have initiated the reboot process for completing the update. 
+<TR><TD>Update completed<TD>The device has completed installing, rebooting, and applying the update. 
+</TABLE>
+
+
+## Feature Update Perspective
+
+
+Like Quality Updates, the Feature Update Deployment Status perspective is a breakdown of information most essential to an administrator. This information is viewed by clicking on a given build on the Feature Update Status blade and then navigating to the **Update Deployment Status** pane as displayed previously. In Update Compliance, a perspective is assigned to a query; the query used to generate the perspective can be altered to show other information, if desired.
+
+Every piece of data shown in this view can be clicked; when clicked, it will alter the query to focus only on the data you need. If the perspective is not meaningful after the query is altered, you can use the other data views like the List and Table.
+
+>After clicking on an OS version from the Feature Update Status blade, the query must fully load the results before you can select the Update Deployment Status perspective.
+
+### Feature Update Build Summary
+
+
+The Build Summary blade provides a summary for all devices on the given build. It gives a count of all devices, as well as a count of all devices that need attention. Below the counts, you can see why the devices need attention, with a count of devices that fall into each category. See the following example:
+
+![Feature Update Build Summary](images/uc-21.png)
+
+### Feature Update Deferral Configuration
+
+
+This blade shows all deferral configurations for the devices on the given build. See the following example:
+
+
+![Feature Update Deferral Configuration](images/uc-22.png)
+
+
+Deferral configurations are WUfB-specific, and are shown as days. Some useful information regarding how deferral configurations are shown:
+- The devices are grouped based off what their deferral policy is set at. For feature updates, this can be up to 120 days. 
+- A deferral of zero days means the device has WUfB configured, but is set to not defer the update. These devices will be under “0” for the Update Deferred field.
+- Devices that are not configured to use WUfB deferral policies have a “-1” for their deferral days. In this table, the devices will show up as “Not Configured (-1)”.  
+
+### Feature Update Deployment Status
+
+As stated earlier in this section, the Feature Updates blade focuses on how Current your devices are. A device is only Current when it is on the latest feature update and quality update Microsoft offers. Thus, the Deployment Status blade displays the deployment status for devices regarding their deployment to the latest feature update. See the following example:
+
+
+![Feature Update Deployment Status](images/uc-23.png)
+
+
+This blade breaks down the main states a device can be in through the deployment of a feature update. The possible states are as follows:
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Deployment State<TD BGCOLOR="#cceeff" ALIGN=left>Description
+<TR><TD>Update completed<TD>When a device has completely finished the update process and is on the given update, it will show up here as **Update completed**. 
+<TR><TD>Inprogress<TD>Devices “in progress” of installing the given update will fall within this category. This category is iterated on with further granularity in the proceeding blade, “Detailed Deployment Status”. 
+<TR><TD>Update deferred<TD>If a device’s WUfB deferral policy dictates that it is not set to receive this update yet, the device will show as Update deferred.
+<TR><TD>Cancelled<TD>A device will report that the update has been cancelled if the user, at some point, cancelled the update on the device. 
+<TR><TD>Blocked<TD>Devices that are blocked are prevented from proceeding further with the given update. This could be because another update is paused, or some other task on the device must be performed before the update process can proceed. 
+</TABLE>
+
+<P>
+
+
+
+
+
+
+### Feature Update Detailed Deployment Status
+
+This blade provides more detail on the deployment process for the update in the Deployment Status blade. This blade is more of a deployment funnel for devices, enabling you to see at a more granular level how devices are progressing along in their deployment. See the following example:
+
+
+![Feature Update Detailed Deployment Status](images/uc-24.png)
+
+
+The following table displays all states a device can report:
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Detailed Deployment State<TD BGCOLOR="#cceeff" ALIGN=left>Description
+<TR><TD>Update deferred<TD>The WUfB policy of the device dictates the update is deferred.
+<TR><TD>Pre-Download Tasks Passed<TD>The device has finished all tasks necessary prior to downloading the update.
+<TR><TD>Download Started<TD>The update has begun downloading on the device.
+<TR><TD>Download Succeeded<TD>The device has successfully downloaded the update.
+<TR><TD>Pre-Install Tasks Passed<TD>The device has downloaded the update successfully, and successfully passed all checks prior to beginning installation of the update.
+<TR><TD>Install Started<TD>The device has begun installing the update.
+<TR><TD>Reboot Required<TD>The device has finished installing the update, and a reboot is required before the update can be completed.
+<TR><TD>Reboot Pending<TD>The device is pending a scheduled reboot before the update can be completed.
+<TR><TD>Reboot Initiated<TD>The device has reported to have initiated the reboot process for completing the update.
+<TR><TD>Update completed<TD>The device has completed installing, rebooting, and applying the update.
+</TABLE>
+
+
+
+## List of Queries
+
+Operations Management Suite leverages its powerful Log Analytics querying to perform all data calculations. For this blade, we provide examples of queries that show useful data to the user about their organization’s devices. See the following example:
+
+
+![List of Queries](images/uc-25.png)
+
+
+The following **Common queries** are available:
+
+
+<TABLE>
+<TR><TD BGCOLOR="#cceeff">Query Title<TD BGCOLOR="#cceeff" ALIGN=left>Description
+<TR><TD>OS Security Update Status<TD>This query provides an all-up view with respect to how many devices are on the latest security update for their OS version. The table will detail an aggregated count of the number of devices, out of the total (so count, or percent) are on the latest security update for their OS build. 
+<TR><TD>Update Deployment Failures<TD>This query provides a chart view, displaying an aggregation of all devices that have reported a deployment failure for either feature or quality updates. The aggregation of the data is on the given update for which a given device has reported a deployment failure. 
+<TR><TD>Devices pending reboot to complete update<TD>This query will provide a table showing all devices that are at the stage of "Reboot Pending" In the update deployment process.<BR><BR>This query will show devices which are in this state for both feature and quality updates; the data will be organized on precisely which update the given device(s) are pending a reboot to install.
+<TR><TD>Servicing Option Distribution for the devices<TD>This query provides a chart view that aggregates all devices seen by the solution on for each servicing option available for Windows 10 devices (CB, CBB, LTSB)
+OS Distribution for the devices	This query provides a chart view displaying the distribution of the different editions of Windows 10 that devices seen by the solution are running (e.g., Enterprise, Professional, Education, etc.) 
+<TR><TD>Deferral configurations for Feature Update<TD>This query provides a chart view which displays a breakdown of the different Feature Update deferral configurations through WUfB that the devices seen by the solution are using.<BR><BR>The configuration is in days. 0 days means the device has WUfB deferrals configured, but is not set to defer feature updates. -1 means the device has no feature update deferral policies configured. 
+<TR><TD>Pause configurations for Feature Update<TD>The WUfB policy 
+<TR><TD>Update deferred<TD>This query provides a chart view displaying the breakdown of devices that are either paused, or not paused for feature updates.<BR><BR>“Not configured” means the device is not paused. “Paused” means it is currently paused.
+<TR><TD>Deferral configurations for Quality Update<TD>This query provides a chart view which displays a breakdown of the different Quality Update deferral configurations through WUfB that the devices seen by the solution are using.<BR><BR>The configuration is in days. 0 days means the device has WUfB deferrals configured, but is not set to defer quality updates. -1 means the device has no quality update deferral policies configured.
+<TR><TD>Pause configurations for Quality Update<TD>This query provides to a chart view displaying the breakdown of devices that are either paused, or not paused for quality updates.<BR><BR>**Not configured** means the device is not paused. **Paused** means it is currently paused. 
+</TABLE>
+
+## Related topics
+
+[Get started with Update Compliance](update-compliance-get-started.md)

windows/manage/waas-branchcache.md

@@ -4,7 +4,7 @@ description: Use BranchCache to optimize network bandwidth during update deploym
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/waas-configure-wufb.md

