**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
**Cortana.** Enabled by default in Microsoft Edge, Cortona lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
|IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.
**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
|
+|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
**Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
|IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.
**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
|
## Configure the Enterprise Mode Site List
diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md
index bc91700ced..c13c677abc 100644
--- a/browsers/edge/group-policies/developer-settings-gp.md
+++ b/browsers/edge/group-policies/developer-settings-gp.md
@@ -4,7 +4,7 @@ description: Microsoft Edge, by default, allows users to use the F12 developer t
services:
keywords:
ms.localizationpriority: medium
-managre: dougkim
+manager: dougkim
author: eavena
ms.author: eravena
ms.date: 10/02/2018
diff --git a/browsers/edge/includes/allow-address-bar-suggestions-include.md b/browsers/edge/includes/allow-address-bar-suggestions-include.md
index f929fb7f8f..4c5c1fe4dd 100644
--- a/browsers/edge/includes/allow-address-bar-suggestions-include.md
+++ b/browsers/edge/includes/allow-address-bar-suggestions-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-adobe-flash-include.md b/browsers/edge/includes/allow-adobe-flash-include.md
index 6747a07952..47675924db 100644
--- a/browsers/edge/includes/allow-adobe-flash-include.md
+++ b/browsers/edge/includes/allow-adobe-flash-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-clearing-browsing-data-include.md b/browsers/edge/includes/allow-clearing-browsing-data-include.md
index 5c3ce25d1e..64bd285ba5 100644
--- a/browsers/edge/includes/allow-clearing-browsing-data-include.md
+++ b/browsers/edge/includes/allow-clearing-browsing-data-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-config-updates-books-include.md b/browsers/edge/includes/allow-config-updates-books-include.md
index 345cc3f9b9..49a95f52da 100644
--- a/browsers/edge/includes/allow-config-updates-books-include.md
+++ b/browsers/edge/includes/allow-config-updates-books-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-cortana-include.md b/browsers/edge/includes/allow-cortana-include.md
index afd31cd7e8..2344e1dd4c 100644
--- a/browsers/edge/includes/allow-cortana-include.md
+++ b/browsers/edge/includes/allow-cortana-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-dev-tools-include.md b/browsers/edge/includes/allow-dev-tools-include.md
index be5ef149fb..d23b42dea1 100644
--- a/browsers/edge/includes/allow-dev-tools-include.md
+++ b/browsers/edge/includes/allow-dev-tools-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-enable-book-library-include.md b/browsers/edge/includes/allow-enable-book-library-include.md
index 71fb486b11..ca38514f37 100644
--- a/browsers/edge/includes/allow-enable-book-library-include.md
+++ b/browsers/edge/includes/allow-enable-book-library-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
index 2af0ce9447..bf40a1e858 100644
--- a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
+++ b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-extensions-include.md b/browsers/edge/includes/allow-extensions-include.md
index 88e44401f9..6660627600 100644
--- a/browsers/edge/includes/allow-extensions-include.md
+++ b/browsers/edge/includes/allow-extensions-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-full-screen-include.md b/browsers/edge/includes/allow-full-screen-include.md
index 1554d6cbd9..286ac8e876 100644
--- a/browsers/edge/includes/allow-full-screen-include.md
+++ b/browsers/edge/includes/allow-full-screen-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-inprivate-browsing-include.md b/browsers/edge/includes/allow-inprivate-browsing-include.md
index b7789c77a2..bce38eb870 100644
--- a/browsers/edge/includes/allow-inprivate-browsing-include.md
+++ b/browsers/edge/includes/allow-inprivate-browsing-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
index acefcbd014..8da879cdd9 100644
--- a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
+++ b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-prelaunch-include.md b/browsers/edge/includes/allow-prelaunch-include.md
index 3762725027..0aad17ca17 100644
--- a/browsers/edge/includes/allow-prelaunch-include.md
+++ b/browsers/edge/includes/allow-prelaunch-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
@@ -40,7 +40,7 @@ ms:topic: include
- **Data type:** Integer
#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
- **Value name:** AllowPrelaunch
- **Value type:** REG_DWORD
diff --git a/browsers/edge/includes/allow-printing-include.md b/browsers/edge/includes/allow-printing-include.md
index 2a1743d2e2..dd60c9aaba 100644
--- a/browsers/edge/includes/allow-printing-include.md
+++ b/browsers/edge/includes/allow-printing-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-saving-history-include.md b/browsers/edge/includes/allow-saving-history-include.md
index 46d3314710..49913f23c9 100644
--- a/browsers/edge/includes/allow-saving-history-include.md
+++ b/browsers/edge/includes/allow-saving-history-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-search-engine-customization-include.md b/browsers/edge/includes/allow-search-engine-customization-include.md
index 05eed1a7ca..6c1fb2e5db 100644
--- a/browsers/edge/includes/allow-search-engine-customization-include.md
+++ b/browsers/edge/includes/allow-search-engine-customization-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-shared-folder-books-include.md b/browsers/edge/includes/allow-shared-folder-books-include.md
index d1db5f5f93..712fba9532 100644
--- a/browsers/edge/includes/allow-shared-folder-books-include.md
+++ b/browsers/edge/includes/allow-shared-folder-books-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md
index bb8637ba79..0c1108d2d5 100644
--- a/browsers/edge/includes/allow-sideloading-extensions-include.md
+++ b/browsers/edge/includes/allow-sideloading-extensions-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md
index c691d20211..b6ba4f0e8e 100644
--- a/browsers/edge/includes/allow-tab-preloading-include.md
+++ b/browsers/edge/includes/allow-tab-preloading-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
@@ -38,8 +38,8 @@ ms:topic: include
- **Data type:** Integer
#### Registry settings
-- **Path:** HKCU\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
-- **Create Value name:** AllowPrelaunch
+- **Path:** HKCU\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader
+- **Create Value name:** AllowTabPreloading
- **Value type:** REG_DWORD
- **DWORD Value:** 1
diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
index ac9e26abee..ece2371a32 100644
--- a/browsers/edge/includes/allow-web-content-new-tab-page-include.md
+++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
@@ -5,7 +5,7 @@ ms.date: 11/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/always-enable-book-library-include.md b/browsers/edge/includes/always-enable-book-library-include.md
index b248006ae5..5edf01302b 100644
--- a/browsers/edge/includes/always-enable-book-library-include.md
+++ b/browsers/edge/includes/always-enable-book-library-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-additional-search-engines-include.md b/browsers/edge/includes/configure-additional-search-engines-include.md
index 42bd2950bd..be90043b57 100644
--- a/browsers/edge/includes/configure-additional-search-engines-include.md
+++ b/browsers/edge/includes/configure-additional-search-engines-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
index 4b312f4e12..a1ee2cc569 100644
--- a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
+++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-autofill-include.md b/browsers/edge/includes/configure-autofill-include.md
index 463319afbe..18e02058ad 100644
--- a/browsers/edge/includes/configure-autofill-include.md
+++ b/browsers/edge/includes/configure-autofill-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
index 9b5202659a..1f55150328 100644
--- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
+++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-cookies-include.md b/browsers/edge/includes/configure-cookies-include.md
index a4b9740cfc..a8a8fd2d5f 100644
--- a/browsers/edge/includes/configure-cookies-include.md
+++ b/browsers/edge/includes/configure-cookies-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|-----------------------------------------------|:------------------------------------------------:|
| Enabled | 0 | 0 | Block all cookies from all sites. |  |
-| Enabled | 1 | 1 | Block only coddies from third party websites. | |
+| Enabled | 1 | 1 | Block only cookies from third party websites. | |
| Disabled or not configured **(default)** | 2 | 2 | Allow all cookies from all sites. | |
---
diff --git a/browsers/edge/includes/configure-do-not-track-include.md b/browsers/edge/includes/configure-do-not-track-include.md
index 0270133a94..7e0f59943e 100644
--- a/browsers/edge/includes/configure-do-not-track-include.md
+++ b/browsers/edge/includes/configure-do-not-track-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
index bb5cb307bb..4d4aea6068 100644
--- a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
+++ b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-favorites-bar-include.md b/browsers/edge/includes/configure-favorites-bar-include.md
index 35f0cefa19..6fdeb3ee83 100644
--- a/browsers/edge/includes/configure-favorites-bar-include.md
+++ b/browsers/edge/includes/configure-favorites-bar-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-favorites-include.md b/browsers/edge/includes/configure-favorites-include.md
index 88b284d0ae..4c2ab722f9 100644
--- a/browsers/edge/includes/configure-favorites-include.md
+++ b/browsers/edge/includes/configure-favorites-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-home-button-include.md b/browsers/edge/includes/configure-home-button-include.md
index 9796369a9f..2535093959 100644
--- a/browsers/edge/includes/configure-home-button-include.md
+++ b/browsers/edge/includes/configure-home-button-include.md
@@ -5,7 +5,7 @@ ms.date: 10/28/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
index cfbcfccd50..e5a7ff9155 100644
--- a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
+++ b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
@@ -5,13 +5,13 @@ ms.date: 10/27/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
-| | |
-|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Single-app**
Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.
**Digital signage** does not require user interaction.
***Example.*** Use digital signage for things like a rotating advertisement or menu.
**Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.
***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.
Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.
The single-app public browsing mode is the only kiosk mode that has an End session button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.
**Digital signage** does not require user interaction.
***Example.*** Use digital signage for things like a rotating advertisement or menu.
**Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.
***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.
Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.
The single-app public browsing mode is the only kiosk mode that has an End session button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.
Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.
In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Policy setting = Enabled (1) |
---
diff --git a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
index 0a8662e724..adc3dbf183 100644
--- a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
+++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
@@ -5,7 +5,7 @@ ms.date: 10/27/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-open-edge-with-include.md b/browsers/edge/includes/configure-open-edge-with-include.md
index 966a8be23e..02f0daa65a 100644
--- a/browsers/edge/includes/configure-open-edge-with-include.md
+++ b/browsers/edge/includes/configure-open-edge-with-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-password-manager-include.md b/browsers/edge/includes/configure-password-manager-include.md
index ab0e78ca5b..4b6365e007 100644
--- a/browsers/edge/includes/configure-password-manager-include.md
+++ b/browsers/edge/includes/configure-password-manager-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-pop-up-blocker-include.md b/browsers/edge/includes/configure-pop-up-blocker-include.md
index 5355cbae5f..69b8c53e36 100644
--- a/browsers/edge/includes/configure-pop-up-blocker-include.md
+++ b/browsers/edge/includes/configure-pop-up-blocker-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
index f12debc9ab..a3510a557c 100644
--- a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
+++ b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-start-pages-include.md b/browsers/edge/includes/configure-start-pages-include.md
index 04b7eeddd9..6a64d182d4 100644
--- a/browsers/edge/includes/configure-start-pages-include.md
+++ b/browsers/edge/includes/configure-start-pages-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
index fcc95b0d57..f842745478 100644
--- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
+++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
index e240862638..c95b9faf73 100644
--- a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
+++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/do-not-sync-browser-settings-include.md b/browsers/edge/includes/do-not-sync-browser-settings-include.md
index 2ec6bea84d..97cbb929bd 100644
--- a/browsers/edge/includes/do-not-sync-browser-settings-include.md
+++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/do-not-sync-include.md b/browsers/edge/includes/do-not-sync-include.md
index 96aa814d4b..0adc074785 100644
--- a/browsers/edge/includes/do-not-sync-include.md
+++ b/browsers/edge/includes/do-not-sync-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
index 686e6b552c..724125788a 100644
--- a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
+++ b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Developers can access special development features, along with other developer-focused settings, which makes it possible for them to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.
diff --git a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
index e20c31d301..539b1cd2fd 100644
--- a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
+++ b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
>*Supported versions: Internet Explorer 11 on Windows 10, version 1607 or later*
diff --git a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
index 7e9bb90bc1..a7ff412c85 100644
--- a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
+++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
index 594b69a5ec..4b65a2458c 100644
--- a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
+++ b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services): Learn about the network connections from Windows to Microsoft services. Also, learn about the privacy settings that affect the data shared with either Microsoft or apps and how to manage them in an enterprise. You can configure diagnostic data at the lowest level for your edition of Windows and evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment.
diff --git a/browsers/edge/includes/prevent-access-about-flag-include.md b/browsers/edge/includes/prevent-access-about-flag-include.md
index d6ca2253e6..31f94d4c49 100644
--- a/browsers/edge/includes/prevent-access-about-flag-include.md
+++ b/browsers/edge/includes/prevent-access-about-flag-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
index a16217ae07..301dd68424 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
index beca20210f..04339b930a 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/prevent-certificate-error-overrides-include.md b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
index a0a47406eb..a776bb08b6 100644
--- a/browsers/edge/includes/prevent-certificate-error-overrides-include.md
+++ b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/prevent-changes-to-favorites-include.md b/browsers/edge/includes/prevent-changes-to-favorites-include.md
index 71476b4e98..de0f5e7ac7 100644
--- a/browsers/edge/includes/prevent-changes-to-favorites-include.md
+++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/prevent-first-run-webpage-open-include.md b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
index e28cd73fb5..0e3e9fa8b1 100644
--- a/browsers/edge/includes/prevent-first-run-webpage-open-include.md
+++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
index 36535b4ccc..bfc0e23f6b 100644
--- a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
+++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
index 8314edbe14..407dd4c596 100644
--- a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
+++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
index 68042aad34..6257f4e2fb 100644
--- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
+++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
@@ -20,7 +20,7 @@ ms:topic: include
| Group Policy | Description |
|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Disabled or not configured **(default)** | Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
-| Enabled | Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:
After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.
Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
+| Enabled | Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office extension prevents users from turning it off:
After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.
Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
---
diff --git a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
index 3a06e77d5d..e7f4651365 100644
--- a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
+++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md
index 33df41bb77..0df09c2d46 100644
--- a/browsers/edge/includes/provision-favorites-include.md
+++ b/browsers/edge/includes/provision-favorites-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
index 019cbc16f0..a09dedbcc5 100644
--- a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
+++ b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
[Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
diff --git a/browsers/edge/includes/send-all-intranet-sites-ie-include.md b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
index 7cc7123258..af93dd7bba 100644
--- a/browsers/edge/includes/send-all-intranet-sites-ie-include.md
+++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/set-default-search-engine-include.md b/browsers/edge/includes/set-default-search-engine-include.md
index 4a3ddd44fa..f42c5e8873 100644
--- a/browsers/edge/includes/set-default-search-engine-include.md
+++ b/browsers/edge/includes/set-default-search-engine-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md
index 355240ff1a..5d3549e402 100644
--- a/browsers/edge/includes/set-home-button-url-include.md
+++ b/browsers/edge/includes/set-home-button-url-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/set-new-tab-url-include.md b/browsers/edge/includes/set-new-tab-url-include.md
index a53dd93220..b8521a3c98 100644
--- a/browsers/edge/includes/set-new-tab-url-include.md
+++ b/browsers/edge/includes/set-new-tab-url-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/show-message-opening-sites-ie-include.md b/browsers/edge/includes/show-message-opening-sites-ie-include.md
index fe01511d36..418034e68a 100644
--- a/browsers/edge/includes/show-message-opening-sites-ie-include.md
+++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/includes/unlock-home-button-include.md b/browsers/edge/includes/unlock-home-button-include.md
index bf30d5d9ed..022ba40f20 100644
--- a/browsers/edge/includes/unlock-home-button-include.md
+++ b/browsers/edge/includes/unlock-home-button-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml
index 9550d5d1d2..0afcf97eb7 100644
--- a/browsers/edge/index.yml
+++ b/browsers/edge/index.yml
@@ -92,7 +92,7 @@ sections:
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp
- html:
Learch how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.
+ html:
Learn how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.
image:
diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml
index 1d5723ae94..341292cab7 100644
--- a/browsers/edge/microsoft-edge.yml
+++ b/browsers/edge/microsoft-edge.yml
@@ -33,7 +33,7 @@ sections:
- type: markdown
text: "
Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.
-
**Web Application Compatibility Lab Kit** The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge. Find out more
**Web Application Compatibility Lab Kit** The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge. Find out more
"
- title: Security
diff --git a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
index 8b9845345f..00da0e5de3 100644
--- a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account.
diff --git a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
index 2a5773c6f9..2e877de455 100644
--- a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.
diff --git a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
index d4c81bfe8f..c3aa88d8c1 100644
--- a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running.
diff --git a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
index b62ac92d82..5515b7a283 100644
--- a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes.
diff --git a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
index 658351c9e1..329f024f3f 100644
--- a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.
diff --git a/browsers/edge/shortdesc/allow-cortana-shortdesc.md b/browsers/edge/shortdesc/allow-cortana-shortdesc.md
index 4b9008b8a0..035f849a7f 100644
--- a/browsers/edge/shortdesc/allow-cortana-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-cortana-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.
diff --git a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
index faedf6e98c..43fb795cdd 100644
--- a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.
diff --git a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
index 914207eace..56e23ae4da 100644
--- a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.
diff --git a/browsers/edge/shortdesc/allow-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-extensions-shortdesc.md
index d179b84a0c..8276b06760 100644
--- a/browsers/edge/shortdesc/allow-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-extensions-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
diff --git a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
index cdd6d92c32..cb47a5d149 100644
--- a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge.
diff --git a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
index 9a26485bd0..1340e13406 100644
--- a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
diff --git a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
index e1f32efc92..35a86bfd85 100644
--- a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.
diff --git a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
index f12cb4858a..a8437f2035 100644
--- a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.
diff --git a/browsers/edge/shortdesc/allow-printing-shortdesc.md b/browsers/edge/shortdesc/allow-printing-shortdesc.md
index 667479bcab..288599efdd 100644
--- a/browsers/edge/shortdesc/allow-printing-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-printing-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.
diff --git a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
index fd31328000..00be5b8c4d 100644
--- a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.
diff --git a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
index 526626c5dc..fab9a56cff 100644
--- a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge.
diff --git a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
index a91dfe1299..588e9f64f9 100644
--- a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).
diff --git a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
index 44b6908b0d..ec10c36e78 100644
--- a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
diff --git a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
index eb0b507062..5d9a75ed5a 100644
--- a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 11/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.
diff --git a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
index 668b843424..2c63762356 100644
--- a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
diff --git a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
index 27ac63ba69..a9e0bdb003 100644
--- a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
+++ b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
diff --git a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
index 9ecbac9a8c..57fc82b0a1 100644
--- a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.
diff --git a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
index 5e0153a64e..d409c6374c 100644
--- a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
diff --git a/browsers/edge/shortdesc/configure-autofill-shortdesc.md b/browsers/edge/shortdesc/configure-autofill-shortdesc.md
index a60ce8d196..74af7970c6 100644
--- a/browsers/edge/shortdesc/configure-autofill-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-autofill-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
diff --git a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
index d4d0ac2611..3f8d400ca5 100644
--- a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
diff --git a/browsers/edge/shortdesc/configure-cookies-shortdesc.md b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
index f814e14ff7..eeb223000b 100644
--- a/browsers/edge/shortdesc/configure-cookies-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.
diff --git a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
index cb296d0c5e..68e1b83ac2 100644
--- a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
diff --git a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
index 94042574fc..f98aa94435 100644
--- a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
diff --git a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
index 97f0e78a2e..661818a582 100644
--- a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.
diff --git a/browsers/edge/shortdesc/configure-favorites-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
index 2d468ccb48..34e0cded8f 100644
--- a/browsers/edge/shortdesc/configure-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
diff --git a/browsers/edge/shortdesc/configure-home-button-shortdesc.md b/browsers/edge/shortdesc/configure-home-button-shortdesc.md
index 0f6419d1b9..17d1b68784 100644
--- a/browsers/edge/shortdesc/configure-home-button-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-home-button-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
diff --git a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
index 1b52679ba6..37ca79a2c7 100644
--- a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with a tailored experience for kiosks, or normal browsing in Microsoft Edge.
diff --git a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
index 001c3b4adc..767c933e7c 100644
--- a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
diff --git a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
index 4877cdc1ca..cf69dd8af8 100644
--- a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
diff --git a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
index 403f568244..f0b41c5b0f 100644
--- a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.
diff --git a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
index ec0fca3a7e..a34c788e1e 100644
--- a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy.
diff --git a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
index a999cf65cb..71b3e06d0d 100644
--- a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
diff --git a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
index 80f486f35e..6cf35edc0e 100644
--- a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes.
diff --git a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
index cdf984bdc5..600d2e2986 100644
--- a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off.
diff --git a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
index f1799516a7..3f0ebb72c4 100644
--- a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
+++ b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.
diff --git a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
index 60b95651ca..b269a7f3e3 100644
--- a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
+++ b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
diff --git a/browsers/edge/shortdesc/do-not-sync-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-shortdesc.md
index 5aecbf86be..2fe09c0260 100644
--- a/browsers/edge/shortdesc/do-not-sync-shortdesc.md
+++ b/browsers/edge/shortdesc/do-not-sync-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
diff --git a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
index 027fc09c15..0b377e56b6 100644
--- a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
+++ b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.
diff --git a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
index 967221cc52..4b4a459339 100644
--- a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
+++ b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
[Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy):
diff --git a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
index 4bc1eb0947..7bf20983de 100644
--- a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
index de9891f1b2..f6b222fde2 100644
--- a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).
diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
index 74db5c4863..d04429bef8 100644
--- a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
diff --git a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
index 53dc4ea3e4..c73e676517 100644
--- a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
diff --git a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
index a8948ce133..b635ee64e8 100644
--- a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
diff --git a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
index 037888e82c..bba9ec1ad5 100644
--- a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.
diff --git a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
index 107a995e49..c156c94126 100644
--- a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
diff --git a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
index 2671634c1b..35b0859dc6 100644
--- a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.
diff --git a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
index 3355fa7456..037c535aa8 100644
--- a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
diff --git a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
index 9615cd17b6..3a25de844f 100644
--- a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses.
diff --git a/browsers/edge/shortdesc/provision-favorites-shortdesc.md b/browsers/edge/shortdesc/provision-favorites-shortdesc.md
index 321eae15f4..0d84ac76c1 100644
--- a/browsers/edge/shortdesc/provision-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/provision-favorites-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured.
diff --git a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
index 7940263779..8524933996 100644
--- a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
+++ b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
diff --git a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
index 6cdc361e42..3b17cd7e5f 100644
--- a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
+++ b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
diff --git a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
index c3eeaf2045..958dd67138 100644
--- a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
+++ b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.
diff --git a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
index 18f35b15b0..67e62738a6 100644
--- a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
+++ b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
diff --git a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
index 2b73a00927..a909cbbdc7 100644
--- a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
+++ b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
diff --git a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
index e338769c79..5ae8a12782 100644
--- a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
+++ b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
@@ -5,6 +5,6 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
diff --git a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
index db100006b2..722998c5bf 100644
--- a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
+++ b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
index 34da92da2a..c90d6b1c59 100644
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
@@ -147,18 +147,18 @@ You need to set up your computers for data collection by running the provided Po
**To set up Enterprise Site Discovery**
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
+- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
**To set up your firewall**
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
+1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
+2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-3. Restart your computer to start collecting your WMI data.
+3. Restart your computer to start collecting your WMI data.
## Use PowerShell to finish setting up Enterprise Site Discovery
You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
@@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow
**To set up data collection using a domain allow list**
- - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
+ - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
>**Important** Wildcards, like \*.microsoft.com, aren’t supported.
**To set up data collection using a zone allow list**
- - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
+ - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
>**Important** Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
@@ -447,7 +447,7 @@ After you’ve collected your data, you’ll need to turn Enterprise Site Discov
**To stop collecting data, using PowerShell**
-- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.
+- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
>**Note** Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
index b43215b9ac..503be19c75 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
@@ -179,7 +179,7 @@ Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam
diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md
index 592363962b..3e22df673d 100644
--- a/browsers/enterprise-mode/enterprise-mode.md
+++ b/browsers/enterprise-mode/enterprise-mode.md
@@ -54,6 +54,6 @@ You can build and manage your Enterprise Mode Site List is by using any generic
### Add a single site to the site list
-### Add mulitple sites to the site list
+### Add multiple sites to the site list
diff --git a/browsers/enterprise-mode/turn-off-enterprise-mode.md b/browsers/enterprise-mode/turn-off-enterprise-mode.md
index 9b68512593..ce1f04eaa1 100644
--- a/browsers/enterprise-mode/turn-off-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-off-enterprise-mode.md
@@ -2,7 +2,7 @@
ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
-description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
+description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
author: eavena
ms.prod: ie11
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
diff --git a/browsers/includes/available-duel-browser-experiences-include.md b/browsers/includes/available-duel-browser-experiences-include.md
index d3e189245d..03e5488335 100644
--- a/browsers/includes/available-duel-browser-experiences-include.md
+++ b/browsers/includes/available-duel-browser-experiences-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
## Available dual-browser experiences
diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md
index 93f3628760..e4a5e68376 100644
--- a/browsers/includes/helpful-topics-include.md
+++ b/browsers/includes/helpful-topics-include.md
@@ -5,7 +5,7 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
index 4f722ff9f5..1954c6ad4e 100644
--- a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
+++ b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
@@ -5,12 +5,12 @@ ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
->[!IMPORTANT]
+>[!IMPORTANT]
>Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
1. In the Enterprise Mode Site List Manager, click **File \> Import**.
diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md
index 8b67242c98..fffc2e5480 100644
--- a/browsers/includes/interoperability-goals-enterprise-guidance.md
+++ b/browsers/includes/interoperability-goals-enterprise-guidance.md
@@ -5,7 +5,7 @@ ms.date: 10/15/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
## Interoperability goals and enterprise guidance
@@ -18,7 +18,7 @@ You must continue using IE11 if web apps use any of the following:
* x-ua-compatible headers
-* <meta> tags
+* <meta> tags with an http-equivalent value of X-UA-Compatible header
* Enterprise mode or compatibility view to addressing compatibility issues
@@ -27,7 +27,7 @@ You must continue using IE11 if web apps use any of the following:
If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11.
>[!TIP]
->If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
+>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
|Technology |Why it existed |Why we don't need it anymore |
@@ -35,5 +35,7 @@ If you have uninstalled IE11, you can download it from the Microsoft Store or th
|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | |
|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | |
|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. |
+
+
---
diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md
index 229def58e0..0fed701c19 100644
--- a/browsers/internet-explorer/TOC.md
+++ b/browsers/internet-explorer/TOC.md
@@ -76,7 +76,7 @@
###[New group policy settings for Internet Explorer 11](ie11-deploy-guide/new-group-policy-settings-for-ie11.md)
###[Set the default browser using Group Policy](ie11-deploy-guide/set-the-default-browser-using-group-policy.md)
###[ActiveX installation using group policy](ie11-deploy-guide/activex-installation-using-group-policy.md)
-###[Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatability-with-ie11.md)
+###[Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatibility-with-ie11.md)
###[Group policy preferences and Internet Explorer 11](ie11-deploy-guide/group-policy-preferences-and-ie11.md)
###[Administrative templates and Internet Explorer 11](ie11-deploy-guide/administrative-templates-and-ie11.md)
###[Enable and disable add-ons using administrative templates and group policy](ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md)
diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json
index 7590327773..153f4be5f1 100644
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@@ -22,7 +22,6 @@
}
],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.author": "shortpatti",
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index e1bd5ba5d6..3a2826187a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -24,7 +24,7 @@ ms.date: 07/27/2017
Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
>**Upgrade Readiness and Windows upgrades**
->You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/en-us/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
+>You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
## Before you begin
@@ -147,18 +147,18 @@ You need to set up your computers for data collection by running the provided Po
**To set up Enterprise Site Discovery**
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
+- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
**To set up your firewall**
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
+1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
+2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-3. Restart your computer to start collecting your WMI data.
+3. Restart your computer to start collecting your WMI data.
## Use PowerShell to finish setting up Enterprise Site Discovery
You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
@@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow
**To set up data collection using a domain allow list**
- - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
+ - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
>**Important** Wildcards, like \*.microsoft.com, aren’t supported.
**To set up data collection using a zone allow list**
- - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
+ - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
>**Important** Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
@@ -447,7 +447,7 @@ After you’ve collected your data, you’ll need to turn Enterprise Site Discov
**To stop collecting data, using PowerShell**
-- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.
+- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
>**Note** Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 72522b17ec..daa0f1c0ee 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -179,7 +179,7 @@ Where http
"
- title: Deploy
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 5d0635344e..d50c95d74f 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -10,15 +10,25 @@
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
## [Manage updates to HoloLens](hololens-updates.md)
## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
+## [Use the HoloLens Clicker](hololens-clicker.md)
+## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md)
+## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md)
# Application Management
## [Install apps on HoloLens](hololens-install-apps.md)
## [Share HoloLens with multiple people](hololens-multiple-users.md)
+## [Cortana on HoloLens](hololens-cortana.md)
+## [Get apps for HoloLens](hololens-get-apps.md)
+## [Use apps on HoloLens](hololens-use-apps.md)
+## [Use HoloLens offline](hololens-offline.md)
+## [Spaces on HoloLens](hololens-spaces-on-hololens.md)
# User/Access Management
## [Set up single application access](hololens-kiosk.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
## [How HoloLens stores data for spaces](hololens-spaces.md)
+## [Find and save files](hololens-find-and-save-files.md)
# [Insider preview for Microsoft HoloLens](hololens-insider.md)
-# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
\ No newline at end of file
+# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
+
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
index 0652ccd8b0..b19110b8f2 100644
--- a/devices/hololens/docfx.json
+++ b/devices/hololens/docfx.json
@@ -29,7 +29,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/hololens/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
diff --git a/devices/hololens/hololens-clicker-restart-recover.md b/devices/hololens/hololens-clicker-restart-recover.md
new file mode 100644
index 0000000000..81c7ffc704
--- /dev/null
+++ b/devices/hololens/hololens-clicker-restart-recover.md
@@ -0,0 +1,47 @@
+---
+title: Restart or recover the HoloLens clicker
+description: Things to try if the HoloLens clicker is unresponsive or isn’t working well.
+ms.assetid: 13406eca-e2c6-4cfc-8ace-426ff8f837f4
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Restart or recover the HoloLens clicker
+
+Here are some things to try if the HoloLens clicker is unresponsive or isn’t working well.
+
+## Restart the clicker
+
+Use the tip of a pen to press and hold the [pairing button](https://support.microsoft.com/en-us/help/12646).
+
+
+
+At the same time, click and hold the clicker for 15 seconds. If the clicker was already paired with your HoloLens, it will stay paired after it restarts.
+
+
+
+If the clicker won't turn on or restart, try charging it using the HoloLens charger. If the battery is very low, it might take a few minutes for the white indicator light to turn on.
+
+## Re-pair the clicker
+
+Go to Settings > Devices and select the clicker. Select Remove, wait a few seconds, then pair the clicker again.
+
+## Recover the clicker
+
+If restarting and re-pairing the clicker don’t fix the problem, the Windows Device Recovery Tool can help you recover it. The recovery process may take some time, and the latest version of the clicker software will be installed. To use the tool, you’ll need a computer running Windows 10 or later with at least 4 GB of free storage space.
+
+To recover the clicker:
+
+1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
+1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens.
+1. Run the Windows Device Recovery Tool and follow the instructions.
+
+If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.
diff --git a/devices/hololens/hololens-clicker.md b/devices/hololens/hololens-clicker.md
new file mode 100644
index 0000000000..8ec7e8077b
--- /dev/null
+++ b/devices/hololens/hololens-clicker.md
@@ -0,0 +1,65 @@
+---
+title: Use the HoloLens Clicker
+description:
+ms.assetid: 7d4a30fd-cf1d-4c9a-8eb1-1968ccecbe59
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Use the HoloLens Clicker
+
+The clicker was designed specifically for HoloLens and gives you another way to interact with holograms. It comes with HoloLens, in a separate box. Use it in place of hand gestures to select, scroll, move, and resize.
+
+
+
+## Hold the clicker
+
+To put on the clicker, slide the loop over your ring or middle finger with the Micro USB port toward your wrist. Rest your thumb in the indentation.
+
+
+
+## Clicker gestures
+
+Clicker gestures are small wrist rotations, not the larger movements used for HoloLens hand gestures. And HoloLens will recognize your gestures and clicks even if the clicker is outside the [gesture frame](https://support.microsoft.com/help/12644), so you can hold the clicker in the position that's most comfortable for you.
+
+- **Select**. To select a hologram, button, or other element, gaze at it, then click.
+
+- **Click and hold**. Click and hold your thumb down on the button to do some of the same things you would with tap and hold, like move or resize a hologram.
+
+- **Scroll**. On the app bar, select **Scroll Tool**. Click and hold, then rotate the clicker up, down, left, or right. To scroll faster, move your hand farther from the center of the scroll tool.
+
+- **Zoom**. On the app bar, select **Zoom Tool**. Click and hold, then rotate the clicker up to zoom in, or down to zoom out.
+
+>[!TIP]
+>In Microsoft Edge, gaze at a page and double-click to zoom in or out.
+
+## Pair and charge the clicker
+
+To pair the clicker with your HoloLens, see [Pair Bluetooth devices](https://support.microsoft.com/help/12636).
+
+When the clicker battery is low, the battery indicator will blink amber. Plug the Micro USB cable into a USB power supply to charge the device.
+
+## Indicator lights
+
+Here's what the lights on the clicker mean.
+
+- **Blinking white**. The clicker is in pairing mode.
+
+- **Fast-blinking white**. Pairing was successful.
+
+- **Solid white**. The clicker is charging.
+
+- **Blinking amber**. The battery is low.
+
+- **Solid amber**. The clicker ran into an error and you'll need to restart it. While pressing the pairing button, click and hold for 15 seconds.
+
+>[!NOTE]
+>If the clicker doesn't respond or won't start, see [Restart or recover the HoloLens clicker](https://support.microsoft.com/help/15555/hololens-restart-or-recover-the-hololens-clicker).
diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md
new file mode 100644
index 0000000000..dfe9539b1b
--- /dev/null
+++ b/devices/hololens/hololens-cortana.md
@@ -0,0 +1,50 @@
+---
+title: Cortana on HoloLens
+description: Cortana can help you do all kinds of things on your HoloLens
+ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Cortana on HoloLens
+
+Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. To get her attention, select Cortana on Start or say "Hey Cortana" anytime.
+
+
+
+## What do I say to Cortana
+
+Here are some things you can try saying (remember to say "Hey Cortana" first):
+
+- What can I say?
+- Increase the volume.
+- Decrease the brightness.
+- Shut down.
+- Restart.
+- Go to sleep.
+- Mute.
+- Launch ``.
+- Move `` here (gaze at the spot you want the app to move to).
+- Go to Start.
+- Take a picture.
+- Start recording. (Starts recording a video.)
+- Stop recording. (Stops recording a video.)
+- Call ``. (Requires Skype.)
+- What time is it?
+- Show me the latest NBA scores.
+- How much battery do I have left?
+- Tell me a joke.
+
+>[!NOTE]
+>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions.
+>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
+>- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on.
+>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (like "Select" and "Place").
diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md
index 25bf786333..838674f0dc 100644
--- a/devices/hololens/hololens-encryption.md
+++ b/devices/hololens/hololens-encryption.md
@@ -45,7 +45,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
-2. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
+2. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
>[!NOTE]
>You can configure [additional settings in the provisioning package](hololens-provisioning.md).
@@ -102,6 +102,6 @@ Provisioning packages are files created by the Windows Configuration Designer to
Encryption is silent on HoloLens. To verify the device encryption status:
-- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted.
+- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted.
diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md
new file mode 100644
index 0000000000..ba459eff13
--- /dev/null
+++ b/devices/hololens/hololens-find-and-save-files.md
@@ -0,0 +1,44 @@
+---
+title: Find and save files on HoloLens
+description: Use File Explorer on HoloLens to view and manage files on your device
+ms.assetid: 77d2e357-f65f-43c8-b62f-6cd9bf37070a
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Find and save files on HoloLens
+
+Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens.
+
+## View files on HoloLens
+
+Use File Explorer on HoloLens to view and manage files on your device, including 3D objects, documents, and pictures. Go to Start > All apps > File Explorer on HoloLens to get started.
+
+>[!TIP]
+>If there are no files listed in File Explorer, select **This Device** in the top left pane.
+
+## View HoloLens files on your PC
+
+To see your HoloLens files in File Explorer on your PC:
+
+1. Sign in to HoloLens, then plug it into the PC using the USB cable that came with the HoloLens.
+
+1. Select **Open Device to view files with File Explorer**, or open File Explorer on the PC and navigate to the device.
+
+>[!TIP]
+>To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**.
+
+## Sync to the cloud
+
+To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens.
+
+>[!TIP]
+>HoloLens doesn't back up app files and data, so it's a good idea to save your important stuff to OneDrive. That way, if you reset your device or uninstall an app, your info will be backed up.
diff --git a/devices/hololens/hololens-get-apps.md b/devices/hololens/hololens-get-apps.md
new file mode 100644
index 0000000000..cd14341075
--- /dev/null
+++ b/devices/hololens/hololens-get-apps.md
@@ -0,0 +1,37 @@
+---
+title: Get apps for HoloLens
+description: The Microsoft Store is your source for apps and games that work with HoloLens.
+ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Get apps for HoloLens
+
+The Microsoft Store is your source for apps and games that work with HoloLens. When you go to the Store on your HoloLens, any apps you see there will run on it.
+
+Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows and can be positioned all around you. Apps that use holographic view surround you and become the only app you see.
+
+## Get apps
+
+Open the Microsoft Store from the Start menu. Then browse for apps and games (or use your voice to search), select the microphone on the HoloLens keyboard, and start talking.
+
+To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](http://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
+
+## Find your apps
+
+Once you've installed an app, you'll find it in the All apps list (Start > All apps ). Keep apps handy by [pinning them to Start](https://support.microsoft.com/help/12638).
+
+App updates are automatic, and they're free.
+
+>[!NOTE]
+>- To purchase apps in the Store, the billing address for your payment method must match the country or region your HoloLens is set to.
+>- Some apps may not be available in all countries and regions.
diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index bb56182d56..5eaf9ad296 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -16,9 +16,6 @@ manager: dansimp
Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens.
-
-
-
## How do I install the Insider builds?
On a device running the Windows 10 April 2018 Update, go to Settings -> Update & Security -> Windows Insider Program and select Get started. Link the account you used to register as a Windows Insider.
diff --git a/devices/hololens/hololens-install-localized.md b/devices/hololens/hololens-install-localized.md
index 44e729c92f..0d3b2aecfb 100644
--- a/devices/hololens/hololens-install-localized.md
+++ b/devices/hololens/hololens-install-localized.md
@@ -17,7 +17,7 @@ manager: dansimp
In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT).
->[!IMPORTANT]
+>[!IMPORTANT]
>Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens.
diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md
index 01dcda9e51..b648efe898 100644
--- a/devices/hololens/hololens-kiosk.md
+++ b/devices/hololens/hololens-kiosk.md
@@ -16,7 +16,7 @@ manager: dansimp
-In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#guest)
+In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#add-guest-access-to-the-kiosk-configuration-optional)
When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
@@ -40,21 +40,19 @@ The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft
>Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app.
For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk:
-- You can use [Microsoft Intune or other mobile device management (MDM) service](#intune-kiosk) to configure single-app and multi-app kiosks.
-- You can [use a provisioning package](#ppkg-kiosk) to configure single-app and multi-app kiosks.
-- You can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
+- You can use [Microsoft Intune or other mobile device management (MDM) service](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803) to configure single-app and multi-app kiosks.
+- You can [use a provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks.
+- You can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
-For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks.
+For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks.
-
-## Start layout for HoloLens
+## Start layout for HoloLens
-If you use [MDM, Microsoft Intune](#intune-kiosk), or a [provisioning package](#ppkg-kiosk) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
+If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
>[!NOTE]
>Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
-
### Start layout file for MDM (Intune and others)
Save the following sample as an XML file. You will select this file when you configure the kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
@@ -80,7 +78,7 @@ Save the following sample as an XML file. You will select this file when you con
### Start layout for a provisioning package
-You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
+You will [create an XML file](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
```xml
@@ -100,34 +98,28 @@ You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to
]]>
-```
+```
-
## Set up kiosk mode using Microsoft Intune or MDM (Windows 10, version 1803)
For HoloLens devices that are managed by Microsoft Intune, you [create a device profile](https://docs.microsoft.com/intune/device-profile-create) and configure the [Kiosk settings](https://docs.microsoft.com/intune/kiosk-settings).
-For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.
+For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-a-kiosk-configuration-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.
-
-
-
## Setup kiosk mode using a provisioning package (Windows 10, version 1803)
Process:
-1. [Create an XML file that defines the kiosk configuration.](#create-xml-file)
-2. [Add the XML file to a provisioning package.](#add-xml)
-3. [Apply the provisioning package to HoloLens.](#apply-ppkg)
+1. [Create an XML file that defines the kiosk configuration.](#create-a-kiosk-configuration-xml-file)
+2. [Add the XML file to a provisioning package.](#add-the-kiosk-configuration-xml-file-to-a-provisioning-package)
+3. [Apply the provisioning package to HoloLens.](#apply-the-provisioning-package-to-hololens)
-
### Create a kiosk configuration XML file
Follow [the instructions for creating a kiosk configuration XML file for desktop](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configure-a-kiosk-using-a-provisioning-package), with the following exceptions:
- Do not include Classic Windows applications (Win32) since they aren't supported on HoloLens.
-- Use the [placeholder Start XML](#start-kiosk) for HoloLens.
+- Use the [placeholder Start XML](#start-layout-for-hololens) for HoloLens.
-
#### Add guest access to the kiosk configuration (optional)
In the [Configs section of the XML file](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configs), you can configure a special group named **Visitor** to allow guests to use the kiosk. When the kiosk is configured with the **Visitor** special group, a "**Guest**" option is added to the sign-in page. The **Guest** account does not require a password, and any data associated with the account is deleted when the account signs out.
@@ -143,8 +135,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
```
-
-
### Add the kiosk configuration XML file to a provisioning package
1. Open [Windows Configuration Designer](https://www.microsoft.com/store/apps/9nblggh4tx22).
@@ -174,8 +164,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
-
-
### Apply the provisioning package to HoloLens
1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
@@ -191,7 +179,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.
-
## Set up kiosk mode using the Windows Device Portal (Windows 10, version 1607 and version 1803)
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md
new file mode 100644
index 0000000000..49190e6907
--- /dev/null
+++ b/devices/hololens/hololens-offline.md
@@ -0,0 +1,23 @@
+---
+title: Use HoloLens offline
+description: To set up HoloLens, you'll need to connect to a Wi-Fi network
+ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Use HoloLens offline
+
+To set up HoloLens, you'll need to connect to a Wi-Fi network—the setup tutorial will show you how.
+
+## HoloLens limitations
+
+After your HoloLens is set up, you can use it without a Wi-Fi connection, but apps that use Internet connections may have limited capabilities when you use HoloLens offline.
diff --git a/devices/hololens/hololens-restart-recover.md b/devices/hololens/hololens-restart-recover.md
new file mode 100644
index 0000000000..9bf0cddb37
--- /dev/null
+++ b/devices/hololens/hololens-restart-recover.md
@@ -0,0 +1,55 @@
+---
+title: Restart, reset, or recover HoloLens
+description: Restart, reset, or recover HoloLens
+ms.assetid: 9a546416-1648-403c-9e0c-742171b8812e
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Restart, reset, or recover HoloLens
+
+Here are some things to try if your HoloLens is unresponsive, isn’t running well, or is experiencing software or update problems.
+
+## Restart your HoloLens
+
+If your HoloLens isn’t running well or is unresponsive, try the following things.
+
+First, try restarting the device: say, "Hey Cortana, restart the device."
+
+If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out. Wait 1 minute, then press the power button again to turn on the device.
+
+If neither of those things works, force restart the device. Hold down the power button for 10 seconds. Release it and wait 30 seconds, then press the power button again to turn on the device.
+
+## Reset or recover your HoloLens
+
+If restarting your HoloLens doesn’t help, another option is to reset it. If resetting it doesn’t fix the problem, the Windows Device Recovery Tool can help you recover your device.
+
+>[!IMPORTANT]
+>Resetting or recovering your HoloLens will erase all of your personal data, including apps, games, photos, and settings. You won’t be able to restore a backup once the reset is complete.
+
+## Reset
+
+Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings.
+
+To reset your HoloLens, go to **Settings** > **Update** > **Reset** and select **Reset device**. The battery will need to have at least a 40 percent charge remaining to reset.
+
+## Recover using the Windows Device Recovery Tool
+
+Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time, and the latest version of the Windows Holographic software approved for your HoloLens will be installed.
+
+To use the tool, you’ll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you can’t run this tool on a virtual machine.
+To recover your HoloLens
+
+1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
+1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens.
+1. Run the Windows Device Recovery Tool and follow the instructions.
+
+If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.
diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md
index c7007d172e..77bb29070f 100644
--- a/devices/hololens/hololens-setup.md
+++ b/devices/hololens/hololens-setup.md
@@ -1,46 +1,75 @@
---
-title: Set up HoloLens (HoloLens)
-description: The first time you set up HoloLens, you'll need a Wi-Fi network and either a Microsoft or Azure Active Directory account.
+title: Set up a new HoloLens
+description: This guide walks through first time set up. You'll need a Wi-Fi network and either a Microsoft (MSA) or Azure Active Directory (AAD) account.
ms.prod: hololens
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.topic: article
+author: scooley
+ms.author: scooley
+ms.topic: quickstart
ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
+ms.date: 07/14/2019
---
-# Set up HoloLens
+# Set up HoloLens for the first time
-Before you get started setting up your HoloLens, make sure you have a Wi-Fi network and a Microsoft account or an Azure Active Directory (Azure AD) account.
+Follow along to set up a HoloLens for the first time. At the end of this quickstart, you'll be able to use HoloLens and navigate HoloLens settings on-device.
-## Network connectivity requirements
+This is a high level unboxing guide to become familiar with HoloLens.
+See [Set up HoloLens in the enterprise](hololens-requirements.md) to configure HoloLens for scale enterprise deployment and ongoing device management.
-The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. You need to connect HoloLens to a Wi-Fi network with Internet connectivity so that the user account can be authenticated.
+## Prerequisites
-- It can be an open Wi-Fi or password-protected Wi-Fi network.
-- The Wi-Fi network cannot require certificates to connect.
-- The Wi-Fi network does not need to provide access to enterprise resources or intranet sites.
+- Internet access.
+ - Wi-Fi is the easiest way to do first set up on both HoloLens and HoloLens 2. It can be an open Wi-Fi or password-protected Wi-Fi network; the Wi-Fi network does not need to provide access to enterprise resources or intranet sites.
+ - HoloLens 2 can connect to the internet via ethernet and a USB-C adapter.
+- a user account - Microsoft (MSA) or Azure Active Directory (AAD)
-## HoloLens setup
+## Prepare for first-boot
-The HoloLens setup process combines a quick tutorial on using HoloLens with the steps needed to connect to the network and add an account.
+Become familiar with the HoloLens hardware and prepare to turn your HoloLens on for the first time.
