Merge branch 'public' into patch-5

.acrolinx-config.edn

@@ -1,2 +1,38 @@
 {:allowed-branchname-matches ["master"]
- :allowed-filename-matches ["windows/"]}
+ :allowed-filename-matches ["windows/"]
+ :acrolinx-check-settings
+ {
+  "languageId" "en"
+  "ruleSetName" "Standard Commercial"
+  "requestedFlagTypes" ["SPELLING" "GRAMMAR" "STYLE"
+                        "TERMINOLOGY_DEPRECATED"
+                        "TERMINOLOGY_VALID"
+                        "VOICE_GUIDANCE"
+                        ]
+  "termSetNames" ["M365"]
+ }
+ 
+ :template-header
+
+ "
+## Acrolinx Scorecards
+ 
+**A minimum Acrolinx score of 20 is required.**
+ 
+Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology:
+
+| Article | Score | Issues | Scorecard | Processed |
+| ------- | ----- | ------ | --------- | --------- |
+"
+
+ :template-change
+ "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | [link](${acrolinx/scorecard}) | ${s/status} |
+"
+ 
+ :template-footer
+ "
+**More info about Acrolinx**
+ 
+You are helping M365 test Acrolinx while we merge to the Microsoft instance. We have set the minimum score to 20 to test that the minimum score script works. This is effectively *not* setting a minimum score. If you need to bypass this score, please contact krowley or go directly to the marveldocs-admins. Thanks for your patience while we continue with roll out!
+"
+}

.openpublishing.redirection.json

@@ -15425,6 +15425,76 @@
 "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-resources",
 "redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md",
+"redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/windows-security-configuration-framework.md",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md",
+"redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-1-enterprise-basic-security.md",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md",
+"redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-2-enterprise-enhanced-security.md",
+"redirect_document_id": false
+},
+{
+ "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md",
+"redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-3-enterprise-high-security.md",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-devops-security.md",
+"redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-4-enterprise-devops-security.md",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-administrator-security.md",
+"redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-5-enterprise-administrator-security.md",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-compliance.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/release-information/status-windows-10-1703.yml",
+"redirect_url": "https://docs.microsoft.com/windows/release-information/windows-message-center",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/release-information/resolved-issues-windows-10-1703.yml",
+"redirect_url": "https://docs.microsoft.com/windows/release-information/windows-message-center",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/deployment/planning/windows-10-1703-removed-features.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/deployment/planning/windows-10-1709-removed-features.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/deployment/planning/windows-10-1803-removed-features.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/deployment/planning/windows-10-1809-removed-features.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/deployment/planning/windows-10-1903-removed-features.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features",
+"redirect_document_id": false
 }
 ]
 }

browsers/edge/emie-to-improve-compatibility.md

@@ -44,7 +44,7 @@ If you're having trouble deciding whether Microsoft Edge is right for your organ
 
 |Microsoft Edge  |IE11  |
 |---------|---------|
-|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.<ul><li>**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.</li><li>**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.</li><li>**Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.</li><li>**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.</li></ul>     |IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.<ul><li>**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.</li><li>**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps. **IE11 does not support some modern CSS properties, JavaScript modules and certain APIs.**</li><li>**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.</li><li>**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.</li><li>**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.</li><li>**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.</li></ul>         |
+|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.<ul><li>**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.</li><li>**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.</li><li>**Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.</li><li>**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.</li></ul>     |IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.<ul><li>**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.</li><li>**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps. **IE11 does not support some modern CSS properties, JavaScript modules and certain APIs.**</li><li>**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like Windows Defender SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.</li><li>**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.</li><li>**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.</li><li>**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.</li></ul>         |
 
 
 ## Configure the Enterprise Mode Site List

browsers/edge/includes/configure-windows-defender-smartscreen-include.md

@@ -3,7 +3,8 @@ author: eavena
 ms.author: eravena
 ms.date:  10/02/2018
 ms.reviewer: 
-audience: itpro
manager: dansimp
+audience: itpro
+manager: dansimp
 ms.prod: edge
 ms.topic: include
 ---
@@ -26,7 +27,7 @@ ms.topic: include
 
 To verify Windows Defender SmartScreen is turned off (disabled): 
 1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2.  Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG)
+2.  Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG)
 
 
 ### ADMX info and settings

browsers/edge/microsoft-edge.yml

@@ -40,7 +40,7 @@ sections:
 - items:
   - type: markdown
     text: "
-      Microsoft Edge uses Windows Hello and SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.<br> 
+      Microsoft Edge uses Windows Hello and Windows Defender SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.<br> 
       <table><tr><td><img src='images/security1.png' width='192' height='192'><br>**NSS Labs web browser security reports**<br>See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks.<br><a href='https://www.microsoft.com/download/details.aspx?id=54773'>Download the reports</a></td><td><img src='images/security2.png' width='192' height='192'><br>**Microsoft Edge sandbox**<br>See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege.<br><a href='https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/'>Find out more</a></td><td><img src='images/security3.png' width='192' height='192'><br>**Windows Defender SmartScreen**<br>Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely.<br><a href='https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview'>Read the docs</a></td></tr>
       </table>
       "

browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md

@@ -157,13 +157,13 @@ This table includes the attributes used by the Enterprise Mode schema.
 </thead>
 <tbody>
 <tr>
-<td>&lt;version&gt;</td>
+<td>version</td>
 <td>Specifies the version of the Enterprise Mode Site List. This attribute is supported for the &lt;rules&gt; element.</td>
 <td>Internet Explorer 11 and Microsoft Edge</td>
 </tr>
 <tr>
-<td>&lt;exclude&gt;</td>
+<td>exclude</td>
-<td>Specifies the domain or path excluded from applying the behavior and is supported on the &lt;domain&gt; and &lt;path&gt; elements.
+<td>Specifies the domain or path is excluded from applying Enterprise Mode. This attribute is only supported on the &lt;domain&gt; and &lt;path&gt; elements in the &lt;emie&gt; section.
 <p><b>Example</b>
 <pre class="syntax">
 &lt;emie&gt;
@@ -175,7 +175,7 @@ Where <a href="https://fabrikam.com" data-raw-source="https://fabrikam.com">http
 <td>Internet Explorer 11 and Microsoft Edge</td>
 </tr>
 <tr>
-<td>&lt;docMode&gt;</td>
+<td>docMode</td>
 <td>Specifies the document mode to apply. This attribute is only supported on &lt;domain&gt; or &lt;path&gt; elements in the &lt;docMode&gt; section.
 <p><b>Example</b>
 <pre class="syntax">

browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md

@@ -46,19 +46,19 @@ The following is an example of the v.2 version of the Enterprise Mode schema.
  
 ```xml
 <site-list version="205">
-	<!--- File creation header --->
+	<!-- File creation header -->
 	<created-by>
 		<tool>EnterpriseSitelistManager</tool>
 		<version>10240</version>
 		<date-created>20150728.135021</date-created>
 	</created-by>
-  	<!--- Begin Site List ---> 
+  	<!-- Begin Site List --> 
 	<site url="www.cpandl.com">
 		<compat-mode>IE8Enterprise</compat-mode>
 		<open-in>MSEdge</open-in>
 	</site>
 	<site url="www.woodgrovebank.com">
-		<compat-mode>default</compat-mode>
+		<compat-mode>Default</compat-mode>
 		<open-in>IE11</open-in>
 	</site>
 	<site url="adatum.com">
@@ -66,14 +66,15 @@ The following is an example of the v.2 version of the Enterprise Mode schema.
 		<open-in>IE11</open-in>
 	</site>
 	<site url="contoso.com">
-		<compat-mode>default</compat-mode>
+		<compat-mode>Default</compat-mode>
 		<open-in>IE11</open-in>
 	</site>
 	<site url="relecloud.com"/>  
-		<compat-mode>default</compat-mode>
+		<compat-mode>Default</compat-mode>
-		<open-in>none</open-in>
+		<open-in>None</open-in>
 	<site url="relecloud.com/about">  
 		<compat-mode>IE8Enterprise"</compat-mode>
+		<open-in>None</open-in>
 	</site>
 	<site url="contoso.com/travel">
 		<compat-mode>IE7</compat-mode>
@@ -232,26 +233,26 @@ These v.1 version schema attributes have been deprecated in the v.2 version of t
 <table>
 <thead>
 <tr class="header">
-<th>Deprecated attribute</th>
+<th>Deprecated element/attribute</th>
-<th>New attribute</th>
+<th>New element</th>
 <th>Replacement example</th>
 </tr>
 </thead>
 <tbody>
 <tr>
-<td>&lt;forceCompatView&gt;</td>
+<td>forceCompatView</td>
 <td>&lt;compat-mode&gt;</td>
-<td>Replace &lt;forceCompatView=&quot;true&quot;&gt; with &lt;compat-mode&gt;IE7Enterprise&lt;/compat-mode&gt;</td>
+<td>Replace forceCompatView=&quot;true&quot; with &lt;compat-mode&gt;IE7Enterprise&lt;/compat-mode&gt;</td>
 </tr>
 <tr>
-<td>&lt;docMode&gt;</td>
+<td>docMode</td>
 <td>&lt;compat-mode&gt;</td>
-<td>Replace &lt;docMode=&quot;IE5&quot;&gt; with &lt;compat-mode&gt;IE5&lt;/compat-mode&gt;</td>
+<td>Replace docMode=&quot;IE5&quot; with &lt;compat-mode&gt;IE5&lt;/compat-mode&gt;</td>
 </tr>
 <tr>
-<td>&lt;doNotTransition&gt;</td>
+<td>doNotTransition</td>
 <td>&lt;open-in&gt;</td>
-<td>Replace &lt;doNotTransition=&quot;true&quot;&gt; with &lt;open-in&gt;none&lt;/open-in&gt;</td>
+<td>Replace doNotTransition=&quot;true&quot; with &lt;open-in&gt;none&lt;/open-in&gt;</td>
 </tr>
 <tr>
 <td>&lt;domain&gt; and &lt;path&gt;</td>
@@ -259,25 +260,28 @@ These v.1 version schema attributes have been deprecated in the v.2 version of t
 <td>Replace:
 <pre class="syntax">
 &lt;emie&gt;
-  &lt;domain exclude=&quot;false&quot;&gt;contoso.com&lt;/domain&gt;
+  &lt;domain&gt;contoso.com&lt;/domain&gt;
 &lt;/emie&gt;</pre>
 With:
 <pre class="syntax">
 &lt;site url=&quot;contoso.com&quot;/&gt;
   &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+  &lt;open-in&gt;IE11&lt;/open-in&gt;
 &lt;/site&gt;</pre>
 <b>-AND-</b><p>
 Replace:
 <pre class="syntax">
 &lt;emie&gt;
-  &lt;domain exclude=&quot;true&quot;&gt;contoso.com
+  &lt;domain exclude=&quot;true&quot; doNotTransition=&quot;true&quot;&gt;
-     &lt;path exclude=&quot;false&quot; forceCompatView=&quot;true&quot;&gt;/about&lt;/path&gt;
+    contoso.com
+    &lt;path forceCompatView=&quot;true&quot;&gt;/about&lt;/path&gt;
   &lt;/domain&gt;
 &lt;/emie&gt;</pre>
 With:
 <pre class="syntax">
 &lt;site url=&quot;contoso.com/about&quot;&gt;
   &lt;compat-mode&gt;IE7Enterprise&lt;/compat-mode&gt;
+  &lt;open-in&gt;IE11&lt;/open-in&gt;
 &lt;/site&gt;</pre></td>
 </tr>
 </table>

browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md

@@ -71,19 +71,19 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
 
 ```xml
 <site-list version="205">
-	<!--- File creation header --->
+	<!-- File creation header -->
 	<created-by>
 		<tool>EnterpriseSiteListManager</tool>
 		<version>10586</version>
 		<date-created>20150728.135021</date-created>
 	</created-by>
-  	<!--- Begin Site List ---> 
+  	<!-- Begin Site List --> 
 	<site url="www.cpandl.com">
 		<compat-mode>IE8Enterprise</compat-mode>
 		<open-in>IE11</open-in>
 	</site>
 	<site url="www.woodgrovebank.com">
-		<compat-mode>default</compat-mode>
+		<compat-mode>Default</compat-mode>
 		<open-in>IE11</open-in>
 	</site>
 	<site url="adatum.com">
@@ -92,8 +92,8 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
 	</site>
 	<site url="relecloud.com"/>  
 	<!-- default for self-closing XML tag is 
-		<compat-mode>default</compat-mode>
+		<compat-mode>Default</compat-mode>
-		<open-in>none</open-in>
+		<open-in>None</open-in>
 	-->
 	<site url="relecloud.com/products">  
 		<compat-mode>IE8Enterprise"</compat-mode>

browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md

@@ -14,11 +14,11 @@ ms.sitesec: library
 ms.date: 07/27/2017
 ---
 
+# IExpress Wizard command-line options
 
 **Applies to:**
 - Windows Server 2008 R2 with SP1
 
-# IExpress Wizard command-line options
 Use command-line options with the IExpress Wizard (IExpress.exe) to control your Internet Explorer custom browser package extraction process. 
 
 These command-line options work with IExpress:<br>

devices/hololens/TOC.md

@@ -1,5 +1,4 @@
 # [HoloLens overview](index.md)
-# [Hololens status](hololens-status.md)
 
 # Get Started with HoloLens 2
 ## [HoloLens 2 hardware](hololens2-hardware.md)
@@ -17,7 +16,7 @@
 ## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md)
 ## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md)
 
-# Get started with HoloLens in commercial environments
+# HoloLens in commercial environments
 ## [Commercial feature overview](hololens-commercial-features.md)
 ## [Deployment planning](hololens-requirements.md)
 ## [Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md)
@@ -53,12 +52,16 @@
 ## [Environment considerations for HoloLens](hololens-environment-considerations.md)
 ## [Spatial mapping on HoloLens](hololens-spaces.md)
 
-# Update and recovery
+# Update, troubleshoot, or recover HoloLens
-## [Join the Windows Insider program](hololens-insider.md)
+## [Update, troubleshoot, or recover HoloLens](hololens-management-overview.md)
-## [Managing HoloLens updates](hololens-updates.md)
+## [Update HoloLens](hololens-update-hololens.md)
 ## [Restart, reset, or recover](hololens-recovery.md)
+## [Troubleshoot HoloLens](hololens-troubleshooting.md)
 ## [Known issues](hololens-known-issues.md)
 ## [Frequently asked questions](hololens-faq.md)
 
+# [Release Notes](hololens-release-notes.md)
+# [Hololens status](hololens-status.md)
 # [Give us feedback](hololens-feedback.md)
+# [Join the Windows Insider program](hololens-insider.md)
 # [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

devices/hololens/hololens-cortana.md

@@ -2,11 +2,12 @@
 title: Use your voice with HoloLens
 description: Cortana can help you do all kinds of things on your HoloLens
 ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed
-ms.date: 9/13/2019
+ms.date: 11/8/2019
 keywords: hololens
 ms.prod: hololens
 ms.sitesec: library
 author: v-miegge
+audience: ITPro
 ms.author: v-miegge
 ms.topic: article
 manager: jarrettr
@@ -20,10 +21,10 @@ appliesto:
 
 You can use your voice to do almost anything on HoloLens, such as taking a quick photo or opening an app. Many voice commands are built into HoloLens, while others are available through Cortana.
 
-This article teachs you how to control HoloLens and your holographic world with your voice and with Cortana.
+This article teaches you how to control HoloLens and your holographic world with your voice and with Cortana.
 
 > [!NOTE]
-> Speech is only supported in [some languages](https://support.microsoft.com/help/4039262#Languages).  The speech language is based on the Windows display language, not the keyboard language.  
+> Speech is only supported in [some languages](hololens2-language-support.md). The speech language is based on the Windows display language, not the keyboard language.  
 >  
 > You can verify the Windows display language by selecting **Settings** > **Time and Language** > **Language**.
 
@@ -104,16 +105,15 @@ Here are some things you can try saying (remember to say "Hey Cortana" first).
 - Take a picture.
 - Start recording. (Starts recording a video.)
 - Stop recording. (Stops recording a video.)
-- Call <*contact*>. (Requires Skype.)
 - What time is it?
 - Show me the latest NBA scores.
 - How much battery do I have left?
 - Tell me a joke.
 
-Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English-only, and the Cortana experience may vary from one region to another.
+Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another.
 