@@ -4,7 +4,7 @@ description: You can use Group Policy or your mobile device management (MDM) ser
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -115,7 +115,7 @@ You can set your system to receive updates for other Microsoft products—known
 | --- | --- |
 | GPO for version 1607: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays  |
 | GPO for version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpdatePeriod |
-| MDM for version 1607: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferQualityUpdates** | \Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays |
+| MDM for version 1607: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferQualityUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays |
 | MDM for version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpdate  |
 
 
@@ -182,9 +182,9 @@ Below are quick-reference tables of the supported Windows Update for Business po
 | MDM Key | Key type | Value |
 | --- | --- | --- |
 | BranchReadinessLevel | REG_DWORD | 16: systems take Feature Updates for the Current Branch (CB)</br>32: systems take Feature Updates for the Current Branch for Business (CBB)</br>Note: Other value or absent: receive all applicable updates (CB) |
-| DeferQualityUpdatesPeriod | REG_DWORD | 0-30: defer quality updates by given days |
+| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-30: defer quality updates by given days |
 | PauseQualityUpdates | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
-| DeferFeatureUpdatesPeriod | REG_DWORD | 0-180: defer feature updates by given days |
+| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-180: defer feature updates by given days |
 | PauseFeatureUpdates | REG_DWORD | 1: pause feature updates</br>Other value or absent: don’t pause feature updates |
 | ExcludeWUDriversinQualityUpdate | REG_DWORD | 1: exclude Windows Update drivers</br>Other value or absent: offer Windows Update drivers |
 

windows/manage/waas-delivery-optimization.md

@@ -4,7 +4,7 @@ description: Delivery Optimization is a new peer-to-peer distribution method in
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -19,6 +19,10 @@ localizationpriority: high
 
 Delivery Optimization is a self-organizing distributed cache solution for businesses looking to reduce bandwidth consumption for operating system updates, operating system upgrades, and applications by allowing clients to download those elements from alternate sources (such as other peers on the network) in addition to the traditional Internet-based Windows Update servers. You can use Delivery Optimization in conjunction with stand-alone Windows Update, Windows Server Update Services (WSUS), and Windows Update for Business. This functionality is similar to BranchCache in other systems, such as System Center Configuration Manager. 
 
+Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This mean that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet.
+
+For more details, see [Download mode](#download-mode).
+
 >[!NOTE]
 >WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead. 
 
@@ -28,197 +32,113 @@ By default in Windows 10 Enterprise and Education, Delivery Optimization allows
 
 You can use Group Policy or an MDM solution like Intune to configure Delivery Optimization. 
 
-- Group Policy: Computer Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization
-- MDM: .Vendor/MSFT/Policy/Config/DeliveryOptimization
+You will find the Delivery Optimization settings in Group Policy under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**.
+In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**.
 
-Several Delivery Optimization features are configurable.
+Several Delivery Optimization features are configurable:
 
-### Download mode (DODownloadMode)
+| Group Policy setting | MDM setting |
+| --- | --- |
+| [Download mode](#download-mode) | DODownloadMode |
+| [Group ID](#group-id)  | DOGroupID |
+| [Max Cache Age](#max-cache-age) | DOMaxCacheAge |
+| [Max Cache Size](#max-cache-size)  | DOMaxCacheSize |
+| [Absolute Max Cache Size](#absolute-max-cache-size) | DOAbsoluteMaxCacheSize |
+| [Modify Cache Drive](#modify-cache-drive) | DOModifyCacheDrive |
+| [Maximum Download Bandwidth](#maximum-download-bandwidth) | DOMaxDownloadBandwidth |
+| [Percentage of Maximum Download Bandwidth](#percentage-of-maximum-download-bandwidth) | DOPercentageMaxDownloadBandwidth |
+| [Max Upload Bandwidth](#max-upload-bandwidth) | DOMaxUploadBandwidth |
+| [Monthly Upload Data Cap](#monthly-upload-data-cap) | DOMonthlyUploadDataCap |
+| [Minimum Background QoS](#minimum-background-qos) | DOMinBackgroundQoS |
+
+When configuring Delivery Optimization on Windows 10 devices, the first and most important thing to configure, would be [Download mode](#download-mode). Download mode dictates how Delivery Optimization downloads Windows updates.
+
+While every other feature setting is optional, they offer enhanced control of the Delivery Optimization behavior.
+
+[Group ID](#group-id), combined with Group [Download mode](#download-mode), enables administrators to create custom device groups that will share content between devices in the group.
+
+Delivery Optimization uses locally cached updates. In cases where devices have ample local storage and you would like to cache more content, or if you have limited storage and would like to cache less, use the settings below to adjust the Delivery Optimization cache to suit your scenario:
+- [Max Cache Size](#max-cache-size) and [Absolute Max Cache Size](#absolute-max-cache-size) control the amount of space the Delivery Optimization cache can use.
+- [Max Cache Age](#max-cache-age) controls the retention period for each update in the cache.
+- The system drive is the default location for the Delivery Optimization cache. [Modify Cache Drive](#modify-cache-drive) allows administrators to change that location.
+
+>[!NOTE]
+>It is possible to configure preferred cache devices. For more information, see [Set “preferred” cache devices for Delivery Optimization](#set-preferred-cache-devices).
+
+There are additional options available to robustly control the impact Delivery Optimization has on your network:
+- [Maximum Download Bandwidth](#maximum-download-bandwidth) and [Percentage of Maximum Download Bandwidth](#percentage-of-maximum-download-bandwidth) controls the download bandwidth used by Delivery Optimization.
+- [Max Upload Bandwidth](#max-upload-bandwidth) controls the Delivery Optimization upload bandwidth usage.
+- [Monthly Upload Data Cap](#monthly-upload-data-cap) controls the amount of data a client can upload to peers per month.
+- [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This is achieved by adjusting the amount of data downloaded directly from Windows Update or WSUS servers, rather than other peers in the network.
+
+### How Microsoft uses Delivery Optimization
+In Microsoft, to help ensure that ongoing deployments weren’t affecting our network and taking away bandwidth for other services, Microsoft IT used a couple of different bandwidth management strategies. Delivery Optimization, peer-to-peer caching enabled through Group Policy, was piloted and then deployed to all managed devices using Group Policy. Based on recommendations from the Delivery Optimization team, we used the "group" configuration to limit sharing of content to only the devices that are members of the same Active Directory domain. The content is cached for 24 hours. More than 76 percent of content came from peer devices versus the Internet.
+
+For more details, check out the [Adopting Windows as a Service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) technical case study.
+
+Provided below is a detailed description of every configurable feature setting. Use these details when configuring any of the above settings.
+
+### Download mode
 
 Download mode dictates which download sources clients are allowed to use when downloading Windows updates in addition to Windows Update servers.  The following table shows the available download mode options and what they do.
 
 | Download mode option | Functionality when set |
 | --- | --- |
-| HTTP Only (0) | This setting disables peer content sharing but still allows Delivery Optimization to download content from Windows Update servers or WSUS servers. |
+| HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content from Windows Update servers or WSUS servers. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
 | LAN (1 – Default) | This default operating mode for Delivery Optimization enables peer sharing on the same network. | 
 | Group (2) | When group mode is set, the group is automatically selected based on the device’s Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use the GroupID option to create your own custom group independently of domains and AD DS sites. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
 | Internet (3) | Enable Internet peer sources for Delivery Optimization. |
-| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable or unreachable. |
+| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. |
 |Bypass (100) |	Bypass Delivery Optimization and use BITS, instead. For example, select this mode so that clients can use BranchCache. |
 
 >[!NOTE]
 >Group mode is a best effort optimization and should not be relied on for an authentication of identity of devices participating in the group.
 