-1. Be sure your HoloLens is [charged](https://support.microsoft.com/help/12627), then [adjust it](https://support.microsoft.com/help/12632) for a comfortable fit.
-2. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens.
-3. Next, you'll be guided through connecting to a Wi-Fi network.
-4. After HoloLens connects to the Wi-Fi network, you select between **My work or school owns it** and **I own it**.
+1. Be sure your HoloLens is [charged](https://support.microsoft.com/help/12627)
+1. [Adjust fit](https://support.microsoft.com/help/12632) for a comfortable fit.
+1. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens.
+
+## Set up your HoloLens
+
+Set up your HoloLens and your user account.
+
+1. Connect to the internet (select Wi-Fi).
+1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**.
- When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app).
- 1. Enter your organizational account.
+ 1. Enter your organizational account.
2. Accept privacy statement.
3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page.
4. Continue with device setup.
- When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app).
- 1. Enter your Microsoft account.
- 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process.
-5. The device sets your time zone based on information obtained from the Wi-Fi network.
-6. Next, you learn how to perform the bloom gesture and how to select and place the Start screen. After you place the Start screen, setup is complete and you can begin using HoloLens.
+ 1. Enter your Microsoft account.
+ 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process.
+1. The device sets your time zone based on information obtained from the Wi-Fi network.
+1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu.
+Congratulations! Setup is complete and you can begin using HoloLens.
+## Explore HoloLens
+
+### Check out on-device settings and desktop
+
+HoloLens doesn't have an on-device command line. With that in mind, the settings section in HoloLens plays an important role in diagnosing problems on-device. Understanding the information available to HoloLens users will pay dividends when troubleshooting or configuring the device.
+
+Open settings by opening the start menu and clicking on the **Settings** in the top bar. You can also ask Cortana to open settings.
+
+Follow [this guide](https://docs.microsoft.com/windows/mixed-reality/navigating-the-windows-mixed-reality-home) to navigate around the HoloLens home.
+
+### Connect bluetooth devices
+
+Connecting a bluetooth keyboard makes typing on HoloLens as efficient as a Windows PC.
+
+[Connect a bluetooth keyboard or clicker](https://support.microsoft.com/en-us/help/12636).
+
+## Next steps
+
+Start planning for HoloLens at scale with HoloLens' enterprise management features.
+
+> [!div class="nextstepaction"]
+> [HoloLens in the enterprise](hololens-requirements.md)
\ No newline at end of file
diff --git a/devices/hololens/hololens-spaces-on-hololens.md b/devices/hololens/hololens-spaces-on-hololens.md
new file mode 100644
index 0000000000..5c04bb7c3e
--- /dev/null
+++ b/devices/hololens/hololens-spaces-on-hololens.md
@@ -0,0 +1,40 @@
+---
+title: Spaces on HoloLens
+description: HoloLens blends holograms with your world
+ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Spaces on HoloLens
+
+HoloLens blends holograms with your world, mapping your surroundings to remember where you place your apps and content.
+
+>[!NOTE]
+>For your HoloLens to work properly, HoloLens Wi-Fi needs to be turned on, though it doesn't have to be connected to a network.
+
+## Tips for setting up your space
+
+HoloLens works best in certain kinds of environments. Choose a room with adequate light and plenty of space. Avoid dark spaces and rooms with a lot of dark, shiny, or translucent surfaces (for instance, mirrors or gauzy curtains).
+
+>[!NOTE]
+>HoloLens is optimized for indoor use. Use it in a safe place with no tripping hazards. [More on safety](https://support.microsoft.com/help/4023454/safety-information).
+
+## Mapping your space
+
+When HoloLens starts mapping your surroundings, you'll see a mesh graphic spreading over the space.
+
+To help HoloLens learn a space, walk around the space and gaze around you. Air tap in a space to light up the mesh and see what's been mapped.
+
+If your space changes significantly—for example, if a piece of furniture is moved—you might need to walk around the space and gaze around you so HoloLens can relearn it.
+
+>[!NOTE]
+>If HoloLens is having trouble mapping your space or you're have difficulty placing holograms, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq).
diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md
index ef830c3525..418cfce2d9 100644
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@@ -22,9 +22,9 @@ manager: dansimp
For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business).
To configure how and when updates are applied, use the following policies:
-- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
-- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
-- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
+- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
+- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
+- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
To turn off the automatic check for updates, set the following policy to value **5** – Turn off Automatic Updates:
- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md
index bfafb1d925..57bf3d0e04 100644
--- a/devices/hololens/hololens-upgrade-enterprise.md
+++ b/devices/hololens/hololens-upgrade-enterprise.md
@@ -47,7 +47,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
-2. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
+2. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
>[!NOTE]
>You can configure [additional settings in the provisioning package](hololens-provisioning.md).
diff --git a/devices/hololens/hololens-use-apps.md b/devices/hololens/hololens-use-apps.md
new file mode 100644
index 0000000000..e3d0aba0a9
--- /dev/null
+++ b/devices/hololens/hololens-use-apps.md
@@ -0,0 +1,40 @@
+---
+title: Use apps on HoloLens
+description: Apps on HoloLens use either 2D view or holographic view.
+ms.assetid: 6bd124c4-731c-4bcc-86c7-23f9b67ff616
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Use apps on HoloLens
+
+Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows, and apps with holographic view surround you and become the only app you see.
+
+## Open apps
+
+You'll find your apps either pinned to Start or in the All apps list. To get to the All apps list, use the bloom gesture to go to Start, then select **All apps**.
+
+On Start or in the All apps list, select an app. It will open in a good position for viewing.
+
+>[!NOTE]
+>- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active.
+>- Each open app can have one active window at a time, except Microsoft Edge, which can have up to three.
+>- If you're having problems with apps, make sure there's enough light in your space, and walk around so HoloLens has a current scan. If you keep having trouble, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) for more info.
+
+## Move, resize, and rotate apps
+
+After opening an app, you can [change its position and size](https://support.microsoft.com/help/12634).
+
+## Close apps
+
+To close an app that uses 2D view, gaze at it, then select **Close**.
+
+To close an app that uses holographic view, use the bloom gesture to leave holographic view, then select **Close**.
diff --git a/devices/hololens/images/cortana-on-hololens.png b/devices/hololens/images/cortana-on-hololens.png
new file mode 100644
index 0000000000..6205d3d2fd
Binary files /dev/null and b/devices/hololens/images/cortana-on-hololens.png differ
diff --git a/devices/hololens/images/hololens2-side-render.png b/devices/hololens/images/hololens2-side-render.png
new file mode 100644
index 0000000000..143fb8fc50
Binary files /dev/null and b/devices/hololens/images/hololens2-side-render.png differ
diff --git a/devices/hololens/images/recover-clicker-1.png b/devices/hololens/images/recover-clicker-1.png
new file mode 100644
index 0000000000..ad54e6ee09
Binary files /dev/null and b/devices/hololens/images/recover-clicker-1.png differ
diff --git a/devices/hololens/images/recover-clicker-2.png b/devices/hololens/images/recover-clicker-2.png
new file mode 100644
index 0000000000..d7a9d6fd0d
Binary files /dev/null and b/devices/hololens/images/recover-clicker-2.png differ
diff --git a/devices/hololens/images/use-hololens-clicker-1.png b/devices/hololens/images/use-hololens-clicker-1.png
new file mode 100644
index 0000000000..ad54e6ee09
Binary files /dev/null and b/devices/hololens/images/use-hololens-clicker-1.png differ
diff --git a/devices/hololens/images/use-hololens-clicker-2.png b/devices/hololens/images/use-hololens-clicker-2.png
new file mode 100644
index 0000000000..d7a9d6fd0d
Binary files /dev/null and b/devices/hololens/images/use-hololens-clicker-2.png differ
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index e3790fbfb5..abb50c076e 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -1,46 +1,51 @@
---
title: Microsoft HoloLens (HoloLens)
-description: HoloLens provides extra features designed for business in the Commercial Suite.
+description: Landing page for HoloLens commercial and enterprise management.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 07/27/2018
+ms.date: 07/14/2019
---
# Microsoft HoloLens
-
-
Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.
Microsoft HoloLens is available in the Development Edition, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the Commercial Suite, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.
+
+
Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.
+
+
Now, with the introduction of HoloLens 2, every device provides commercial ready management enhanced by the reliability, security, and scalability of cloud and AI services from Microsoft.
+
+
-## In this section
+## Guides in this section
+
+| Guide | Description |
+| --- | --- |
+| [Get started with HoloLens](hololens-setup.md) | Set up HoloLens for the first time. |
+| [Set up HoloLens in the enterprise](hololens-requirements.md) | Configure HoloLens for scale enterprise deployment and ongoing device management. |
+| [Install and manage applications on HoloLens](hololens-install-apps.md) |Install and manage important applications on HoloLens at scale. |
+| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
+| [Get support](https://support.microsoft.com/products/hololens) |Connect with Microsoft support resources for HoloLens in enterprise. |
+
+## Quick reference by topic
| Topic | Description |
| --- | --- |
-| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. |
-| [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management |
-| [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time |
-[Install localized version of HoloLens](hololens-install-localized.md) | Install the Chinese or Japanese version of HoloLens
-| [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business |
-| [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft Intune |
-| [Manage updates to HoloLens](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. |
-| [Set up HoloLens in kiosk mode](hololens-kiosk.md) | Enable kiosk mode for HoloLens, which limits the user's ability to launch new apps or change the running app |
-[Share HoloLens with multiple people](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
+| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover new features in the latest updates. |
| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
-| [Install apps on HoloLens](hololens-install-apps.md) | Use Microsoft Store for Business, mobile device management (MDM), or the Windows Device Portal to install apps on HoloLens |
-| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens |
-| [Change history for Microsoft HoloLens documentation](change-history-hololens.md) | See new and updated topics in the HoloLens documentation library. |
+| [HoloLens MDM support](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using Mobile Device Management (MDM) solutions like Microsoft Intune. |
+| [HoloLens update management](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. |
+| [HoloLens user management](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
+| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. |
+| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens. |
+| [Install localized version of HoloLens](hololens-install-localized.md) | Configure HoloLens for different locale. |
## Related resources
-- [Help for using HoloLens](https://support.microsoft.com/products/hololens)
-
-- [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
-
-- [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial)
-
-- [HoloLens release notes](https://developer.microsoft.com/en-us/windows/mixed-reality/release_notes)
+* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
+* [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial)
+* [HoloLens release notes](https://developer.microsoft.com/en-us/windows/mixed-reality/release_notes)
diff --git a/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md
new file mode 100644
index 0000000000..3254e13d6c
--- /dev/null
+++ b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md
@@ -0,0 +1,27 @@
+---
+title: General Data Privacy Regulation and Surface Hub
+description: Informs users who are subject to EU data protection laws of their options regarding how to delete or restrict diagnostic data produced by Surface Hub.
+ms.assetid: 087713CF-631D-477B-9CC6-EFF939DE0186
+ms.reviewer:
+manager:
+keywords: GDPR
+ms.prod: surface-hub
+ms.sitesec: library
+author: Teresa-MOTIV
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# General Data Privacy Regulation and Surface Hub
+
+In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), took effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents.
+
+Surface Hub customers concerned about privacy under the new GDPR regulations can manage their device privacy with the following options that are provided by Microsoft:
+
+* **Option 1:** Surface Hub devices in regions enforcing GDPR regulations will install KB4284830 when publicly available to automatically reduce diagnostic data emission to basic. Customers opting to provide a higher level of diagnostic data can use the Surface Hub Settings application or Mobile Device Management to override the default basic setting.
+
+* **Option 2:** Surface Hub customers who want to remove any existing diagnostic data can download the **Surface Hub Delete Diagnostic Data** application from the Microsoft Store. This app will allow customers to request deletion of associated diagnostic data directly from their Surface Hub device.
+
+Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.
+
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index 058ddefab4..d9bdb48c3a 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -1,9 +1,65 @@
# [Microsoft Surface Hub](index.md)
-## [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md)
-## [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md)
-## [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)
-### [Surface Hub Site Readiness Guide](surface-hub-site-readiness-guide.md)
-### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)
+
+# Surface Hub 2S
+
+## Overview
+### [What's new in Surface Hub 2S for IT admins](surface-hub-2s-whats-new.md)
+### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md)
+### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
+### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md)
+
+## Plan
+### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md)
+#### [Site planning for Surface Hub 2S](surface-hub-2s-site-planning.md)
+#### [Surface Hub 2S quick start](surface-hub-2s-quick-start.md)
+#### [Install and mount Surface Hub 2S](surface-hub-2s-install-mount.md)
+#### [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md)
+#### [Setup worksheet](setup-worksheet-surface-hub.md)
+#### [Surface Hub 2S ports and keypad overview](surface-hub-2s-port-keypad-overview.md)
+#### [Connect devices to Surface Hub 2S](surface-hub-2s-connect.md)
+### [Prepare your environment for Microsoft Surface Hub 2S](surface-hub-2s-prepare-environment.md)
+### [Configure Easy Authentication for Surface Hub 2S](surface-hub-2s-phone-authenticate.md)
+
+## Deploy
+### [Surface Hub 2S adoption toolkit](surface-hub-2s-adoption-kit.md)
+### [First time setup for Surface Hub 2S](surface-hub-2s-setup.md)
+### [Surface Hub 2S deployment checklist](surface-hub-2s-deploy-checklist.md)
+### [Create Surface Hub 2S device account](surface-hub-2s-account.md)
+### [Create provisioning packages for Surface Hub 2S](surface-hub-2s-deploy.md)
+### [Deploy apps to Surface Hub 2S using Intune](surface-hub-2s-deploy-apps-intune.md)
+### [Create Surface Hub 2S on-premises accounts with PowerShell](surface-hub-2s-onprem-powershell.md)
+
+## Manage
+### [Manage Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md)
+### [Local management for Surface Hub 2S settings](local-management-surface-hub-settings.md)
+### [Manage device account password rotation](surface-hub-2s-manage-passwords.md)
+### [Manage Windows updates](manage-windows-updates-for-surface-hub.md)
+### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md)
+### [Save your BitLocker key](save-bitlocker-key-surface-hub.md)
+### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md)
+### [Applying ActiveSync policies to device accounts](apply-activesync-policies-for-surface-hub-device-accounts.md)
+
+## Secure
+### [Secure and manage Surface Hub 2S with SEMM and UEFI](surface-hub-2s-secure-with-uefi-semm.md)
+### [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
+
+## Support
+### [Recover and reset Surface Hub 2S](surface-hub-2s-recover-reset.md)
+### [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
+### [How to pack and ship your Surface Hub 2S for service](surface-hub-2s-pack-components.md)
+### [Change history](surface-hub-2s-change-history.md)
+
+# Surface Hub
+## Overview
+### [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md)
+### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
+
+## Plan
+### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)
+### [Surface Hub Site Readiness Guide](surface-hub-site-readiness-guide.md)
+### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)
+
+## Deploy
### [Create and test a device account](create-and-test-a-device-account-surface-hub.md)
#### [Online deployment](online-deployment-surface-hub-device-accounts.md)
#### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md)
@@ -14,12 +70,15 @@
#### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md)
#### [Applying ActiveSync policies to device accounts](apply-activesync-policies-for-surface-hub-device-accounts.md)
#### [Password management](password-management-for-surface-hub-device-accounts.md)
-### [Create provisioning packages](provisioning-packages-for-surface-hub.md)
-### [Admin group management](admin-group-management-for-surface-hub.md)
-## [Set up Microsoft Surface Hub](set-up-your-surface-hub.md)
-### [Setup worksheet](setup-worksheet-surface-hub.md)
-### [First-run program](first-run-program-surface-hub.md)
-## [Manage Microsoft Surface Hub](manage-surface-hub.md)
+#### [Create provisioning packages](provisioning-packages-for-surface-hub.md)
+#### [Admin group management](admin-group-management-for-surface-hub.md)
+### [Set up Microsoft Surface Hub](set-up-your-surface-hub.md)
+#### [Setup worksheet](setup-worksheet-surface-hub.md)
+#### [First-run program](first-run-program-surface-hub.md)
+
+## Manage
+### [Manage Microsoft Surface Hub](manage-surface-hub.md)
+### [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md)
### [Remote Surface Hub management](remote-surface-hub-management.md)
#### [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md)
#### [Monitor your Surface Hub](monitor-surface-hub.md)
@@ -31,25 +90,37 @@
#### [Device reset](device-reset-surface-hub.md)
#### [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md)
#### [Wireless network management](wireless-network-management-for-surface-hub.md)
+### [Implement Quality of Service on Surface Hub](surface-hub-qos.md)
### [Install apps on your Surface Hub](install-apps-on-surface-hub.md)
### [Configure Surface Hub Start menu](surface-hub-start-menu.md)
### [Set up and use Microsoft Whiteboard](whiteboard-collaboration.md)
### [End a Surface Hub meeting with End session](i-am-done-finishing-your-surface-hub-meeting.md)
-### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md)
-### [Save your BitLocker key](save-bitlocker-key-surface-hub.md)
### [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md)
### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md)
### [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md)
### [Using a room control system](use-room-control-system-with-surface-hub.md)
-### [Implement Quality of Service on Surface Hub](surface-hub-qos.md)
+
+## Secure
+### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md)
+### [Save your BitLocker key](save-bitlocker-key-surface-hub.md)
+### [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
+
+## Support
### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md)
### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md)
-## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md)
-## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
-## [Top support solutions for Surface Hub](support-solutions-surface-hub.md)
-## [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
-## [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
-## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
-## [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
-## [Technical information for 84” Microsoft Surface Hub ](surface-hub-technical-84.md)
-## [Change history for Surface Hub](change-history-surface-hub.md)
\ No newline at end of file
+
+### [Top support solutions for Surface Hub](support-solutions-surface-hub.md)
+### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
+### [Surface Hub Update History](surface-hub-update-history.md)
+### [Known issues and additional information about Microsoft Surface Hub](known-issues-and-additional-info-about-surface-hub.md)
+### [How to use cloud recovery for BitLocker on a Surface Hub](use-cloud-recovery-for-bitlocker-on-surfacehub.md)
+### [Using the Surface Hub Hardware Diagnostic Tool to test a device account](use-surface-hub-diagnostic-test-device-account.md)
+### [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
+### [Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel](surfacehub-miracast-not-supported-europe-japan-israel.md)
+### [What to do if the Connect app in Surface Hub exits unexpectedly](connect-app-in-surface-hub-unexpectedly-exits.md)
+### [Surface Hub may install updates and restart outside maintenance hours](surface-hub-installs-updates-and-restarts-outside-maintenance-hours.md)
+### [General Data Privacy Regulation and Surface Hub](general-data-privacy-regulation-and-surface-hub.md)
+### [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
+### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
+### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
+### [Change history for Surface Hub](change-history-surface-hub.md)
diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md
index f3e0e2e1ba..8125113887 100644
--- a/devices/surface-hub/admin-group-management-for-surface-hub.md
+++ b/devices/surface-hub/admin-group-management-for-surface-hub.md
@@ -37,7 +37,7 @@ Note that the local admin account information is not backed by any directory ser
### Domain join the device to Active Directory (AD)
-You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#a-href-iduse-active-directoryause-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
+You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#use-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
#### What happens when you domain join your Surface Hub?
Surface Hubs use domain join to:
@@ -53,7 +53,7 @@ Surface Hub does not support applying group policies or certificates from the do
### Azure Active Directory (Azure AD) join the device
-You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#a-href-iduse-microsoft-azureause-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
+You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#use-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
By default, all **global administrators** will be given admin rights on an Azure AD joined Surface Hub. With **Azure AD Premium** or **Enterprise Mobility Suite (EMS)**, you can add additional administrators:
1. In the [Azure classic portal](https://manage.windowsazure.com/), click **Active Directory**, and then click the name of your organization's directory.
diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
index d2e0e0f813..00620b9f7c 100644
--- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
+++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
@@ -498,7 +498,7 @@ if (![System.String]::IsNullOrEmpty($strRegPoolEntry))
$strRegPool = $strRegPoolEntry
}
-# Try to SfB-enable the account. Note that it may not work right away as the account needs to propogate to active directory
+# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory
PrintAction "Enabling Skype for Business..."
Start-Sleep -s 10
$Error.Clear()
@@ -534,7 +534,7 @@ if ($status.Count -gt 0)
elseif ($v[0] -eq "F")
{
$color = "red"
- $v += " Go to http://aka.ms/shubtshoot"
+ $v += " Go to https://aka.ms/shubtshoot"
}
Write-Host -NoNewline $k -ForegroundColor $color
@@ -878,7 +878,7 @@ if (![System.String]::IsNullOrEmpty($strRegPoolEntry))
}
#>
-# Try to SfB-enable the account. Note that it may not work right away as the account needs to propogate to active directory
+# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory
PrintAction "Enabling Skype for Business on $strRegPool"
Start-Sleep -s 10
$Error.Clear()
@@ -978,7 +978,7 @@ if ($status.Count -gt 0)
elseif ($v[0] -eq "F")
{
$color = "red"
- $v += " Go to http://aka.ms/shubtshoot for help"
+ $v += " Go to https://aka.ms/shubtshoot for help"
}
Write-Host -NoNewline $k -ForegroundColor $color
@@ -1352,7 +1352,7 @@ Validate -Test "ActiveSync devices are allowed" -Condition ($strDefaultAccessLev
# Check if there exists a device access rule that bans the device type Windows Mail
$blockingRules = Get-ActiveSyncDeviceAccessRule | where {($_.AccessLevel -eq 'Block' -or $_.AccessLevel -eq 'Quarantine') -and $_.Characteristic -eq 'DeviceType'-and $_.QueryString -eq 'WindowsMail'}
-Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quaratined - the surface hub will not be able to send mail or sync its calendar."
+Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quarantined - the surface hub will not be able to send mail or sync its calendar."
## End Exchange ##
@@ -1411,7 +1411,7 @@ if ($fHasOnline)
}
}
-#If there is an on-prem component, we can get the authorative AD user from mailbox
+#If there is an on-prem component, we can get the authoritative AD user from mailbox
if ($fHasOnPrem)
{
$accountOnPrem = $null
diff --git a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
index b78abbff57..7ea2bc584c 100644
--- a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
@@ -10,7 +10,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index b28387f8d2..2d55222b1b 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -22,7 +22,7 @@ New or changed topic | Description
--- | ---
[Surface Hub Site Readiness Guide](surface-hub-site-readiness-guide.md) | New; previously available for download only
[Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
-[Technical information for 84” Microsoft Surface Hub ](surface-hub-technical-84.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
+[Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
[Surface Hub SSD replacement](surface-hub-ssd-replacement.md) | New; previously available for download only
[Implement Quality of Service on Surface Hub](surface-hub-qos.md) | New
diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index 86d6848826..5fd13d7b95 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -115,11 +115,11 @@ Use these ports on the Surface Hub for Guest Mode.
These are the port connections used for Guest Mode on the 55" and 84" Surface Hubs.
-
+
Wired port connections on 55" Surface Hub
-
+
Wired port connections on 84" Surface Hub
@@ -294,7 +294,7 @@ Check directly with graphics card vendors for the latest drivers.
Replacement PC ports on 55" Surface Hub
-
+
@@ -351,7 +351,7 @@ Replacement PC ports on 55" Surface Hub
Replacement PC ports on 84" Surface Hub
-
+
diff --git a/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md
new file mode 100644
index 0000000000..9e70a8755c
--- /dev/null
+++ b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md
@@ -0,0 +1,22 @@
+---
+title: What to do if the Connect app in Surface Hub exits unexpectedly
+description: Describes how to resolve an issue where the Connect app in Surface Hub exits to the Welcome screen after cycling through inputs.