 ### Turn Cortana off
 
-Cortana is on the first time you use HoloLens when you enable speech. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana > Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
+Cortana is on the first time you use HoloLens when you enable speech. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana** > **Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
 
 If Cortana isn't responding to "Hey Cortana," check that speech is enabled on Start and go to Cortana's settings and check to make sure she's on.

devices/hololens/hololens-environment-considerations.md

@@ -117,5 +117,5 @@ If someone else is going to be using your HoloLens, they should run the Calibrat
 
 ## See also
 
-- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping-design)
+- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping)
 - [Holograms](https://docs.microsoft.com/windows/mixed-reality/hologram)

devices/hololens/hololens-kiosk.md

@@ -55,7 +55,7 @@ If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-
 
 ### Start layout file for MDM (Intune and others)
 
-Save the following sample as an XML file. You will select this file when you configure the kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
+Save the following sample as an XML file. You can use this file when you configure the multi-app kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
 
 >[!NOTE]
 >If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-a-provisioning-package). 

devices/hololens/hololens-known-issues.md

@@ -123,15 +123,6 @@ If your device is still unable to load apps, you can sideload a version of the .
 
 We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences.
 
-## Connecting to WiFi
-
-During HoloLens Setup, there is a credential timeout of 2 minutes. The username/password needs to be entered within 2 minutes otherwise the username field will be automatically cleared.
-
-We recommend using a Bluetooth keyboard for entering long passwords.
-
-> [!NOTE]
-> If the wrong network is selected during HoloLens Setup, the device will need to be fully reset. Instructions can be found [here.](hololens-restart-recover.md)  
-
 ## Device Update
 
 - 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session.

devices/hololens/hololens-management-overview.md

@@ -0,0 +1,32 @@
+---
+title: Update, troubleshoot, or recover HoloLens
+description: 
+author: Teresa-Motiv
+ms.author: v-tea
+ms.date: 11/27/2019
+ms.prod: hololens
+ms.topic: article
+ms.custom: CSSTroubleshooting
+audience: ITPro
+keywords: issues, bug, troubleshoot, fix, help, support, HoloLens
+manager: jarrettr
+ms.localizationpriority: medium
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Update, troubleshoot, or recover HoloLens
+
+The articles in this section help you keep your HoloLens up-to-date and help you resolve any issues that you encounter.
+
+**In this section**
+
+| Article | Description |
+| --- | --- |
+| [Update HoloLens](hololens-update-hololens.md) | Describes how to identify the build number of your device, and how to update your device manually. |
+| [Manage updates on many HoloLens](hololens-updates.md) | Describes how to use policies to manage device updates. |
+| [Restart, reset, or recover](hololens-recovery.md) | Describes how to restart, reset, or recover a HoloLens device |
+| [Troubleshoot HoloLens](hololens-troubleshooting.md) | Describes solutions to common HoloLens problems. |
+| [Known issues](hololens-known-issues.md) | Describes known HoloLens issues. |
+| [Frequently asked questions](hololens-faq.md) | Provides answers to common questions about HoloLens.|

devices/hololens/hololens-release-notes.md

@@ -0,0 +1,97 @@
+---
+title: What's new in Microsoft HoloLens
+description: Learn about updates in each new HoloLens release.
+author: scooley
+ms.author: scooley
+manager: dansimp
+ms.prod: hololens
+ms.sitesec: library
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 12/02/2019
+audience: ITPro
+appliesto:
+- HoloLens 1
+- HoloLens 2
+
+---
+
+# HoloLens Release Notes
+
+## HoloLens 2
+> [!Note]
+> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
+
+### November Update - build 18362.1039
+
+- Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU.
+- Improvements in visual quality of objects placed far away in latest Unity and MRTK versions.
+- Fixes addressing issues with holographic applications being stuck in a paused state on launch until the pins panel is brought up and dismissed again.
+- OpenXR runtime conformance fixes and improvements for HoloLens 2 and the emulator.
+
+## HoloLens (1st gen)
+
+### Windows 10 Holographic, version 1809
+
+> **Applies to:** Hololens (1st gen)
+
+| Feature | Details |
+|---|---|
+| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br>![sample of the Quick actions menu](images/minimenu.png) |
+| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) |
+| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter.  On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
+| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture). |
+| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
+| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. |
+| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. |
+| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
+| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
+
+#### For international customers
+
+| Feature | Details |
+| --- | --- |
+| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.<br>[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
+| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
+
+#### For administrators
+
+| Feature |  Details  |
+|---|----|
+| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
+| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
+| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
+| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in. |
+| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. |
+| Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. |
+
+### Windows 10, version 1803 for Microsoft HoloLens
+
+> **Applies to:** Hololens (1st gen)
+
+Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
+
+- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
+
+- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
+- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#wizard).
+
+    ![Provisioning HoloLens devices](images/provision-hololens-devices.png)
+
+- When you create a local account in a provisioning package, the password no longer expires every 42 days.
+
+- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
+
+- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
+
+- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
+
+- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business. 
+
+- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
+
+- When setup or  sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
+
+- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
+
+- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.

devices/hololens/hololens-troubleshooting.md

@@ -0,0 +1,92 @@
+---
+title: HoloLens troubleshooting
+description: Solutions for common HoloLens issues.
+author: mattzmsft
+ms.author: mazeller
+ms.date: 12/02/2019
+ms.prod: hololens
+ms.topic: article
+ms.custom: CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+keywords: issues, bug, troubleshoot, fix, help, support, HoloLens
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Troubleshooting HoloLens issues
+
+This article describes how to resolve several common HoloLens issues.
+
+## My HoloLens is unresponsive or won’t start
+
+If your HoloLens won't start:
+
+- If the LEDs next to the power button don't light up, or only one LED briefly blinks, you may need to charge your HoloLens.
+- If the LEDs light up when you press the power button but you can't see anything on the displays, hold the power button until all five of the LEDs turn off.
+
+If your HoloLens becomes frozen or unresponsive:
+
+- Turn off your HoloLens by pressing the power button until all five of the LEDs turn themselves off, or for 10 seconds if the LEDs are unresponsive. To start your HoloLens, press the power button again.
+
+If these steps don't work, you can try [recovering your device](hololens-recovery.md).
+
+## Holograms don't look good or are moving around
+
+If your holograms are unstable, jumpy, or don’t look right, try one of these fixes:
+
+- Clean your device visor and make sure that nothing is obstructing the sensors.
+- Make sure that there’s enough light in your room.
+- Try walking around and looking at your surroundings so that HoloLens can scan them more completely.
+- Try running the Calibration app. It calibrates your HoloLens to work best for your eyes. Go to **Settings** > **System** > **Utilities**. Under **Calibration**, select **Open Calibration**.
+
+## HoloLens doesn’t respond to my gestures
+
+To make sure that HoloLens can see your gestures, keep your hand in the gesture frame. The gesture frame extends a couple of feet on either side of you. When HoloLens can see your hand, the cursor changes from a dot to a ring. Learn more about [using gestures](hololens1-basic-usage.md#use-hololens-with-your-hands).
+
+If your environment is too dark, HoloLens might not see your hand, so make sure that there’s enough light.
+
+If your visor has fingerprints or smudges, use the microfiber cleaning cloth that came with the HoloLens to clean your visor gently.
+
+## HoloLens doesn’t respond to my voice commands.
+
+If Cortana isn’t responding to your voice commands, make sure Cortana is turned on. On the All apps list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
+
+## I can’t place holograms or see holograms that I previously placed
+
+If HoloLens can’t map or load your space, it enters Limited mode and you won’t be able to place holograms or see holograms that you’ve placed. Here are some things to try:
+
+- Make sure that there’s enough light in your environment so HoloLens can see and map the space.
+- Make sure that you’re connected to a Wi-Fi network. If you’re not connected to Wi-Fi, HoloLens can’t identify and load a known space.
+- If you need to create a new space, connect to Wi-Fi, then restart your HoloLens.
+- To see if the correct space is active, or to manually load a space, go to **Settings** > **System** > **Spaces**.
+- If the correct space is loaded and you’re still having problems, the space may be corrupt. To fix this issue, select the space, then select **Remove**. After you remove the space, HoloLens starts to map your surroundings and create a new space.
+
+## My HoloLens frequently enters Limited mode or shows a “Tracking lost” message
+
+If your device often shows a "Limited mode" or "Tracking lost" message, try the suggestions listed in [My Holograms don't look good or are moving around](#holograms-dont-look-good-or-are-moving-around).
+
+## My HoloLens can’t tell what space I’m in
+
+If your HoloLens can’t identify and load the space you’re in automatically, check the following factors:
+
+- Make sure that you’re connected to Wi-Fi
+- Make sure that there’s plenty of light in the room
+- Make sure that there haven’t been any major changes to the surroundings.
+
+You can also load a space manually or manage your spaces by going to **Settings** > **System** > **Spaces**.
+
+## I’m getting a “low disk space” error
+
+You’ll need to free up some storage space by doing one or more of the following:
+
+- Delete some unused spaces. Go to **Settings** > **System** > **Spaces**, select a space that you no longer need, and then select **Remove**.
+- Remove some of the holograms that you’ve placed.
+- Delete some pictures and videos from the Photos app.
+- Uninstall some apps from your HoloLens. In the **All apps** list, tap and hold the app you want to uninstall, and then select **Uninstall**.
+
+## My HoloLens can’t create a new space
+
+The most likely problem is that you’re running low on storage space. Try one of the [previous tips](#im-getting-a-low-disk-space-error) to free up some disk space.

devices/hololens/hololens-update-hololens.md

@@ -0,0 +1,92 @@
+---
+title: Update HoloLens
+description: Check your HoloLens' build number, update, and roll back updates.
+keywords: how-to, update, roll back, HoloLens, check build, build number
+ms.prod: hololens
+ms.sitesec: library
+author: scooley
+ms.author: scooley
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 11/27/2019
+audience: ITPro
+ms.reviewer: 
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Update HoloLens
+
+HoloLens uses Windows Update, just like other Windows 10 devices. Your HoloLens will automatically download and install system updates whenever it is plugged-in to power and connected to the Internet, even when it is in standby.
+
+This article will walk through HoloLens tools for:
+
+- viewing your current operating system version (build number)
+- checking for updates
+- manually updating HoloLens
+- rolling back to an older update
+
+## Check your operating system version (build number)
+
+You can verify the system version number, (build number) by opening the Settings app and selecting **System** > **About**.
+
+## Check for updates and manually update
+
+You can check for updates any time in settings.  To see available updates and check for new updates:
+
+1. Open the **Settings** app.
+1. Navigate to **Update & Security** > **Windows Update**.
+1. Select **Check for updates**.
+
+If an update is available, it will start downloading the new version. After the download is complete, select the **Restart Now** button to trigger the installation. If your device is below 40% and not plugged in, restarting will not start installing the update.
+
+While your HoloLens is installing the update, it will display spinning gears and a progress indicator. Do not turn off your HoloLens during this time. It will restart automatically once it has completed the installation.
+
+HoloLens applies one update at a time.  If your HoloLens is more than one version behind the latest you may need to run through the update process multiple times to get it fully up to date.
+
+## Go back to a previous version - HoloLens 2
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Advanced Recovery Companion to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 2, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store.
+1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download).
+1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using a USB-A to USB-C cable. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and then select the installation file contained in the folder that you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+## Go back to a previous version - HoloLens (1st Gen)
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 1, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
+1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery).
+1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+> [!NOTE]
+> If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
+
+## Windows Insider Program on HoloLens
+
+Want to see the latest features in HoloLens?  If so, join the Windows Insider Program; you'll get access to preview builds of HoloLens software updates before they're available to the general public.
+
+[Get Windows Insider preview for Microsoft HoloLens](hololens-insider.md).

devices/hololens/hololens2-basic-usage.md

@@ -102,12 +102,15 @@ To **close** the Start menu, do the Start gesture when the Start menu is open.
 
 ### One-handed Start gesture
 
+> [!IMPORTANT]
+> For the one-handed Start gesture to work:
+>
+> 1. You must update to the November 2019 update (build 18363) or later.
+> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not calibrated on the device.
+
 You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together.
 
-> [!IMPORTANT]
+![Image that shows the Start icon and the one-handed start gesture](./images/hololens-2-start-alternative.png)
-> For the one-handed Start gesture to work, your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not calibrated on the device.
-
-![Image that shows the Start icon and the one-handed start gesture](./images/hololens-2-start-alternative.jpg)
 
 ## Start menu, mixed reality home, and apps
 

devices/hololens/hololens2-language-support.md

@@ -37,13 +37,13 @@ HoloLens 2 is also available in the following languages. However, this support d
 - Dutch (Netherlands)
 - Korean (Korea)
 
-> [!NOTE]
-> Your speech and dictation language depends on the Windows display language.
->  
 # Changing language or keyboard
 
 The setup process configures your HoloLens for a region and language. You can change this configuration by using the **Time & language** section of **Settings**.
 
+> [!NOTE]
+> Your speech and dictation language depends on the Windows display language.
+
 ## To change the Windows display language
 
 1. Go to the **Start** menu, and then select **Settings** > **Time and language** > **Language**.

devices/hololens/hololens2-start.md

@@ -26,9 +26,9 @@ Before you get started, make sure you have the following available:
 
 **A network connection**. You'll need to connect your HoloLens to a network to set it up. With HoloLens 2, you can connect with Wi-Fi or by using ethernet (you'll need a USB-C-to-Ethernet adapter). The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. [Learn more about the websites that HoloLens uses](hololens-offline.md).
 
-**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free.
+**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](https://account.microsoft.com) and set one up for free.
 
-**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661).
+**A safe, well-lit space with no tripping hazards**. [Health and safety info](https://go.microsoft.com/fwlink/p/?LinkId=746661).
 
 **The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](hololens2-setup.md#adjust-fit).
 
@@ -58,6 +58,10 @@ HoloLens 2 will walk you through the following steps:
      HoloLens sets your time zone automatically based on information obtained from the Wi-Fi network. After setup finishes, you can change the time zone by using the Settings app.
 
     ![Connect to Wi-Fi](images/11-network.png)
+> [!NOTE] 
+> If you progress past the Wi-Fi step and later need to switch to a different network while still in setup, you can press the **Volume Down** and **Power** buttons simultaneously to return to this step if you are running an OS version from October 2019 or later. For earlier versions, you may need to [reset the device](hololens-recovery.md) or restart it in a location where the Wi-Fi network is not available to prevent it from automatically connecting.
+> 
+> Also note that during HoloLens Setup, there is a credential timeout of two minutes. The username/password needs to be entered within two minutes otherwise the username field will be automatically cleared.
 
 1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**.
     - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens automatically enrolls in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available. In that case, you need to [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app).

devices/surface-hub/TOC.md

@@ -56,6 +56,8 @@
 ## Overview
 ### [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md)
 ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
+### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
+### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
 
 ## Plan
 ### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)
@@ -111,7 +113,6 @@
 ## Troubleshoot
 ### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md)
 ### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md)
-
 ### [Top support solutions for Surface Hub](support-solutions-surface-hub.md)
 ### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
 ### [Surface Hub Update History](surface-hub-update-history.md)
@@ -124,6 +125,4 @@
 ### [Surface Hub may install updates and restart outside maintenance hours](surface-hub-installs-updates-and-restarts-outside-maintenance-hours.md)
 ### [General Data Privacy Regulation and Surface Hub](general-data-privacy-regulation-and-surface-hub.md)
 ### [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
-### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
-### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
 ### [Change history for Surface Hub](change-history-surface-hub.md)

devices/surface-hub/docfx.json

@@ -41,7 +41,17 @@
           "depot_name": "Win.surface-hub",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "contributors_to_exclude": [ 
+        "rjagiewich", 
+        "traya1", 
+        "rmca14", 
+        "claydetels19", 
+        "Kellylorenebaker",
+        "jborsecnik",
+        "tiburd",
+        "garycentric"
+      ]
     },
     "externalReference": [],
     "template": "op.html",

devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md

@@ -15,130 +15,131 @@ ms.localizationpriority: medium
 ---
 
 # Hybrid deployment (Surface Hub)
-A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-prem), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
 
->[!NOTE]
+A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-premises), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
->In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-prem). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
+
+> [!NOTE]
+> In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-premises). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
 
-<span id="exchange-on-prem" />
 ## Exchange on-premises
+
 Use this procedure if you use Exchange on-premises.
 