-### Group ID (DOGroupID)
+### Group ID
 
 By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and AD DS site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or AD DS site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to peer. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group. 
 
 >[!NOTE]
 >This configuration is optional and not required for most implementations of Delivery Optimization.
     
-### Max Cache Age (DOMaxCacheAge)
+### Max Cache Age
 
 In environments configured for Delivery Optimization, you may want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client computer. The default Max Cache Age value is 259,200 seconds (3 days). Alternatively, organizations may choose to set this value to “0” which means “unlimited” to avoid peers re-downloading content. When “Unlimited” value is set, Delivery Optimization will hold the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed).
 
-### Max Cache Size (DOMaxCacheSize)
+### Max Cache Size
 
 This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows 10 client computer that has 100 GB of available drive space, then Delivery Optimization will use up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. The default value for this setting is 20.
 
-### Absolute Max Cache Size (DOAbsoluteMaxCacheSize)
+### Absolute Max Cache Size
 
 This setting specifies the maximum number of gigabytes the Delivery Optimization cache can use. This is different from the **DOMaxCacheSize** setting, which is a percentage of available disk space. Also, if you configure this policy, it will override the **DOMaxCacheSize** setting. The default value for this setting is 10 GB.
 
-### Maximum Download Bandwidth (DOMaxDownloadBandwidth)
+### Maximum Download Bandwidth
 
 This setting specifies the maximum download bandwidth that can be used across all concurrent Delivery Optimization downloads in kilobytes per second (KB/s). A default value of 0 means that Delivery Optimization will dynamically adjust and optimize the maximum bandwidth used.
 
-### Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth)
+### Percentage of Maximum Download Bandwidth
 
 This setting specifies the maximum download bandwidth that Delivery Optimization can use across all concurrent download activities as a percentage of available download bandwidth. The default value 0 means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
 
-### Max Upload Bandwidth (DOMaxUploadBandwidth)
+### Max Upload Bandwidth
 
 This setting allows you to limit the amount of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is set in kilobytes per second (KB/s). The default setting is 0, or “unlimited” which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it does not cap the upload bandwidth rate at a set rate.
 
-### Minimum Background QoS (DOMinBackgroundQoS)
+### Minimum Background QoS
 
 This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more bytes from Windows Update servers or WSUS. Simply put, the lower this value is, the more content will be sourced using peers on the network rather than Windows Update. The higher this value, the more content is received from Windows Update servers or WSUS, versus peers on the local network.
 
-### Modify Cache Drive (DOModifyCacheDrive)
+### Modify Cache Drive
 
 This setting allows for an alternate Delivery Optimization cache location on the clients. By default, the cache is stored on the operating system drive through the %SYSTEMDRIVE% environment variable. You can set the value to an environment variable (e.g., %SYSTEMDRIVE%), a drive letter (e.g., D:), or a folder path (e.g., D:\DOCache).
 
-### Monthly Upload Data Cap (DOMonthlyUploadDataCap)
+### Monthly Upload Data Cap
 
 This setting specifies the total amount of data in gigabytes that a Delivery Optimization client can upload to Internet peers per month. A value of 0 means that an unlimited amount of data can be uploaded. The default value for this setting is 20 GB.
-
-## Delivery Optimization configuration examples
-
-Delivery Optimization can be configured in various ways, leveraging the policies described in the previous section.  The following samples describe some common scenarios that organizations may want to set up, given specific scenarios in use for their organization.
-
-### Use Delivery Optimzation with group download mode
-
-Delivery Optimization by default will consider all PCs in an organizations as peers for sharing content, even those that might be located across a slower WAN link.  Group download mode is designed to help with this by limiting the PCs that can be used. In Windows 10, version 1511, group download mode considers PCs in the same domain and with the same configured Group ID to be eligible peers. In Windows 10, version 1607, the default behavior also adds the PC's AD DS site into the grouping determination.
-
-**To use Group Policy to configure Delivery Optimization for group download mode**
-
-1.	Open Group Policy Management Console (GPMC).
-
-2.	Expand Forest\Domains\\*Your_Domain*.
-
-3.	Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**.
-
-4.	In the **New GPO** dialog box, in the **Name** box, type **Delivery Optimization – Group**.
-
-5.	Right-click the **Delivery Optimization – Group** GPO, and then click **Edit**.
-
-6.	In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization.
-
-7.	Right-click the **Download Mode** setting, and then click **Edit**.
-
-8.	Enable the policy, and then select the **Group** download mode.
-
-9.	Right-click the **GroupID** setting, and then click **Edit**. Enable the policy, and then specify a unique GUID for each group of PCs. (This is not required for Windows 10, version 1607, since the AD site code will be used to group devices automatically.)
-
-10.	Click **OK**, and then close the Group Policy Management Editor.
-
-11.	In GPMC, select the **Delivery Optimization – Group** policy.
-
-12.	On the **Scope** tab, under **Security Filtering**, configure the policy to be targeted to an approprite computer group.
-
-**To use Intune to configure Delivery Optimization for group download mode**
-
-1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials.
-
-2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
     