+ms.assetid: 9576f4e4-d936-4235-8a03-d8a6fe9e8fec
+ms.reviewer:
+manager:
+keywords: surface, hub, connect, input, displayport
+ms.prod: surface-hub
+ms.sitesec: library
+author: todmccoy
+ms.author: v-todmc
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# What to do if the Connect app in Surface Hub exits unexpectedly
+
+At times, a wired Connect session that is started from the Welcome screen by connecting a DisplayPort input will exit back to the Welcome screen after using the side keypad or the source button to cycle through all source inputs.
+
+This is an issue in the Connect app and its default full-screen state. By changing the size of the app, or by selecting a DisplayPort input thumbnail in the Connect app, you can prevent input cycling from affecting the app.
+
+The way to resolve this issue is to first launch the Connect app from the Welcome screen, and THEN connect a DisplayPort input. If the input is already connected, manually select the thumbnail.
\ No newline at end of file
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index 6c133e978d..20f13c7d1b 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -4,7 +4,7 @@ description: If you prefer to use a graphical user interface, you can create a d
ms.assetid: D11BCDC4-DABA-4B9A-9ECB-58E02CC8218C
ms.reviewer:
manager: dansimp
-keywords: create device account, Office 365 UI, Exchange Admin center, Office 365 admin center, Skype for Business, mobile device mailbox policy
+keywords: create device account, Office 365 UI, Exchange Admin center, Microsoft 365 admin center, Skype for Business, mobile device mailbox policy
ms.prod: surface-hub
ms.sitesec: library
author: dansimp
@@ -22,22 +22,22 @@ If you prefer to use a graphical user interface, you can create a device account
## Create a device account using Office 365
-1. [Create the account in the Office 365 Admin Center](#create-device-acct-o365-admin-ctr).
+1. [Create the account in the Microsoft 365 Admin Center](#create-device-acct-o365-admin-ctr).
2. [Create a mobile device mailbox (ActiveSync) policy from the Microsoft Exchange Admin Center](#create-device-acct-o365-mbx-policy).
3. [Use PowerShell to complete device account creation](#create-device-acct-o365-complete-acct).
4. [Use PowerShell to configure Exchange properties of the account](#create-device-acct-o365-configure-exch-prop).
5. [Enable the account with Skype for Business](#create-device-acct-o365-skype-for-business).
-### Create the account in the Office 365 Admin Center
+### Create the account in the admin center
1. Sign in to Office 365 by visiting http://portal.office.com
-2. Provide the admin credentials for your Office 365 tenant. This will take you to your Office 365 Admin Center.
+2. Provide the admin credentials for your Office 365 tenant. This will take you to your Microsoft 365 Admin Center.
- 
+ 
-3. In the Office 365 Admin Center, navigate to **Resources** in the left panel, and then click **Rooms & equipment**.
+3. In the admin center, navigate to **Resources** in the left panel, and then click **Rooms & equipment**.
- 
+ 
4. Click **Add** to create a new Room account. Enter a display name and email address for the account, and then click **Add**.
@@ -49,9 +49,9 @@ If you prefer to use a graphical user interface, you can create a device account
### Create a mobile device mailbox (ActiveSync) policy from the Exchange Admin Center
-1. In the Office 365 Admin Center’s left panel, click **ADMIN**, and then click **Exchange**.
+1. In the admin center’s left panel, click **ADMIN**, and then click **Exchange**.
- 
+ 
2. This will open another tab on your browser to take you to the Exchange Admin Center, where you can create and set the Mailbox Setting for Surface Hub.
@@ -95,7 +95,7 @@ Install the following module in Powershell
2. Create a Credentials object, then create a new session that connects to Skype for Business Online, and provide the global tenant administrator account, then click **OK**.
- 
+ 
3. To connect to Microsoft Online Services, run:
diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md
index 09c4b1ea60..2075507bd4 100644
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@@ -44,15 +44,15 @@ If you see a blank screen for long periods of time during the **Reset device** p
## Reset a Surface Hub from Settings
**To reset a Surface Hub**
-1. On your Surface Hub, open **Settings**.
+1. On your Surface Hub, open **Settings**.
-2. Click **Update & Security**.
+2. Click **Update & Security**.
-3. Click **Recovery**, and then, under **Reset device**, click **Get started**.
+3. Click **Recovery**, and then, under **Reset device**, click **Get started**.
diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
index a700575ff9..73a50f66c9 100644
--- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
+++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
@@ -1,19 +1,19 @@
---
-title: Differences between Surface Hub and Windows 10 Enterprise
-description: This topic explains the differences between Windows 10 Team and Windows 10 Enterprise.
+title: Operating system essentials (Surface Hub)
+description: This topic explains unique aspects of the Windows 10 Team operating system and how it differs from Windows 10 Enterprise.
keywords: change history
ms.prod: surface-hub
ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 11/01/2017
+ms.date: 06/20/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
---
-# Differences between Surface Hub and Windows 10 Enterprise
+# Operating system essentials (Surface Hub)
The Surface Hub operating system, Windows 10 Team, is based on Windows 10 Enterprise, providing rich support for enterprise management, security, and other features. However, there are important differences between them. While the Enterprise edition is designed for PCs, Windows 10 Team is designed from the ground up for large screens and meeting rooms. When you evaluate security and management requirements for Surface Hub, it's best to consider it as a new operating system. This article is designed to help highlight the key differences between Windows 10 Team on Surface Hub and Windows 10 Enterprise, and what the differences mean for your organization.
@@ -127,13 +127,13 @@ The administrative features in Windows 10 Enterprise, such as the Microsoft Mana
### Remote management and monitoring
-Surface Hub supports remote management through mobile device management (MDM), and monitoring through Operations Management Suite (OMS).
+Surface Hub supports remote management through mobile device management (MDM) solutions such as [Microsoft Intune](https://docs.microsoft.com/intune/) and monitoring through [Azure Monitor](https://azure.microsoft.com/services/monitor/).
*Organization policies that this may affect:* Surface Hub doesn't support installing Win32 agents required by most traditional PC management and monitoring tools, such as System Center Operations Manager.
-### Group policy
+### Group Policy
-Surface Hub does not support group policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
+Surface Hub does not support Windows Group Policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
*Organization policies that this may affect:* Use MDM to manage Surface Hub rather than group policy.
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
index c5b96ab0fe..5f16f8d171 100644
--- a/devices/surface-hub/docfx.json
+++ b/devices/surface-hub/docfx.json
@@ -14,7 +14,9 @@
"resource": [
{
"files": [
- "**/images/**"
+ "**/images/**",
+ "**/*.pptx",
+ "**/*.pdf"
],
"exclude": [
"**/obj/**"
@@ -22,15 +24,12 @@
}
],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.mktglfcycl": "manage",
- "author": "jdeckerms",
"ms.sitesec": "library",
- "ms.author": "jdecker",
"ms.date": "05/23/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx
new file mode 100644
index 0000000000..b06a6e8b44
Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx differ
diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx
new file mode 100644
index 0000000000..4fa5e3abd9
Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx differ
diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx
new file mode 100644
index 0000000000..210102de52
Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx differ
diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx
new file mode 100644
index 0000000000..6d39d374a7
Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx differ
diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf
new file mode 100644
index 0000000000..6c5b52d377
Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf differ
diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf
new file mode 100644
index 0000000000..ae296c8c08
Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf differ
diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf
new file mode 100644
index 0000000000..9f64a7c4f2
Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf differ
diff --git a/devices/surface-hub/downloads/QRCConnectYourPC.pdf b/devices/surface-hub/downloads/QRCConnectYourPC.pdf
new file mode 100644
index 0000000000..fbdb9d9164
Binary files /dev/null and b/devices/surface-hub/downloads/QRCConnectYourPC.pdf differ
diff --git a/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf
new file mode 100644
index 0000000000..62b86d2a00
Binary files /dev/null and b/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf differ
diff --git a/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf
new file mode 100644
index 0000000000..a6af26dcf9
Binary files /dev/null and b/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf differ
diff --git a/devices/surface-hub/downloads/QRCNavigationBasics.pdf b/devices/surface-hub/downloads/QRCNavigationBasics.pdf
new file mode 100644
index 0000000000..6d8eb75ad5
Binary files /dev/null and b/devices/surface-hub/downloads/QRCNavigationBasics.pdf differ
diff --git a/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf
new file mode 100644
index 0000000000..a33cf1b1e1
Binary files /dev/null and b/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf differ
diff --git a/devices/surface-hub/downloads/QRCShareSendFile.pdf b/devices/surface-hub/downloads/QRCShareSendFile.pdf
new file mode 100644
index 0000000000..56d5c9f8c2
Binary files /dev/null and b/devices/surface-hub/downloads/QRCShareSendFile.pdf differ
diff --git a/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf b/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf
new file mode 100644
index 0000000000..61caa64f94
Binary files /dev/null and b/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf differ
diff --git a/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf
new file mode 100644
index 0000000000..d7a7c89268
Binary files /dev/null and b/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf differ
diff --git a/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf b/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf
new file mode 100644
index 0000000000..aed2f55671
Binary files /dev/null and b/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf differ
diff --git a/devices/surface-hub/downloads/QRCWhiteboardTools.pdf b/devices/surface-hub/downloads/QRCWhiteboardTools.pdf
new file mode 100644
index 0000000000..c6dfcc3523
Binary files /dev/null and b/devices/surface-hub/downloads/QRCWhiteboardTools.pdf differ
diff --git a/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf b/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf
new file mode 100644
index 0000000000..79675aaaaa
Binary files /dev/null and b/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf differ
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf
new file mode 100644
index 0000000000..b8b6d804a9
Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf differ
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf
new file mode 100644
index 0000000000..9e3ac0aa01
Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf differ
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf
new file mode 100644
index 0000000000..a40bdf33d6
Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf differ
diff --git a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
index ea9a144cd0..b6fca3a49e 100644
--- a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
@@ -10,7 +10,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 375ee1686d..22cddbc67d 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -88,7 +88,7 @@ This screen is shown only if the device fails to detect a wired network. If you
- You can select one of the wireless networks shown. If the network is secured, you'll be taken to a login page. See [Wireless network setup](#wireless) for details.
- Click **Skip this step** to skip connecting to a network. You'll be taken to the [Set up for you page](#set-up-for-you).
>[!NOTE]
- >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
+ >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
@@ -123,7 +123,7 @@ This page will be shown when the device detects a wired connection with limited
- You can select a wireless network to use instead of the limited wired connection.
- You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you).
- **Note** If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
+ **Note** If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
@@ -149,7 +149,7 @@ When you click **Next**, the device will attempt to connect to the proxy server.
You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you).
>[!NOTE]
->If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
+>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
@@ -203,7 +203,7 @@ If you skip setting it up now, you can add a device account later by using the S
If you click **Skip setting up a device account**, the device will display a dialog box showing what will happen if the device doesn't have a device account. If you choose **Yes, skip this**, you will be sent to the [Name this device page](#name-this-device).
-
+
### What happens?
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index ab66d2931a..1b001aa627 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -59,7 +59,7 @@ Use this procedure if you use Exchange on-premises.
>
>msExchRecipientTypeDetails = 8589934592
-3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online.
+3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Microsoft 365 admin center and verify that the account created in the previous steps has merged to online.
4. Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
diff --git a/devices/surface-hub/images/01-diagnostic.png b/devices/surface-hub/images/01-diagnostic.png
new file mode 100644
index 0000000000..fde5951776
Binary files /dev/null and b/devices/surface-hub/images/01-diagnostic.png differ
diff --git a/devices/surface-hub/images/01-escape.png b/devices/surface-hub/images/01-escape.png
new file mode 100644
index 0000000000..badfc5883d
Binary files /dev/null and b/devices/surface-hub/images/01-escape.png differ
diff --git a/devices/surface-hub/images/02-all-apps.png b/devices/surface-hub/images/02-all-apps.png
new file mode 100644
index 0000000000..a29e9d8428
Binary files /dev/null and b/devices/surface-hub/images/02-all-apps.png differ
diff --git a/devices/surface-hub/images/02-skip-this-drive.png b/devices/surface-hub/images/02-skip-this-drive.png
new file mode 100644
index 0000000000..930f0b26d3
Binary files /dev/null and b/devices/surface-hub/images/02-skip-this-drive.png differ
diff --git a/devices/surface-hub/images/03-recover-from-cloud.png b/devices/surface-hub/images/03-recover-from-cloud.png
new file mode 100644
index 0000000000..be422cecc8
Binary files /dev/null and b/devices/surface-hub/images/03-recover-from-cloud.png differ
diff --git a/devices/surface-hub/images/03-welcome.png b/devices/surface-hub/images/03-welcome.png
new file mode 100644
index 0000000000..b71ebe0752
Binary files /dev/null and b/devices/surface-hub/images/03-welcome.png differ
diff --git a/devices/surface-hub/images/04-test-results-1.png b/devices/surface-hub/images/04-test-results-1.png
new file mode 100644
index 0000000000..e0b53f2dc3
Binary files /dev/null and b/devices/surface-hub/images/04-test-results-1.png differ
diff --git a/devices/surface-hub/images/04-yes.png b/devices/surface-hub/images/04-yes.png
new file mode 100644
index 0000000000..9c26b795ce
Binary files /dev/null and b/devices/surface-hub/images/04-yes.png differ
diff --git a/devices/surface-hub/images/05-test-results-2.png b/devices/surface-hub/images/05-test-results-2.png
new file mode 100644
index 0000000000..55b7c7abed
Binary files /dev/null and b/devices/surface-hub/images/05-test-results-2.png differ
diff --git a/devices/surface-hub/images/05a-reinstall.png b/devices/surface-hub/images/05a-reinstall.png
new file mode 100644
index 0000000000..60d90928ba
Binary files /dev/null and b/devices/surface-hub/images/05a-reinstall.png differ
diff --git a/devices/surface-hub/images/05b-downloading.png b/devices/surface-hub/images/05b-downloading.png
new file mode 100644
index 0000000000..59393e7162
Binary files /dev/null and b/devices/surface-hub/images/05b-downloading.png differ
diff --git a/devices/surface-hub/images/06-account-settings.png b/devices/surface-hub/images/06-account-settings.png
new file mode 100644
index 0000000000..35a92f2ff8
Binary files /dev/null and b/devices/surface-hub/images/06-account-settings.png differ
diff --git a/devices/surface-hub/images/06-out-of-box.png b/devices/surface-hub/images/06-out-of-box.png
new file mode 100644
index 0000000000..a513b46c5b
Binary files /dev/null and b/devices/surface-hub/images/06-out-of-box.png differ
diff --git a/devices/surface-hub/images/07-account-settings-details.png b/devices/surface-hub/images/07-account-settings-details.png
new file mode 100644
index 0000000000..421f372b03
Binary files /dev/null and b/devices/surface-hub/images/07-account-settings-details.png differ
diff --git a/devices/surface-hub/images/07-cancel.png b/devices/surface-hub/images/07-cancel.png
new file mode 100644
index 0000000000..a788960011
Binary files /dev/null and b/devices/surface-hub/images/07-cancel.png differ
diff --git a/devices/surface-hub/images/08-test-account.png b/devices/surface-hub/images/08-test-account.png
new file mode 100644
index 0000000000..d7cbf9620d
Binary files /dev/null and b/devices/surface-hub/images/08-test-account.png differ
diff --git a/devices/surface-hub/images/08-troubleshoot.png b/devices/surface-hub/images/08-troubleshoot.png
new file mode 100644
index 0000000000..d2af1969bd
Binary files /dev/null and b/devices/surface-hub/images/08-troubleshoot.png differ
diff --git a/devices/surface-hub/images/09-network.png b/devices/surface-hub/images/09-network.png
new file mode 100644
index 0000000000..d69f2d67ec
Binary files /dev/null and b/devices/surface-hub/images/09-network.png differ
diff --git a/devices/surface-hub/images/09-recover-from-cloud2.png b/devices/surface-hub/images/09-recover-from-cloud2.png
new file mode 100644
index 0000000000..64650a91bb
Binary files /dev/null and b/devices/surface-hub/images/09-recover-from-cloud2.png differ
diff --git a/devices/surface-hub/images/10-cancel.png b/devices/surface-hub/images/10-cancel.png
new file mode 100644
index 0000000000..ffef745522
Binary files /dev/null and b/devices/surface-hub/images/10-cancel.png differ
diff --git a/devices/surface-hub/images/10-environment.png b/devices/surface-hub/images/10-environment.png
new file mode 100644
index 0000000000..376e077249
Binary files /dev/null and b/devices/surface-hub/images/10-environment.png differ
diff --git a/devices/surface-hub/images/11-certificates.png b/devices/surface-hub/images/11-certificates.png
new file mode 100644
index 0000000000..13b45396b3
Binary files /dev/null and b/devices/surface-hub/images/11-certificates.png differ
diff --git a/devices/surface-hub/images/12-trust-model.png b/devices/surface-hub/images/12-trust-model.png
new file mode 100644
index 0000000000..996bb4fdd4
Binary files /dev/null and b/devices/surface-hub/images/12-trust-model.png differ
diff --git a/devices/surface-hub/images/2s-mount-pattern.png b/devices/surface-hub/images/2s-mount-pattern.png
new file mode 100644
index 0000000000..92262fb428
Binary files /dev/null and b/devices/surface-hub/images/2s-mount-pattern.png differ
diff --git a/devices/surface-hub/images/h2gen-platemount.png b/devices/surface-hub/images/h2gen-platemount.png
new file mode 100644
index 0000000000..4a8ca76fd4
Binary files /dev/null and b/devices/surface-hub/images/h2gen-platemount.png differ
diff --git a/devices/surface-hub/images/h2gen-railmount.png b/devices/surface-hub/images/h2gen-railmount.png
new file mode 100644
index 0000000000..0c8bf8ffb6
Binary files /dev/null and b/devices/surface-hub/images/h2gen-railmount.png differ
diff --git a/devices/surface-hub/images/hub2s-rear.png b/devices/surface-hub/images/hub2s-rear.png
new file mode 100644
index 0000000000..f30a81159c
Binary files /dev/null and b/devices/surface-hub/images/hub2s-rear.png differ
diff --git a/devices/surface-hub/images/hub2s-schematic.png b/devices/surface-hub/images/hub2s-schematic.png
new file mode 100644
index 0000000000..28c328a005
Binary files /dev/null and b/devices/surface-hub/images/hub2s-schematic.png differ
diff --git a/devices/surface-hub/images/sh2-account2.png b/devices/surface-hub/images/sh2-account2.png
new file mode 100644
index 0000000000..2a2267ab7c
Binary files /dev/null and b/devices/surface-hub/images/sh2-account2.png differ
diff --git a/devices/surface-hub/images/sh2-account3.png b/devices/surface-hub/images/sh2-account3.png
new file mode 100644
index 0000000000..b67ff0da37
Binary files /dev/null and b/devices/surface-hub/images/sh2-account3.png differ
diff --git a/devices/surface-hub/images/sh2-account4.png b/devices/surface-hub/images/sh2-account4.png
new file mode 100644
index 0000000000..7495f28607
Binary files /dev/null and b/devices/surface-hub/images/sh2-account4.png differ
diff --git a/devices/surface-hub/images/sh2-account5.png b/devices/surface-hub/images/sh2-account5.png
new file mode 100644
index 0000000000..3dc9061733
Binary files /dev/null and b/devices/surface-hub/images/sh2-account5.png differ
diff --git a/devices/surface-hub/images/sh2-add-group.png b/devices/surface-hub/images/sh2-add-group.png
new file mode 100644
index 0000000000..eb44ad8cf9
Binary files /dev/null and b/devices/surface-hub/images/sh2-add-group.png differ
diff --git a/devices/surface-hub/images/sh2-add-room.png b/devices/surface-hub/images/sh2-add-room.png
new file mode 100644
index 0000000000..c53ee340bc
Binary files /dev/null and b/devices/surface-hub/images/sh2-add-room.png differ
diff --git a/devices/surface-hub/images/sh2-apps-assign.png b/devices/surface-hub/images/sh2-apps-assign.png
new file mode 100644
index 0000000000..f6a91864c8
Binary files /dev/null and b/devices/surface-hub/images/sh2-apps-assign.png differ
diff --git a/devices/surface-hub/images/sh2-assign-group.png b/devices/surface-hub/images/sh2-assign-group.png
new file mode 100644
index 0000000000..a2d79bcd34
Binary files /dev/null and b/devices/surface-hub/images/sh2-assign-group.png differ
diff --git a/devices/surface-hub/images/sh2-cartridge.png b/devices/surface-hub/images/sh2-cartridge.png
new file mode 100644
index 0000000000..3c7a2e83be
Binary files /dev/null and b/devices/surface-hub/images/sh2-cartridge.png differ
diff --git a/devices/surface-hub/images/sh2-config-file.png b/devices/surface-hub/images/sh2-config-file.png
new file mode 100644
index 0000000000..d8293c8ff6
Binary files /dev/null and b/devices/surface-hub/images/sh2-config-file.png differ
diff --git a/devices/surface-hub/images/sh2-deploy-apps-sync.png b/devices/surface-hub/images/sh2-deploy-apps-sync.png
new file mode 100644
index 0000000000..060c29c17f
Binary files /dev/null and b/devices/surface-hub/images/sh2-deploy-apps-sync.png differ
diff --git a/devices/surface-hub/images/sh2-keepout-zones.png b/devices/surface-hub/images/sh2-keepout-zones.png
new file mode 100644
index 0000000000..bf318963df
Binary files /dev/null and b/devices/surface-hub/images/sh2-keepout-zones.png differ
diff --git a/devices/surface-hub/images/sh2-keypad.png b/devices/surface-hub/images/sh2-keypad.png
new file mode 100644
index 0000000000..595bb19341
Binary files /dev/null and b/devices/surface-hub/images/sh2-keypad.png differ
diff --git a/devices/surface-hub/images/sh2-mobile-stand.png b/devices/surface-hub/images/sh2-mobile-stand.png
new file mode 100644
index 0000000000..75c64f06f3
Binary files /dev/null and b/devices/surface-hub/images/sh2-mobile-stand.png differ
diff --git a/devices/surface-hub/images/sh2-mount-config.png b/devices/surface-hub/images/sh2-mount-config.png
new file mode 100644
index 0000000000..5cde6108a1
Binary files /dev/null and b/devices/surface-hub/images/sh2-mount-config.png differ
diff --git a/devices/surface-hub/images/sh2-onscreen-display.png b/devices/surface-hub/images/sh2-onscreen-display.png
new file mode 100644
index 0000000000..4605f50734
Binary files /dev/null and b/devices/surface-hub/images/sh2-onscreen-display.png differ
diff --git a/devices/surface-hub/images/sh2-pen-pressure.png b/devices/surface-hub/images/sh2-pen-pressure.png
new file mode 100644
index 0000000000..67054ca972
Binary files /dev/null and b/devices/surface-hub/images/sh2-pen-pressure.png differ
diff --git a/devices/surface-hub/images/sh2-pen.png b/devices/surface-hub/images/sh2-pen.png
new file mode 100644
index 0000000000..1a95b9581e
Binary files /dev/null and b/devices/surface-hub/images/sh2-pen.png differ
diff --git a/devices/surface-hub/images/sh2-ports.png b/devices/surface-hub/images/sh2-ports.png
new file mode 100644
index 0000000000..2d30422911
Binary files /dev/null and b/devices/surface-hub/images/sh2-ports.png differ
diff --git a/devices/surface-hub/images/sh2-proxy.png b/devices/surface-hub/images/sh2-proxy.png
new file mode 100644
index 0000000000..81946a9906
Binary files /dev/null and b/devices/surface-hub/images/sh2-proxy.png differ
diff --git a/devices/surface-hub/images/sh2-reset.png b/devices/surface-hub/images/sh2-reset.png
new file mode 100644
index 0000000000..06b306ec5d
Binary files /dev/null and b/devices/surface-hub/images/sh2-reset.png differ
diff --git a/devices/surface-hub/images/sh2-run1.png b/devices/surface-hub/images/sh2-run1.png
new file mode 100644
index 0000000000..15aa540166
Binary files /dev/null and b/devices/surface-hub/images/sh2-run1.png differ
diff --git a/devices/surface-hub/images/sh2-run10.png b/devices/surface-hub/images/sh2-run10.png
new file mode 100644
index 0000000000..5e980fa334
Binary files /dev/null and b/devices/surface-hub/images/sh2-run10.png differ
diff --git a/devices/surface-hub/images/sh2-run11.png b/devices/surface-hub/images/sh2-run11.png
new file mode 100644
index 0000000000..02362bc5da
Binary files /dev/null and b/devices/surface-hub/images/sh2-run11.png differ
diff --git a/devices/surface-hub/images/sh2-run12.png b/devices/surface-hub/images/sh2-run12.png
new file mode 100644
index 0000000000..f619ac4c42
Binary files /dev/null and b/devices/surface-hub/images/sh2-run12.png differ