 1. For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account. This account will be synced to Office 365.
 
-    - In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
+- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
-    - Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.<p>
+- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.<p>
 
-        ![New object box for creating a new user in active directory.](images/hybriddeployment-01a.png)
+![New object box for creating a new user in active directory.](images/hybriddeployment-01a.png)
 
-    - Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
+- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
 
-        >**Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
+> **Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
 
-        ![Image showing password dialog box.](images/hybriddeployment-02a.png)
+![Image showing password dialog box.](images/hybriddeployment-02a.png)
-        
-    -   Click **Finish** to create the account.
-
-        ![Image with account name, logon name, and password options for new user.](images/hybriddeployment-03a.png)
 
+-   Click **Finish** to create the account.
 
+![Image with account name, logon name, and password options for new user.](images/hybriddeployment-03a.png)
 
 2. Enable the remote mailbox.
 
-    Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet.
+Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet.
 
-    ```PowerShell
+```PowerShell
-    Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
+Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
-    ```
+```
-    >[!NOTE]
+
-    >If you don't have an on-premises Exchange environment to run this cmdlet, you can make the same changes directly to the Active Directory object for the account.
+> [!NOTE]
-    >
+> If you don't have an on-premises Exchange environment to run this cmdlet, you can make the same changes directly to the Active Directory object for the account.
-    >msExchRemoteRecipientType = 33
+>
-    >
+> msExchRemoteRecipientType = 33
-    >msExchRecipientDisplayType = -2147481850
+>
-    >
+> msExchRecipientDisplayType = -2147481850
-    >msExchRecipientTypeDetails = 8589934592
+>
+> msExchRecipientTypeDetails = 8589934592
 
 3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Microsoft 365 admin center and verify that the account created in the previous steps has merged to online.
 
 4. Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
 
-    Start a remote PowerShell session on a PC and connect to Microsoft Exchange. Be sure you have the right permissions set to run the associated cmdlets.
+Start a remote PowerShell session on a PC and connect to Microsoft Exchange. Be sure you have the right permissions set to run the associated cmdlets.
 
-    The next steps will be run on your Office 365 tenant.
+The next steps will be run on your Office 365 tenant.
 
-    ```PowerShell
+```PowerShell
-    Set-ExecutionPolicy RemoteSigned
+Set-ExecutionPolicy RemoteSigned
-    $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
+$cred=Get-Credential -Message "Please use your Office 365 admin credentials"
-    $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection
+$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection
-    Import-PSSession $sess
+Import-PSSession $sess
-    ```
+```
 
 5. Create a new Exchange ActiveSync policy, or use a compatible existing policy.
 
-    After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy or use a compatible existing policy.
+After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy or use a compatible existing policy.
 
-    Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
 
-    If you haven’t created a compatible policy yet, use the following cmdlet—-this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
 
-    ```PowerShell
+```PowerShell
-    $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
-    ```
+```
 
-    Once you have a compatible policy, then you will need to apply the policy to the device account. 
+Once you have a compatible policy, you will need to apply the policy to the device account. 
 
-    ```PowerShell
+```PowerShell
-    Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
+Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
-    ```
+```
 
 6. Set Exchange properties.
 
-    Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
 
-    ```PowerShell
+```PowerShell
-    Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
-    Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!'
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!'
-    ```
+```
 
 7. Connect to Azure AD.
 
-	You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+You first need to install Azure AD module for PowerShell version 2. In an elevated PowerShell prompt, run the following command:
-    ```PowerShell
-    Install-Module -Name AzureAD
-    ```
 
-    You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+```PowerShell
+Install-Module -Name AzureAD
+```
+
+You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+
+```PowerShell
+Import-Module AzureAD
+Connect-AzureAD -Credential $cred
+```
 
-    ```PowerShell
-    Import-Module AzureAD
-    Connect-AzureAD -Credential $cred
-    ```
 8. Assign an Office 365 license.
 
-    The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
 
-    You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
-    ```PowerShell
+```PowerShell
-    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
 
-	Get-AzureADSubscribedSku | Select Sku*,*Units
+Get-AzureADSubscribedSku | Select Sku*,*Units
-	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
-    $License.SkuId = SkuId You selected 
+$License.SkuId = SkuId You selected 
 
-	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
-    $AssignedLicenses.AddLicenses = $License
+$AssignedLicenses.AddLicenses = $License
-    $AssignedLicenses.RemoveLicenses = @()
+$AssignedLicenses.RemoveLicenses = @()
 
-    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
+Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
-    ```
+```
 
 Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
 
-<span id="sfb-online"/>
 ### Skype for Business Online
 
 To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need.
@@ -162,42 +163,42 @@ The following table lists the Office 365 plans and Skype for Business options.
 
 1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment.
 
-        ```PowerShell
+```PowerShell
-        Import-Module SkypeOnlineConnector  
+Import-Module SkypeOnlineConnector  
-        $cssess=New-CsOnlineSession -Credential $cred  
+$cssess=New-CsOnlineSession -Credential $cred  
-        Import-PSSession $cssess -AllowClobber
+Import-PSSession $cssess -AllowClobber
-        ```
+```
 
 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
 
-        ```PowerShell
+```PowerShell
-        Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
+Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
-        ```
+```
 
-    If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
+If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
 
-        ```PowerShell
+```PowerShell
-        Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool*
+Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool*
-        ```
+```
 
 3. Assign Skype for Business license to your Surface Hub account.
 
-    Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
+ Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) license to the device.
 
-   - Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
+- Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
 
-   - Click on **Users and Groups** and then **Add users, reset passwords, and more**.
+- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
 
-   - Click the Surface Hub account, and then click the pen icon to edit the account information.
+- Click the Surface Hub account, and then click the pen icon to edit the account information.
 
-   - Click **Licenses**.
+- Click **Licenses**.
 
-   - In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
+- In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
 
-   - Click **Save**.
+- Click **Save**.
 
-     >[!NOTE]
+> [!NOTE]
-     >You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
+> You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
 
 For validation, you should be able to use any Skype for Business client (PC, Android, etc.) to sign in to this account.
 
@@ -205,7 +206,7 @@ For validation, you should be able to use any Skype for Business client (PC, And
 
 To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run:
 
-```
+```PowerShell
 Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName 
 ```
 
@@ -217,181 +218,181 @@ The Surface Hub requires a Skype account of the type `meetingroom`, while a norm
 
 In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
 
->[!NOTE]
+> [!NOTE]
->To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
+> To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
 
 
 ## Exchange online
+
 Use this procedure if you use Exchange online.
 
 1. Create an email account in Office 365.
 
-    Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets.
+Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets.
 
-    ```PowerShell
+```PowerShell
-    Set-ExecutionPolicy RemoteSigned
+Set-ExecutionPolicy RemoteSigned
-    $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
+$cred=Get-Credential -Message "Please use your Office 365 admin credentials"
-    $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
-    Import-PSSession $sess
+Import-PSSession $sess
-    ```
+```
 
-2.  Set up mailbox.
+2. Set up a mailbox.
 
-    After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
+After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
 
-    If you're changing an existing resource mailbox:
+If you're changing an existing resource mailbox:
 
-    ```PowerShell
+```PowerShell
-    Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
+Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
-    ```
+```
 
-    If you’re creating a new resource mailbox:
+If you’re creating a new resource mailbox:
 
-    ```PowerShell
+```PowerShell
-    New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
+New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
-    ```
+```
 
 3. Create Exchange ActiveSync policy.
 
-    After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
 
-    Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, Exchange services on the Surface Hub (mail, calendar, and joining meetings) will not be enabled.
 
-    If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
 
-    ```PowerShell
+```PowerShell
-    $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
-    ```
+```
 
-    Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
+Once you have a compatible policy, you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
 
-    ```PowerShell
+```PowerShell
-    Set-Mailbox 'HUB01@contoso.com' -Type Regular
+Set-Mailbox 'HUB01@contoso.com' -Type Regular
-    Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
+Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
-    Set-Mailbox 'HUB01@contoso.com' -Type Room
+Set-Mailbox 'HUB01@contoso.com' -Type Room
-    $credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
+$credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
-    Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
+Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
-    ```
+```
 
 4. Set Exchange properties.
 
-    Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
 
-    ```PowerShell
+```PowerShell
-    Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
-    Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
-    ```
+```
 
-5.  Add email address for your on-premises domain account.
+5. Add an email address for your on-premises domain account.
 
-    For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account.
+For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account.
 
-    - In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
+- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
-    - Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
+- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
 
-        ![New object box for creating a new user in Active Directory.](images/hybriddeployment-01a.png)
+![New object box for creating a new user in Active Directory.](images/hybriddeployment-01a.png)
 
-    - Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
+- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
 
-        >[!IMPORTANT]
+> [!IMPORTANT]
-        >Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
+> Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
 
-        ![Image showing password dialog box.](images/hybriddeployment-02a.png)
+![Image showing password dialog box.](images/hybriddeployment-02a.png)
 
-    - Click **Finish** to create the account.
+- Click **Finish** to create the account.
 
-        ![Image with account name, logon name, and password options for new user.](images/hybriddeployment-03a.png)
+![Image with account name, logon name, and password options for new user.](images/hybriddeployment-03a.png)
 
 6. Run directory synchronization.
 
-    After you've created the account, run a directory synchronization. When it's complete, go to the users page and verify that the two accounts created in the previous steps have merged.
+After you've created the account, run a directory synchronization. When it's complete, go to the users page and verify that the two accounts created in the previous steps have merged.
 
 7. Connect to Azure AD.
 
-    You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+You first need to install Azure AD module for PowerShell version 2. In an elevated PowerShell prompt, run the following command:
 
-    ```PowerShell
+```PowerShell
-    Install-Module -Name AzureAD
+Install-Module -Name AzureAD
-    ```
+```
-    You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
 
-    ```PowerShell
+You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect:
-    Import-Module AzureAD
+
-    Connect-AzureAD -Credential $cred
+```PowerShell
-    ```
+Import-Module AzureAD
+Connect-AzureAD -Credential $cred
+```
 
 8. Assign an Office 365 license.
 
-    The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
 
-    Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
-    ```PowerShell
+```PowerShell
-    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
 
-	Get-AzureADSubscribedSku | Select Sku*,*Units
+Get-AzureADSubscribedSku | Select Sku*,*Units
-	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
-    $License.SkuId = SkuId You selected 
+$License.SkuId = SkuId You selected 
 
-	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
-    $AssignedLicenses.AddLicenses = $License
+$AssignedLicenses.AddLicenses = $License
-    $AssignedLicenses.RemoveLicenses = @()
+$AssignedLicenses.RemoveLicenses = @()
 
-    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
+Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
-    ```
+```
-
-Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-premises](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid).
 
+Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
 
 ### Skype for Business Online
 
-In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#sfb-online).
+In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#skype-for-business-online).
 
 1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC.
 
-   ```PowerShell
+```PowerShell
-   Import-Module SkypeOnlineConnector  
+Import-Module SkypeOnlineConnector  
-   $cssess=New-CsOnlineSession -Credential $cred  
+$cssess=New-CsOnlineSession -Credential $cred  
-   Import-PSSession $cssess -AllowClobber
+Import-PSSession $cssess -AllowClobber
-   ```
+```
 
 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
 
-   ```PowerShell
+```PowerShell
-   Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool  
+Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool  
-   'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
+'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
-   ```
+```
 
    If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
 
-   ```PowerShell
+```PowerShell
-   Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool*
+Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool*
-   ```
+```
 
 10. Assign Skype for Business license to your Surface Hub account
 
-    Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
+Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) license to the device.
 
-    - Sign in as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
+- Sign in as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
 
-    - Click on **Users and Groups** and then **Add users, reset passwords, and more**.
+- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
 
-    - Click the Surface Hub account, and then click the pen icon to edit the account information.
+- Click the Surface Hub account, and then click the pen icon to edit the account information.
 
-    - Click **Licenses**.
+- Click **Licenses**.
 
-    - In **Assign licenses**, select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub.
+- In **Assign licenses**, select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub.
 
-    - Click **Save**.
+- Click **Save**.
 
-        >[!NOTE]
+> [!NOTE]
-        > You can also use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
+> You can also use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
 
 For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.
 
-<span id="sfb-onprem"/>
 ### Skype for Business on-premises
 
 To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run:
@@ -400,7 +401,6 @@ To run this cmdlet, you will need to connect to one of the Skype front-ends. Ope
 Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName 
 ```
 
-<span id="sfb-hybrid"/>
 ### Skype for Business hybrid
 
 If your organization has set up [hybrid connectivity between Skype for Business Server and Skype for Business Online](https://technet.microsoft.com/library/jj205403.aspx), the guidance for creating accounts differs from a standard Surface Hub deployment.
@@ -409,6 +409,5 @@ The Surface Hub requires a Skype account of the type *meetingroom*, while a norm
 
 In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
 
->[!NOTE]
+> [!NOTE]
->To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
+> To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
-

devices/surface-hub/index.md

@@ -30,6 +30,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
                         <p><a href="https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099" target="_blank">Behind the design: Surface Hub 2S</a></p>
                         <p><a href="surface-hub-2s-whats-new.md">What's new in Surface Hub 2S</a></p>
                         <p><a href="differences-between-surface-hub-and-windows-10-enterprise.md">Operating system essentials</a></p>
+                        <p><a href="https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d">Enable Microsoft Whiteboard on Surface Hub</a></p>
                     </div>
                 </div>
             </div>
@@ -122,7 +123,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
                         </div>
                     </div>
                     <div class="cardText">
-                        <h3>Support</h3>
+                        <h3>Troubleshoot</h3>
                         <p><a href="https://support.microsoft.com/help/4493926" target="_blank">Service and warranty</a></p>
                         <p><a href="surface-hub-2s-recover-reset.md">Recover & reset Surface Hub 2S</a></p>
                         <p><a href="support-solutions-surface-hub.md">Surface Hub support solutions</a></p>
@@ -156,7 +157,8 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
             <div class="cardPadding">
                 <div class="card">
                     <div class="cardText">
-                        <h3>Surface Hub 2s Videos</h3>
+                        <h3>Surface Hub 2S Videos</h3>
+                        <p><a href="surface-hub-2s-adoption-videos.md" target="_blank">Adoption and training videos</p>
                         <p><a href="https://youtu.be/pbhNngw3a-Y" target="_blank">What is Surface Hub 2S?</p>
                         <p><a href="https://www.youtube.com/watch?v=CH2seLS5Wb0" target="_blank">Surface Hub 2S with Teams</p>
                         <p><a href="https://www.youtube.com/watch?v=I4N2lQX4WyI&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ&index=7" target="_blank">Surface Hub 2S with Microsoft 365</p>

devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md

@@ -117,9 +117,9 @@ The following tables include info on Windows 10 settings that have been validate
 |                    Allow Do Not Track                     |                                                          Use to enable Do Not Track headers.                                                          |                          [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack)                          | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
 |                       Allow pop-ups                       |                                                         Use to block pop-up browser windows.                                                          |                              [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups)                              | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
 |                 Allow search suggestions                  |                                                  Use to block search suggestions in the address bar.                                                  |       [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar)       | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                     Allow SmartScreen                     |                                                       Keep this enabled to turn on SmartScreen.                                                       |                         [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen)                         | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+|                     Allow Windows Defender SmartScreen                     |                                                       Keep this enabled to turn on Windows Defender SmartScreen.                                                       |                         [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen)                         | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-| Prevent ignoring SmartScreen Filter warnings for websites |     For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites.     |         [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride)         | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+| Prevent ignoring Windows Defender SmartScreen warnings for websites |     For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites.     |         [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride)         | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|  Prevent ignoring SmartScreen Filter warnings for files   | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+|  Prevent ignoring Windows Defender SmartScreen warnings for files   | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 

devices/surface-hub/online-deployment-surface-hub-device-accounts.md

@@ -90,7 +90,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
    Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
    ```
 
-7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
+7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#skype-for-business-online).
    
    Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
@@ -124,13 +124,13 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
    - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, <em>alice@contoso.com</em>):
 
        ```PowerShell
-       (Get-CsTenant).TenantPoolExtension
+       Get-CsOnlineUser -Identity 'alice@contoso.com' | fl registrarpool
        ```
        OR by setting a variable
         
        ```PowerShell
-       $strRegistrarPool = (Get-CsTenant).TenantPoolExtension
+	$strRegistrarPool = Get-CsOnlineUser -Identity 'alice@contoso.com' | fl registrarpool | out-string
-       $strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
+	$strRegistrarPool = $strRegistrarPool.Substring($strRegistrarPool.IndexOf(':') + 2)
        ```
         
    - Enable the Surface Hub account with the following cmdlet:

devices/surface-hub/surface-hub-2s-account.md

@@ -54,25 +54,26 @@ Instead of using the Microsoft Admin Center portal, you can create the account u
 
 ### Connect to Exchange Online PowerShell
 
-```
+```powershell
-$365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential (Get-Credential) -Authentication Basic –AllowRedirection $ImportResults = Import-PSSession $365Session
+$365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential (Get-Credential) -Authentication Basic –AllowRedirection
+$ImportResults = Import-PSSession $365Session
 ```
 
 ### Create a new Room Mailbox
 
-```
+```powershell
 New-Mailbox -MicrosoftOnlineServicesID account@YourDomain.com -Alias SurfaceHub2S -Name SurfaceHub2S -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString  -String "<Enter Strong Password>" -AsPlainText -Force)
 ```
 
 ### Set Calendar Auto processing
 
-```
+```powershell
 Set-CalendarProcessing -Identity "account@YourDomain.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts   $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
 ```
 
 ### Assign a license
 
-```
+```powershell
 Connect-MsolService
 Set-Msoluser -UserPrincipalName account@YourDomain.com -UsageLocation IE
 Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "contoso:MEETING_ROOM"
@@ -85,10 +86,11 @@ Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "co
 - [Visual C++ 2017 Redistributable](https://aka.ms/vs/15/release/vc_redist.x64.exe)
 - [Skype for Business Online PowerShell Module](https://www.microsoft.com/download/confirmation.aspx?id=39366)
 
-```
+```powershell
 Import-Module LyncOnlineConnector
 $SfBSession = New-CsOnlineSession -Credential (Get-Credential)
 Import-PSSession $SfBSession -AllowClobber
-Enable the Skype for Business meeting room
+
+# Enable the Skype for Business meeting room
 Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPool(Get-CsTenant).Registrarpool -SipAddressType EmailAddress
 ```

devices/surface-hub/surface-hub-2s-adoption-videos.md

@@ -1,6 +1,6 @@
 ---
 title: "Surface Hub 2S on-demand adoption and training videos"
-description: "This page contains comprehensive training for Surface Hub 2S via on-demand streaming"
+description: "This page contains on-demand training for Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-hub-2s-connect.md

@@ -9,7 +9,7 @@ ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/13/2019
 ms.localizationpriority: Medium
 ---
 
@@ -28,7 +28,7 @@ In general, it’s recommended to use native cable connections whenever possible
 | **Connection** | **Functionality** | **Description**|
 | --- | --- | ---|
 | HDMI + USB-C | HDMI-in for audio and video<br><br>USB-C for TouchBack and InkBack | USB-C supports TouchBack and InkBack with the HDMI A/V connection.<br><br>Use USB-C to USB-A to connect to legacy computers.<br><br>**NOTE:** For best results, connect HDMI before connecting a USB-C cable. If the computer you're using for HDMI is not compatible with TouchBack and InkBack, you won't need a USB-C cable. |
-| USB-C <br> (via compute module) | Video-in <br>Audio-in | Single cable needed for A/V<br><br>TouchBack and InkBack not supported<br><br>HDCP enabled |
+| USB-C <br> (via compute module) | Video-in <br>Audio-in | Single cable needed for A/V<br><br>TouchBack and InkBack is supported<br><br>HDCP enabled |
 | HDMI (in port) | Video, Audio into Surface Hub 2S | Single cable needed for A/V<br><br>TouchBack and InkBack not supported<br><br>HDCP enabled |
 | MiniDP 1.2 output | Video-out such as mirroring to a larger projector. | Single cable needed for A/V |
 

devices/surface-hub/surface-hub-2s-prepare-environment.md

@@ -9,7 +9,7 @@ ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/21/2019
 ms.localizationpriority: Medium
 ---
 
@@ -45,6 +45,6 @@ If you affiliate Surface Hub 2S with on-premises Active Directory Domain Service
 
 ## Azure Active Directory
 
-When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
+When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
 
 If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work.

devices/surface-hub/surface-hub-2s-recover-reset.md

@@ -9,7 +9,7 @@ ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article
-ms.date: 06/20/2019
+ms.date: 12/05/2019
 ms.localizationpriority: Medium
 ---
 
@@ -38,13 +38,15 @@ New in Surface Hub 2S, you can now reinstall the device using a recovery image.
 Surface Hub 2S lets you reinstall the device using a recovery image, which allows you to reinstall the device to factory settings if you lost the Bitlocker key or no longer have admin credentials to the Settings app.
 
 1. Begin with a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32.
-2. Download recovery image from the [Surface Recovery website](https://support.microsoft.com/en-us/surfacerecoveryimage?devicetype=surfacehub2s) onto the USB drive and connect it to any USB-C or USB A port on Surface Hub 2S.
+2. From a separate PC, download the .zip file recovery image from the [Surface Recovery website](https://support.microsoft.com/surfacerecoveryimage?devicetype=surfacehub2s) and then return to these instructions. 
-3. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins.
+3. Unzip the downloaded file onto the root of the USB drive.  
+4. Connect the USB drive to any USB-C or USB-A port on Surface Hub 2S.
+5. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins.
 
 ![*Use Volume down and power buttons to initiate recovery*](images/sh2-keypad.png) <br>
 
-4. In the language selection screen, select the display language for your Surface Hub 2S.
+6. In the language selection screen, select the display language for your Surface Hub 2S.
-5. Choose **Recover from a drive** and **Fully clean the drive** and then select **Recover**. If prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process.
+7. Choose **Recover from a drive** and **Fully clean the drive** and then select **Recover**. If prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process.
 Remove the USB drive when the first time setup screen appears.
 
 ## Recover a locked Surface Hub

devices/surface-hub/surface-hub-2s-techspecs.md

@@ -9,7 +9,7 @@ manager: laurawi
 ms.author: greglin
 audience: Admin
 ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/19/2019
 ms.localizationpriority: Medium
 ---
 
@@ -27,10 +27,10 @@ ms.localizationpriority: Medium
 |**Graphics**| Intel UHD Graphics 620 |
 |**Wireless**| Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac compatible) Bluetooth Wireless 4.1 technology <br> Miracast display |
 |**Connections**| USB-A <br> Mini-DisplayPort 1.2 video output <br> RJ45 gigabit Ethernet (1000/100/10 BaseT) <br> HDMI video input (HDMI 2.0, HDCP 2.2 /1.4) <br> USB-C with DisplayPort input <br> Four USB-C (on display) |
-|**Sensors**| Doppler occupancy sensor <br> Accelerometer <br> Gyroscope |
+|**Sensors**| Doppler occupancy <sup>2</sup> <br> Accelerometer <br> Gyroscope |
 |**Audio/Video**| Full-range, front facing 3-way stereo speakers <br> Full band 8-element MEMS microphone array <br> Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree HFOV |
 |**Pen**| Microsoft Surface Hub 2 Pen (active) |
-|**Software**| Windows 10 <br> Microsoft Teams for Surface Hub <sup>2</sup> <br> Skype for Business <br> Microsoft Whiteboard <br> Microsoft Office (Mobile) <br> Microsoft Power BI <sup>2</sup> |
+|**Software**| Windows 10 <br> Microsoft Teams for Surface Hub <sup>3</sup> <br> Skype for Business <br> Microsoft Whiteboard <br> Microsoft Office (Mobile) <br> Microsoft Power BI <sup>2</sup> |
 |**Exterior**| Casing: Precision machined aluminum with mineral-composite resin <br> Color: Platinum <br> Physical Buttons: Power, Volume, Source |
 |**What’s in the box**| One Surface Hub 2S <br> One Surface Hub 2 Pen  <br> One Surface Hub 2 Camera <br> 2.5 m AC Power Cable <br> Quick Start Guide |
 |**Warranty**| 1-year limited hardware warranty |
@@ -41,4 +41,5 @@ ms.localizationpriority: Medium
 |**Input Power, standby**| 5 W max  |
 
 > [!NOTE]
-> <sup>1</sup> System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. <br> <sup>2</sup> Software license required for some features. Sold separately.<br> 
+> <sup>1</sup> System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. <br> <sup>2</sup> Doppler sensor not available in Hong Kong, India, Kuwait, and Oman  due to government regulations.
+<br> <sup>3</sup> Software license required for some features. Sold separately.<br> 

devices/surface-hub/surface-hub-wifi-direct.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/27/2019
 ms.reviewer: 
 manager: dansimp
 ms.localizationpriority: medium
@@ -25,7 +25,7 @@ The intended audiences for this topic include IT and network administrators inte
 
 Microsoft Surface Hub's security depends extensively on Wi-Fi Direct / Miracast and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Since the device only supports WPS (as opposed to WPA2 Pre-Shared Key (PSK) or WPA2 Enterprise), issues traditionally associated with 802.11 encryption are simplified by design. 
 
-It is important to note Surface Hub operates on par with the field of Miracast receivers, meaning that it is protected from, and vulnerable to, a similar set of exploits as all WPS-based wireless network devices. But Surface Hub’s implementation of WPS has extra precautions built in, and its internal architecture helps prevent an attacker – even after compromising the Wi-Fi Direct / Miracast layer – to move past the network interface onto other attack surfaces and connected enterprise networks see [Wi-Fi Direct vulnerabilities and how Surface Hub addresses them](#vulnerabilities).  
+It is important to note Surface Hub operates on par with the field of Miracast receivers, meaning that it is protected from, and vulnerable to, a similar set of exploits as all WPS-based wireless network devices. But Surface Hub’s implementation of WPS has extra precautions built in, and its internal architecture helps prevent an attacker – even after compromising the Wi-Fi Direct / Miracast layer – to move past the network interface onto other attack surfaces and connected enterprise networks. 
 
 ## Wi-Fi Direct background
 
@@ -37,7 +37,7 @@ Security for Wi-Fi Direct is provided by WPA2 using the WPS standard.  Authentic
 
 In Wi-Fi Direct, groups are created as either "persistent," allowing for automatic reconnection using stored key material, or "temporary," where devices cannot re-authenticate without user intervention or action. Wi-Fi Direct groups will typically determine a Group Owner (GO) through a negotiation protocol, which mimics the "station" or "Access Point" functionality for the established Wi-Fi Direct Group. This Wi-Fi Direct GO provides authentication (via an “Internal Registrar”), and facilitate upstream network connections. For Surface Hub, this GO negotiation does not take place, as the network only operates in "autonomous" mode, where Surface Hub is always the Group Owner. Finally, Surface Hub does not and will not join other Wi-Fi Direct networks itself as a client.
 
-<span id="vulnerabilities" />
+
 ## Wi-Fi Direct vulnerabilities and how Surface Hub addresses them
 
 **Vulnerabilities and attacks in the Wi-Fi Direct invitation, broadcast, and discovery process**: Wi-Fi Direct / Miracast attacks may target weaknesses in the group establishment, peer discovery, device broadcast, or invitation processes.

devices/surface/TOC.md

@@ -17,7 +17,7 @@
 ### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md)
 ### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md)
 ### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
-### [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
+### [Considerations for Surface and Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
 ### [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md)
 ### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
 ### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

devices/surface/considerations-for-surface-and-system-center-configuration-manager.md

@@ -1,5 +1,5 @@
 ---
-title: Considerations for Surface and System Center Configuration Manager (Surface)
+title: Considerations for Surface and Microsoft Endpoint Configuration Manager
 description: The management and deployment of Surface devices with Configuration Manager is fundamentally the same as any other PC; this article describes scenarios that may require additional considerations.
 keywords: manage, deployment, updates, driver, firmware
 ms.prod: w10
@@ -11,32 +11,32 @@ ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.audience: itpro
-ms.date: 10/24/2019
+ms.date: 11/25/2019
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Considerations for Surface and System Center Configuration Manager
+# Considerations for Surface and Microsoft Endpoint Configuration Manager
 
-Fundamentally, management and deployment of Surface devices with System Center Configuration Manager (SCCM) is the same as the management and deployment of any other PC. Like other PCs, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device.
+Fundamentally, management and deployment of Surface devices with Endpoint Configuration Manager (formerly known as System Center Configuration Manager or SCCM) is the same as the management and deployment of any other PC. Like other PCs, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device.
 
-You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for System Center Configuration Manager](https://docs.microsoft.com/sccm/index).
+You can find more information about how to use Configuration Manager to deploy and manage devices in the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/sccm/index).
 
 Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios; the solutions documented in this article may apply to other devices and manufacturers as well.
 
 >[!NOTE]
->For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager.
+>For management of Surface devices it is recommended that you use the Current Branch of Endpoint Configuration Manager.
 
 ## Support for Surface Pro X
-Beginning in version 1802, SCCM includes client management support for Surface Pro X. Note however that running the SCCM agent on Surface Pro X may accelerate battery consumption. In addition, SCCM operating system deployment is not supported on Surface Pro X. For more information, refer to:
+Beginning in version 1802, Endpoint Configuration Manager includes client management support for Surface Pro X. Note however that running the Endpoint Configuration Manager agent on Surface Pro X may accelerate battery consumption. In addition, operating system deployment using Endpoint Configuration Manager is not supported on Surface Pro X. For more information, refer to:
-- [What's new in version 1802 of System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802)
+- [What's new in version 1802 of System Center Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/changes/whats-new-in-version-1802)
 - [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
 
 ## Updating Surface device drivers and firmware
 
 For devices that receive updates through Windows Update, drivers for Surface components – and even firmware updates – are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
 
-As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
+As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
 
 >[!NOTE]
 >Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2 – for more information see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
@@ -47,25 +47,25 @@ The default mechanism that Configuration Manager uses to identify devices during
 
 To ensure that Surface devices using the same Ethernet adapter are identified as unique devices during deployment, you can instruct Configuration Manager to identify devices using another method. This other method could be the MAC address of the wireless network adapter or the System Universal Unique Identifier (System UUID). You can specify that Configuration Manager use other identification methods with the following options:
 
-* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
+* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/).
 
-* Prestage devices by System UUID as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
+* Prestage devices by System UUID as documented in [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/).
 
-* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/) blog post.
+* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/).
 
 Another consideration for the Surface Ethernet adapter during deployments with Configuration Manager is the driver for the Ethernet controller. Beginning in Windows 10, version 1511, the driver for the Surface Ethernet adapter is included by default in Windows. For organizations that want to deploy the latest version of Windows 10 and use the latest version of WinPE, use of the Surface Ethernet adapter requires no additional actions.
 
-For versions of Windows prior to Windows 10, version 1511 (including Windows 10 RTM and Windows 8.1), you may still need to install the Surface Ethernet adapter driver and include the driver in your WinPE boot media. With its inclusion in Windows 10, the driver is no longer available for download from the Microsoft Download Center. To download the Surface Ethernet adapter driver, download it from the Microsoft Update Catalog as documented in the [Surface Ethernet Drivers](https://blogs.technet.microsoft.com/askcore/2016/08/18/surface-ethernet-drivers/) blog post from the Ask The Core Team blog.
+For versions of Windows prior to Windows 10, version 1511 (including Windows 10 RTM and Windows 8.1), you may still need to install the Surface Ethernet adapter driver and include the driver in your WinPE boot media. With its inclusion in Windows 10, the driver is no longer available for download from the Microsoft Download Center. To download the Surface Ethernet adapter driver, refer to [Surface Ethernet Drivers](https://blogs.technet.microsoft.com/askcore/2016/08/18/surface-ethernet-drivers/).
 
 ## Deploy Surface app with Configuration Manager
 
-With the release of Microsoft Store for Business, Surface app is no longer available as a driver and firmware download. Organizations that want to deploy Surface app to managed Surface devices or during deployment with the use of Configuration Manager, must acquire Surface app through Microsoft Store for Business and then deploy Surface app with PowerShell. You can find the PowerShell commands for deployment of Surface app, instructions to download Surface app, and prerequisite frameworks from Microsoft Store for Business in the [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business) article in the TechNet Library.
+With the release of Microsoft Store for Business, Surface app is no longer available as a driver and firmware download. Organizations that want to deploy Surface app to managed Surface devices or during deployment with the use of Configuration Manager, must acquire Surface app through Microsoft Store for Business and then deploy Surface app with PowerShell. For more information including PowerShell commands for deploying Surface app, refer to [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business).
 