-3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
-
-4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**.
-
-5. In **Setting name**, type **Set Delivery Optimization to Group**, and then select **Integer** from the **Data type** list.
-
-6. In the **OMA-URI** box, type **.Vendor/MSFT/Policy/Config/DeliveryOptimization/DODownloadMode**.
-
-7. In the **Value** box, type **2**, and then click **OK**.
-
-    >[!NOTE]
-    >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax.
-
-8. Click **Save Policy**.
-
-9. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**.
-
-    >[!NOTE]
-    >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
-    
-10. In the **Manage Deployment** dialog box, select the **All Computers** group, click **Add**, and then click **OK**.
-
-### Use WSUS and BranchCache with Windows 10, version 1511
-
-In Windows 10, version 1511, Delivery Optimization is enabled by default and is used for peer-to-peer sharing of updates.  For organizations that wish to instead leverage BranchCache for the caching of updates being delivered from a WSUS server, Delivery Optimization can be configured to leverage the **HTTP only** download mode, which results in Background Intelligent Transfer Service (BITS) being used to transfer the content; BITS will then use BranchCache when peers are available on the same subnet, and use the WSUS server directly when no peers are available.
-
-**To use Group Policy to configure HTTP only download mode**
-
-1.	Open Group Policy Management Console (GPMC).
-
-2.	Expand Forest\Domains\\*Your_Domain*.
-
-3.	Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**.
-
-4.	In the **New GPO** dialog box, in the **Name** box, type **Delivery Optimization – HTTP Only**.
-
-5.	Right-click the **Delivery Optimization – HTTP Only** GPO, and then click **Edit**.
-
-6.	In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization.
-
-7.	Right-click the **Download Mode** setting, and then click **Edit**.
-
-8.	Enable the policy, and then select the **HTTP only** download mode.
-
-9.	Click **OK**, and then close the Group Policy Management Editor.
-
-10.	In GPMC, select the **Delivery Optimization – HTTP Only** policy.
-
-11.	On the **Scope** tab, under **Security Filtering**, select the default **AUTHENTICATED USERS** security group, and then click **Remove**. Then, click **Add**, browse to the **Domain Computers** group, and then click **OK**.
-
-    ![example of UI](images/waas-do-fig4.png)
-
-    >[!NOTE]
-    >This example uses the Domain Computers group, but you can deploy this policy setting to any computer group.
-
-### Use WSUS and BranchCache with Windows 10, version 1607
-
-In Windows 10, version 1607, Delivery Optimization is enabled by default and is used for peer-to-peer sharing of updates. For organizations that wish to instead leverage BranchCache for the caching of updates being delivered from a WSUS server, Delivery Optimization can be configured to leverage the **Bypass** download mode (new in Windows 10, version 1607), which results in BITS being used to transfer the content; BITS will then use BranchCache when peers are available on the same subnet, and use the WSUS server directly when no peers are available.
-
-**To use Group Policy to enable the Bypass download mode**
-
-1.	Open Group Policy Management Console (GPMC).
-
-2.	Expand Forest\Domains\\*Your_Domain*.
-
-3.	Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**.
-
-4.	In the **New GPO** dialog box, in the **Name** box, type **Delivery Optimization – Bypass**.
-
-5.	Right-click the **Delivery Optimization – Bypass** GPO, and then click **Edit**.
-
-6.	In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization.
-
-7.	Right-click the **Download Mode** setting, and then click **Edit**.
-
-8.	Enable the policy, and then select the **Bypass** download mode. (Note that this download mode is only present in the Windows 10, version 1607, Group Policy ADMX files.)
-
-9.	Click **OK**, and then close the Group Policy Management Editor.
-
-10.	In GPMC, select the **Delivery Optimization – Bypass** policy.
-
-11.	On the **Scope** tab, under **Security Filtering**, select the default **AUTHENTICATED USERS** security group, and then click **Remove**. Then, click **Add**, select the **Domain Computers** group, and then click **OK**.
-
-    >[!NOTE]
-    >This example uses the Domain Computers group, but you can deploy this policy setting to any computer group.
-    
-### Set “preferred” cache devices for Delivery Optimization
+<span id="set-preferred-cache-devices"/>
+## Set “preferred” cache devices for Delivery Optimization
 
 In some cases, IT pros may have an interest in identifying specific devices that will be “preferred” as sources to other devices—for example, devices that have hard-wired connections, large drives that you can use as caches, or a high-end hardware profile. These preferred devices will act as a “master” for the update content related to that devices’s configuration (Delivery Optimization only caches content relative to the client downloading the content).
 

windows/manage/waas-deployment-rings-windows-10-updates.md

@@ -4,7 +4,7 @@ description: Deployment rings in Windows 10 are similar to the deployment groups
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/waas-integrate-wufb.md

@@ -4,7 +4,7 @@ description: Use Windows Update for Business deployments with management tools s
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/waas-manage-updates-configuration-manager.md

@@ -4,7 +4,7 @@ description: System Center Configuration Manager provides maximum control over q
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/waas-manage-updates-wsus.md

@@ -4,7 +4,7 @@ description: WSUS allows companies to defer, selectively approve, choose when de
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/waas-manage-updates-wufb.md

@@ -4,7 +4,7 @@ description: Windows Update for Business lets you manage when devices received u
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -18,17 +18,20 @@ localizationpriority: high
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service.  You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings. Using Group Policy or MDM solutions such as Intune, you can control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines.  
+Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service.  You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines.  
 
 Specifically, Windows Update for Business allows for: 
 
-- The creation of deployment and validation groups, where administrators can specify which devices go first in an update wave, and which ones will come later (to ensure any quality bars are met).
+- The creation of deployment rings, where administrators can specify which devices go first in an update wave, and which ones will come later (to ensure any quality bars are met).
 - Selectively including or excluding drivers as part of Microsoft-provided updates
 - Integration with existing management tools such as Windows Server Update Services (WSUS), System Center Configuration Manager, and Microsoft Intune.
 - Peer-to-peer delivery for Microsoft updates, which optimizes bandwidth efficiency and reduces the need for an on-site server caching solution.
 
 Windows Update for Business is a free service that is available for Windows Pro, Enterprise, Pro Education, and Education.
 
+>[!NOTE]
+>See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10.
+
 ## Update types
 
 Windows Update for Business provides three types of updates to Windows 10 devices:
@@ -37,7 +40,7 @@ Windows Update for Business provides three types of updates to Windows 10 device
 - **Quality Updates**: these are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time).  These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as Quality Updates. These non-Windows Updates are known as *Microsoft Updates* and devices can be optionally configured to receive such updates along with their Windows Updates.
 - **Non-deferrable updates**: Currently, antimalware and antispyware Definition Updates from Windows Update cannot be deferred.
  
-Both Feature and Quality Updates can be deferred from deploying to client devices by a Windows Update for Business administrator within a bounded rage of time from when those updates are first made available on the Windows Update Service. This deferral capability allows administrators to validate deployments as they are pushed to all client devices configured for Windows Update for Business.
+Both Feature and Quality Updates can be deferred from deploying to client devices by a Windows Update for Business administrator within a bounded range of time from when those updates are first made available on the Windows Update Service. This deferral capability allows administrators to validate deployments as they are pushed to all client devices configured for Windows Update for Business.
 
 <table>
 <tr>

windows/manage/waas-mobile-updates.md

@@ -4,7 +4,7 @@ description: tbd
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/waas-optimize-windows-10-updates.md

@@ -4,7 +4,7 @@ description: Two methods of peer-to-peer content distribution are available in W
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -40,10 +40,42 @@ Two methods of peer-to-peer content distribution are available in Windows 10.
 | BranchCache | ![no](images/crossmark.png) | ![no](images/crossmark.png) |![yes](images/checkmark.png) | ![yes](images/checkmark.png) |
 
 >[!NOTE]
->Starting with preview version 1604, System Center Configuration Manager has an additional feature called Client Peer Cache that allows peer-to-peer content sharing between clients you use System Center Configuration Manager to manage in the same Configuration Manager boundary group. This is expected to be available in later Configuration Manager current branch releases.
+>System Center Configuration Manager has an additional feature called Client Peer Cache that allows peer-to-peer content sharing between clients you use System Center Configuration Manager to manage, in the same Configuration Manager boundary Group. For more information, see [Client Peer Cache](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/client-peer-cache).
 >
->In addition to client content sharing, similar functionality is available in the Windows Preinstallation Environment (Windows PE) for imaging-related content. Using this technology, clients imaging with System Center Configuration Manager task sequences can source operating system images, driver packages, boot images, packages, and programs from peers instead of distribution points. For detailed information about how Windows PE Peer Cache works and how to configure it, see [Prepare Windows PE peer cache to reduce WAN traffic in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt613173.aspx).
+>In addition to Client Peer Cache, similar functionality is available in the Windows Preinstallation Environment (Windows PE) for imaging-related content. Using this technology, clients imaging with System Center Configuration Manager task sequences can source operating system images, driver packages, boot images, packages, and programs from peers instead of distribution points. For detailed information about how Windows PE Peer Cache works and how to configure it, see [Prepare Windows PE peer cache to reduce WAN traffic in System Center Configuration Manager](https://technet.microsoft.com/library/mt613173.aspx).
 