diff --git a/devices/surface-hub/images/sh2-run13.png b/devices/surface-hub/images/sh2-run13.png
new file mode 100644
index 0000000000..77b9e3e2a6
Binary files /dev/null and b/devices/surface-hub/images/sh2-run13.png differ
diff --git a/devices/surface-hub/images/sh2-run14.png b/devices/surface-hub/images/sh2-run14.png
new file mode 100644
index 0000000000..d88ca872ca
Binary files /dev/null and b/devices/surface-hub/images/sh2-run14.png differ
diff --git a/devices/surface-hub/images/sh2-run2.png b/devices/surface-hub/images/sh2-run2.png
new file mode 100644
index 0000000000..fd379b2b05
Binary files /dev/null and b/devices/surface-hub/images/sh2-run2.png differ
diff --git a/devices/surface-hub/images/sh2-run3.png b/devices/surface-hub/images/sh2-run3.png
new file mode 100644
index 0000000000..8171beecbf
Binary files /dev/null and b/devices/surface-hub/images/sh2-run3.png differ
diff --git a/devices/surface-hub/images/sh2-run4.png b/devices/surface-hub/images/sh2-run4.png
new file mode 100644
index 0000000000..1a132dfebb
Binary files /dev/null and b/devices/surface-hub/images/sh2-run4.png differ
diff --git a/devices/surface-hub/images/sh2-run5.png b/devices/surface-hub/images/sh2-run5.png
new file mode 100644
index 0000000000..ebfe53f3cb
Binary files /dev/null and b/devices/surface-hub/images/sh2-run5.png differ
diff --git a/devices/surface-hub/images/sh2-run6.png b/devices/surface-hub/images/sh2-run6.png
new file mode 100644
index 0000000000..896531f4ec
Binary files /dev/null and b/devices/surface-hub/images/sh2-run6.png differ
diff --git a/devices/surface-hub/images/sh2-run7.png b/devices/surface-hub/images/sh2-run7.png
new file mode 100644
index 0000000000..59e60d84de
Binary files /dev/null and b/devices/surface-hub/images/sh2-run7.png differ
diff --git a/devices/surface-hub/images/sh2-run8.png b/devices/surface-hub/images/sh2-run8.png
new file mode 100644
index 0000000000..ec2daf8e4f
Binary files /dev/null and b/devices/surface-hub/images/sh2-run8.png differ
diff --git a/devices/surface-hub/images/sh2-run9.png b/devices/surface-hub/images/sh2-run9.png
new file mode 100644
index 0000000000..5bd3abea88
Binary files /dev/null and b/devices/surface-hub/images/sh2-run9.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune1.png b/devices/surface-hub/images/sh2-set-intune1.png
new file mode 100644
index 0000000000..9993225210
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune1.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune3.png b/devices/surface-hub/images/sh2-set-intune3.png
new file mode 100644
index 0000000000..f931d828fc
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune3.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune5.png b/devices/surface-hub/images/sh2-set-intune5.png
new file mode 100644
index 0000000000..9afb1c1445
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune5.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune6.png b/devices/surface-hub/images/sh2-set-intune6.png
new file mode 100644
index 0000000000..155cbb9930
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune6.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune8.png b/devices/surface-hub/images/sh2-set-intune8.png
new file mode 100644
index 0000000000..a8d9bfe874
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune8.png differ
diff --git a/devices/surface-hub/images/sh2-setup-1.png b/devices/surface-hub/images/sh2-setup-1.png
new file mode 100644
index 0000000000..1204020f9f
Binary files /dev/null and b/devices/surface-hub/images/sh2-setup-1.png differ
diff --git a/devices/surface-hub/images/sh2-setup-2.png b/devices/surface-hub/images/sh2-setup-2.png
new file mode 100644
index 0000000000..0d6501782b
Binary files /dev/null and b/devices/surface-hub/images/sh2-setup-2.png differ
diff --git a/devices/surface-hub/images/sh2-setup-3.png b/devices/surface-hub/images/sh2-setup-3.png
new file mode 100644
index 0000000000..2b827f4405
Binary files /dev/null and b/devices/surface-hub/images/sh2-setup-3.png differ
diff --git a/devices/surface-hub/images/sh2-setup-4.png b/devices/surface-hub/images/sh2-setup-4.png
new file mode 100644
index 0000000000..0825dadce4
Binary files /dev/null and b/devices/surface-hub/images/sh2-setup-4.png differ
diff --git a/devices/surface-hub/images/sh2-thermal-audio.png b/devices/surface-hub/images/sh2-thermal-audio.png
new file mode 100644
index 0000000000..5d9640df9b
Binary files /dev/null and b/devices/surface-hub/images/sh2-thermal-audio.png differ
diff --git a/devices/surface-hub/images/sh2-token.png b/devices/surface-hub/images/sh2-token.png
new file mode 100644
index 0000000000..115153a767
Binary files /dev/null and b/devices/surface-hub/images/sh2-token.png differ
diff --git a/devices/surface-hub/images/sh2-token2.png b/devices/surface-hub/images/sh2-token2.png
new file mode 100644
index 0000000000..324bc27f63
Binary files /dev/null and b/devices/surface-hub/images/sh2-token2.png differ
diff --git a/devices/surface-hub/images/sh2-token3.png b/devices/surface-hub/images/sh2-token3.png
new file mode 100644
index 0000000000..04e173d391
Binary files /dev/null and b/devices/surface-hub/images/sh2-token3.png differ
diff --git a/devices/surface-hub/images/sh2-uefi1.png b/devices/surface-hub/images/sh2-uefi1.png
new file mode 100644
index 0000000000..ecb5aad455
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi1.png differ
diff --git a/devices/surface-hub/images/sh2-uefi10.png b/devices/surface-hub/images/sh2-uefi10.png
new file mode 100644
index 0000000000..eafc0617a2
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi10.png differ
diff --git a/devices/surface-hub/images/sh2-uefi2.png b/devices/surface-hub/images/sh2-uefi2.png
new file mode 100644
index 0000000000..8dbcb3df84
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi2.png differ
diff --git a/devices/surface-hub/images/sh2-uefi3.png b/devices/surface-hub/images/sh2-uefi3.png
new file mode 100644
index 0000000000..f9b0fdb754
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi3.png differ
diff --git a/devices/surface-hub/images/sh2-uefi4.png b/devices/surface-hub/images/sh2-uefi4.png
new file mode 100644
index 0000000000..ae6f427772
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi4.png differ
diff --git a/devices/surface-hub/images/sh2-uefi5.png b/devices/surface-hub/images/sh2-uefi5.png
new file mode 100644
index 0000000000..18a780074f
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi5.png differ
diff --git a/devices/surface-hub/images/sh2-uefi6.png b/devices/surface-hub/images/sh2-uefi6.png
new file mode 100644
index 0000000000..7b4390574a
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi6.png differ
diff --git a/devices/surface-hub/images/sh2-uefi7.png b/devices/surface-hub/images/sh2-uefi7.png
new file mode 100644
index 0000000000..0302b41a43
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi7.png differ
diff --git a/devices/surface-hub/images/sh2-uefi8.png b/devices/surface-hub/images/sh2-uefi8.png
new file mode 100644
index 0000000000..c5ccc27628
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi8.png differ
diff --git a/devices/surface-hub/images/sh2-uefi9.png b/devices/surface-hub/images/sh2-uefi9.png
new file mode 100644
index 0000000000..4747c398c8
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi9.png differ
diff --git a/devices/surface-hub/images/sh2-wall-front.png b/devices/surface-hub/images/sh2-wall-front.png
new file mode 100644
index 0000000000..349e124bb0
Binary files /dev/null and b/devices/surface-hub/images/sh2-wall-front.png differ
diff --git a/devices/surface-hub/images/sh2-wall-side.png b/devices/surface-hub/images/sh2-wall-side.png
new file mode 100644
index 0000000000..f09cbda81e
Binary files /dev/null and b/devices/surface-hub/images/sh2-wall-side.png differ
diff --git a/devices/surface-hub/images/sh2-wcd.png b/devices/surface-hub/images/sh2-wcd.png
new file mode 100644
index 0000000000..8a945dfca4
Binary files /dev/null and b/devices/surface-hub/images/sh2-wcd.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-1.png b/devices/surface-hub/images/surface-hub-2s-repack-1.png
new file mode 100644
index 0000000000..cab6f33cb7
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-1.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-10.png b/devices/surface-hub/images/surface-hub-2s-repack-10.png
new file mode 100644
index 0000000000..7f3c6ab51c
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-10.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-11.png b/devices/surface-hub/images/surface-hub-2s-repack-11.png
new file mode 100644
index 0000000000..0e0485056a
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-11.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-12.png b/devices/surface-hub/images/surface-hub-2s-repack-12.png
new file mode 100644
index 0000000000..7032cbc1b7
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-12.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-13.png b/devices/surface-hub/images/surface-hub-2s-repack-13.png
new file mode 100644
index 0000000000..465ce22bee
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-13.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-2.png b/devices/surface-hub/images/surface-hub-2s-repack-2.png
new file mode 100644
index 0000000000..f8fbc235b6
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-2.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-3.png b/devices/surface-hub/images/surface-hub-2s-repack-3.png
new file mode 100644
index 0000000000..e270326ab9
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-3.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-4.png b/devices/surface-hub/images/surface-hub-2s-repack-4.png
new file mode 100644
index 0000000000..42bc3a0389
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-4.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-5.png b/devices/surface-hub/images/surface-hub-2s-repack-5.png
new file mode 100644
index 0000000000..d6457cd161
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-5.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-6.png b/devices/surface-hub/images/surface-hub-2s-repack-6.png
new file mode 100644
index 0000000000..73b8a14630
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-6.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-7.png b/devices/surface-hub/images/surface-hub-2s-repack-7.png
new file mode 100644
index 0000000000..54a20e2257
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-7.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-8.png b/devices/surface-hub/images/surface-hub-2s-repack-8.png
new file mode 100644
index 0000000000..f2dcac60ed
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-8.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-9.png b/devices/surface-hub/images/surface-hub-2s-repack-9.png
new file mode 100644
index 0000000000..c067cbf1d8
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-9.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png b/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png
new file mode 100644
index 0000000000..10530cba1e
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png b/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png
new file mode 100644
index 0000000000..119dc21a5a
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png
new file mode 100644
index 0000000000..ceebc3d5fd
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png
new file mode 100644
index 0000000000..77ab33c1d5
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png
new file mode 100644
index 0000000000..3cf6d0ec62
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png
new file mode 100644
index 0000000000..d44ad9d37c
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png
new file mode 100644
index 0000000000..ffbec86f57
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png
new file mode 100644
index 0000000000..90ddf71366
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png
new file mode 100644
index 0000000000..5020d16853
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png
new file mode 100644
index 0000000000..9ea535dff4
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png
new file mode 100644
index 0000000000..1a64ae0ebb
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png
new file mode 100644
index 0000000000..9d9bc52c66
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png differ
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index 87ed316360..3383f10f91 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -1,59 +1,180 @@
---
-title: Microsoft Surface Hub admin guide
-description: Documents related to the Microsoft Surface Hub.
-ms.assetid: 69C99E91-1441-4318-BCAF-FE8207420555
+title: Surface Hub
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+layout: LandingPage
ms.prod: surface-hub
-ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
-ms.topic: article
-ms.date: 09/07/2017
-ms.localizationpriority: medium
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: landing-page
+description: "Get started with Microsoft Surface Hub."
+---
+# Get started with Surface Hub
+
+Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device that brings the power of Windows 10 to team collaboration. Use the links below to learn how to plan, deploy, manage, and support your Surface Hub devices.
+
+
+
---
-# Microsoft Surface Hub admin guide
-
-> [Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf)
->
-> [Looking for the user's guide for Surface Hub?](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf)
-
-
-
Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. The documentation in this library describes what needs to be done both before and during setup in order to help you optimize your use of the device.
-
-
-## Surface Hub setup process
-
-In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need:
-
-1. [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md)
-2. [Gather the information listed in the Setup worksheet](setup-worksheet-surface-hub.md)
-2. [Physically install your Surface Hub device](physically-install-your-surface-hub-device.md)
-3. [Run the Surface Hub first-run setup program (OOBE)](first-run-program-surface-hub.md)
-
-
-
-## In this section
-
-| Topic | Description |
-|---------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md) | Discover the changes and improvements for Microsoft Surface Hub in the Windows 10, version 1703 release (also known as Creators Update). |
-| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. |
-| [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) | This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. |
-| [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) | Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. |
-| [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. |
-| [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | |
-| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. |
-| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. |
-| [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. |
-| [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. |
-| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents. |
-| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation library. |
-
-## Additional resources
-
-- [Surface Hub update history](https://support.microsoft.com/help/4037666/surface-surface-hub-update-history)
-- [Surface Hub help](https://support.microsoft.com/hub/4343507/surface-hub-help)
-- [Surface IT Pro Blog](https://blogs.technet.microsoft.com/surface/)
-- [Surface Playlist of videos](https://www.youtube.com/playlist?list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ)
-- [Microsoft Surface on Twitter](https://twitter.com/surface)
-
+
\ No newline at end of file
diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md
index e19bfc00dd..20c6c45925 100644
--- a/devices/surface-hub/install-apps-on-surface-hub.md
+++ b/devices/surface-hub/install-apps-on-surface-hub.md
@@ -12,6 +12,7 @@ ms.author: dansimp
ms.topic: article
ms.date: 10/23/2018
ms.localizationpriority: medium
+audience: ITPro
---
# Install apps on your Microsoft Surface Hub
@@ -19,9 +20,9 @@ ms.localizationpriority: medium
You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario.
A few things to know about apps on Surface Hub:
-- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. See a [list of apps that work with Surface Hub](https://support.microsoft.com/help/4040382/surface-Apps-that-work-with-Microsoft-Surface-Hub).
+- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub.
- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family.
-- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from Microsoft Store for Business.
+- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from [Microsoft Store for Business](https://businessstore.microsoft.com/store).
- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
- When submitting an app to the Microsoft Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
- You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Microsoft Store to download and install apps.
@@ -39,10 +40,10 @@ By enabling developer mode, you can also install developer-signed UWP apps.
> After developer mode has been enabled, you will need to reset the Surface Hub to disable it. Resetting the device removes all local user files and configurations and then reinstalls Windows.
**To turn on developer mode**
-1. From your Surface Hub, start **Settings**.
-2. Type the device admin credentials when prompted.
-3. Navigate to **Update & security** > **For developers**.
-4. Select **Developer mode** and accept the warning prompt.
+1. From your Surface Hub, start **Settings**.
+2. Type the device admin credentials when prompted.
+3. Navigate to **Update & security** > **For developers**.
+4. Select **Developer mode** and accept the warning prompt.
### Visual Studio
During development, the easiest way to test your app on a Surface Hub is using Visual Studio. Visual Studio's remote debugging feature helps you discover issues in your app before deploying it broadly. For more information, see [Test Surface Hub apps using Visual Studio](https://msdn.microsoft.com/windows/uwp/debug-test-perf/test-surface-hub-apps-using-visual-studio).
@@ -101,10 +102,10 @@ To evaluate apps released on the Microsoft Store, use the Microsoft Store app on
> - To install apps, you will need to manually sign in to the Microsoft Store app on each Surface Hub you own.
**To browse the Microsoft Store on Surface Hub**
-1. From your Surface Hub, start **Settings**.
-2. Type the device admin credentials when prompted.
-3. Navigate to **This device** > **Apps & features**.
-4. Select **Open Store**.
+1. From your Surface Hub, start **Settings**.
+2. Type the device admin credentials when prompted.
+3. Navigate to **This device** > **Apps & features**.
+4. Select **Open Store**.
### Download app packages from Microsoft Store for Business
To download the app package you need to install apps on your Surface Hub, visit the [Microsoft Store for Business](https://www.microsoft.com/business-store). The Store for Business is where you can find, acquire, and manage apps for the Windows 10 devices in your organization, including Surface Hub.
@@ -158,7 +159,7 @@ To deploy apps to a large number of Surface Hubs in your organization, use a sup
## Summary
-There are a few different ways to install apps on your Surface Hub depending on whether you are developing apps, evaluating apps on a small number of devices, or deploying apps broadly to your oganization. This table summarizes the supported methods:
+There are a few different ways to install apps on your Surface Hub depending on whether you are developing apps, evaluating apps on a small number of devices, or deploying apps broadly to your organization. This table summarizes the supported methods:
| Install method | Developing apps | Evaluating apps on a few devices | Deploying apps broadly to your organization |
| -------------------------- | --------------- | ------------------------------------- | ---------------------- |
diff --git a/devices/surface-hub/juneworkspace.code-workspace b/devices/surface-hub/juneworkspace.code-workspace
new file mode 100644
index 0000000000..f23e17c3ca
--- /dev/null
+++ b/devices/surface-hub/juneworkspace.code-workspace
@@ -0,0 +1,11 @@
+{
+ "folders": [
+ {
+ "path": "C:\\github\\windows-docs-pr"
+ },
+ {
+ "path": "."
+ }
+ ],
+ "settings": {}
+}
\ No newline at end of file
diff --git a/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md
new file mode 100644
index 0000000000..93c56d4e28
--- /dev/null
+++ b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md
@@ -0,0 +1,28 @@
+---
+title: Known issues and additional information about Microsoft Surface Hub
+description: Outlines known issues with Microsoft Surface Hub.
+ms.assetid: aee90a0c-fb05-466e-a2b1-92de89d0f2b7
+ms.reviewer:
+manager:
+keywords: surface, hub, issues
+ms.prod: surface-hub
+ms.sitesec: library
+author: todmccoy
+ms.author: v-todmc
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Known issues and additional information about Microsoft Surface Hub
+
+We're listening. Quality is a top priority, and we want to keep you informed about issues impacting customers. The following are some known issues of Microsoft Surface Hub:
+
+- **Skype for Business isn't using proxy for media traffic with RS2**
+ For some Surface Hub users who are behind a proxy, Skype for Business won't use the proxy server for media. However, the Surface Hub will be able to sign in to the account. We received your feedback and are aware of the media traffic issue when you are using proxy. We're actively investigating this issue and will release fixes as soon as a solution is identified and tested.
+
+- **For AAD joined devices, when a user tries to sign in to "My meetings & files", Surface Hub reports that there is no Internet connection**
+ We’re aware of a set of issues that affect sign-in and document access on Surface Hub. We're actively investigating these issues. As a workaround until a resolution is released, customers can reset their devices and set up their Hub to use a local admin account. After reconfiguring to use the local admin account, "My meetings and files" will work as expected.
+- **Single sign-in when Azure AD joined**
+ Surface Hub was designed for communal spaces, which impacts the way user credentials are stored. Because of this, there are currently limitations in how single sign-in works when devices are Azure AD joined. Microsoft is aware of this limitation and is actively investigating options for a resolution.
+- **Miracast over Infrastructure projection to Surface Hub fails if the Surface Hub has a dot character (.) in the friendly name**
+ Surface Hub users may experience issues projecting to their device if the Friendly Name includes a period or dot in the name (.) -- for example, "Conf.Room42". To work around the issue, change the Friendly Name of the Hub in **Settings** > **Surface Hub** > **About**, and then restart the device. Microsoft is working on a solution to this issue.
\ No newline at end of file
diff --git a/devices/surface-hub/local-management-surface-hub-settings.md b/devices/surface-hub/local-management-surface-hub-settings.md
index 145254f089..810691dfe8 100644
--- a/devices/surface-hub/local-management-surface-hub-settings.md
+++ b/devices/surface-hub/local-management-surface-hub-settings.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 07/08/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
@@ -29,7 +29,6 @@ Surface Hubs have many settings that are common to other Windows devices, but al
| Change admin account password | Surface Hub > Accounts | Change the password for the local admin account. This is only available if you configured the device to use a local admin during first run. |
| Device Management | Surface Hub > Device management | Manage policies and business applications using mobile device management (MDM). |
| Provisioning packages | Surface Hub > Device management | Set or change provisioning packages installed on the Surface Hub. |
-| Configure Operations Management Suite (OMS) | Surface Hub > Device management | Set up monitoring for your Surface Hub using OMS. |
| Open the Microsoft Store app | Surface Hub > Apps & features | The Microsoft Store app is only available to admins through the Settings app. |
| Skype for Business domain name | Surface Hub > Calling & Audio | Configure a domain name for your Skype for Business server. |
| Default Speaker volume | Surface Hub > Calling & Audio | Configure the default speaker volume for the Surface Hub when it starts a session. |
diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index a7c90874f6..96577828d5 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -140,7 +140,7 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
|-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*``* See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes |
+| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | Yes | Yes | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
index 9592956238..01c378c14a 100644
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@@ -10,7 +10,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 11/03/2017
+ms.date: 06/20/2019
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md
index e6875a375d..1b09f33999 100644
--- a/devices/surface-hub/miracast-over-infrastructure.md
+++ b/devices/surface-hub/miracast-over-infrastructure.md
@@ -6,7 +6,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 08/03/2017
+ms.date: 06/20/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
diff --git a/devices/surface-hub/miracast-troubleshooting.md b/devices/surface-hub/miracast-troubleshooting.md
index ea5e25e1b7..9517857676 100644
--- a/devices/surface-hub/miracast-troubleshooting.md
+++ b/devices/surface-hub/miracast-troubleshooting.md
@@ -6,7 +6,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md
index cb09128a97..e90e7d8f95 100644
--- a/devices/surface-hub/monitor-surface-hub.md
+++ b/devices/surface-hub/monitor-surface-hub.md
@@ -95,10 +95,10 @@ This table describes the sample queries in the Surface Hub solution:
| Hardware | Error | **Contact Microsoft support**. Indicates impact to core functionality (such as Skype, projection, touch, and internet connectivity). **Note** Some events, including heartbeat, include the device’s serial number that you can use when contacting support.| Triggers when there is an error with any of the following hardware components. **Components that affect Skype**: - Speaker driver - Microphone driver - Camera driver **Components that affect wired and wireless projection**: - Wired touchback driver - Wired ingest driver - Wireless adapter driver - Wi-Fi Direct error **Other components**: - Touch digitizer driver - Network adapter error (not reported to OMS)|
**To set up an alert**
-1. From the Surface Hub solution, select one of the sample queries.
-2. Modify the query as desired. See Log Analytics search reference to learn more.