 ## Use prestaged media with Surface clients
 
 If your organization uses prestaged media to pre-load deployment resources on to machines prior to deployment with Configuration Manager, the nature of Surface devices as UEFI devices may require you to take additional steps. Specifically, a native UEFI environment requires that you create multiple partitions on the boot disk of the system. If you are following along with the [documentation for prestaged media](https://technet.microsoft.com/library/79465d90-4831-4872-96c2-2062d80f5583?f=255&MSPPError=-2147217396#BKMK_CreatePrestagedMedia), the instructions provide for only single partition boot disks and therefore will fail when applied to Surface devices.
 
-Instructions for applying prestaged media to UEFI devices, such as Surface devices, can be found in the [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in System Center Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/) blog post.
+To apply prestaged media to UEFI devices, such as Surface devices, refer to [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in System Center Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/).
 
 ## Licensing conflicts with OEM Activation 3.0
 
@@ -77,9 +77,9 @@ However, issues may arise when organizations intend to use versions of Windows t
 
 ## Apply an asset tag during deployment
 
-Surface Studio, Surface Book, Surface Pro 4, Surface Pro 3, and Surface 3 devices all support the application of an asset tag in UEFI. This asset tag can be used to identify the device from UEFI even if the operating system fails, and it can also be queried from within the operating system. To read more about the Surface Asset Tag function, see the [Asset Tag Tool for Surface Pro 3](https://blogs.technet.microsoft.com/askcore/2014/10/20/asset-tag-tool-for-surface-pro-3/) blog post.
+Surface Studio, Surface Book, Surface Pro 4, Surface Pro 3, and Surface 3 devices all support the application of an asset tag in UEFI. This asset tag can be used to identify the device from UEFI even if the operating system fails, and it can also be queried from within the operating system. For more information, refer to [Surface Asset Tag Tool](assettag.md).
 
-To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.microsoft.com/download/details.aspx?id=44076) during a Configuration Manager deployment task sequence, use the script and instructions found in the [Set Surface Asset Tag During a Configuration Manager Task Sequence](https://blogs.technet.microsoft.com/jchalfant/set-surface-pro-3-asset-tag-during-a-configuration-manager-task-sequence/) blog post.
+To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.microsoft.com/download/details.aspx?id=44076) during a Configuration Manager deployment task sequence, use the script and instructions in [Set Surface Asset Tag During a Configuration Manager Task Sequence](https://blogs.technet.microsoft.com/jchalfant/set-surface-pro-3-asset-tag-during-a-configuration-manager-task-sequence/).
 
 ## Configure push-button reset
 

devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md

@@ -2,8 +2,8 @@
 title: Deploy the latest firmware and drivers for Surface devices (Surface)
 description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
 ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
-ms.reviewer: 
+ms.reviewer: dansimp
-manager: dansimp
+manager: kaushika
 keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device
 ms.localizationpriority: medium
 ms.prod: w10
@@ -12,70 +12,94 @@ ms.pagetype: surface, devices
 ms.sitesec: library
 author: dansimp
 ms.audience: itpro
-ms.date: 10/21/2019
+ms.date: 11/25/2019
 ms.author: dansimp
 ms.topic: article
 ---
 
 # Deploy the latest firmware and drivers for Surface devices
-Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment. 
 
-## Download MSI files
+> **Home users:** This article is only intended for technical support agents and IT professionals, and applies only to Surface devices. If you're looking for help to install Surface updates or firmware on a home device, please see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
-To download MSI files, refer to the following Microsoft Support page:
 
-- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)<br>
+Under typical conditions, Windows Update automatically keeps Windows Surface devices up-to-date by downloading and installing the latest device drivers and firmware. However, you may sometimes have to download and install updates manually. For example, you may have to manually manage updates when you deploy a new version of Windows.
-Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
+
+## Downloading MSI files
+
+[Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface) provides links to download installation files for the following:
+
+- Administrative tools
+- Drivers for accessories
+- For some devices, updates for Windows
 
 ## Deploying MSI files
-Driver and firmware updates for Surface devices consisting of all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
 
-The MSI file names contain useful information including the minimum supported Windows build number required to install the drivers and firmware. For example, to install the drivers contained in SurfaceBook_Win10_17763_19.080.2031.0.msi requires Windows 10 Fall Creators Update version 1709 or later installed on your Surface Book.
+Specific versions of Windows 10 have separate MSI files. Each MSI file contains all required cumulative driver and firmware updates for Surface devices.
 
-To view build numbers for each version, refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information).
+The MSI file names contain useful information, including the minimum supported Windows build number that is required to install the drivers and firmware. For example, to install the drivers that are contained in SurfaceBook_Win10_17763_19.080.2031.0.msi on a Surface Book, the device must be running Windows 10 Fall Creators Update, version 1709 or later.
+
+For more information about build numbers for each Windows version, see [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information).
 
 ### Surface MSI naming convention
-Beginning in August 2019, MSI files use the following naming formula:
 
-- Product > Windows release > Windows build number > Version number >  Revision of version number (typically zero).
+Beginning in August, 2019, MSI files have used the following naming convention:
 
-**Example:**
+> *Product*\_*Windows release*\_*Windows build number*\_*Version number*\_*Revision of version number (typically zero)*.
-SurfacePro6_Win10_18362_19.073.44195_0.msi :
 
-| Product     | Windows release | Build | Version |  Revision of version |
+**Example**
-| --- | --- | --- | --- | --- |
+
-| SurfacePro6 | Win10  | 18362  | 19.073.44195 | 0  |
+Consider the following MSI file:
-|       |      |       | Indicates key date and sequence information.  | Indicates release history of the update.   |
+
-|      |        |     | **19:** Signifies the year (2019).<br>**073**: Signifies the month (July) and week of the release (3).  <br>**44195**: Signifies the minute of the month that the MSI file was created. |**0:**  Signifies it's the first release of version 1907344195 and has not been re-released for any reason. |
+> SurfacePro6_Win10_18362_19.073.44195_0.msi
+
+This file name provides the following information:
+
+- **Product:** SurfacePro6
+- **Windows release:** Win10
+- **Build:** 18362
+- **Version:** 19.073.44195 &ndash; This shows the date and time that the file was created, as follows:
+  - **Year:** 19 (2019)
+  - **Month and week:** 073 (third week of July)
+  - **Minute of the month:** 44195
+- **Revision of version:** 0 (first release of this version)
 
 ### Legacy Surface MSI naming convention
-Legacy MSI files prior to August 2019 followed the same overall naming formula but used a different method to derive the version number.  
 
-**Example:**
+Legacy MSI files (files that were built before August, 2019) followed the same overall naming formula, but used a different method to derive the version number.  
-SurfacePro6_Win10_16299_1900307_0.msi :
 
-| Product     | Windows release | Build | Version |  Revision of version |
+**Example**
-| --- | --- | --- | --- | --- |
-| SurfacePro6 | Win10  | 16299  | 1900307 | 0  |
-|       |      |       | Indicates key date and sequence information.  | Indicates release history of the MSI file.   |
-|      |        |     | **19:** Signifies the year (2019)<br>**003**: Signifies that it’s the third release of 2019.<br>**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
 
-Look to the **version** number to determine the latest files that contain the most recent security updates.  For example, you might need to install the newest file from the following list:
+Consider the following MSI file:
 
+> SurfacePro6_Win10_16299_1900307_0.msi
+
+This file name provides the following information:
+
+- **Product:** SurfacePro6
+- **Windows release:** Win10
+- **Build:** 16299
+- **Version:** 1900307 &ndash; This shows the date that the file was created and its position in the release sequence, as follows:
+  - **Year:** 19 (2019)
+  - **Number of release:** 003 (third release of the year)
+  - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro)
+- **Revision of version:** 0 (first release of this version)
+
+Use the **version** number to determine the latest files that contain the most recent security updates. For example, consider the following list:
 
 - SurfacePro6_Win10_16299_1900307_0.msi
 - SurfacePro6_Win10_17134_1808507_3.msi
 - SurfacePro6_Win10_17763_1808707_3.msi
 
-The first file —  SurfacePro6_Win10_16299_1900307_0.msi  —  is the newest because its VERSION field has the newest build in 2019; the other files are from 2018.
+In this list, the newest file is the first file (SurfacePro6_Win10_16299_1900307_0.msi). Its **Version** field has the newest date (2019). The other files are from 2018.
 
 ## Supported devices
-Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. 
 
->[!NOTE]
+For downloadable MSI files for devices that run Surface Pro 2 and later versions, see [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). This article contains information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3, as they are released.  
->There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update.
 
-For more information about deploying Surface drivers and firmware, refer to:
+> [!NOTE]  
+> There are no downloadable firmware or driver updates available for Surface devices that run Windows RT, including Surface RT and Surface 2. To update these devices, use Windows Update.
+
+For more information about how to deploy Surface drivers and firmware, see the following articles:
 
 - [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
 
-- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business)
+- [Surface for Business help](https://www.microsoft.com/surface/support/business)

devices/surface/docfx.json

@@ -37,11 +37,21 @@
           "depot_name": "Win.surface",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "contributors_to_exclude": [ 
+        "rjagiewich", 
+        "traya1", 
+        "rmca14", 
+        "claydetels19", 
+        "Kellylorenebaker",
+        "jborsecnik",
+        "tiburd",
+        "garycentric"
+      ]
     },
     "externalReference": [],
     "template": "op.html",
     "dest": "devices/surface",
     "markdownEngineName": "markdig"
-  }
+}
 }

devices/surface/get-started.md

@@ -28,7 +28,7 @@ Harness the power of Surface, Windows, and Office connected together through the
                     </div>
                     <div class="cardText">
                         <h3>Plan</h3>
-                         <p><a href="considerations-for-surface-and-system-center-configuration-manager.md">Surface and SCCM considerations</a></p>
+                         <p><a href="considerations-for-surface-and-system-center-configuration-manager.md">Surface and Endpoint Configuration Manager considerations</a></p>
                          <p><a href="wake-on-lan-for-surface-devices.md">Wake On LAN for Surface devices</a></p>
                     </div>
                 </div>

devices/surface/manage-surface-driver-and-firmware-updates.md

@@ -41,7 +41,7 @@ For details about Group Policy for client configuration of WSUS or Windows Updat
 
 Surface driver and firmware updates are packaged as Windows Installer (MSI) files. To deploy these Windows Installer packages, you can use application deployment utilities such as the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager. Such solutions provide the means for administrators to test and review updates before deploying them, and to centralize deployment. For each device, it is important to select the correct MSI file for the device and its operating system. For more information see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
 
-For instructions on how to deploy updates by using System Center Configuration Manager, refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
+For instructions on how to deploy updates by using Endpoint Configuration Manager (formerly System Center Configuration Manager), refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
 
 > [!NOTE]
 > You can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.

devices/surface/microsoft-surface-data-eraser.md

@@ -14,7 +14,7 @@ author: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.audience: itpro
-ms.date: 10/21/2019
+ms.date: 11/13/2019
 ---
 
 # Microsoft Surface Data Eraser
@@ -160,11 +160,17 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
 
 Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
 
+### 3.28.137
+*Release Date: 11 Nov 2019*
+This version of Surface Data Eraser:
+
+- Includes bug fixes
+
 ### Version 3.21.137
 *Release Date: 21 Oct 2019*
 This version of Surface Data Eraser is compiled for x86 and adds support for the following devices:
 
-Supports Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+- Supports Surface Pro 7, Surface Pro X, and Surface Laptop 3
 
 ### Version 3.2.78.0
 *Release Date: 4 Dec 2018*

devices/surface/support-solutions-surface.md

@@ -19,6 +19,9 @@ ms.audience: itpro
 
 # Top support solutions for Surface devices
 
+> [!Note]
+> **Home users**: This article is only intended for use by IT professionals and  technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
+
 Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated.  For a complete listing of the update history, see [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) and [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined).
 
 

devices/surface/surface-dock-firmware-update.md

@@ -50,6 +50,9 @@ You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firm
 > [!NOTE]
 > A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
 
+> [!NOTE]
+> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
+
 For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation.
 
 > [!IMPORTANT]
@@ -86,15 +89,16 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
 
 ## Event logging
 
-**Table 1. Event logging for Surface Dock Firmware Update**
+**Table 1. Log files for Surface Dock Firmware Update**
 
 | Log                              | Location                               | Notes                                                                                                                                                                                                         |
-| -------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| -------------------------------- | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | Surface Dock Firmware Update log | Path needs to be specified (see note) | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater.                                                                                                  |
-| Windows Device Install log       | %windir%\inf\setupapi.dev.log         | For more information about using Device Install Log, refer to [SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-). |
+| Windows Device Install log       | %windir%\inf\setupapi.dev.log           | For more information about using Device Install Log, refer to [SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. |
 
 
-**Table 2. Event log IDs for Surface Dock Firmware Update**
+**Table 2. Event log IDs for Surface Dock Firmware Update**<br>
+Events are logged in the Application Event Log.  Note:  Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater.
 
 | Event ID | Event type                                                           |
 | -------- | -------------------------------------------------------------------- |

devices/surface/surface-enterprise-management-mode.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/31/2019
+ms.date: 12/02/2019
 ms.reviewer: scottmca
 manager: dansimp
 ms.localizationpriority: medium
@@ -21,8 +21,7 @@ ms.audience: itpro
 Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal.
 
 >[!NOTE]
->SEMM is only available on devices with Surface UEFI firmware. 
+>SEMM is only available on devices with Surface UEFI firmware. This includes most Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 commercial SKUs with an Intel processor. SEMM is not supported on the 15" Surface Laptop 3 SKU with AMD processor (only available as a retail SKU). 
-
 
 When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
 
@@ -91,7 +90,7 @@ The following list shows all the available devices you can manage in SEMM:
 | Alternate Boot                     | Allows you to manage use of an Alternate boot order to boot directly to a USB or Ethernet device by pressing both the Volume Down button and Power button during boot. If you do not configure this setting, Alternate boot is enabled. |
 | Boot Order Lock                    | Allows you to lock the boot order to prevent changes. If you do not configure this setting, Boot Order Lock is disabled.                                                                                                        |
 | USB Boot                           | Allows you to manage booting to USB devices. If you do not configure this setting, USB Boot is enabled.                                                                                                                 |
-| Network Stack                      | Allows you to manage Network Stack boot settings. If you do not configure this setting,  the ability to manage Network Stack boot settings is enabled.                                                                                                           |
+| Network Stack                      | Allows you to manage Network Stack boot settings. If you do not configure this setting,  the ability to manage Network Stack boot settings is disabled.                                                                                                           |
 | Auto Power On                      | Allows you to manage Auto Power On boot settings. If you do not configure this setting, Auto Power on is enabled.                                                                                                        |
 | Simultaneous Multi-Threading (SMT) | Allows you to manage Simultaneous Multi-Threading (SMT) to enable or disable hyperthreading. If you do not configure this setting, SMT is enabled.                                                  |
 |Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
@@ -229,8 +228,8 @@ create a reset package using PowerShell to reset SEMM.
 
 ## Version History
 
-### Version 2.59.139
+### Version 2.59.
-* Support to Surface Pro 7 and Surface Laptop 3
+* Support to Surface Pro 7, Surface Pro X,  and Surface Laptop 3 13.5" and 15" models with Intel processor. Note:  Surface Laptop 3 15" AMD processor is not supported.
 - Support to Wake on Power feature
 
 ### Version 2.54.139.0

devices/surface/surface-manage-dfci-guide.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/20/2019
+ms.date: 11/13/2019
 ms.reviewer: jesko
 manager: dansimp
 ms.audience: itpro
@@ -29,9 +29,11 @@ In contrast to other Windows 10 devices available in the market today, Surface p
 
 Until now, managing firmware required enrolling devices into Surface Enterprise Management Mode (SEMM) with the overhead of ongoing manual IT-intensive tasks. As an example, SEMM requires IT staff to physically access each PC to enter a two-digit pin as part of the certificate management process. Although SEMM remains a good solution for organizations in a strictly on-premises environment, its complexity and IT-intensive requirements make it costly to use.
 
-Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console.
+Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console, now unified as [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). The following figure shows UEFI settings viewed directly on the device (left) and viewed in the Endpoint Manager console (right).
 