+## Express update delivery
+
+Windows 10 update downloads can be large because every package contains all previously released fixes to ensure consistency and simplicity. Windows has been able to reduce the size of Windows Update downloads with a feature called Express.
+
+### How Microsoft supports Express
+- **Express on WSUS Standalone**
+  
+  Express update delivery is available on [all support versions of WSUS](https://technet.microsoft.com/library/cc708456(v=ws.10).aspx).
+- **Express on devices directly connected to Windows Update**
+- **Enterprise devices managed using [Windows Update for Business](waas-manage-updates-wufb.md)** also get the benefit of Express update delivery support without any change in configuration.
+
+### How Express download works
+
+For OS updates that support Express, there are two versions of the file payload stored on the service:
+1. **Full-file version** - essentially replacing the local versions of the update binaries.
+2. **Express version** - containing the deltas needed to patch the existing binaries on the device.
+
+Both the full-file version and the Express version are referenced in the udpate's metadata, which has been downloaded to the client as part of the scan phase.
+
+**Express download works as follows:**
+
+The Windows Update client will try to download Express first, and under certain situations fall back to full-file if needed (for example, if going through a proxy that doesn't support byte range requests).
+
+1. When the Windows Update client initiates an Express download, **Windows Update first downloads a stub**, which is part of the Express package.
+2. **The Windows Update client passes this stub to the Windows installer**, which uses the stub to do a local inventory, comparing the deltas of the file on the device with what is needed to get to the latest version of the file being offered.
+3. **The Windows installer then requests the Windows Update client to download the ranges**, which have been determined to be required.
+4. **The client downloads these ranges and passes them to the Windows Installer**, which applies the ranges and then determines if additional ranges are needed. This repeats until the Windows installer tells the Windows Update client that all necessary ranges have been downloaded.
+
+At this point, the download is complete and the update is ready to be installed.
+
+>[!TIP]
+>Express will **always** be leveraged if your machines are updated regularly with the latest cumulative updates.
 
 ## Steps to manage updates for Windows 10
 

windows/manage/waas-overview.md

@@ -4,7 +4,7 @@ description: In Windows 10, Microsoft has streamlined servicing to make operatin
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -127,7 +127,9 @@ For many IT pros, gaining visibility into feature updates early—before they’
 Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about how to sign up for the Windows Insider Program and enroll test devices, go to [https://insider.windows.com](https://insider.windows.com).
 
 >[!NOTE]
->The Windows Insider Program isn’t intended to replace CB deployments in an organization. Rather, it provides IT pros and other interested parties with prerelease Windows builds that they can test and ultimately provide feedback on to Microsoft. 
+>Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app. 
+>
+>The Windows Insider Program isn’t intended to replace CB deployments in an organization. Rather, it provides IT pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. 
 
 
 
@@ -136,7 +138,7 @@ Microsoft recommends that all organizations have at least a few PCs enrolled in
 There are many tools with which IT pros can service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:
 
 - **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the CBB servicing branch. Organizations can control which devices defer updates and stay in the CBB servicing branch or remain in CB by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 client.
-- **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes a little more control over update deferment and provides centralized management using Group Policy. In Windows 10 version 1511, Windows Update for Business can be used to defer feature updates for up to 8 months and quality updates for up to 4 weeks. Also, these deferment options were available only to clients in the CBB servicing branch. In Windows 10 version 1607 and later, Windows Update for Business can be used to defer feature updates for up to 180 days and quality updates for up to 30 days. These deployment options are available to clients in either the CB or CBB servicing branch. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune. In addition to Intune, organizations can use Group Policy to manage Windows Update for Business. 
+- **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes a little more control over update deferment and provides centralized management using Group Policy. In Windows 10 version 1511, Windows Update for Business can be used to defer feature updates for up to 8 months and quality updates for up to 4 weeks. Also, these deferment options were available only to clients in the CBB servicing branch. In Windows 10 version 1607 and later, Windows Update for Business can be used to defer feature updates for up to 180 days and quality updates for up to 30 days. These deployment options are available to clients in either the CB or CBB servicing branch. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune.
 - **Windows Server Update Services (WSUS)** provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. 
 - **System Center Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. 
 

windows/manage/waas-quick-start.md

@@ -4,7 +4,7 @@ description: In Windows 10, Microsoft has streamlined servicing to make operatin
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -52,7 +52,13 @@ Additional technologies such as BranchCache and Delivery Optimization, both peer
 
 See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) and [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) for more information.
 
+## Video: An overview of Windows as a service
 
+<iframe width="560" height="315" src="https://www.youtube.com/embed/MLc4-Suv0LU" frameborder="0" allowfullscreen></iframe> 
+ 
+## Learn more
+
+[Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft)
 
 
 ## Related topics

windows/manage/waas-restart.md

@@ -4,7 +4,7 @@ description: tbd
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -18,33 +18,67 @@ localizationpriority: high
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-You can use Group Policy settings or mobile device management (MDM) to configure when devices will restart after a Windows 10 update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both.
+You can use Group Policy settings, mobile device management (MDM) or Registry (not recommended) to configure when devices will restart after a Windows 10 update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both.
 
 ## Schedule update installation
 
-When you set the **Configure Automatic Updates** policy to **Auto download and schedule the install**, you also configure the day and time for installation or you specify that installation will occur during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
+In Group Policy, within **Configure Automatic Updates**, you can configure a forced restart after a specified instllation time. 
 
-When **Configure Automatic Updates** is enabled, you can enable one of the following additional policies to manage device restart:
+To set the time, you need to go to **Configure Automatic Updates**, select option **4 - Auto download and schedule the instal**, and then enter a time in the **Scheduled install time** dropdown. Alternatively, you can specify that installtion will occur during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
+
+**Always automatically restart at the scheduled time** forces a restart after the specified installation time and lets you configure a timer to warn a signed-in user that a restart is going to occur.
+
+While not recommended, the same result can be achieved through Registry. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4**, set the install time with **ScheduledInstallTime**, enable **AlwaysAutoRebootAtScheduledTime** and specify the delay in minutes through **AlwaysAutoRebootAtScheduledTimeMinutes**. Similar to Group Policy, **AlwaysAutoRebootAtScheduledTimeMinutes** sets the timer to warn a signed-in user that a restart is going to occur.
+
+For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+
+## Delay automatic reboot
+
+When **Configure Automatic Updates** is enabled in Group Policy, you can enable one of the following additional policies to delay an automatic reboot after update installtion:
 
 - **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours.
-- **Always automatically restart at the scheduled time** forces a restart after the specified installation time and lets you configure a timer to warn a signed-in user that a restart is going to occur. To set the time, you need to go **Configure Automatic Updates**, select option **4 - Auto download and schedule the install**, and then enter a time in the **Scheduled install time** dropdown.
 - **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**. 
 
+You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it will override this setting.
+
+For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+
 ## Configure active hours
 
-You can configure active hours for devices without setting the **Configure Automatic Updates** policy. *Active hours* identify the period of time when you expect the device to be in use. Automatic restarts after an update will occur outside of the active hours. 
+*Active hours* identify the period of time when you expect the device to be in use. Automatic restarts after an update will occur outside of the active hours. 
 