-3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See [Alerts in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-alerts/) for details on the options to configure the alert.
-4. Click **Save** to complete the alert rule. It will start running immediately.
+1. From the Surface Hub solution, select one of the sample queries.
+2. Modify the query as desired. See Log Analytics search reference to learn more.
+3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See [Alerts in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-alerts/) for details on the options to configure the alert.
+4. Click **Save** to complete the alert rule. It will start running immediately.
## Enroll your Surface Hub
@@ -138,7 +138,7 @@ You'll need the workspace ID and primary key of your OMS workspace. You can get
A confirmation dialog will appear telling you whether or not the OMS configuration was successfully applied to the device. If it was, the device will start sending data to OMS.
### Enroll using a provisioning package
-You can use a provisioning package to enroll your Surface Hub. For more infomation, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
+You can use a provisioning package to enroll your Surface Hub. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
### Enroll using a MDM provider
You can enroll Surface Hub into OMS using the SurfaceHub CSP. Intune and Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. For more information, see [Manage Surface Hub settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index f9377b503f..d5c4c22cea 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -29,7 +29,7 @@ Review these dependencies to make sure Surface Hub features will work in your IT
| Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync |
Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.
ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled. |
| Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.|
| Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. |
-| Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
+| Microsoft Operations Management Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
| Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1X Authentication is supported for both wired and wireless connections.**802.1X authentication:** In Windows 10, version 1703, 802.1X authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1X authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1X authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1X authentication will start working automatically.**Note:** For more information on enabling 802.1X wired authentication on Surface Hub, see [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md).**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. |
Additionally, note that Surface Hub requires the following open ports:
diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md
index 69b0a020b2..acd4207515 100644
--- a/devices/surface-hub/save-bitlocker-key-surface-hub.md
+++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md
@@ -10,7 +10,7 @@ ms.sitesec: library
author: levinec
ms.author: ellevin
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 07/08/2019
ms.localizationpriority: medium
---
@@ -27,7 +27,7 @@ There are several ways to manage your BitLocker key on the Surface Hub.
2. If you’ve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device.
-3. If you’re using an admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
+3. If you’re using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
## Related topics
diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md
index 54624e80a0..46479063ed 100644
--- a/devices/surface-hub/setup-worksheet-surface-hub.md
+++ b/devices/surface-hub/setup-worksheet-surface-hub.md
@@ -10,7 +10,7 @@ ms.sitesec: library
author: levinec
ms.author: ellevin
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md
index 53922be017..c60e7826dc 100644
--- a/devices/surface-hub/skype-hybrid-voice.md
+++ b/devices/surface-hub/skype-hybrid-voice.md
@@ -80,14 +80,14 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option
Set-Mailbox surfacehub2@adatum.com -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
```
-10. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties can be set in [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md). The following cmdlets provide an example of setting Exchange properties.
+10. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties can be set in [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md). The following cmdlets provide an example of setting Exchange properties.
```
Set-CalendarProcessing surfacehub2@adatum.com -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Set-CalendarProcessing surfacehub2@adatum.com -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
-11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the acount as a meeting device.
+11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the account as a meeting device.
```
Get-CsTenant | select registrarpool
diff --git a/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md
new file mode 100644
index 0000000000..1ec6740c76
--- /dev/null
+++ b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md
@@ -0,0 +1,42 @@
+---
+title: Surface Hub may install updates and restart outside maintenance hours
+description: troubleshooting information for Surface Hub regarding automatic updates
+ms.assetid: 6C09A9F8-F9CF-4491-BBFB-67A1A1DED0AA
+ms.reviewer:
+manager:
+keywords: surface hub, maintenance window, update
+ms.prod: surface-hub
+ms.sitesec: library
+author: Teresa-MOTIV
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Surface Hub may install updates and restart outside maintenance hours
+
+Under specific circumstances, Surface Hub installs updates during business hours instead of during the regular maintenance window. The device then restarts if it is necessary. You cannot use the device until the process is completed.
+
+> [!NOTE]
+> This isn't expected behavior for missing a maintenance window. It occurs only if the device is out-of-date for a long time.
+
+## Cause
+To ensure that Surface Hub remains available for use during business hours, the Hub is configured to perform administrative functions during a maintenance window that is defined in Settings (see "References," below). During this maintenance period, the Hub automatically installs any available updates through Windows Update or Windows Server Update Service (WSUS). Once updates are complete, the Hub may restart.
+
+Updates can be installed during the maintenance window only if the Surface Hub is turned on but not in use or reserved. For example, if the Surface Hub is scheduled for a meeting that lasts 24 hours, any updates that are scheduled to be installed will be deferred until the Hub is available during the next maintenance window. If the Hub continues to be busy and misses multiple maintenance windows, the Hub will eventually begin to install and download updates. This can occur during or outside the maintenance window. Once the download and installation has begun, the device may restart.
+
+## To avoid this issue
+
+It's important that you set aside maintenance time for Surface Hub to perform administrative functions. Reserving the Surface Hub for 24 hour intervals or using the device during the maintenance window delays installing updates. We recommend that you not use or reserve the Hub during scheduled maintenance period. A two-hour window should be reserved for updating.
+
+One option that you can use to control the availability of updates is Windows Server Update Service (WSUS). WSUS provides control over what updates are installed and when.
+
+## References
+
+[Update the Surface Hub](first-run-program-surface-hub.md#update-the-surface-hub)
+
+[Maintenance window](manage-windows-updates-for-surface-hub.md#maintenance-window)
+
+[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](/windows/deployment/update/waas-manage-updates-wsus)
+
+
diff --git a/devices/surface-hub/surface-hub-2s-account.md b/devices/surface-hub/surface-hub-2s-account.md
new file mode 100644
index 0000000000..a3889dc678
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-account.md
@@ -0,0 +1,93 @@
+---
+title: "Create Surface Hub 2S device account"
+description: "This page describes the procedure for creating the Surface Hub 2S device account."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Create Surface Hub 2S device account
+
+Creating a Surface Hub device account (also known as a Room mailbox) allows Surface Hub 2S to receive, approve, or decline meeting requests and join meetings using Microsoft Teams or Skype for Business. Configure the device account during OOBE setup. If needed you can change it later (without going through OOBE setup).
+
+Unlike standard Room mailboxes that remain disabled by default, you need to enable the Surface Hub 2S device account to sign on to Microsoft Teams and Skype for Business. Surface Hub 2S relies on Exchange ActiveSync, which requires an ActiveSync mailbox policy on the device account. Apply the default ActiveSync mailbox policy that comes with Exchange Online.
+
+Create the account using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including:
+
+- Calendar processing for every Surface Hub device account.
+- Custom auto replies to scheduling requests.
+- If the default ActiveSync mailbox policy has already been modified by someone else or another process, you will likely have to create and assign a new ActiveSync mailbox policy
+
+## Create account using Microsoft 365 admin center
+
+1. In the Microsoft 365 admin center, go to **Resources** and choose **Rooms & Equipment** and then select **+ Room**.
+
+2. Provide a name and email address for the device account. Leave remaining settings unchanged in the default state.
+
+
+
+
+
+3. Set the password for the device account. Ensure that you **do not** select the option **Make this user change their password when they first sign in.**
+
+
+
+4. Assign the room with an Office 365 license. It’s recommended to assign the Office 365 **Meeting Room** license, a new option that automatically enables the account for Skype for Business Online and Microsoft Teams.
+
+
+
+### Finalize setup via PowerShell
+
+- **Skype for Business:** For Skype for Business only (on-premises or online), you can enable the Skype for Business object by running **Enable-CsMeetingRoom** to enable features such as Meeting room prompt for audio and Lobby hold.
+
+- **Calendar:** Set **Calendar Auto processing** for this account.
+
+## Create account using PowerShell
+Instead of using the Microsoft Admin Center portal, you can create the account using PowerShell.
+
+### Connect to Exchange Online PowerShell
+```
+$365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential (Get-Credential) -Authentication Basic –AllowRedirection $ImportResults = Import-PSSession $365Session
+```
+
+### Create a new Room Mailbox
+
+```
+New-Mailbox -MicrosoftOnlineServicesID account@YourDomain.com -Alias SurfaceHub2S -Name SurfaceHub2S -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String "" -AsPlainText -Force)
+```
+
+### Set Calendar Auto processing
+
+```
+Set-CalendarProcessing -Identity "account@YourDomain.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
+```
+
+### Assign a license
+
+```
+Connect-MsolService
+Set-Msoluser -UserPrincipalName account@YourDomain.com -UsageLocation IE
+Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "contoso:MEETING_ROOM"
+```
+
+## Connect to Skype for Business Online using PowerShell
+
+### Install prerequisites
+
+- [Visual C++ 2017 Redistributable](https://aka.ms/vs/15/release/vc_redist.x64.exe)
+- [Skype for Business Online PowerShell Module](https://www.microsoft.com/en-us/download/confirmation.aspx?id=39366)
+
+```
+Import-Module LyncOnlineConnector
+$SfBSession = New-CsOnlineSession -Credential (Get-Credential)
+Import-PSSession $SfBSession -AllowClobber
+Enable the Skype for Business meeting room
+Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPoo(Get-CsTenant).Registrarpool -SipAddressType EmailAddress
+```
diff --git a/devices/surface-hub/surface-hub-2s-adoption-kit.md b/devices/surface-hub/surface-hub-2s-adoption-kit.md
new file mode 100644
index 0000000000..d2d06415f6
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-adoption-kit.md
@@ -0,0 +1,52 @@
+---
+title: "Surface Hub 2S adoption toolkit"
+description: "Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 07/18/2019
+ms.localizationpriority: Normal
+---
+
+# Surface Hub 2S adoption toolkit
+
+Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S.
+
+## Training guides
+
+- [Surface Hub adoption toolkit](downloads/SurfaceHubAdoptionToolKit.pdf)
+- [Training guide – end user](downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf)
+- [Training guide – power user](downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf)
+- [Training guide – help desk](downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf)
+- [Training guide – Microsoft Teams desktop](downloads/Guide-SurfaceHub2S-Teams.pptx)
+
+[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
+
+[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
+
+## End user guides
+
+- [Guide to Navigation on Surface Hub](downloads/Guide-SurfaceHub2S-Navigation.pptx)
+- [Guide to Office 365 on Surface Hub](downloads/Guide-SurfaceHub2S-Office365.pptx)
+- [Guide to Microsoft Whiteboard on Surface Hub](downloads/Guide-SurfaceHub2S-Whiteboard.pptx)
+- [Guide to Microsoft Teams on Surface Hub](downloads/Guide-SurfaceHub2S-Teams.pptx)
+
+## Quick reference cards
+
+- [Connect your PC](downloads/QRCConnectYourPC.pdf)
+- [Join a Teams Meeting](downloads/QRCJoinTeamsMeeting.pdf)
+- [Manage a Teams meeting](downloads/QRCManageTeamsMeeting.pdf)
+- [Navigation basics](downloads/QRCNavigationBasics.pdf)
+- [Schedule a Teams meeting](downloads/QRCScheduleTeamsMeeting.pdf)
+- [Start a new Teams meeting](downloads/QRCStartNewTeamsMeeting.pdf)
+- [Share or send a file](downloads/QRCShareSendFile.pdf)
+- [Sign in to view meetings and files](downloads/QRCSignInToViewMeetingsFiles.pdf)
+- [Whiteboard advanced](downloads/QRCWhiteboardAdvanced.pdf)
+- [Whiteboard tools](downloads/QRCWhiteboardTools.pdf)
+
+[Download all user guides and quick reference cards](http://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)
diff --git a/devices/surface-hub/surface-hub-2s-change-history.md b/devices/surface-hub/surface-hub-2s-change-history.md
new file mode 100644
index 0000000000..26771c0fb6
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-change-history.md
@@ -0,0 +1,33 @@
+---
+title: "Change history for Surface Hub 2S"
+description: "This page shows change history for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+audience: Admin
+ms.manager: laurawi
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Change history for Surface Hub 2S
+
+This topic summarizes new and updated content in the Surface Hub 2S documentation library.
+
+## July 2019
+
+Changes | Description
+|:--- |:--- |
+| Reset and recovery for Surface Hub 2S | Added link to Surface recovery website that enables customers to download a recovery image for Surface Hub 2S |
+| Surface Hub 2S tech specs | Updated power consumption data |
+| Surface Hub 2S Adoption Kit | New |
+
+
+## June 2019
+
+Changes | Description
+|:--- |:--- |
+| Published new guidance for Surface Hub 2S | New |
diff --git a/devices/surface-hub/surface-hub-2s-connect.md b/devices/surface-hub/surface-hub-2s-connect.md
new file mode 100644
index 0000000000..30eb0d5579
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-connect.md
@@ -0,0 +1,102 @@
+---
+title: "Connect devices to Surface Hub 2S"
+description: "This page explains how to connect external devices to Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Connect devices to Surface Hub 2S
+
+Surface Hub 2S lets you connect external devices, mirror the display on Surface Hub 2S to another device, and connect a wide variety of third-party peripherals including video conference cameras, conference phones, and room system devices.
+
+## Connect external PCs and related devices
+
+You can display content from your devices to Surface Hub 2S. If the source device is Windows-based, that device can also provide TouchBack and InkBack, which takes video and audio from the connected device and presents them on Surface Hub 2S. If Surface Hub 2S encounters a High-Bandwidth Digital Content Protection (HDCP) signal, such as a Blu-ray DVD player, the source is displayed as a black image.
+
+> [!NOTE]
+> Surface Hub 2S uses the video input selected until a new connection is made, the existing connection is disrupted, or the Connect App is closed.
+
+## Recommended wired configurations for connecting to Surface Hub 2S
+
+In general, it’s recommended to use native cable connections whenever possible such as USB-C to USB-C or HDMI to HDMI. Other combinations such as MiniDP to HDMI or MiniDP to USB-C will also work.
+
+|**Mode**|**Connection**|**Functionality**|**Comments**|
+|:---- |:---------- |:------------ |:-------- |
+| Wired “Connect” Application | USB-C (via compute module) | Video, audio, TouchBack/InkBack into Surface Hub 2S.| Provides video, audio, and TouchBack/InkBack on a single cable. |
+| | HDMI + USB-C | HDMI-in for Audio/Video USB-C for TouchBack/InkBack | USB-C supports TouchBack/InkBack with the HDMI A/V connection
Use USB-C to USB-A to connect to legacy computers
*NOTE: For best results, connect HDMI before connecting USB-C cable. If the computer you are using for HDMI is not compatible with TouchBack and InkBack, you won't need a USB-C cable.* |
+| “Source” selection experience (bypasses the OS, full screen requires source selection with keypad button) | USB-C (port in compute module) | Video, Audio into Surface Hub 2S | Single cable needed for A/V Touchback/InkBack not supported HDCP enabled |
+| | HDMI (in port) | Video, Audio into Surface Hub 2S | Single cable needed for A/V TouchBack/InkBack not supported HDCP enabled |
+
+When you connect a guest computer to Surface Hub 2S via the wired connect USB-C port, several USB devices are discovered and configured. These peripheral devices are created for TouchBack and InkBack. As shown in the table below, the peripheral devices can be viewed in Device Manager, which will show duplicate names for some devices.
+
+|**Peripheral**|**Listing in Device Manager**|
+|:---------- |:------------------------- |
+| Human interface devices | HID-compliant consumer control device HID-compliant pen HID-compliant pen (duplicate item) HID-compliant pen (duplicate item) HID-compliant touch screen USB Input Device USB Input Device (duplicate item) |
+| Keyboards | Standard PS/2 keyboard |
+| Mice and other pointing devices | HID-compliant mouse |
+| USB controllers | Generic USB hub USB composite device |
+
+### Connecting video-in to Surface Hub 2S
+
+Your choice of video cable will be determined by what is available from your source input. Surface Hub 2S has two choices of video input: USB-C and HDMI. See the following chart for available resolutions.
+
+|**Signal Type**|**Resolution**|**Frame rate**|**HDMI**|**USB-C**|
+|:----------- |:----------- |:---------- |:---- |:----- |
+| PC | 640 x 480 | 59.94/60 | X | X |
+| PC | 720 x 480 | 59.94/60 | X | X |
+| PC | 1024 x 768 | 60 | X | X |
+| PC | 1920 x 1080 | 60 | X | X |
+| PC | 3840x2560 | 60 | X | X |
+| HDTV | 720p | 59.94/60 | X | X |
+| HDTV | 1080p | 59.94/60 | X | X |
+| UHD | 3840x2560 | 60 | X | X |
+
+## Mirroring Surface Hub 2S display on another device
+
+Surface Hub 2S includes a Video Out port for mirroring visual content from Surface Hub 2S to another display.
+
+|**MODE**|**Connection**|**Functionality**|**Comments**|
+|:---- |:---------- |:------------- |:-------- |
+| Display out | MiniDP output port | Display and audio out (support for duplicate mode only) | Requires external keyboard Win+P and select Duplicate mode Supports audio out (configurable via settings) |
+
+### Selecting cables
+
+DisplayPort cables are certified for to 3 meters in length. If a long cable is necessary, HDMI is recommended due to the wide availability of cost-effective, long-haul cables with the added benefit of installing repeaters if needed.
+
+> [!NOTE]
+> Most DisplayPort sources will automatically switch to HDMI signaling if HDMI is detected.
+
+## Wirelessly connect to Surface Hub 2S
+
+Windows 10 natively supports Miracast, which lets you wireless connect to Surface Hub 2S.
+
+### To connect using Miracast
+
+1. On your Windows 10 device, enter **Win** + **K**.
+2. In the Connect window, look for the name of your Surface Hub 2S in the list of nearby devices. You can find the name of your Surface Hub 2S in the bottom left corner of the display.
+3. If required, your system administrator may have enabled the PIN setting for Miracast connections on your Surface Hub which means that the first time you connect to that Surface Hub, a PIN number is displayed on the screen.
+
+> [!NOTE]
+> If you’re a local administrator on Surface Hub 2S, you can configure PIN requirements via **Surface app > Settings.**
+
+## Connecting peripherals to Surface Hub 2S
+
+## Bluetooth accessories
+
+You can connect the following accessories to Surface Hub-2S using Bluetooth:
+
+- Mice
+- Keyboards
+- Headsets
+- Speakers
+
+> [!NOTE]
+> After you connect a Bluetooth headset or speaker, you might need to change the default microphone and speaker settings. For more information, see [Local management for Surface Hub settings](local-management-surface-hub-settings.md).
diff --git a/devices/surface-hub/surface-hub-2s-custom-install.md b/devices/surface-hub/surface-hub-2s-custom-install.md
new file mode 100644
index 0000000000..f42757dc00
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-custom-install.md
@@ -0,0 +1,86 @@
+---
+title: "Customize wall mount of Surface Hub 2S"
+description: "Learn how to perform a custom install of Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Customize wall mount of Surface Hub 2S
+
+If you’re not using certified mounting solutions, you can mount Surface Hub 2S using readily available retail hardware.
+
+## Set wall mount measurements
+
+Surface Hub 2S recommended mounting measurements:
+
+|**Item**|**Description**|**Notes**|
+|:------ |:------------- |:------- |
+|**Height from bottom of Surface Hub 2S**| 1026.5 mm (40.41”) | Recommended |
+|**Height from top of Surface Hub 2S**| 1767.2 mm (69.57”) | Recommended |
+|**Height from center of mount**| 1397 mm (55”) | Recommended |
+
+1. Measure 1026.5 mm (40.41”) from the floor level to set the recommended minimum height.
+2. Measure 1767.2 mm (69.57”) from the floor level to set the recommended top height.
+
+
+
+3. Measure 1397 mm (55”) mm from the floor level to set the recommended center height.
+
+
+
+## Obstruction free mounting
+
+In addition to the visible ports on the sides of the device, certain integrated components must remain free of obstruction in order to function correctly. These include the Bluetooth, Wi-Fi, occupancy, and mic sensors as well thermal cooling vents.
+ Keep out zones
+
+|**Item**|**Description**|**Notes**|
+|:---- |:----------- |:----- |
+|**Access**| Ensure unimpeded access to input/output ports, the compute cartridge, Bluetooth radio, Bluetooth sensor, Wi-Fi radio, Wi-Fi sensor, occupancy sensor. | See Figure 1. |
+|**Air flow**| Avoid blocking inlet and outlet air vent zones. | See Figure 2 |
+|**Audio**| Avoid blocking audio exit zone on rear of Surface Hub 2S. | See Figure 2. |
+
+
+***Figure 1. Keep out zones for Surface Hub 2S components***
+
+
+***Figure 2. Avoid blocking thermal inlet/outlet and audio exit zones. ***
+
+The removable compute cartridge containing the I/O ports must remain free of any obstructions or impediments of any kind.
+
+
+***Figure 3.View of compute cartridge on the underside of Surface Hub 2s.***
+
+
+***Figure 4. Unimpeded removal of compute cartridge***
+
+## Selecting a mounting system
+
+Surface Hub 2S uses a 350 mm x 350 mm mounting framework that meets most — but not all — of the criteria listed in the VESA Flat Display Mounting Interface Standard. You can install Surface Hub 2S using any of various off-the-shelf display brackets designed to accommodate displays that diverge from exact VESA specifications, as shown below.
+
+On the back of Surface Hub 2S, you’ll find a square pattern of four M6 x 1.0 threaded holes centered on the circular bump (565 mm in diameter). Attach your mount using four M6 x 1.0–12 mm-long metric bolts. Or, depending on preference, you can use longer bolts up to a maximum of 20 mm.
+Important considerations for mounting systems
+
+|**Item**|**Description**|**Notes**|
+|:------ |:------------- |:------- |
+|**Strength**| Only choose mounts that can safely support devices of at least 28 kg (62 lbs.). | Required |
+|**Stiffness**| Avoid flexible display mounts that can diminish the interactive pen and touch use experience. Most TV mounts are not designed to support touch displays. | Recommended |
+|**Depth**| Keep the device mounted tightly to the wall especially in corridors and along circulation paths within rooms.| Recommended |
+|**Versatility**| Ensure your mounting solution remains hidden from view in both the existing landscape mode and any potential portrait mode (subject to future availability). | Recommended |
+
+
+***Figure 5. Surface Hub 2S mounting configuration***
+
+## Mounting methods compatible with Surface Hub 2S
+
+Surface Hub 2S is compatible with mounts that allow you to place it at angles of 10-70 degrees from the vertical plane. Rail mounts typically have multiple holes and a set of slots, enabling compatibility across a wide range of displays. A rail attached to the wall and two mounts attached to the display enable you to securely install Surface Hub 2S to a wall. When evaluating rail mounts for compatibility, ensure they meet versatility requirements listed earlier.
+
+
+***Figure 6. Surface Hub 2S rail mounts***
diff --git a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md
new file mode 100644
index 0000000000..9aa6e13da6
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md
@@ -0,0 +1,58 @@
+---
+title: "Deploy apps to Surface Hub 2S using Intune"
+description: "Learn how you can deploy apps to Surface Hub 2S using Intune."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Deploy apps to Surface Hub 2S using Intune
+
+You can install additional apps to fit your team or organization's needs.
+
+## Developer guidelines
+
+- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub.
+- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family.
+- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from [Microsoft Store for Business](https://businessstore.microsoft.com/store).
+- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
+- When developing and submitting apps to the Microsoft Store, set Device family availability and Organizational licensing options to ensure that apps are available to run on Surface Hub.
+- You need admin credentials to install apps on Surface Hub. Designed for use in meeting rooms and other shared spaces, Surface Hub prevents regular users from accessing the Microsoft Store to download and install apps.