-DFCI leverages the device profiles capability in Intune and is deployed using Windows Autopilot, eliminating the need for manual interaction by IT admins or end users. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain a costly on-premises infrastructure.  
+![UEFI settings shown on device (left) and in the Endpoint Manager console (right) ](images/uefidfci.png)
+
+Crucially, DFCI enables zero touch management, eliminating the need for manual interaction by IT admins. DFCI is deployed via Windows Autopilot using the device profiles capability in Intune. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain on-premises infrastructure.  
 
 ## Supported devices
 
@@ -41,6 +43,9 @@ At this time, DFCI is supported in the following devices:
 - Surface Pro X
 - Surface Laptop 3
 
+> [!NOTE]
+> Surface Pro X does not support DFCI settings management for built-in camera, audio, and Wi-Fi/Bluetooth.
+
 ## Prerequisites
 
 - Devices must be registered with Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider) or OEM distributor.
@@ -59,30 +64,33 @@ A DFCI environment requires setting up a DFCI profile that contains  the setting
 
 Before configuring DFCI policy settings, first create a DFCI profile and assign it to the Azure AD security group that contains your target devices.
 
-1. Open Intune select **Device configuration > Profiles > Create profile** and enter a name; for example **My DFCI profile.**
+1. Sign into your tenant at  devicemanagement.microsoft.com.
-2. Select Windows 10 and later for platform type.
+2. In the Microsoft Endpoint Manager Admin Center, select **Devices > Configuration profiles > Create profile** and enter a name; for example, **DFCI Configuration Policy.**
-3. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 2 on this page below or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile.
+3. Select **Windows 10 and later** for platform type.
+4. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 1 on this page or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile.
 
-> ![Create DFCI profile](images/df1.png)
+    ![Create DFCI profile](images/df1.png)
 
-4. Click **OK** and then select **Create**.
+5. Click **OK** and then select **Create**.
-5. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**.
+6. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**.
 
-![Assign security group](images/df2a.png)
+    ![Assign security group](images/df2a.png)
 
 ## Create Autopilot profile
 
-1. Go to **Intune > Device enrollment > Windows enrollment** and scroll down to select **Deployment Profiles**.
+1. In Endpoint Manager at  devicemanagement.microsoft.com, select **devices > Windows enrollment** and scroll down to **Deployment profiles**.
-2. Select **Create profile**, enter a name; for example, My Autopilot profile, and select **Next**.
+2. Select **Create profile** and enter a name; for example, **My Autopilot profile**, and select **Next**.
 3. Select the following settings:
 
-- Deployment mode: **User-Driven**.
+    - Deployment mode: **User-Driven**.
-- Join type: Azure **AD joined**.
+    - Join type: Azure **AD joined**.
 
-4. Leave the remaining default settings unchanged and select **Next**
+4. Leave the remaining default settings unchanged and select **Next**, as shown in the following figure.
-5. On the Scope tags page, select **Next**.
+
-6. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**.
+    ![Create Autopilot profile](images/df3b.png)
-7. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group.
+
+5. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**.
+6. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group.
 
 ## Configure Enrollment Status Page
 
@@ -95,13 +103,15 @@ For more information, refer to [Set up an enrollment status page](https://docs.m
 
 DFCI includes a streamlined set of UEFI configuration policies that provide an extra level of security by locking down devices at the hardware level. DFCI is designed to be used in conjunction with mobile device management settings at the software level. Note that DFCI settings only affect hardware components built into Surface devices and do not extend to attached peripherals such as USB webcams. (However, you can use Device restriction policies in Intune to turn off access to attached peripherals at the software level).
 
-You configure DFCI policy settings by editing the DFCI profile:
+You configure DFCI policy settings by editing the DFCI profile from Endpoint Manager, as shown in the figure below. 
 
-- **Intune > Device configuration > Profiles > “DFCI profile name” > Properties > Settings**
+- In Endpoint Manager at  devicemanagement.microsoft.com, select **Devices > Windows > Configuration Profiles > “DFCI profile name” > Properties > Settings**.
+
+    ![Configure DFCI settings](images/dfciconfig.png)
 
 ### Block user access to UEFI settings
 
-For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in the followng table, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.**
+For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in Table 1, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.**
 The rest of the DFCI settings enable you to turn off functionality that would otherwise be available to users. For example, if you need to protect sensitive information in highly secure areas, you can disable the camera, and if you don’t want users booting from USB drives, you can disable that also.
 
 ### Table 1. DFCI scenarios
@@ -114,11 +124,11 @@ The rest of the DFCI settings enable you to turn off functionality that would ot
 | Disable radios (Bluetooth, Wi-Fi)             | Under **Built in Hardware > Radios (Bluetooth, Wi-Fi, etc…)**, select **Disabled**.                   |
 | Disable Boot from external media (USB, SD)    | Under **Built in Hardware > Boot Options > Boot from external media (USB, SD)**, select **Disabled**. |
 
+> [!CAUTION]
+> The **Disable radios (Bluetooth, Wi-Fi)** setting should only be used on devices that have a wired Ethernet connection.
  
 > [!NOTE]
->  DFCI in Intune includes two settings that do not currently apply to Surface devices:
+>  DFCI in Intune includes two settings that do not currently apply to Surface devices: (1) CPU and IO virtualization and (2) Disable Boot from network adapters.
-- CPU and IO virtualization
-- Disable Boot from network adapters
  
 Intune provides Scope tags to delegate administrative rights and Applicability Rules to manage device types. For more information about policy management support and full details on all DFCI settings, refer to [Microsoft Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows).
 
@@ -130,7 +140,7 @@ As stated above, DFCI can only be applied on devices registered in Windows Autop
 
 Although Intune policy settings typically get applied almost immediately, there may be a delay of 10 minutes before the settings take effect on targeted devices. In rare circumstances, delays of up to 8 hours are possible. To ensure settings apply as soon as possible, (such as in test scenarios), you can manually sync the target devices.
 
-- In Intune, go to **Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**.
+- In Endpoint Manager at  devicemanagement.microsoft.com, go to **Devices > Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**.
 
  For more information, refer to [Sync your Windows device manually](https://docs.microsoft.com/intune-user-help/sync-your-device-manually-windows).
 
@@ -144,12 +154,12 @@ In a test environment, you can verify settings in the Surface UEFI interface.
 1. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time.
 2. Select **Devices**. The UEFI menu will reflect configured settings, as shown in the following figure.
 
-![Surface UEFI](images/df3.png)
+    ![Surface UEFI](images/df3.png)
 
-Note how:
+    Note how:
 
-- The settings are greyed out because **Allow local user to change UEFI setting** is set to None.
+      - The settings are greyed out because **Allow local user to change UEFI setting** is set to None.
-- Audio is set to off because **Microphones and speakers** are set to **Disabled**.
+      - Audio is set to off because **Microphones and speakers** are set to **Disabled**.
 
 ## Removing DFCI policy settings
 
@@ -157,14 +167,19 @@ When you create a DFCI profile, all configured settings will remain in effect ac
 
 If the original DFCI profile has been deleted, you can remove policy settings by creating a new profile and then editing the settings, as appropriate.
 
-## Unregistering devices from DFCI to prepare for resale or recycle
+## Removing DFCI management
 
-1. Contact your partner, OEM, or reseller to unregister the device from Autopilot.
+**To remove DFCI management and return device to factory new state:**
-2. Remove the device from Intune.
+
-3. Connect a Surface-branded network adapter.
+1. Retire the device from Intune:
-4. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time.
+    1. In Endpoint Manager at  devicemanagement.microsoft.com, choose **Groups > All Devices**. Select the devices you want to retire, and then choose **Retire/Wipe.** To learn more refer to [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/remote-actions/devices-wipe). 
-5. Select **Management > Configure > Refresh from Network**.
+2. Delete the Autopilot registration from Intune:
-6. Validate DFCI is removed from the device in the UEFI.
+    1.  Choose **Device enrollment > Windows enrollment > Devices**.
+    2. Under Windows Autopilot devices, choose the devices you want to delete, and then choose **Delete**.
+3. Connect device to wired internet with Surface-branded ethernet adapter. Restart device and open the UEFI menu (press and hold the volume-up button while also pressing and releasing the power button).
+4. Select **Management > Configure > Refresh from Network** and then choose **Opt-out.**
+
+To keep managing the device with Intune, but without DFCI management, self-register the device to Autopilot and enroll it to Intune. DFCI will not be applied to self-registered devices.
 
 ## Learn more
 - [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333)

devices/surface/surface-pro-arm-app-management.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/03/2019
+ms.date: 11/20/2019
 ms.reviewer: jessko
 manager: dansimp
 ms.audience: itpro
@@ -36,7 +36,7 @@ Organizations already using modern management, security, and productivity soluti
 
 ## Image-based deployment considerations
 
-Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager (SCCM) operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager) currently do not support Surface Pro X for operating system deployment. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
 
 ## Managing Surface Pro X devices
 
@@ -48,7 +48,7 @@ For more information about setting up Intune, refer to the [Intune documentation
 
 ### Co-management
 
-Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client.
+Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
 
 ### Third party MDM solutions
 
@@ -69,6 +69,12 @@ Outside of personal devices that rely on Windows Update, servicing devices in mo
 > [!NOTE]
 > Surface Pro X supports Windows 10, version 1903 and later.
 
+### Windows Server Update Services
+Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
+
+For more information, refer to the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/sum/get-started/configure-classifications-and-products).
+
+
 ## Running apps on Surface Pro X
 
 Most apps run on ARM-based Windows 10 PCs with limited exclusions.
@@ -120,7 +126,7 @@ The following tables show the availability of selected key features on Surface P
 | Support for Network Boot (PXE)          | Yes           | Yes           |                                                                                                                                 |
 | Windows Configuration Designer          | Yes           | No            | Not recommended for Surface Pro X.                                                                                              |
 | WinPE                                   | Yes           | Yes           | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. |
-| SCCM: Operating System Deployment (OSD) | Yes           | No            | Not supported on Surface Pro X.                                                                                              |
+| Endpoint Configuration Manager: Operating System Deployment (OSD) | Yes           | No            | Not supported on Surface Pro X.                                                                                              |
 | MDT                                     | Yes           | No            | Not supported on Surface Pro X.                                                                                              |
 
 
@@ -129,7 +135,7 @@ The following tables show the availability of selected key features on Surface P
 | Intune                                        | Yes                 | Yes           | Manage LTE with eSIM profiles.                                                        |
 | Windows Autopilot                             | Yes                 | Yes           |                                                                                       |
 | Azure AD (co-management)                      | Yes                 | Yes           | Ability to join Surface Pro X to Azure AD or Active Directory (Hybrid Azure AD Join). |
-| SCCM                                          | Yes               | Yes           |                                                                                       |
+| Endpoint Configuration Manager                                          | Yes               | Yes           |                                                                                       |
 | Power on When AC Restore                      | Yes                 | Yes           |                                                                                   |
 | Surface Diagnostic Toolkit (SDT) for Business | Yes                 | Yes           |                                                                                   |
 | Surface Dock Firmware Update                  | Yes                 | Yes           |                                                                                   |
@@ -150,9 +156,9 @@ The following tables show the availability of selected key features on Surface P
 | Surface Data Eraser (SDE)         | Yes           | Yes           |                                                                                                                                                                                                                                                                                                                                                     
 ## FAQ
 
-### Can I deploy Surface Pro X with MDT or SCCM?
+### Can I deploy Surface Pro X with MDT or Endpoint Configuration Manager?
 
-The Microsoft Deployment Toolkit and System Center Configuration Manager operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+The Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager  currently do not support Surface Pro X for operating system deployment.Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
 
 ### How can I deploy Surface Pro X?
 
@@ -164,4 +170,4 @@ Yes.
 
 ### Is Intune required to manage Surface Pro X?
 
-Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client.
+Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.

devices/surface/surface-system-sku-reference.md

@@ -24,6 +24,9 @@ System Model and System SKU are variables that are stored in the System Manageme
 
 | Device   | System Model | System SKU       |
 | ---------- | ----------- | -------------- |
+| AMD Surface Laptop 3                                         | Surface 3        | Surface_Laptop_3_1873       |
+| Surface Laptop 3                                             | Surface 3        | Surface_Laptop_3_1867:1868       |
+| Surface Laptop 3                                             | Surface 3        | Surface_3                   
 | Surface 3 WiFI                                               | Surface 3        | Surface_3                        |
 | Surface 3 LTE AT&T                                           | Surface 3        | Surface_3_US1                    |
 | Surface 3 LTE Verizon                                        | Surface 3        | Surface_3_US2                    |

devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md

@@ -1,6 +1,6 @@
 ---
-title: Use System Center Configuration Manager to manage devices with SEMM (Surface)
+title: Use Microsoft Endpoint Configuration Manager to manage devices with SEMM (Surface)
-description: Find out how to use Microsoft Surface UEFI Manager to perform SEMM management with System Center Configuration Manager.
+description: Learn how to manage SEMM with Endpoint Configuration Manager.
 keywords: enroll, update, scripts, settings
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -9,21 +9,21 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/31/2019
+ms.date: 11/22/2019
 ms.reviewer: 
 manager: dansimp
 ms.localizationpriority: medium
 ms.audience: itpro
 ---
 
-# Use System Center Configuration Manager to manage devices with SEMM
+# Use Microsoft Endpoint Configuration Manager to manage devices with SEMM
 
 The Surface Enterprise Management Mode (SEMM) feature of Surface UEFI devices allows administrators to both manage and secure the configuration of Surface UEFI settings. For most organizations, this process is accomplished by creating Windows Installer (.msi) packages with the Microsoft Surface UEFI Configurator tool. These packages are then run or deployed to the client Surface devices to enroll the devices in SEMM and to update the Surface UEFI settings configuration.
 
-For organizations with System Center Configuration Manager, there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool.
+For organizations with Endpoint Configuration Manager, (formerly known as System Center Configuration Manager or SCCM) there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool.
 
 >[!Note]
->Although the process described in this article may work with earlier versions of System Center Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of System Center Configuration Manager.
+>Although the process described in this article may work with earlier versions of Endpoint Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of Endpoint Configuration Manager.
 