-By default, active hours are from 8 AM to 5 PM on PCs and from 5 AM to 11 PM on phones. Users can change the active hours manually. Additionally, administrators can use Group Policy or MDM to set active hours for managed devices.
+By default, active hours are from 8 AM to 5 PM on PCs and from 5 AM to 11 PM on phones. Users can change the active hours manually. 
+
+Administrators can use multiple ways to set active hours for managed devices:
+
+- You can use Group Policy, as described in the procedure that follows.
+- You can use MDM, as described in [Configuring active hours with MDM](#configuring-active-hours-with-mdm).
+- While not recommended, you can also configure active hours, as descrbied in [Configuring active hours through Registry](#configuring-active-hours-through-registry).
+
+### Configuring active hours with Group Policy
 
 To configure active hours using Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and open the **Turn off auto-restart for updates during active hours** policy setting. When the policy is enabled, you can set the start and end times for active hours.
 
 ![Use Group Policy to configure active hours](images/waas-active-hours-policy.png)
 
+### Configuring active hours with MDM
+
 MDM uses the [Update/ActiveHoursStart and Update/ActiveHoursEnd](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_ActiveHoursEnd) settings in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to configure active hours.
 
-To configure active hours manually on a single device, go to **Settings** > **Update & security** > **Windows Update** and select **Change active hours**.
+### Configuring active hours through Registry
 
-![Change active hours](images/waas-active-hours.png)
+This method is not recommended, and should only be used when neither Group Policy or MDM are available.
+Any settings configured through Registry may conflict with any existing configuration that uses any of the methods mentioned above.
+
+You should set a combination of the following registry values, in order to configure active hours.
+Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate** use **SetActiveHours** to enable or disable active hours and **ActiveHoursStart**,**ActiveHoursEnd** to specify the range of active hours.
+
+For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+
+>[!NOTE]
+>To configure active hours manually on a single device, go to **Settings** > **Update & security** > **Windows Update** and select **Change active hours**.
+>
+>![Change active hours](images/waas-active-hours.png)
 
 ## Limit restart delays
 
@@ -65,11 +99,36 @@ In the Group Policy editor, you will see a number of policy settings that pertai
 | Reschedule Automatic Updates scheduled installations | ![no](images/crossmark.png) |   |
 
 >[!NOTE]
->If you set conflicting restart policies, the actual restart behavior may not be what you expected. 
+>You can only choose one path for restart behavior.
+>
+>If you set conflicting restart policies, the actual restart behavior may not be what you expected.
 
+## Registry keys used to manage restart
+The following tables list registry values that correspond to the Group Policy settings for controlling restarts after updates in Windows 10.
 
+**HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate**
 
+| Registry key |	Key type | Value |
+| --- | --- | --- |
+| ActiveHoursEnd	| REG_DWORD | 0-23: set active hours to end at a specific hour</br>starts with 12 AM (0) and ends with 11 PM (23) |
+| ActiveHoursStart | REG_DWORD | 0-23: set active hours to start at a specific hour</br>starts with 12 AM (0) and ends with 11 PM (23) | 
+| SetActiveHours | REG_DWORD | 0: disable automatic restart after updates outside of active hours</br>1: enable automatic restart after updates outside of active hours |
 
+**HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**
+
+| Registry key | Key type | Value |
+| --- | --- | --- |
+| AlwaysAutoRebootAtScheduledTime | REG_DWORD | 0: disable automatic reboot after update installation at scheduled time</br>1: enable automatic reboot after update installation at ascheduled time |
+| AlwaysAutoRebootAtScheduledTimeMinutes | REG_DWORD | 15-180: set automatic reboot to occur after given minutes |
+| AUOptions | REG_DWORD | 2: notify for download and automatically install updates</br>3: automatically download and notify for instllation of updates</br>4: Automatically download and schedule installation of updates</br>5: allow the local admin to configure these settings</br>**Note:** To configure restart behavior, set this value to **4** |
+| NoAutoRebootWithLoggedOnUsers | REG_DWORD | 0: disable do not reboot if users are logged on</br>1: do not reboot after an update installation if a user is logged on</br>**Note:** If disabled : Automatic Updates will notify the user that the computer will automatically restarts in 5 minutes to complete the installation  |
+| ScheduledInstallTime | REG_DWORD | 0-23: schedule update installation time to a specific hour</br>starts with 12 AM (0) and ends with 11 PM (23) |
+
+There are 3 different registry combinations for controlling restart behavior:
+
+- To set active hours, **SetActiveHours** should be **1**, while **ActiveHoursStart** and **ActiveHoursEnd** should define the time range.
+- To schedule a specific instllation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
+- To delay rebooting if a user is logged on, **AUOptions** should be **4**, while **NoAutoRebootWithLoggedOnUsers** is set to **1**. 
 
 ## Related topics
 

windows/manage/waas-servicing-branches-windows-10-updates.md

@@ -4,7 +4,7 @@ description: tbd
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -90,10 +90,17 @@ Enrolling devices in the Windows Insider Program is simple and requires only a M
 
 6.	Click **Confirm**, and then select a time to restart the computer.
 
-7. After you restart the device, go to **Start** > **Settings** > **Update & security** > **Windows Insider Program** to select your Insider level. The device receives the most recent Windows Insider build for the Insider level you select. The options for Insider level are:
-    - **Release Preview**: Insiders on this level receive builds of Windows just before Microsoft releases them for CB. Although these builds aren’t final, they are the most complete and stable builds available to Windows Insider Program participants. This level provides the best testing platform for organizations that conduct early application compatibility testing on Windows Insider PCs.
-    - **Slow**: The Slow Windows Insider level is for users who enjoy seeing new builds of Windows with minimal risk to their devices but still want to provide feedback to Microsoft about their experience with the new build.
-    - **Fast**: This level is best for Insiders who would like to be the first to experience new builds of Windows, participate in identifying and reporting issues to Microsoft, and provide suggestions on new functionality. 
+## Install your first preview build from the Windows Insider Program
+
+After enrolling your devices, you are ready to install your first preview build. To do so, go to **Start** > **Settings** > **Update & security** > **Windows Insider Program** to select your Insider level. The device receives the most recent Windows Insider build for the Insider level you select. 
+
+The options for Insider level are:
+- **Release Preview**: Insiders on this level receive builds of Windows just before Microsoft releases them for CB. Although these builds aren’t final, they are the most complete and stable builds available to Windows Insider Program participants. This level provides the best testing platform for organizations that conduct early application compatibility testing on Windows Insider PCs.
+- **Slow**: The Slow Windows Insider level is for users who enjoy seeing new builds of Windows with minimal risk to their devices but still want to provide feedback to Microsoft about their experience with the new build.
+- **Fast**: This level is best for Insiders who would like to be the first to experience new builds of Windows, participate in identifying and reporting issues to Microsoft, and provide suggestions on new functionality. 
+
+>[!NOTE]
+>Once your machine is updated to Windows 10 and you select your desired flight ring, the process known as "Compatibility check" will need to run in the background. There is no manual way to force this process to run. This process allows for the discovery of your OS type (32-bit, 64-bit), build edition (Home, Pro, Enterprise), country and language settings, and other required information. Once this process is complete, your machine will be auto-targeted for the next available flight for your selected ring. For the first build on any given machine, this may take up to 24 hours to complete.
 