+
+## Deployment guidelines
+
+You can deploy Universal Windows Platform (UWP) apps to Surface Hub 2S using Intune, easing app deployment to devices.
+
+1. To deploy apps, enable MDM for your organization. In the Intune portal, select **Intune** as your MDM Authority (recommended).
+
+ 
+
+2. Enable the Microsoft Store for Business in Intune. Open Intune, select **Client apps** > **Microsoft Store for Business.**
+
+ 
+
+3. In Intune open **Microsoft Store for Business** and select **Settings** > **Distribute** > **Management tools**. Choose **Microsoft Intune** as your management tool.
+
+ 
+
+4. In Microsoft Store for Business, select **Settings** > **Shop** > **Shopping Experience**, and then select **Show offline apps**. Offline apps refer to apps that can be synced to Intune and centrally deployed to a device.
+5. After enabling Offline shopping, you can acquire offline licenses for apps that you can sync to Intune and deploy as Device licensing.
+6. In **Intune** > **Client apps** > **Microsoft Store for Business**, select **Sync**.
+7. In the Client apps page, search for the app in the apps list. Assign the apps to the desired device group or groups. Select **Assignments** > **Add group**.
+
+
+
+8. Under assignment type, choose **Required**.
+
+
+
+9. For the selected groups, choose **Device licensing** and then select **OK** and save the assignment.
+
+
diff --git a/devices/surface-hub/surface-hub-2s-deploy-checklist.md b/devices/surface-hub/surface-hub-2s-deploy-checklist.md
new file mode 100644
index 0000000000..311323fc8f
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-deploy-checklist.md
@@ -0,0 +1,65 @@
+---
+title: "Surface Hub 2S deployment checklists"
+description: "Verify your deployment of Surface Hub 2S using pre- and post-deployment checklists."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Surface Hub 2S deployment checklists
+
+## Surface Hub 2S pre-deployment checklist
+
+|**Item**|**Response**|
+|:------ |:------ |
+|**Device account name**| |
+|**Device account UPN**| |
+|**ActiveSync Policy**| |
+|**Calendar processing configuration completed**| ☐ Yes ☐ No |
+|**Device-friendly name**| |
+|**Device host name**| |
+|**Affiliation**| ☐ None ☐ Active Directory affiliation ☐ Azure Active Directory |
+|**Microsoft Teams Mode**| ☐ Mode 0 ☐ Mode 1 ☐ Mode 2 |
+|**Device Management**| ☐ Yes, Microsoft Intune ☐ Yes, other mobile device manager [MDM] ☐ None |
+|**Proxy**| ☐ Automatic configuration ☐ Proxy server ☐ Proxy auto-config (PAC) file |
+|**Proxy authentication**| ☐ Device account credentials ☐ Prompt for credentials |
+|**Password rotation**| ☐ On ☐ Off |
+|**Skype for Business additional domain names (on-premises only)**| |
+|**Session timeout time**| |
+|**Session timeout action**| ☐ End session ☐ Allow resume |
+|**My meetings and files**| ☐ Enabled ☐ Disabled |
+|**Lock screen timeout**| |
+|**Sleep idle timeout**| |
+|**Bluetooth**| ☐ On ☐ Off |
+|**Use only BitLocker USB drives**| ☐ On ☐ Off |
+|**Install additional certificates (on-premises only)**| |
+|**Windows update**| ☐ Windows Update for Business ☐ Windows Server Update Services [WSUS] |
+|**Surface app speaker setting**| ☐ Rolling stand ☐ Wall-mounted |
+|**IP Address**| ☐ Wired — DHCP ☐ Wired — DHCP reservation ☐ Wireless — DHCP ☐ Wireless — DHCP reservation |
+
+## Surface Hub 2S post-deployment checklist
+
+|**Check**|**Response**|
+|:------|:---------|
+|**Device account syncing**| ☐ Yes ☐ No |
+|**Bitlocker key**| ☐ Saved to file (no affiliation) ☐ Saved in Active Directory (AD affiliation) ☐ Saved in Azure AD (Azure AD affiliation) |
+|**Device OS updates**| ☐ Completed |
+|**Windows Store updates**| ☐ Automatic ☐ Manual |
+|**Microsoft Teams scheduled meeting**| ☐ Confirmation email received ☐ Meeting appears on start screen ☐ One-touch join functions ☐ Able to join audio ☐ Able to join video ☐ Able to share screen ||
+|**Skype for Business scheduled meeting**| ☐ Confirmation email received ☐ Meeting appears on start screen ☐ One-touch join functions correctly ☐ Able to join audio ☐ Able to join video ☐ Able to share screen ☐ Able to send/receive IM |
+|**Scheduled meeting when already invited**| ☐ Meeting declined |
+|**Microsoft Teams ad-hoc meeting**| ☐ Invite other users work ☐ Able to join audio ☐ Able to join video ☐ Able to share screen |
+|**Skype for Business scheduled meeting**| ☐ Invite other users work ☐ Able to join audio ☐ Able to join video ☐ Able to share screen ☐ Able to send/receive IM |
+|**Microsoft Whiteboard**| ☐ Launch from Welcome / Start screen ☐ Launch from Microsoft Teams |
+|**Incoming Skype/Teams call**| ☐ Able to join audio ☐ Able to join video ☐ Able to share screen ☐ Able to send/receive IM (Skype for Business only) |
+|**Incoming live video streams**| ☐ Maximum 2 (Skype for Business) ☐ Maximum 4 (Microsoft Teams) |
+|**Microsoft Teams Mode 0 behavior**| ☐ Skype for Business tile on Welcome/Start screen ☐ Can join scheduled Skype for Business meetings (Skype UI) ☐ Can join scheduled Teams meetings (Teams UI) |
+|**Microsoft Teams Mode 1 behavior**| ☐ Teams tile on Welcome/Start screen ☐ Can join scheduled Skype for Business meetings (Skype UI) ☐ Can join scheduled Teams meetings (Teams UI) |
+|**Microsoft Teams Mode 2 behavior**| ☐ Teams tile on Welcome / Start screen ☐ Can join scheduled Teams meetings ☐ Fail to join Skype for Business meetings |
diff --git a/devices/surface-hub/surface-hub-2s-deploy.md b/devices/surface-hub/surface-hub-2s-deploy.md
new file mode 100644
index 0000000000..34bea793f6
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-deploy.md
@@ -0,0 +1,66 @@
+---
+title: "Create provisioning packages for Surface Hub 2S"
+description: "This page describes how to deploy Surface Hub 2S using provisioning packages and other tools."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Create provisioning packages for Surface Hub 2S
+
+You can use Windows Configuration Designer (WCD) to create provisioning packages to automate the deployment process of Surface Hub 2S. Use provisioning packages to add certificates, configure proxies, set up device administrators and device accounts. You can also use provisioning packages along with a configuration file to deploy multiple Surface Hubs with a single USB thumb drive.
+
+### Install Windows Configuration Designer
+
+Install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK) for Windows 10. Download and install the [ADK for Windows 10, version 1703](https://go.microsoft.com/fwlink/p/?LinkId=845542). For more information, see [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install).
+
+### Add certificates
+
+You can import Certificate Authority certificates to Surface Hub 2S.
+To add certificates to Surface Hub 2S, you need a copy of each certificate as X.509 in .cer format. You cannot import .crt, .pfx or other container formats. Certificates must be imported into Windows Configuration Designer and arranged by hierarchy:
+
+ 
+
+### Configure proxy during OOBE
+
+In Windows Configuration Designer, go to the Configure proxy settings tab and enter the appropriate settings as shown below.
+
+ 
+
+> [!NOTE]
+> When configuring proxy settings, turn off **Automatically detect settings** if you intend to use a setup script or a proxy server. You can use a setup script *or* a proxy server, not both.
+
+### Affiliate Surface Hub 2S with Azure Active Directory
+
+You can affiliate Surface Hub 2S with Azure Active Directory using a provisioning package:
+As an Azure Active Directory Global Administrator, you can join large numbers of new Windows devices to Azure Active Directory and Intune using a bulk token.
+
+To create a bulk token, give it a friendly name, configure the expiration date (maximum of 30 days) and use your Admin credentials to acquire the token as shown below:
+
+ 
+ 
+ 
+
+### Provisioning multiple devices (.csv file)
+
+In addition to the provisioning package, you can use a Surface Hub configuration file to make it even easier to set up your devices. A Surface Hub configuration file contains a list of device accounts and friendly names for wireless projection. During first run, you get an option to choose a device account and friendly name from a configuration file.
+
+### To create a Surface Hub configuration file
+
+1. Using Microsoft Excel or another CSV editor, create a CSV file named: **SurfaceHubConfiguration.csv**
+2. Enter a list of device accounts and friendly names in this format:
+
+```
+,,
+```
+
+3. Save the file to the root of the USB thumb drive where you copied the PPKG file.
+
+ 
diff --git a/devices/surface-hub/surface-hub-2s-install-mount.md b/devices/surface-hub/surface-hub-2s-install-mount.md
new file mode 100644
index 0000000000..cd82888480
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-install-mount.md
@@ -0,0 +1,37 @@
+---
+title: "Install and mount Surface Hub 2S"
+description: "Learn how to install and mount Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Install and mount Surface Hub 2S
+
+Surface Hub 2S is designed for ease of mobility with a form factor that enables you to quickly install and begin using the device. Microsoft has partnered with Steelcase on the following certified mounting solutions: Roam Mobile Stand and Roam Wall Mount. Both fully integrate with the design of Surface Hub 2S, enabling unimpeded access to the compute cartridge, power, USB-A, USB-C, and other ports.
+
+You can mount Surface Hub 2S with the certified wall mount or the certified mobile stand, both developed in partnership with Steelcase. Both fully integrate with the design of Surface Hub 2S, enabling unimpeded access to the compute cartridge along with all I/O ports and power.
+
+For more information, see [Officially licensed third-party accessories](http://licensedhardware.azurewebsites.net/surface) and view installation demos from the Surface product team at [Steelcase mobile stand and APC battery set up](https://youtu.be/VTzdu4Skpkg).
+
+ 
+
+If you’re not using licensed accessories, see [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md).
+
+| 1. **Set up your mount first** | |
+|:------ |:-------- |
+| Leave your Surface Hub in the box until the mount is set up and mounting hardware is applied. Mount is not included. Your mount is sold separately. |  |
+| 2. **Attach hardware to the Surface Hub** | |
+| Mounting hardware and specific instructions are found in the box for your mount. |  |
+| 3. **Remove the instructional label before mounting.** | |
+| Get someone to help you lift and mount your Surface Hub. Make sure to hold and lift the Surface Hub from the bottom. |  |
+| 4. **Attach accessories and power on** | |
+| Install accessories and attach power cable as shown. See guides on the screen cling. Remove cling wrap from the screen. Press the power button to power on. |  |
+
diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md
new file mode 100644
index 0000000000..4b781ad9c3
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-manage-intune.md
@@ -0,0 +1,74 @@
+---
+title: "Manage Surface Hub 2S with Intune"
+description: "Learn how to update and manage Surface Hub 2S using Intune."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Manage Surface Hub 2S with Intune
+
+## Register Surface Hub 2S with Intune
+
+Surface Hub 2S allows IT administrators to manage settings and policies using a mobile device management (MDM) provider. Surface Hub 2S has a built-in management component to communicate with the management server, so there is no need to install additional clients on the device.
+
+### Manual registration
+
+1. Sign in as a local administrator on Surface Hub 2S and open the **Settings** app. Select **Surface Hub** > **Device management** and then select **+** to add.
+2. After authenticating, the device will automatically register with Intune.
+
+ 
+
+### Auto registration — Azure Active Directory Affiliated
+
+When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune.
+
+## Windows 10 Team Edition settings
+
+Select Windows 10 Team for preset device restriction settings for Surface Hub and Surface Hub 2S.
+
+ 
+
+These settings include user experience and app behavior, Azure Log Analytics registration, Maintenance windows configuration, Session settings, and Miracast settings. For a complete list of available Windows 10 Team settings, see [SurfaceHub CSP](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp).
+
+## Additional supported configuration service providers (CSPs)
+
+For additional supported CSPs, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsupport).
+
+## Quality of Service (QoS) settings
+
+To ensure optimal video and audio quality on Surface Hub 2S, add the following QoS settings to the device. The settings are identical for Skype for Business and Teams.
+
+|**Name**|**Description**|**OMA-URI**|**Type**|**Value**|
+|:------ |:------------- |:--------- |:------ |:------- |
+|**Audio Ports**| Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | String | 50000–50019 |
+|**Audio DSCP**| Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Integer | 46 |
+|**Video Ports**| Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | String | 50020–50039 |
+|**Video DSCP**| Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Integer | 34 |
+
+> [!NOTE]
+> These are the default port ranges. Administrators may change the port ranges in the Skype for Business and Teams control panel.
+
+## Microsoft Teams Mode settings
+
+You can set the Microsoft Teams app mode using Intune. Surface Hub 2S comes installed with Microsoft Teams in mode 0, which supports both Microsoft Teams and Skype for Business. You can adjust the modes as shown below.
+
+### Modes:
+
+- Mode 0 — Skype for Business with Microsoft Teams functionality for scheduled meetings.
+- Mode 1 — Microsoft Teams with Skype for Business functionality for scheduled meetings.
+- Mode 2 — Microsoft Teams only.
+
+To set modes, add the following settings to a custom Device Configuration Profile.
+
+|**Name**|**Description**|**OMA-URI**|**Type**|**Value**|
+|:------ |:------------- |:--------- |:------ |:------- |
+|**Teams App ID**| App name | ./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId | String | Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams |
+|**Teams App Mode**| Teams mode | ./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode | Integer | 0 or 1 or 2 |
diff --git a/devices/surface-hub/surface-hub-2s-manage-passwords.md b/devices/surface-hub/surface-hub-2s-manage-passwords.md
new file mode 100644
index 0000000000..a3bbfababd
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-manage-passwords.md
@@ -0,0 +1,21 @@
+---
+title: "Manage device account password rotation"
+description: "Learn how to configure Surface Hub 2S on-premises accounts with PowerShell"
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+# Manage device account password rotation
+
+You can configure Surface Hub 2S to automatically change a device account password without requiring you to manually update the device account information.
+
+If you turn on Password Rotation, Surface Hub 2S changes the password every 7 days. The automatically generated passwords contain 15-32 characters including a combination of uppercase and lowercase letters, numbers, and special characters.
+
+Passwords do not change during a meeting. If Surface Hub 2S is turned off, it attempts to change the password immediately when turned on or every 10 minutes until successful.
diff --git a/devices/surface-hub/surface-hub-2s-onprem-powershell.md b/devices/surface-hub/surface-hub-2s-onprem-powershell.md
new file mode 100644
index 0000000000..7a0d250e73
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-onprem-powershell.md
@@ -0,0 +1,72 @@
+---
+title: "Configure Surface Hub 2S on-premises accounts with PowerShell"
+description: "Learn how to configure Surface Hub 2S on-premises accounts with PowerShell"
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Configure Surface Hub 2S on-premises accounts with PowerShell
+
+## Connect to Exchange Server PowerShell
+
+> [!IMPORTANT]
+> You'll need the Fully Qualified Domain Name (FQDN) for the Client Access service of the on-premises Exchange server for some of these cmdlets.
+
+```PowerShell
+$ExchServer = Read-Host "Please Enter the FQDN of your Exchange Server"
+$ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchServer/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
+Import-PSSession $ExchSession
+```
+
+```PowerShell
+$ExchServer = Read-Host "Please Enter the FQDN of your Exchange Server"
+$ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchServer/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
+Import-PSSession $ExchSession
+```
+
+## Create the device account
+
+```PowerShell
+New-Mailbox -UserPrincipalName Hub01@contoso.com -Alias Hub01 -Name "Hub 01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+```
+
+## Set automatic calendar processing
+
+```PowerShell
+Set-CalendarProcessing -Identity "HUB01@contoso.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
+```
+
+## Enable the Skype for Business object
+
+> [!NOTE]
+> It is important that you know the FQDN of the Skype for Business Registrar Pool.
+
+```PowerShell
+Enable-CsMeetingRoom -Identity Contoso\HUB01 -SipAddressType emailaddress -RegistrarPool SfbIEFE01.contoso.local
+```
+
+## Mobile Device Mailbox Policy
+
+You may need to create a Mobile Device Mailbox Policy (also known as ActiveSync Policy) to allow your Surface Hub to connect to your online or on-premises environment.
+
+## Create a Surface Hub mobile device mailbox policy
+
+```PowerShell
+New-MobileDeviceMailboxPolicy -Name “Surface Hubs” -PasswordEnabled $false
+```
+
+## Additional settings
+
+It is recommended to add a MailTip to Surface Hub rooms so users remember to make the meeting a Skype for Business or Teams meeting:
+
+```PowerShell
+Set-Mailbox "Surface Hub 2S" -MailTip "This is a Surface Hub room. Please make sure this is a Microsoft Teams meeting."
+```
diff --git a/devices/surface-hub/surface-hub-2s-onscreen-display.md b/devices/surface-hub/surface-hub-2s-onscreen-display.md
new file mode 100644
index 0000000000..d81ad4a0d1
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-onscreen-display.md
@@ -0,0 +1,38 @@
+---
+title: "Adjust Surface Hub 2S brightness, volume, and input"
+description: "Learn how to use the onscreen display to adjust brightness and other settings in Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 07/09/2019
+ms.localizationpriority: Normal
+---
+# Adjust Surface Hub 2S brightness, volume, and input
+Surface Hub 2S provides an on-screen display for volume, brightness, and input control. The Source button functions as a toggle key to switch between the volume, brightness, and input control menus.
+
+**To show the on-screen display:**
+
+- Press and hold the **Source** button for 4 seconds.
+
+ 
+
+ When the on-screen display is visible, use one or more buttons to reach desired settings.
+
+**To adjust volume:**
+
+- Use the **Volume up/down** button to increase or decrease volume.
+
+**To adjust brightness:**
+
+1. Press the **Source** button again to switch to the brightness menu.
+2. Use the **Volume up/down** button to increase or decrease brightness.
+
+**To adjust input:**
+
+1. Press the **Source** button twice to switch to the Source menu.
+2. Use the **Volume up/down** button to switch between PC, HDMI, and USB-C inputs.
diff --git a/devices/surface-hub/surface-hub-2s-pack-components.md b/devices/surface-hub/surface-hub-2s-pack-components.md
new file mode 100644
index 0000000000..1ae13b7b75
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-pack-components.md
@@ -0,0 +1,85 @@
+---
+title: "How to pack and ship your Surface Hub 2S for service"
+description: "Instructions for packing Surface Hub 2S components, replacing the Compute cartridge, and replacing the camera"
+keywords: pack, replace components, camera, compute cartridge
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 07/1/2019
+ms.localizationpriority: Normal
+---
+
+# How to pack and ship your Surface Hub 2S for service
+
+If you replace your Surface Hub 2S, one of its components, or a related accessory, use the instructions in this article when you pack the device for shipment.
+
+>[!IMPORTANT]
+>When packing your device for shipment, make sure that you use the packaging in which your replacement device arrived.
+
+## How to pack your Surface Hub 2S 50”
+
+Use the following steps to pack your Surface Hub 2S 50" for shipment.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## How to replace and pack your Surface Hub 2S Compute Cartridge
+
+Use the following steps to remove the Surface Hub 2S Compute Cartridge, pack it for shipment, and install the new Compute Cartridge.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## How to replace your Surface Hub 2S Camera
+
+Use the following steps to remove the Surface Hub 2S camera and install the new camera.
+
+
+
+
diff --git a/devices/surface-hub/surface-hub-2s-phone-authenticate.md b/devices/surface-hub/surface-hub-2s-phone-authenticate.md
new file mode 100644
index 0000000000..1b6f56eda7
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-phone-authenticate.md
@@ -0,0 +1,43 @@
+---
+title: "Configure password-less phone sign-in for Surface Hub 2S"
+description: "Learn how to simplify signing in to Surface Hub 2S using password-less phone sign-in on your mobile device."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Configure password-less phone sign-in for Surface Hub 2S
+
+Password-less phone sign-in simplifies signing-in to your meetings and files on Surface Hub 2S.
+
+> [!NOTE]
+> Password-less phone sign-in requires that your primary email address must match your UPN.
+
+## To set up password-less phone sign-in
+
+1. Download the [Microsoft Authenticator](https://www.microsoft.com/en-us/account/authenticator) app for iPhone or Android to your phone.
+2. From your PC, go to [https://aka.ms/MFASetup](https://aka.ms/MFASetup) , sign in with your account, and select **Next.**
+3. In the Additional security verification screen, select Mobile App and Use verification code, and then select **Setup**.
+
+## To configure mobile app
+
+1. In the Microsoft authenticator app on your phone, add an account, choose **Work or School Account**, and then scan the QR code displayed on your PC
+2. Send a notification to your phone and then approve the sign-in request.
+3. In the Authenticator app on your phone, use the drop-down menu next to your account and select **Enable phone sign-in**.
+4. If required, register your device with your organization and follow the on-screen instructions.
+
+## To sign in to Surface Hub
+
+1. On Surface Hub, sign into **My meetings and files** and select **Send notification** when prompted.
+2. Match the number displayed on your phone with the number displayed on Surface Hub to approve your sign-in request.
+3. If prompted, enter the PIN or biometric ID on your phone to complete sign-in.
+
+## Learn more
+For more information, see [Password-less phone sign-in with the Microsoft Authenticator app](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-phone-sign-in).
diff --git a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md
new file mode 100644
index 0000000000..f7e59545a2
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md
@@ -0,0 +1,44 @@
+---
+title: "Surface Hub 2S ports and keypad overview"
+description: "This page describes the ports, physical buttons, and configuration information essential for connecting to Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Surface Hub 2S ports and keypad overview
+
+This page describes the ports, physical buttons, and configuration information essential for connecting to Surface Hub 2S whether via wired, Wi-Fi, or Bluetooth methods. It also includes best practice recommendations for key connectivity scenarios.
+
+> [!NOTE]
+> You can find the serial number on the outside of the packaging, on the display by the power cord, or by using the Surface app.
+
+The figure below shows the location of ports and physical buttons on a keypad attached to the underside of the device. The table includes detailed descriptions of each element.
+
+ 
+
+## Port and keypad component reference
+
+|**Key**|**Component**|**Description**|**Key parameters**|
+|:--- |:--------- |:----------- |:-------------- |
+| 1 | **USB C** | **USB 3.1 Gen 1** Use as a walk-up port for plugging in peripherals such as thumb-drives. Guest ports are on each side of the device (4).
*NOTE: This is the recommended port for connecting an external camera. Additional camera mount features are incorporated into the design to help support retention of attached cameras.*
NOTE: TouchBack and video ingest are not supported on these ports. | Type C
15 W Port (5V/3A) |
+| 2 | **AC power** | **100-240 V input** Connect to standard AC power and Surface Hub 2S will auto switch to the local power standard such as110 volts in the US and Canada or 220 volts in the UK. | IEC 60320 C14 |
+| 3 | **DC power** | **24V DC input port** Use for connecting to mobile battery. | Xbox1 Dual barrel to Anderson connector |
+| 4 | **Ethernet** | **1000/100/10 Base-T** Use for providing a continuous connection in a corporate environment and related scenarios requiring maximum stability or capacity. | RJ45 |
+| 5 | **USB-A** | **USB 3.1 Gen 1** Use as a walk-up port for plugging in peripherals such as thumb-drives. | Type A 7.5 W Port (5V/1.5A) |
+| 6 | **USB-C** | **USB 3.1 Gen 1** Use as a walk-up port for connecting external PCs and related devices or plugging in peripherals such as thumb-drives.