 #### Prerequisites
 
@@ -278,7 +278,7 @@ To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 sc
 The following code fragment, found on lines 380-477, is used to write these registry keys:
 
 ```
-380	# For SCCM or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry:
+380	# For Endpoint Configuration Manager or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry:
 381	$UTCDate = (Get-Date).ToUniversalTime().ToString()
 382	$certIssuer = $certPrint.Issuer
 383	$certSubject = $certPrint.Subject

devices/surface/windows-autopilot-and-surface-devices.md

@@ -13,7 +13,7 @@ ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.audience: itpro
-ms.date: 10/21/2019
+ms.date: 11/26/2019
 ---
 
 # Windows Autopilot and Surface devices
@@ -35,10 +35,17 @@ Enrolling Surface devices in Windows Autopilot at the time of purchase is a capa
 
 When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include: 
 
+- [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp) 
 - [Atea](https://www.atea.com/)
+- [Bechtle](https://www.bechtle.com/de-en) 
+- [Cancom](https://www.cancom.de/)
+- [CDW](https://www.cdw.com/)
+- [Computacenter](https://www.computacenter.com/uk)
 - [Connection](https://www.connection.com/brand/microsoft/microsoft-surface) 
 - [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)
 - [SHI](https://www.shi.com/Surface)
+- [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/)
+- [Techdata](https://www.techdata.com/)
 
 ## Learn more
 For more information about Windows Autopilot, refer to:

education/developers.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Hub
 
-title: M365 Education Documentation for developers
+title: Microsoft 365 Education Documentation for developers
 summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
 
 metadata:
-  title: M365 Education Documentation for developers
+  title: Microsoft 365 Education Documentation for developers
   description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
   ms.service: help
   ms.topic: hub-page

education/docfx.json

@@ -39,11 +39,21 @@
           "depot_name": "Win.education",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "contributors_to_exclude": [ 
+        "rjagiewich", 
+        "traya1", 
+        "rmca14", 
+        "claydetels19", 
+        "Kellylorenebaker",
+        "jborsecnik",
+        "tiburd",
+        "garycentric"
+      ]
     },
     "externalReference": [],
     "template": "op.html",
     "dest": "education",
     "markdownEngineName": "markdig"
-  }
+}
 }

education/images/EDU-FindHelp.svg

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 23.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 50 50" style="enable-background:new 0 0 50 50;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#E6E6E6;}
+	.st1{fill:#C2C2C2;}
+	.st2{fill:#0078D4;}
+</style>
+<title>EDUAdmins-50px</title>
+<path class="st0" d="M25.2,47.2c-12.3,0-22.3-10-22.3-22.3s10-22.3,22.3-22.3s22.3,10,22.3,22.3l0,0C47.6,37.2,37.6,47.2,25.2,47.2
+	C25.3,47.2,25.2,47.2,25.2,47.2z"/>
+<path class="st1" d="M25.2,3.7c11.7,0,21.1,9.5,21.1,21.1S36.9,46,25.2,46S4.1,36.5,4.1,24.9l0,0C4.1,13.2,13.6,3.7,25.2,3.7
+	L25.2,3.7 M25.2,1.4c-13,0-23.5,10.5-23.5,23.5s10.5,23.5,23.5,23.5s23.5-10.5,23.5-23.5l0,0C48.7,11.9,38.2,1.4,25.2,1.4L25.2,1.4z
+	"/>
+<g>
+	<title>toolbox</title>
+	<g>
+		<g id="SYMBOLS_1_">
+			<g id="toolbox_1_">
+				<g id="_Utility_-_Maintain_1_">
+					<path class="st2" d="M32.7,24.7c0.8,0,1.6-0.2,2.3-0.5c1.4-0.6,2.6-1.8,3.2-3.2c0.3-0.7,0.5-1.5,0.5-2.3c0-0.6-0.1-1.3-0.3-1.9
+						l-4.8,4.8l-3.8-3.8l4.8-4.8c-0.6-0.2-1.2-0.3-1.9-0.3c-0.8,0-1.6,0.2-2.3,0.5c-0.7,0.3-1.4,0.7-1.9,1.3c-0.5,0.5-1,1.2-1.3,1.9
+						s-0.5,1.5-0.5,2.3c0,0.3,0,0.6,0.1,0.9s0.1,0.6,0.2,0.9L15.5,31.9c-0.3,0.3-0.5,0.6-0.6,0.9c-0.3,0.7-0.3,1.5,0,2.1
+						c0.1,0.3,0.3,0.6,0.6,0.9c0.3,0.3,0.6,0.5,0.9,0.6s0.7,0.2,1.1,0.2s0.7-0.1,1.1-0.2c0.3-0.1,0.6-0.3,0.9-0.6L31,24.4
+						c0.3,0.1,0.6,0.1,0.9,0.2C32,24.6,32.4,24.7,32.7,24.7"/>
+				</g>
+			</g>
+		</g>
+	</g>
+</g>
+</svg>

education/images/EDU-ITJourney.svg

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 23.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 50 50" style="enable-background:new 0 0 50 50;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#E6E6E6;}
+	.st1{fill:#C2C2C2;}
+	.st2{fill:#939393;}
+	.st3{fill:#2F2F2F;}
+	.st4{fill:#0078D4;}
+</style>
+<title>EDUAdmins-50px</title>
+<path class="st0" d="M25.2,47.2c-12.3,0-22.3-10-22.3-22.3s10-22.3,22.3-22.3s22.3,10,22.3,22.3v0C47.6,37.2,37.6,47.2,25.2,47.2
+	C25.3,47.2,25.2,47.2,25.2,47.2z"/>
+<path class="st1" d="M25.2,3.7c11.7,0,21.1,9.5,21.1,21.1S36.9,46,25.2,46S4.1,36.5,4.1,24.9l0,0C4.1,13.2,13.6,3.7,25.2,3.7
+	L25.2,3.7 M25.2,1.4c-13,0-23.5,10.5-23.5,23.5s10.5,23.5,23.5,23.5s23.5-10.5,23.5-23.5l0,0C48.7,11.9,38.2,1.4,25.2,1.4
+	C25.2,1.4,25.2,1.4,25.2,1.4z"/>
+<g>
+	<title>MapPin-blue</title>
+	<polygon class="st2" points="34.5,27.8 32.5,21.8 28,21.8 27.9,27.8 	"/>
+	<polygon class="st2" points="23.5,21.8 19,21.8 17.1,27.8 23.4,27.8 	"/>
+	<path class="st2" d="M37.9,35.3l-2.2-6.6H28l0,0c0,1.4-1.1,2.5-2.5,2.5c-1.4,0-2.5-1.1-2.5-2.5h-7.5l-2.2,6.6H37.9z"/>
+	<path class="st3" d="M25.7,30c-0.4,0-0.7-0.3-0.7-0.7V18.8c0-0.4,0.3-0.7,0.7-0.7s0.7,0.3,0.7,0.7v10.4C26.4,29.7,26.1,30,25.7,30z
+		"/>
+	<path class="st4" d="M29.1,13.6c-0.2-0.4-0.5-0.8-0.8-1.2c-0.3-0.3-0.7-0.6-1.2-0.8c-0.5-0.2-1-0.3-1.5-0.3c-0.5,0-1,0.1-1.5,0.3
+		c-0.4,0.2-0.8,0.5-1.2,0.8c-0.3,0.3-0.6,0.7-0.8,1.2c-0.2,0.5-0.3,1-0.3,1.5c0,0.5,0.1,1,0.3,1.5c0.2,0.4,0.5,0.9,0.8,1.2
+		c0.2,0.2,0.3,0.3,0.5,0.4c0.2,0.1,0.4,0.3,0.7,0.4l0,0c0.2,0.1,0.5,0.2,0.7,0.2c0.5,0.1,1,0.1,1.5,0c0.3,0,0.5-0.1,0.7-0.2l0,0
+		c0.2-0.1,0.5-0.2,0.7-0.4c0.2-0.1,0.4-0.3,0.5-0.4c0.3-0.3,0.6-0.8,0.7-1.2c0.2-0.5,0.3-1,0.3-1.5C29.4,14.6,29.3,14.1,29.1,13.6z"
+		/>
+</g>
+</svg>

education/images/EDU-Teachers.svg

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 23.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 50 50" style="enable-background:new 0 0 50 50;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#E6E6E6;}
+	.st1{fill:#C2C2C2;}
+	.st2{fill:#939393;}
+	.st3{fill:#0078D4;}
+</style>
+<title>EDUAdmins-50px</title>
+<path class="st0" d="M25.2,47.2c-12.3,0-22.3-10-22.3-22.3s10-22.3,22.3-22.3s22.3,10,22.3,22.3v0C47.6,37.2,37.6,47.2,25.2,47.2
+	C25.3,47.2,25.2,47.2,25.2,47.2z"/>
+<path class="st1" d="M25.2,3.7c11.7,0,21.1,9.5,21.1,21.1S36.9,46,25.2,46S4.1,36.5,4.1,24.9l0,0C4.1,13.2,13.6,3.7,25.2,3.7
+	L25.2,3.7 M25.2,1.4c-13,0-23.5,10.5-23.5,23.5s10.5,23.5,23.5,23.5s23.5-10.5,23.5-23.5l0,0C48.7,11.9,38.2,1.4,25.2,1.4
+	C25.2,1.4,25.2,1.4,25.2,1.4z"/>
+<g>
+	<title>PresenterPresentationChart-blue</title>
+	<path class="st2" d="M27.4,28.3C27.1,27.7,27,27,27,26.4c0-0.7,0.1-1.3,0.4-1.9c0.3-0.6,0.6-1.1,1-1.6c0.4-0.4,1-0.8,1.5-1
+		c1.2-0.5,2.6-0.5,3.9,0c0.5,0.2,1,0.5,1.4,0.9V15h-3.1l-9-0.1L13,14.7v7l-0.1,4.1v3.8h15.4C27.9,29.2,27.6,28.8,27.4,28.3z"/>
+	<path class="st3" d="M30.6,29.4c0.2,0.1,0.4,0.1,0.5,0.2h1.5c0.2,0,0.4-0.1,0.5-0.2c0.8-0.3,1.4-1,1.8-1.7c0.4-0.8,0.4-1.7,0-2.6
+		c-0.2-0.4-0.4-0.7-0.7-1c-0.3-0.3-0.7-0.5-1.1-0.7c-0.8-0.3-1.7-0.3-2.6,0c-0.4,0.2-0.7,0.4-1,0.7c-0.3,0.3-0.5,0.7-0.7,1
+		c-0.4,0.8-0.4,1.7,0,2.6c0.2,0.4,0.4,0.7,0.7,1C29.9,29,30.3,29.2,30.6,29.4z"/>
+	<path class="st3" d="M33.9,31.7c-0.6-0.3-1.3-0.4-2-0.4c-0.7,0-1.3,0.1-2,0.4c-1.2,0.5-2.1,1.4-2.6,2.6C27.1,34.9,27,35.4,27,36
+		h9.9c0-0.6-0.1-1.2-0.4-1.7C36,33.1,35.1,32.2,33.9,31.7z"/>
+</g>
+</svg>

education/index.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Hub
 
-title: M365 Education Documentation
+title: Microsoft 365 Education Documentation
 summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education.
 
 metadata:
-  title: M365 Education Documentation
+  title: Microsoft 365 Education Documentation
   description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
   ms.service: help
   ms.topic: hub-page

education/itadmins.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Hub
 
-title: M365 Education Documentation for IT admins
+title: Microsoft 365 Education Documentation for IT admins
-summary: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
+summary: Microsoft 365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
 
 metadata:
-  title: M365 Education Documentation for IT admins
+  title: Microsoft 365 Education Documentation for IT admins
   description: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
   ms.service: help
   ms.topic: hub-page
@@ -13,7 +13,7 @@ metadata:
   ms.date: 10/24/2019
 
 productDirectory:
-  summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. Check out at https://edujourney.microsoft.com/. Find help now at https://docs.microsoft.com/microsoft-365/education/deploy/find-deployment-help.
+  summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments.
   items:
     # Card    
     - title: Phase 1 - Cloud deployment
@@ -71,7 +71,7 @@ productDirectory:
         - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-sharepoint-server-hybrid
           text: Deploy SharePoint Server Hybrid
     # Card
-    - title: Security & Compliance
+    - title: Security & compliance
       imageSrc: ./images/EDU-Lockbox.svg
       links:
         - url: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-checklist-p2
@@ -87,10 +87,34 @@ productDirectory:
         - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
           text: Deploying Lockbox
     # Card    
-    - title: Analytics & Insights
+    - title: Analytics & insights
       imageSrc: ./images/EDU-Education.svg
       links:
         - url: https://docs.microsoft.com/en-us/power-bi/service-admin-administering-power-bi-in-your-organization
           text: Power BI for IT admins
         - url: https://docs.microsoft.com/en-us/dynamics365/#pivot=get-started
           text: Dynamics 365
+    # Card    
+    - title: Find deployment help
+      imageSrc: ./images/EDU-FindHelp.svg
+      links:
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/find-deployment-help
+          text: IT admin help
+        - url: https://social.technet.microsoft.com/forums/en-us/home
+          text: TechNet
+    # Card    
+    - title: Check out our education journey
+      imageSrc: ./images/EDU-ITJourney.svg
+      links:
+        - url: https://edujourney.microsoft.com/k-12/
+          text: K-12
+        - url: https://edujourney.microsoft.com/hed/
+          text: Higher education
+    # Card    
+    - title: Additional support resources
+      imageSrc: ./images/EDU-Teachers.svg
+      links:
+        - url: https://support.office.com/en-us/education
+          text: Education help center
+        - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921
+          text: Teacher training packs

education/partners.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Hub
 
-title: M365 Education Documentation for partners
+title: Microsoft 365 Education Documentation for partners
 summary: Looking for resources available to Microsoft Education partners? Start here.
 
 metadata:
-  title: M365 Education Documentation for partners
+  title: Microsoft 365 Education Documentation for partners
   description: Looking for resources available to Microsoft Education partners? Start here.
   ms.service: help
   ms.topic: hub-page

education/windows/deploy-windows-10-in-a-school-district.md

@@ -1617,7 +1617,7 @@ As a final quality control step, verify the device configuration to ensure that
 * The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
 * Windows Update is active and current with software updates.
 * Windows Defender is active and current with malware Security intelligence.
-* The SmartScreen Filter is active.
+* Windows Defender SmartScreen is active.
 * All Microsoft Store apps are properly installed and updated.
 * All Windows desktop apps are properly installed and updated.
 * Printers are properly configured.

education/windows/deploy-windows-10-in-a-school.md

@@ -1096,7 +1096,7 @@ As a final quality control step, verify the device configuration to ensure that
 - The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
 - Windows Update is active and current with software updates.
 - Windows Defender is active and current with malware Security intelligence.
-- The SmartScreen Filter is active.
+- Windows Defender SmartScreen is active.
 - All Microsoft Store apps are properly installed and updated.
 - All Windows desktop apps are properly installed and updated.
 - Printers are properly configured.

mdop/agpm/index.md

@@ -19,7 +19,7 @@ Microsoft Advanced Group Policy Management (AGPM) extends the capabilities of th
 ## AGPM Version Information
 
 
-[AGPM 4.0 SP3](agpm-40-sp3-navengl.md) supports Windows 10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
+[AGPM 4.0 SP3](agpm-40-sp3-navengl.md) supports Windows 10, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
 
 [AGPM 4.0 SP2](agpm-40-sp2-navengl.md) supports Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
 

mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md

@@ -1,3 +1,4 @@
+---
 ms.reviewer: 
 title: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User
 description: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User

mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md

@@ -1,3 +1,4 @@
+---
 ms.reviewer: 
 title: How to Use an App-V 4.6 Application From an App-V 5.0 Application
 description: How to Use an App-V 4.6 Application From an App-V 5.0 Application

mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md

@@ -49,7 +49,7 @@ The following items are required or recommended for creating the DaRT recovery i
 </tr>
 <tr class="odd">
 <td align="left"><p>Windows Debugging Tools for your platform</p></td>
-<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: <a href="https://go.microsoft.com/fwlink/?LinkId=99934" data-raw-source="[Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934)">Download and Install Debugging Tools for Windows</a>.</p></td>
+<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: <a href="https://docs.microsoft.com/windows-hardware/drivers/debugger/" data-raw-source="[Download and Install Debugging Tools for Windows](https://docs.microsoft.com/windows-hardware/drivers/debugger/)">Download and Install Debugging Tools for Windows</a>.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Optional: Windows symbols files for use with <strong>Crash Analyzer</strong></p></td>
@@ -62,7 +62,6 @@ The following items are required or recommended for creating the DaRT recovery i
 
 ## Related topics
 
-
 [Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md)
 
  
@@ -72,4 +71,3 @@ The following items are required or recommended for creating the DaRT recovery i
 
 
 
-

mdop/docfx.json

@@ -41,7 +41,17 @@
           "depot_name": "Win.mdop",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "contributors_to_exclude": [ 
+        "rjagiewich", 
+        "traya1", 
+        "rmca14", 
+        "claydetels19", 
+        "Kellylorenebaker",
+        "jborsecnik",
+        "tiburd",
+        "garycentric"
+      ]
     },
     "externalReference": [],
     "template": "op.html",

mdop/mbam-v1/getting-started-with-mbam-10.md

@@ -13,9 +13,12 @@ ms.prod: w10
 ms.date: 08/30/2016
 ---
 
-
 # Getting Started with MBAM 1.0
 
+> **IMPORTANT**
+> MBAM 1.0 will reach end of support on September 14, 2021. 
+> See our [lifecycle page](https://support.microsoft.com/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%201.0) for more information. We recommend [migrating to MBAM 2.5](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions) or another supported version of MBAM, or migrating your BitLocker management to [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager).
+
 
 Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership.
 

smb/docfx.json

@@ -37,7 +37,17 @@
           "depot_name": "TechNet.smb",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "contributors_to_exclude": [ 
+        "rjagiewich", 
+        "traya1", 
+        "rmca14", 
+        "claydetels19", 
+        "Kellylorenebaker",
+        "jborsecnik",
+        "tiburd",
+        "garycentric"
+      ]
     },
     "fileMetadata": {},
     "template": [],

store-for-business/docfx.json

@@ -47,7 +47,17 @@
           "depot_name": "MSDN.store-for-business",
           "folder_relative_path_in_docset": "./"
         }
-      }
+      },
+      "contributors_to_exclude": [ 
+        "rjagiewich", 
+        "traya1", 
+        "rmca14", 
+        "claydetels19", 
+        "Kellylorenebaker",
+        "jborsecnik",
+        "tiburd",
+        "garycentric"
+      ]
     },
     "fileMetadata": {},
     "template": [],

windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md

@@ -1,5 +1,5 @@
 ---
-title: How to Allow Only Administrators to Enable Connection Groups (Windows 10)
+title: Only Allow Admins to Enable Connection Groups (Windows 10)
 description: How to Allow Only Administrators to Enable Connection Groups
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization

windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md

@@ -1,5 +1,5 @@
 ---
-title: How to apply the deployment configuration file by using Windows PowerShell (Windows 10)
+title: Apply deployment config file via Windows PowerShell (Windows 10)
 description: How to apply the deployment configuration file by using Windows PowerShell for Windows 10.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization

windows/application-management/app-v/appv-auto-clean-unpublished-packages.md

@@ -1,5 +1,5 @@
 ---
-title: Automatically clean up unpublished packages on the App-V client (Windows 10)
+title: Auto-remove unpublished packages on App-V client (Windows 10)
 description: How to automatically clean up any unpublished packages on your App-V client devices.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization

windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md

@@ -1,5 +1,5 @@
 ---
-title: How to Install the Publishing Server on a Remote Computer (Windows 10)
+title: Install the Publishing Server on a Remote Computer (Windows 10)
 description: How to Install the App-V Publishing Server on a Remote Computer
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization

windows/client-management/connect-to-remote-aadj-pc.md

@@ -46,15 +46,22 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
      >
      >`net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"`, where *FirstnameLastname* is the name of the user profile in C:\Users\, which is created based on DisplayName attribute in Azure AD.
      >
+     > This command only works for AADJ device users already added to any of the local groups (administrators).
+     > Otherwise this command throws the below error. For example: </br>
+     > for cloud only user: "There is no such global user or group : *name*" </br>
+     > for synced user: "There is no such global user or group : *name*" </br>
+     >
      >In Windows 10, version 1709, the user does not have to sign in to the remote device first.
      >
      >In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
 
   4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
-  >[!TIP]
+  > [!TIP]
-  >When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+  > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
 
+> [!Note]
+> If you cannot connect using Remote Desktop Connection 6.0, then you must turn off new features of RDP 6.0 and revert back to RDP 5.0 by changing a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
  
 ## Supported configurations
  

windows/client-management/img-boot-sequence.md

@@ -1,6 +1,6 @@
 ---
-description: A full-sized view of the boot sequence flowchart.
 title: Boot sequence flowchart
+description: A full-sized view of the boot sequence flowchart.
 ms.date: 11/16/2018
 ms.reviewer: 
 manager: dansimp
@@ -10,8 +10,8 @@ ms.topic: article
 ms.prod: w10
 ---
 
+# Boot sequence flowchart
+
 Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)<br>
 
-
 ![Full-sized boot sequence flowchart](images/boot-sequence.png)
-

windows/client-management/manage-settings-app-with-group-policy.md

@@ -12,13 +12,13 @@ ms.author: dansimp
 ms.topic: article
 ---
 
+# Manage the Settings app with Group Policy
+
+
 **Applies to**
 
 -   Windows 10, Windows Server 2016
 
-
-# Manage the Settings app with Group Policy
-
 You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
 To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
 

windows/client-management/mdm/TOC.md

@@ -237,7 +237,6 @@
 #### [Security](policy-csp-security.md)
 #### [ServiceControlManager](policy-csp-servicecontrolmanager.md)
 #### [Settings](policy-csp-settings.md)
-#### [SmartScreen](policy-csp-smartscreen.md)
 #### [Speech](policy-csp-speech.md)
 #### [Start](policy-csp-start.md)
 #### [Storage](policy-csp-storage.md)
@@ -253,6 +252,7 @@
 #### [Wifi](policy-csp-wifi.md)
 #### [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md)
 #### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)
+#### [WindowsDefenderSmartScreen](policy-csp-smartscreen.md)
 #### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
 #### [WindowsLogon](policy-csp-windowslogon.md)
 #### [WindowsPowerShell](policy-csp-windowspowershell.md)

windows/client-management/mdm/applicationcontrol-csp-ddf.md

@@ -1,6 +1,6 @@
 ---
-title: ApplicationControl CSP
+title: ApplicationControl CSP DDF
-description: ApplicationControl CSP
+description: This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/applicationcontrol-csp.md

@@ -40,7 +40,7 @@ This node is the policy binary itself, which is encoded as base64.
 
 Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
 
-Value type is b64. Supported value is any well-formed WDAC policy, i.e. the base64-encoded content output by the ConvertFrom-CIPolicy cmdlet.
+Value type is b64. Supported value is a binary file, converted from the policy XML file by the ConvertFrom-CIPolicy cmdlet.
 
 Default value is empty.
 
@@ -118,8 +118,7 @@ To use ApplicationControl CSP, you must:
 - Know a generated policy’s GUID, which can be found in the policy xml as `<PolicyTypeID>`.
 - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
 
-If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI
+If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy via uploading the binary file.
-functionality to apply the Code Integrity policy.
 
 ### Deploy policies
 To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below.

windows/client-management/mdm/applocker-csp.md

@@ -9,7 +9,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: lomayor
-ms.date: 07/25/2019
+ms.date: 11/19/2019
 ---
 
 # AppLocker CSP
@@ -24,7 +24,7 @@ The following diagram shows the AppLocker configuration service provider in tree
 <a href="" id="--vendor-msft-applocker"></a>**./Vendor/MSFT/AppLocker**  
 Defines the root node for the AppLocker configuration service provider.
 
-<a href="" id="applicationlaunchrestrictions"></a>**ApplicationLaunchRestrictions**
+<a href="" id="applocker-applicationlaunchrestrictions"></a>**AppLocker/ApplicationLaunchRestrictions**  
 Defines restrictions for applications.
 
 > [!NOTE]
@@ -40,7 +40,133 @@ Additional information:
 - [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps.
 - [Whitelist example](#whitelist-examples) - example for Windows 10 Mobile that denies all apps except the ones listed.
 
-<a href="" id="enterprisedataprotection"></a>**EnterpriseDataProtection**
+<a href="" id="applocker-applicationlaunchrestrictions-grouping"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_**  
+Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
+Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-exe"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE**  
+Defines restrictions for launching executable applications.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-exe-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-exe-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-exe-noninteractiveprocessenforcement"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/NonInteractiveProcessEnforcement**  
+The data type is a string.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-msi"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI**  
+Defines restrictions for executing Windows Installer files.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-msi-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-msi-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-script"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script**  
+Defines restrictions for running scripts.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-script-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-script-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-storeapps"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps**  
+Defines restrictions for running apps from the Microsoft Store.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-storeapps-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-storeapps-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-dll"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL**  
+Defines restrictions for processing DLL files.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-dll-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-dll-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-dll-noninteractiveprocessenforcement"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/NonInteractiveProcessEnforcement**  
+The data type is a string.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-codeintegrity"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity**  
+This node is only supported on the desktop. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-codeintegrity-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is Base64.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+> [!NOTE]
+> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP.
+
+<a href="" id="applocker-enterprisedataprotection"></a>**AppLocker/EnterpriseDataProtection**  
 Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
 
 In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.
@@ -61,115 +187,35 @@ Additional information:
 
 - [Recommended deny list for Windows Information Protection](#recommended-deny-list-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
 
-Each of the previously listed nodes contains a **Grouping** node.
+<a href="" id="applocker-enterprisedataprotection-grouping"></a>**AppLocker/EnterpriseDataProtection/_Grouping_**  
+Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
+Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
 
-<table>
+Supported operations are Get, Add, Delete, and Replace.
-<colgroup>
-<col width="20%" />
-<col width="80%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Term</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><strong>Grouping</strong></p></td>
-<td><p>Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.</p>
-<p>Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-</tbody>
-</table>
 
+<a href="" id="applocker-enterprisedataprotection-grouping-exe"></a>**AppLocker/EnterpriseDataProtection/_Grouping_/EXE**  
+Defines restrictions for launching executable applications.
 
+Supported operations are Get, Add, Delete, and Replace.
 
-In addition, each **Grouping** node contains one or more of the following nodes:
+<a href="" id="applocker-enterprisedataprotection-grouping-exe-policy"></a>**AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
 
-<table>
+Data type is string. 
-<colgroup>
-<col width="20%" />
-<col width="80%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Term</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><strong>EXE</strong></p></td>
-<td><p>Defines restrictions for launching executable applications.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>MSI</strong></p></td>
-<td><p>Defines restrictions for executing Windows Installer files.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Script</strong></p></td>
-<td><p>Defines restrictions for running scripts.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>StoreApps</strong></p></td>
-<td><p>Defines restrictions for running apps from the Microsoft Store.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>DLL</strong></p></td>
-<td><p>Defines restrictions for processing DLL files.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>CodeIntegrity</strong></p></td>
-<td><p>This node is only supported on the desktop. Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-</tbody>
-</table>
 
+Supported operations are Get, Add, Delete, and Replace.
 
+<a href="" id="applocker-enterprisedataprotection-grouping-storeapps"></a>**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps**  
+Defines restrictions for running apps from the Microsoft Store.
 
-Each of the previous nodes contains one or more of the following leaf nodes:
+Supported operations are Get, Add, Delete, and Replace.
 
-<table>
+<a href="" id="applocker-enterprisedataprotection-grouping-exe-storeapps"></a>**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps/Policy**  
-<colgroup>
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
-<col width="20%" />
-<col width="80%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Term</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><strong>Policy</strong></p></td>
-<td><p>Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.</p>
-<p>For nodes, other than CodeIntegrity, policy leaf data type is string. Supported operations are Get, Add, Delete, and Replace.</p>
-<p>For CodeIntegrity/Policy, data type is Base64. Supported operations are Get, Add, Delete, and Replace.</td>
-</tr>
-<tr class="even">
-<td><p><strong>EnforcementMode</strong></p></td>
-<td><p>The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).</p>
-<p>The data type is a string. Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>NonInteractiveProcessEnforcement</strong></p></td>
-<td><p>The data type is a string.</p>
-<p>Supported operations are Add, Delete, Get, and Replace.</p></td>
-</tr>
-</tbody>
-</table>
 
-> [!NOTE]
+Data type is string.
-> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP.
 
+Supported operations are Get, Add, Delete, and Replace.
 
 ## <a href="" id="productname"></a>Find publisher and product name of apps
 
@@ -239,7 +285,6 @@ The following table show the mapping of information to the AppLocker publisher r
 </table>
 
 
-
 Here is an example AppLocker publisher rule:
 