 ## Block access to Windows Insider Program
 
@@ -190,6 +197,13 @@ or [Manage Windows 10 updates using System Center Configuration Manager](waas-ma
 </tbody></table>
 </br>
 
+## Block user access to Windows Update settings
+
+In Windows 10, administrators can control user access to Windows Update.
+By enabling the Group Policy setting under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Remove access to use all Windows update features**, administrators can disable the "Check for updates" option for users. Any background update scans, downloads and installations will continue to work as configured.
+
+>[!NOTE]
+> In Windows 10, any Group Policy user configuration settings for Windows Update were deprecated and are no longer supported on this platform.
 
 ## Related topics
 

windows/manage/waas-servicing-strategy-windows-10-updates.md

@@ -4,7 +4,7 @@ description: A strong Windows 10 deployment strategy begins with establishing a
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/waas-update-windows-10.md

@@ -4,7 +4,7 @@ description: Windows as a service provides an all-new way to think about buildin
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 
@@ -21,7 +21,9 @@ localizationpriority: high
 Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort out into a continuous updating process, reducing the overall effort required to maintain Windows 10 devices in your environment. In addition, with the Windows 10 operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them. 
 
 >[!TIP]
->See [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history) for details about each Windows 10 update released to date.  
+>See [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history) for details about each Windows 10 update released to date. 
+
+ 
 
 ## In this section
 
@@ -32,6 +34,7 @@ Windows as a service provides a new way to think about building, deploying, and
 | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy.  |
 | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates.  |
 | [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md) | Explains how to assign devices to Current Branch (CB) or Current Branch for Business (CBB) for feature and quality updates, and how to enroll devices in Windows Insider. |
+| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization.  |
 | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution.  |
 | [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
 | [Manage updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.  |

windows/manage/waas-wufb-group-policy.md

@@ -4,7 +4,7 @@ description: Configure Windows Update for Business settings using Group Policy.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/waas-wufb-intune.md

@@ -4,7 +4,7 @@ description: Configure Windows Update for Business settings using Microsoft Intu
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
 localizationpriority: high
 ---
 

windows/manage/windows-10-mobile-and-mdm.md

@@ -713,8 +713,8 @@ Microsoft aspires to update Windows 10 Mobile devices with the latest updates au
 <td align="left"><strong>Cellular</strong></td>
 <td align="left">Device is only connected to a cellular network (standard data charges apply)</td>
 <td align="left">Will skip a daily scan if scan was successfully completed in the last 5 days</td>	      
-<td align="left">Will only occur if update package is small and does not exceed the mobile operator data limit or the user clicks “download now”.</td>
-<td align="left">Yes, if the user clicked “download now”</td>	      
+<td align="left">Will only occur if update package is small and does not exceed the mobile operator data limit.</td>
+<td align="left">Yes</td>	      
 <td align="left">Idem</td>	      
 </tr>
 <tr class="even">

windows/manage/windows-10-start-layout-options-and-policies.md

@@ -23,6 +23,8 @@ Organizations might want to deploy a customized Start and taskbar configuration
 
 >[!NOTE]
 >Taskbar configuration is available starting in Windows 10, version 1607.
+>
+>Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx).
 
 ## Start options
 

windows/manage/windows-libraries.md

@@ -0,0 +1,128 @@
+---
+ms.assetid: e68cd672-9dea-4ff8-b725-a915f33d8fd2
+title: Windows Libraries
+ms.prod: windows-server-threshold
+ms.author: jgerend
+ms.manager: dongill
+ms.technology: storage
+ms.topic: article
+author: jasongerend
+ms.date: 2/6/2017
+description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
+---
+# Windows Libraries
+
+> Applies to: Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
+
+Libraries are virtual containers for users’ content. A library can contain files and folders stored on the local computer or in a remote storage location. In Windows Explorer, users interact with libraries in ways similar to how they would interact with other folders. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with, and these known folders are automatically included in the default libraries and set as the default save location.
+
+## Features for Users
+
+Windows libraries are backed by full content search and rich metadata. Libraries offer the following advantages to users:
+- Aggregate content from multiple storage locations into a single, unified presentation.
+- Enable users to stack and group library contents based on metadata.
+- Enable fast, full-text searches across multiple storage locations, from Windows Explorer or from the Start menu.
+- Support customized filter search suggestions, based on the types of files contained in the library.
+- Enable users to create new libraries and specify which folders they want to include.
+
+## Features for Administrators
+
+Administrators can configure and control Windows libraries in the following ways:
+- Create custom libraries by creating and deploying Library Description (*.library-ms) files.
+- Hide or delete the default libraries. (The Library node itself cannot be hidden or deleted from the Windows Explorer navigation pane.)
+- Specify a set of libraries available to Default User, and then deploy those libraries to users that derive from Default User.
+- Specify locations to include in a library.
+- Remove a default location from a library.
+- Remove advanced libraries features, when the environment does not support the local caching of files, by using the [Turn off Windows Libraries features that rely on indexed file data](https://technet.microsoft.com/library/faaefdad-6e12-419a-b714-6a7bb60f6773#WS_TurnOffWindowsLibraries) Group Policy. This makes all libraries basic (see [Indexing Requirements and Basic Libraries](https://technet.microsoft.com/library/dd744693.aspx#WS_IndexingReqs_BasicLibraries)), removes libraries from the scope of the Start menu search, and removes other features to avoid confusing users and consuming resources.
+
+## More about Libraries
+
+The following is important information about libraries you may need to understand to successfully manage your enterprise.
+
+### Library Contents 
+
+Including a folder in a library does not physically move or change the storage location of the files or folders; the library is a view into those folders. However, users interacting with files in a library are copying, moving, and deleting the files themselves, not copies of these files.
+
+### Default Libraries and Known Folders 
+
+The default libraries include:
+- Documents
+- Music
+- Pictures
+- Videos
+
+Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with. These known folders are automatically included in the default libraries and set as the default save location. That is, when users drag, copy, or save a file to the Documents library, the file is moved, copied, or saved to the My Documents folder. Administrators and users can change the default save-to location. 
+
+### Hiding Default Libraries 
+
+Users or administrators can hide or delete the default libraries, though the libraries node in the Navigation pane cannot be hidden or deleted. Hiding a default library is preferable to deleting it, as applications like Windows Media Player rely on the default libraries and will re-create them if they do not exist on the computer. See [How to Hide Default Libraries](https://technet.microsoft.com/library/d44c78e0-08ef-4e91-935a-a6f43716e37d#BKMK_HideDefaultLibraries) for instructions.
+
+### Default Save Locations for Libraries 
+
+Each library has a default save location. Files are saved or copied to this location if the user chooses to save or copy a file to a library, rather than a specific location within the library. Known folders are the default save locations; however, users can select a different save location.
+If the user removes the default save location from a library, the next location is automatically selected as the new default save location. If the library is empty of locations or if all included locations cannot be saved to, then the save operation fails.
+
+### Indexing Requirements and “Basic” Libraries 
+
+Certain library features depend on the contents of the libraries being indexed. Library locations must be available for local indexing or be indexed in a manner conforming to the Windows Indexing Protocol. If indexing is not enabled for one or more locations within a library, the entire library reverts to basic functionality:
+- No support for metadata browsing via **Arrange By** views.
+- Grep-only searches.
+- Grep-only search suggestions. The only properties available for input suggestions are **Date Modified** and **Size**.
+- No support for searching from the Start menu. Start menu searches do not return files from basic libraries.
+- No previews of file snippets for search results returned in Content mode.
+
+To avoid this limited functionality, all locations within the library must be indexable, either locally or remotely. When users add local folders to libraries, Windows adds the location to the indexing scope and indexes the contents. Remote locations that are not indexed remotely can be added to the local index using Offline File synchronization. This gives the user the benefits of local storage even though the location is remote. Making a folder “Always available offline” creates a local copy of the folder’s files, adds those files to the index, and keeps the local and remote copies in sync. Users can manually sync locations which are not indexed remotely and are not using folder redirection to gain the benefits of being indexed locally.
+
+For instructions on enabling indexing, see [How to Enable Indexing of Library Locations](https://technet.microsoft.com/library/d44c78e0-08ef-4e91-935a-a6f43716e37d#BKMK_EnableIndexLocations).
+
+If your environment does not support caching files locally, you should enable the [Turn off Windows Libraries features that rely on indexed file](https://technet.microsoft.com/library/faaefdad-6e12-419a-b714-6a7bb60f6773#WS_TurnOffWindowsLibraries) data Group Policy. This makes all libraries basic. For further information, see [Group Policy for Windows Search, Browse, and Organize](https://technet.microsoft.com/library/dd744697.aspx).
+
+### Folder Redirection 
+
+While library files themselves cannot be redirected, you can redirect known folders included in libraries by using [Folder Redirection](https://technet.microsoft.com/library/hh848267.aspx). For example, you can redirect the “My Documents” folder, which is included in the default Documents library. When redirecting known folders, you should make sure that the destination is either indexed or always available offline in order to maintain full library functionality. In both cases, the files for the destination folder are indexed and supported in libraries. These settings are configured on the server side.
+
+### Supported storage locations 
+
+The following table show which locations are supported in Windows libraries.
+
+|Supported Locations|Unsupported Locations|
+|---|---|
+|Fixed local volumes (NTFS/FAT)|Removable drives|
+|Shares that are indexed (departmental servers*, Windows home PCs)|Removable media (such as DVDs)<br><br>Network shares that are accessible through DFS Namespaces or are part of a failover cluster|
+|Shares that are available offline (redirected folders that use Offline Files)|Network shares that aren't available offline or remotely indexed <br><br>Network Attached Storage (NAS) devices|
+||Other data sources: SharePoint, Exchange, etc.|
+
+\* For shares that are indexed on a departmental server, Windows Search works well in workgroups or on a domain server that has similar characteristics to a workgroup server. For example, Windows Search works well on a single share departmental server with the following characteristics:
+
+- Expected maximum load is four concurrent query requests.
+- Expected indexing corpus is a maximum of one million documents. 
+- Users directly access the server. That is, the server is not made available through DFS Namespaces.
+- Users are not redirected to another server in case of failure. That is, server clusters are not used.
+
+### Library Attributes 
+
+The following library attributes can be modified within Windows Explorer, the Library Management dialog, or the Library Description file (*.library-ms):
+- Name
+- Library locations
+- Order of library locations
+- Default save location
+
+The library icon can be modified by the administrator or user by directly editing the Library Description schema file.
+
+See the [Library Description Schema](http://go.microsoft.com/fwlink/?LinkId=159581) topic on MSDN for information on creating Library Description files. 
+
+## See also 
+
+### Concepts
+
+- [Windows Search Features ](https://technet.microsoft.com/library/dd744686.aspx)
+- [Windows Indexing Features](https://technet.microsoft.com/library/dd744700.aspx)
+- [Federated Search Features](https://technet.microsoft.com/library/dd744682.aspx)
+- [Administrative How-to Guides](https://technet.microsoft.com/library/ee461108.aspx)
+- [Group Policy for Windows Search, Browse, and Organize](https://technet.microsoft.com/library/dd744697.aspx)
+- [Additional Resources for Windows Search, Browse, and Organization](https://technet.microsoft.com/library/dd744695.aspx)
+
+### Other resources
+
+- [Folder Redirection, Offline Files, and Roaming User Profiles](https://technet.microsoft.com/library/hh848267.aspx)
+- [Library Description Schema](https://msdn.microsoft.com/library/dd798389.aspx)

windows/manage/windows-spotlight.md

@@ -21,6 +21,10 @@ Windows Spotlight is an option for the lock screen background that displays diff
 
 For managed devices running Windows 10 Enterprise and Windows 10 Education, enterprise administrators can configure a mobile device management (MDM) or Group Policy setting to prevent users from using the Windows Spotlight background. For managed devices running Windows 10 Pro, version 1607, administrators can disable suggestions for third party apps.
 
+
+>[!NOTE]
+>In Windows 10, version 1607, the lock screen background does not display if you disable the **Animate windows when minimizing and mazimizing** setting in **This PC** > **Properties** > **Advanced system settings** > **Performance settings** > **Visual Effects**, or if you enable the Group Policy setting **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Desktop Windows Manager** > **Do not allow windows animations**.
+
 ## What does Windows Spotlight include?
 
 
@@ -34,7 +38,7 @@ For managed devices running Windows 10 Enterprise and Windows 10 Education, en
 
     The lock screen background will occasionally suggest Windows 10 features that the user hasn't tried yet, such as **Snap assist**.
 
-## How do you turn off Windows spotlight locally?
+## How do you turn off Windows Spotlight locally?
 
 
 To turn off Windows Spotlight locally, go to **Settings** > **Personalization** > **Lock screen** > **Background** > **Windows spotlight** > select a different lock screen background
@@ -44,7 +48,7 @@ To turn off Windows Spotlight locally, go to **Settings** > **Personalization
 ## How do you disable Windows Spotlight for managed devices?
 
 
-Windows 10, version 1607, provides three new Group Policy settings to help you manage Spotlight on employees' computers.
+Windows 10, version 1607, provides three new Group Policy settings to help you manage Windows Spotlight on enterprise computers.
 
 **Windows 10 Pro, Enterprise, and Education**
 
@@ -52,11 +56,14 @@ Windows 10, version 1607, provides three new Group Policy settings to help you m
 
 **Windows 10 Enterprise and Education**
 
-* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off all Windows Spotlight features** enables enterprises to completely disable all Spotlight features in a single setting.
-* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Configure Spotlight on lock screen** specifically controls the use of the dynamic Spotlight image on the lock screen, and can be enabled or disabled. (The Group Policy setting **Enterprise Spotlight** does not work in Windows 10, version 1607.)
+* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off all Windows Spotlight features** enables enterprises to completely disable all Windows Spotlight features in a single setting.
+* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Configure Spotlight on lock screen** specifically controls the use of the dynamic Windows Spotlight image on the lock screen, and can be enabled or disabled. (The Group Policy setting **Enterprise Spotlight** does not work in Windows 10, version 1607.)
 
 Windows Spotlight is enabled by default. Administrators can replace Windows Spotlight with a selected image using the Group Policy setting **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Force a specific default lock screen image**.
 
+>[!WARNING]
+> In Windows 10, version 1607, the **Force a specific default lock screen image** policy setting will prevent users from changing the lock screen image. This behavior will be corrected in a future release.
+
 ![lockscreen policy details](images/lockscreenpolicy.png)
 
 Pay attention to the checkbox in **Options**. In addition to providing the path to the lock screen image, administrators can choose to allow or **Turn off fun facts, tips, tricks, and more on lock screen**. If the checkbox is not selected, users will see the lock screen image that is defined in the policy setting, and will also see occasional messages, such as the example in the following image.