 ``` syntax
@@ -319,7 +364,7 @@ Result
 <td><p>windowsPhoneLegacyId</p></td>
 <td><p>Same value maps to the ProductName and Publisher name</p>
 <p>This value will only be present if there is a XAP package associated with the app in the Store.</p>
-<p>If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and anothe one using the windowsPhoneLegacyId value.</p></td>
+<p>If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.</p></td>
 </tr>
 </tbody>
 </table>
@@ -668,12 +713,12 @@ The following list shows the apps that may be included in the inbox.
 <td>Microsoft.MSPodcast</td>
 </tr>
 <tr class="odd">
-<td>Posdcast downloads</td>
+<td>Podcast downloads</td>
 <td>063773e7-f26f-4a92-81f0-aa71a1161e30</td>
 <td></td>
 </tr>
 <tr class="even">
-<td>Powerpoint</td>
+<td>PowerPoint</td>
 <td>b50483c4-8046-4e1b-81ba-590b24935798</td>
 <td>Microsoft.Office.PowerPoint</td>
 </tr>

windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md

@@ -1,6 +1,6 @@
 ---
-title: EnrollmentStatusTracking CSP
+title: EnrollmentStatusTracking DDF
-description: EnrollmentStatusTracking CSP
+description: This topic shows the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/enrollmentstatustracking-csp.md

@@ -1,6 +1,6 @@
 ---
 title: EnrollmentStatusTracking CSP
-description: EnrollmentStatusTracking CSP
+description: During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -11,7 +11,6 @@ ms.date: 05/21/2019
 
 # EnrollmentStatusTracking CSP
 
-
 During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status).
 
 ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. See [DMClient CSP](dmclient-csp.md) for more information.

windows/client-management/mdm/implement-server-side-mobile-application-management.md

@@ -1,5 +1,5 @@
 ---
-title: Implement server-side support for mobile application management on Windows 
+title: Provide server-side support for mobile app management on Windows
 description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP).
 ms.author: dansimp
 ms.topic: article

windows/client-management/mdm/index.md

@@ -34,7 +34,7 @@ With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM secur
 
 The MDM security baseline includes policies that cover the following areas:
 
-- Microsoft inbox security technology (not deprecated) such as Bitlocker, Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
+- Microsoft inbox security technology (not deprecated) such as Bitlocker, Windows Defender Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
 - Restricting remote access to devices
 - Setting credential requirements for passwords and PINs
 - Restricting use of legacy technology

windows/client-management/mdm/networkproxy-csp.md

@@ -84,7 +84,7 @@ Valid values:
 
 The data type is integer. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
 
-# Configuration Example
+## Configuration Example
 
 These generic code portions for the options **ProxySettingsPerUser**, **Autodetect**, and **SetupScriptURL** can be used for a specific operation, for example Replace.  Only enter the portion of code needed in the **Replace** section.
 ```xml

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -21,7 +21,7 @@ ms.date: 07/01/2019
 
 This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
 
-For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347). 
+For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347). 
 
 - **What’s new in MDM for Windows 10 versions**
   - [What’s new in MDM for Windows 10, version 1909](#whats-new-in-mdm-for-windows-10-version-1909)
@@ -58,6 +58,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
   - [What is dmwappushsvc?](#what-is-dmwappushsvc)
 
 - **Change history in MDM documentation**
+    - [November 2019](#november-2019)
     - [October 2019](#october-2019)
     - [September 2019](#september-2019)
     - [August 2019](#august-2019)
@@ -1934,6 +1935,13 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 
 ## Change history in MDM documentation
 
+### November 2019
+
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.|
+|[DiagnosticLog CSP](diagnosticlog-csp.md)|Added substantial updates to this CSP doc.|
+
 ### October 2019
 
 |New or updated topic | Description|

windows/client-management/mdm/passportforwork-csp.md

@@ -190,7 +190,7 @@ Default value is false. If you set this policy to true, Remote Windows Hello for
 
 Supported operations are Add, Get, Delete, and Replace.
 
-*Not supported on Windows Holographic and Windows Holographic for Business.*
+*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
 
 <a href="" id="tenantid-policies-usehellocertificatesassmartcardcertificates"></a>***TenantId*/Policies/UseHelloCertificatesAsSmartCardCertificates** (only for ./Device/Vendor/MSFT)  
 Added in Windows 10, version 1809. If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates.
@@ -206,7 +206,7 @@ This node is deprecated. Use **Biometrics/UseBiometrics** node instead.
 
 <a href="" id="biometrics--only-for---device-vendor-msft-"></a>**Biometrics** (only for ./Device/Vendor/MSFT)  
 Node for defining biometric settings. This node was added in Windows 10, version 1511.
-*Not supported on Windows Holographic and Windows Holographic for Business.*
+*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
 
 <a href="" id="biometrics-usebiometrics--only-for---device-vendor-msft-"></a>**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)  
 Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511.
@@ -230,7 +230,7 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re
 
 Supported operations are Add, Get, Delete, and Replace.
 
-*Not supported on Windows Holographic and Windows Holographic for Business.*
+*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
 
 <a href="" id="deviceunlock"></a>**DeviceUnlock** (only for ./Device/Vendor/MSFT)  
 Added in Windows 10, version 1803. Interior node.

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -3202,7 +3202,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-### SmartScreen policies
+### Windows Defender SmartScreen policies
 
 <dl>
   <dd>

windows/client-management/mdm/policy-csp-browser.md

@@ -1748,7 +1748,7 @@ Most restricted value: 1
 To verify AllowSmartScreen is set to 0 (not allowed):
 
 1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2.  Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.
+2.  Verify that the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.
 
 <!--/Validation-->
 <!--/Policy-->

windows/client-management/mdm/policy-csp-deliveryoptimization.md

@@ -780,7 +780,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix
+Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
 
 When set, the Group ID will be assigned automatically from the selected source.
 
@@ -790,6 +790,8 @@ The options set in this policy only apply to Group (2) download mode. If Group (
 
 For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.
 
+Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5.
+
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
@@ -807,6 +809,7 @@ The following list shows the supported values:
 -   2 - Authenticated domain SID
 -   3 - DHCP user option
 -   4 - DNS suffix
+-   5 - AAD
 
 <!--/SupportedValues-->
 <!--/Policy-->