*NOTE: This is the recommended input port for video, TouchBack, and InkBack.* | Type C 18 W Port (5V/3A, 9V/2A) |
+| 7 | **HDMI-in** | **HDMI 2.0, HDCP 2.2 /1.4** Use for multiple scenarios including HDMI-to-HDMI guest input. | Standard HDMI |
+| 8 | **Mini DP-out** | **Mini DP 1.2 output** Use for video-out scenarios such as mirroring the Surface Hub 2S display to a larger projector.
*NOTE: This supports a maximum resolution of 3840 x 2160 (4K UHD) @60Hz.* | Mini DP |
+| 9 | **Source** | Use to toggle among connected ingest sources — external PC, HDMI, and Mini DP modes. | n/a |
+| 10 | **Volume** | Use +/- to adjust audio locally on the device.
*NOTE: When navigating to the brightness control, use +/- on the volume slider to control display brightness.* | n/a |
+| 11 | **Power** | Power device on/off. Use also to navigate display menus and select items. | n/a |
+
+ 
+
diff --git a/devices/surface-hub/surface-hub-2s-prepare-environment.md b/devices/surface-hub/surface-hub-2s-prepare-environment.md
new file mode 100644
index 0000000000..10b5238246
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-prepare-environment.md
@@ -0,0 +1,50 @@
+---
+title: "Prepare your environment for Surface Hub 2S"
+description: "Learn what you need to do to prepare your environment for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Prepare your environment for Surface Hub 2S
+
+## Office 365 readiness
+
+You may use Exchange and Skype for Business on-premises with Surface Hub 2S. However, if you use Exchange Online, Skype for Business Online, Microsoft Teams or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/office365/enterprise/office-365-endpoints).
+
+Office 365 endpoints help optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet level inspection or processing. This feature reduces latency and your perimeter capacity requirements.
+
+Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up-to-date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service).
+
+## Device affiliation
+
+Use Device affiliation to manage user access to the Settings app on Surface Hub 2S.
+With the Windows 10 Team Edition operating system — that runs on Surface Hub 2S — only authorized users can adjust settings via the Settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended.
+
+> [!NOTE]
+> You can only set Device affiliation during the initial out-of-box experience (OOBE) setup. If you need to reset Device affiliation, you’ll have to repeat OOBE setup.
+
+## No affiliation
+
+No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [Bitlocker Key to a USB thumb drive](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune, however only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app.
+
+## Active Directory Domain Services
+
+If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app via a security group on your domain, ensuring that all security group members have permissions to change settings on Surface Hub 2S. Note also the following:
+
+- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the Bitlocker key can be saved in the AD Schema. For more information, see [Prepare your organization for BitLocker: Planning and policies](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies).
+- Your organization’s Trusted Root CAs are pushed to the same container in Surface Hub 2S, which means you don’t need to import them using a provisioning package.
+- You can still enroll the device with Intune to centrally manage settings on your Surface Hub 2S.
+
+## Azure Active Directory
+
+When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
+
+If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work.
diff --git a/devices/surface-hub/surface-hub-2s-quick-start.md b/devices/surface-hub/surface-hub-2s-quick-start.md
new file mode 100644
index 0000000000..9ca02f89ce
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-quick-start.md
@@ -0,0 +1,46 @@
+---
+title: "Surface Hub 2S quick start"
+description: "View the quick start steps to begin using Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Surface Hub 2S quick start
+
+## Unpack Surface Hub 2S
+
+1. Use the handles on each side of the box to move it to the space where you'll set it up.
+2. Before opening, remove the clips (4) on the front and back, and then lift the top off the box using the handles.
+3. In the base of the Surface Hub 2S, open the accessories box containing the setup guide, Surface Hub 2 pen, Surface Hub 2 camera, and the power cable.
+4. On the back of the Surface Hub, there's an instructional label showing you where to attach the mounting hardware. Install them in place and remove the label.
+
+See this video for more information about [unboxing and set up](https://youtu.be/fCrxdNXvru4).
+
+## Install and adjust pen
+
+1. Attach Surface Hub 2 pen magnetically to your preferred side of the device.
+
+
+
+2. To adjust pen pressure, open the Surface app on Surface Hub 2S, select Pen, and adjust the slider.
+
+
+
+## Install camera
+
+Remove the lens cling from the camera and attach it to the USB-C port on the top of the Surface Hub 2S.
+
+## Start Surface Hub 2S
+
+1. Insert the power cable into the back of the device and plug it into a power outlet. Run the cable through any cable guides on your mounting solution and remove the screen clang.
+2. To begin, press the power button on the bottom right.
+
+
diff --git a/devices/surface-hub/surface-hub-2s-recover-reset.md b/devices/surface-hub/surface-hub-2s-recover-reset.md
new file mode 100644
index 0000000000..71dcfa24c1
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-recover-reset.md
@@ -0,0 +1,58 @@
+---
+title: "Reset and recovery for Surface Hub 2S"
+description: "Learn how to recover and reset Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Reset and recovery for Surface Hub 2S
+
+If you encounter problems with Surface Hub 2S, you can reset the device to factory settings or recover using a USB drive.
+
+To begin, sign into Surface Hub 2S with admin credentials, open the **Settings** app, select **Update & security**, and then select **Recovery**.
+
+## Reset device
+
+1. To reset, select **Get Started**.
+2. When the **Ready to reset this device** window appears, select **Reset**. Surface Hub 2S reinstalls the operating system from the recovery partition and may take up to one hour to complete.
+3. Run **the first time Setup program** to reconfigure the device.
+4. If you manage the device using Intune or other mobile device manager (MDM) solution, retire and delete the previous record and re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe).
+
+
+*Figure 1. Reset and recovery for Surface Hub 2S.*
+
+## Recover Surface Hub 2S using USB recovery drive
+
+New in Surface Hub 2S, you can now reinstall the device using a recovery image.
+
+### Recover from USB drive
+
+Surface Hub 2S lets you reinstall the device using a recovery image, which allows you to reinstall the device to factory settings if you lost the Bitlocker key or no longer have admin credentials to the Settings app.
+
+1. Begin with a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32.
+2. Download recovery image from the [Surface Recovery website](https://support.microsoft.com/en-us/surfacerecoveryimage?devicetype=surfacehub2s) onto the USB drive and connect it to any USB-C or USB A port on Surface Hub 2S.
+3. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins.
+
+
+
+4. In the language selection screen, select the display language for your Surface Hub 2S.
+5. Choose **Recover from a drive** and **Fully clean the drive** and then select **Recover**. If prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process.
+Remove the USB drive when the first time setup screen appears.
+
+## Recover a locked Surface Hub
+
+On rare occasions, Surface Hub 2S may encounter an error during cleanup of user and app data at the end of a session. If this occurs, the device will automatically reboot and resume data cleanup. But if this operation fails repeatedly, the device will be automatically locked to protect user data.
+
+**To unlock Surface Hub 2S:**
+Reset or recover the device from Windows Recovery Environment (Windows RE). For more information, see [What is Windows RE?](https://technet.microsoft.com/library/cc765966.aspx)
+
+> [!NOTE]
+> To enter recovery mode, you need to physically unplug and replug the power cord three times.
\ No newline at end of file
diff --git a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md
new file mode 100644
index 0000000000..49be99e66b
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md
@@ -0,0 +1,68 @@
+---
+title: "Secure and manage Surface Hub 2S with SEMM"
+description: "Learn more about securing Surface Hub 2S with SEMM."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Secure and manage Surface Hub 2S with SEMM and UEFI
+
+New in Surface Hub 2S, you can use SEMM to manage the UEFI setting of the device.
+Use the Microsoft Surface UEFI Configurator to control the following components:
+
+- Wired LAN
+- Cameras
+- Bluetooth
+- Wi-Fi
+- Occupancy sensor
+
+Use the Microsoft Surface UEFI Configurator to turn on or off the following UEFI settings:
+
+- Boot
+
+ - IPv6 for PXE Boot
+ - Alternate Boot
+ - Boot Order Lock
+ - USB Boot
+- UEFI Front Page
+
+ - Devices
+ - Boot
+ - Date/Time
+
+## Create UEFI configuration image
+
+Unlike other Surface devices, you cannot use an MSI file or a Win PE image to apply these settings on Surface Hub 2S. Instead, you need to create a USB image to load into the device. To create a Surface Hub 2S UEFI configuration image, download and install the latest version of the Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. For more information about using UEFI and SEMM, see [Microsoft Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode).
+
+## To configure UEFI on Surface Hub 2S
+
+1. Start the UEFI Configurator and on the first screen, choose **Configuration Package**.
+
+2. To add the certificate to your package, you must have a valid certificate with the private key in a .pfx file format to sign and protect the package. Select **+ Certificate Protection.**
+
+3. Enter the certificate’s private key’s password.
+
+4. After importing the private key, continue creating the package.
+
+5. Choose **Hub** and **Surface Hub 2S** as the target for the UEFI configuration package.
+
+6. Choose the components and settings you want to activate or deactivate on Surface Hub 2S.
+
+7. Use the USB option to export the file.
+
+8. Insert and choose the USB drive you’d like to use for this package. The USB drive will be formatted and you lose any information you have on it.
+
+9. Upon successful creation of the package, the Configurator will display the last two characters of your certificate’s thumbprint. You need these characters when you import to the configuration to Surface Hub 2S.
+
+
+## To boot into UEFI
+
+Turn off Surface Hub 2S. Press and hold the **Volume Up** button and press the **Power** Button. Keep holding the Volume Up button until the UEFI menu appears.
diff --git a/devices/surface-hub/surface-hub-2s-setup.md b/devices/surface-hub/surface-hub-2s-setup.md
new file mode 100644
index 0000000000..5e8872b4a8
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-setup.md
@@ -0,0 +1,101 @@
+---
+title: "First time Setup for Surface Hub 2S"
+description: "Learn how to complete first time Setup for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 07/03/2019
+ms.localizationpriority: Normal
+---
+
+# First time Setup for Surface Hub 2S
+
+When you first start Surface Hub 2S, the device automatically enters first time Setup mode to guide you through account configuration and related settings.
+
+## Configuring Surface Hub 2S account
+
+1. **Configure your locale.** Enter region, language, keyboard layout and time zone information. Select **Next**.
+
+ 
+1. **Connect to a wireless network.** Choose your preferred wireless network and select **Next.**
+
+- This option is not shown if connected using an Ethernet cable.
+- You cannot connect to a wireless network in hotspots (captive portals) that redirect sign-in requests to a provider’s website.
+
+3. **Enter device account info.** Use **domain\user** for on-premises and hybrid environments and **user@example.com** for online environments. Select **Next.**
+
+ 
+1. **Enter additional info.** If requested, provide your Exchange server address and then select **Next.**
+
+ 
+
+1. **Name this device.** Enter a name for your device or use the suggested one based on your account’s display name and user principle name [UPN]. **Select Next**.
+
+- The **Friendly name** is visible on the bottom left corner of Surface Hub 2S and is shown when projecting to the device.
+
+- The **Device name** identifies the device when affiliated with Active Directory or Azure Active Directory, and when enrolling the device with Intune.
+
+ 
+
+## Configuring device admin accounts
+
+You can only set up device admins during first time Setup. For more information, refer to [Surface Hub 2S device affiliation](https://docs.microsoft.com/surface-hub/surface-hub-2s-prepare-environment#device-affiliation).
+
+ In the **Setup admins for this device** window, select one of the following options: Active Directory Domain Services, Azure Active Directory, or Local admin.
+
+ 
+
+### Active Directory Domain Services
+
+1. Enter the credentials of a user who has permissions to join the device to Active Directory.
+
+ 
+
+2. Select the Active Directory Security Group containing members allowed to log on to the Settings app on Surface Hub 2S.
+
+ 
+1. Select **Finish**. The device will restart.
+
+### Azure Active Directory
+
+When choosing to affiliate your device with Azure Active Directory, the device will immediately restart and display the following page. Select **Next**.
+
+
+
+1. Enter the email address or UPN of an account **with Intune Plan 1** or greater and then select **Next.**
+
+ 
+
+2. If redirected, authenticate using your organization’s sign-in page and provide additional logon information if requested. The device will restart.
+
+## Local Administrator account
+
+- Enter a username and password for your local admin. The device will restart.
+
+ 
+
+## Using provisioning packages
+
+If you insert a USB thumb drive with a provisioning package into one of the USB ports when you start Surface Hub 2S, the device displays the following page.
+
+1. Enter the requested settings and select **Set up**.
+
+ 
+
+ 
+2. Choose the provisioning package you’d like to use.
+
+ 
+
+3. If you created a multiple devices CSV file, you will be able to choose a device configuration. For more information, refer to [Create provisioning packages for Surface Hub 2S](https://docs.microsoft.com/surface-hub/surface-hub-2s-deploy#provisioning-multiple-devices-csv-file).
+
+
+ 
+
+4. Follow the instructions to complete first time Setup.
+
diff --git a/devices/surface-hub/surface-hub-2s-site-planning.md b/devices/surface-hub/surface-hub-2s-site-planning.md
new file mode 100644
index 0000000000..09b2344a12
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-site-planning.md
@@ -0,0 +1,43 @@
+---
+title: "Surface Hub 2S site planning"
+description: "Learn more about rooms for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Surface Hub 2S site planning
+
+## Introduction
+
+Designed for team collaboration, Surface Hub 2S can transform the way you work — not only in the conference rooms but any place you want to work. One of the biggest advantages of Surface Hub 2S is the ability to move it from one space to another when used with the Steelcase Roam mobile stand and mobile battery. Providing unplugged, uninterrupted teamwork capabilities, Surface Hub 2S can be integrated into almost any workspace.
+
+## Room considerations
+
+Designed for interactive use in smaller conference rooms and huddle spaces, Surface Hub 2S provides a 4K camera, microphone array, crystal clear speakers, and a brilliant 4K+ resolution display. Optimizing the user experience in larger spaces with more people further away from the display may require peripherals such as an extra camera, microphone, or room systems solution such as Microsoft Teams Rooms.
+
+As a general guideline, install Surface Hub 2S in a space that meets the following criteria:
+
+- People can reach all four edges of the touchscreen.
+- The screen is not in direct sunlight, which could affect viewing or damage the screen.
+- Ventilation openings are not blocked.
+- Microphones are not affected by noise sources, such as fans or vents.
+- Space is well lit with no reflective sources.
+
+Whether mounted to a wall or installed on the mobile stand, the areas where you use the device should maintain:
+
+- Room temperatures no cooler than 10°C (50° F) and no hotter than 35°C (95° F).
+- Relative humidity no lower than 20 percent and no higher than 80 percent.
+
+For detailed room planning guidance and more information about Microsoft Teams Rooms see [Plan Microsoft Teams Rooms.](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0)
+
+## Managing Surface Hub 2S location
+
+If you plan to use Surface Hub 2S on a mobile stand, you may wish to explore third-party solutions that enable location services. For example, active RFID systems can provide real-time tracking throughout complex office or industrial spaces. For more information, see your A/V provider or other third-party expertise for guidance.
diff --git a/devices/surface-hub/surface-hub-2s-site-readiness-guide.md b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md
new file mode 100644
index 0000000000..db16db4225
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md
@@ -0,0 +1,25 @@
+---
+title: "Surface Hub 2S site readiness guide"
+description: "Get familiar with site readiness requirements and recommendations for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Surface Hub 2S site readiness guide
+
+|**Topic**|**Description**|
+|:-------|:-------|
+| [Site planning for Surface Hub 2S](surface-hub-2s-site-planning.md) | Review room considerations and planning for peripherals. |
+| [Surface Hub 2S quick start](surface-hub-2s-quick-start.md) | Get an overview of required steps to unpack and start Surface Hub 2S. |
+| [Install and mount Surface Hub 2S](surface-hub-2s-install-mount.md) | Learn about licensed accessories to install and mount Surface Hub 2S. |
+| [Customizing installation of Surface Hub 2S](surface-hub-2s-custom-install.md) | Learn how to custom install without licensed mounting accessories.|
+| [Surface Hub 2S ports and keypad overview](surface-hub-2s-port-keypad-overview.md) | Get details for I/O ports and keypad power and selection controls. |
+| [Connect to Surface Hub 2S](surface-hub-2s-connect.md) | Learn about wired and wireless methods to connect to Surface Hub.|
diff --git a/devices/surface-hub/surface-hub-2s-techspecs.md b/devices/surface-hub/surface-hub-2s-techspecs.md
new file mode 100644
index 0000000000..89a4871fbb
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-techspecs.md
@@ -0,0 +1,44 @@
+---
+title: "Surface Hub 2S tech specs"
+description: "View tech specs for Surface Hub 2S including pen, camera, and optional mobile battery specifications."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+manager: laurawi
+ms.author: robmazz
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Surface Hub 2S tech specs
+
+|**Item**|**Details**|
+|:------ |:--------- |
+|**Dimensions**| 29.2" x 43.2" x 3.0” (741 mm x 1097 mm x 76 mm) |
+|**Shipping dimensions**| 47.64" x 36.89" x 9.92" (1,210 mm x 937 mm x 252 mm)|
+|**Weight**| 61.6 lbs. (28 kg) |
+|**Shipping Weight**| 81.08 lbs. (36.77 kg) |
+|**Resolution**| 3840 x 2560 |
+|**Display**| PixelSense Display, 3:2 aspect ratio, 10-bit color, 15.5 mm border, anti-glare, IPS LCD |
+|**Processor**| Quad-core 8th Generation Intel Core i5 processor, 8 GB RAM, 128 GB SSD 1 |
+|**Graphics**| Intel UHD Graphics 620 |
+|**Wireless**| Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac compatible) Bluetooth Wireless 4.1 technology Miracast display |
+|**Connections**| USB-A Mini-DisplayPort 1.2 video output RJ45 gigabit Ethernet (1000/100/10 BaseT) HDMI video input (HDMI 2.0, HDCP 2.2 /1.4) USB-C with DisplayPort input Four USB-C (on display) |
+|**Sensors**| Doppler occupancy sensor Accelerometer Gyroscope |
+|**Audio/Video**| Full-range, front facing 3-way stereo speakers Full band 8-element MEMS microphone array Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree HFOV |
+|**Pen**| Microsoft Surface Hub 2 Pen (active) |
+|**Software**| Windows 10 Microsoft Teams for Surface Hub 2 Skype for Business Microsoft Whiteboard Microsoft Office (Mobile) Microsoft Power BI 2 |
+|**Exterior**| Casing: Precision machined aluminum with mineral-composite resin Color: Platinum Physical Buttons: Power, Volume, Source |
+|**What’s in the box**| One Surface Hub 2S One Surface Hub 2 Pen One Surface Hub 2 Camera 2.5 m AC Power Cable Quick Start Guide |
+|**Warranty**| 1-year limited hardware warranty |
+|**BTU**| 1518 BTU/hr |
+|**Input Voltage**| 50/60Hz 110/230v nominal, 90-265v max |
+|**Input power, operating**| 445 W (495 W Surge Load) |
+|**Input Current**| 5.46 A |
+|**Input Power, standby**| 5 W max |
+
+> [!NOTE]
+> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. 2 Software license required for some features. Sold separately.
diff --git a/devices/surface-hub/surface-hub-2s-unpack.md b/devices/surface-hub/surface-hub-2s-unpack.md
new file mode 100644
index 0000000000..f6955de609
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-unpack.md
@@ -0,0 +1,36 @@
+---
+title: "Unpack Surface Hub 2S"
+description: "This page includes information about safely unpacking Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# Unpack Surface Hub 2S
+
+## Unpacking the Surface Hub 2S
+
+Before you remove Surface Hub 2S from the box, make sure that you have your mounting solution assembled and someone available to help you.
+
+1. Use the handles on each side of the box to move it to the space where you'll set it up.
+2. Before opening, remove the clips (4) on the front and back, and then lift the top off the box using the handles.
+3. In the base of the Surface Hub 2S, open the accessories box containing the setup guide, Surface Hub 2 pen, Surface Hub 2 camera, and the power cable.
+4. On the back of the surface hub, there's an instructional label that shows you where to attach the mounting hardware. Install them in place and remove the label.
+5. If you're using a mobile stand remember to lock the wheels to keep the stand in place
+6. Be sure to lift the Surface Hub 2S with both hands and support the bottom of the device.
+7. Align the installed hardware with the slots on the mount so it rests firmly in place.
+8. Follow any further instructions that came with your mounting solution.
+
+## Install pen and camera
+
+1. Unwrap your Surface Hub 2 pen and attach it magnetically to your preferred side of the device.
+2. Remove the lens cling from the camera and attach it to the USB-C port on the top of the Surface Hub 2S.
+3. Insert the power cable into the back of the device and plug it into a power outlet. Run the cable through any cable guides on your mounting solution and remove the screen clang.
+4. To begin, press the power button on the bottom right.
diff --git a/devices/surface-hub/surface-hub-2s-whats-new.md b/devices/surface-hub/surface-hub-2s-whats-new.md
new file mode 100644
index 0000000000..b4c40fddde
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-whats-new.md
@@ -0,0 +1,65 @@
+---
+title: "What's new in Surface Hub 2S for IT admins"
+description: "Learn more about new features in Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Normal
+---
+
+# What's new in Surface Hub 2S for IT admins
+
+Surface Hub 2S is an all-in-one collaboration canvas that’s built for teamwork delivering a digital whiteboard, meetings platform, and a Windows 10 computing experience in one device.
+
+|**Capability**|**Summary**|**Learn more**|
+|:-------|:------|:----|
+|**Mobile Device Management and UEFI manageability**| Manage settings and policies using a mobile device management (MDM) provider.
Full integration with Surface Enterprise Management Mode (SEMM) lets you manage hardware components and firmware. | [Managing Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md)
[Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode) |
+|**Cloud and on-premises coexistence**| Supports on-premises, hybrid, or online. | [Prepare your environment for Microsoft Surface Hub 2S](surface-hub-2s-prepare-environment.md) |
+|**Reset and recovery**| Restore from the cloud or USB drive. | [Recover and reset Surface Hub 2S](surface-hub-2s-recover-reset.md) |
+|**Microsoft Whiteboard**| Ofice 365 integration, intelligent ink, and Bing search bring powerful new capabilities, enabling a persistent digital canvas shareable across most browsers, Windows and iOS devices. | [Announcing a new whiteboard for your Surface Hub](https://techcommunity.microsoft.com/t5/Office-365-Blog/Announcing-a-new-Whiteboard-for-your-Surface-Hub/ba-p/637050) |
+|**Microsoft Teams Meeting Room License**| Extends Office 365 licensing options across Skype for Business, Microsoft Teams, and Intune. | [Teams Meeting Room Licensing Update](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0) |
+|**On-screen display**| Adjust volume, brightness, and input control directly on the display. | |
+|**Sensor-activated Connected Standby**| Doppler sensor activates Connected Standby after 1 minute of inactivity.
Manage this setting remotely using Intune or directly on the device from the Settings app. | [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) |
+|**Surface Hub pen**| Ergonomically redesigned and easily attachable on the sides of the device. | |
+|**Surface app for Surface Hub 2S**| Change audio settings and view your device's information from the Surface app | |
+|**Ready for tomorrow**| Removable cartridge facilitates upgrading to new features. | |
+
+For more information about what’s new in Surface Hub 2S, see:
+
+- [Surface Hub 2S product site](https://www.microsoft.com/p/surface-hub-2S/8P62MW6BN9G4?activetab=pivot:overviewtab)
+- [Behind the Design Surface Hub 2S](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099)
+
+## Surface Hub 2S compared with Surface Hub
+
+The following table details the differences between Surface Hub and Surface Hub 2S:
+
+|**Component**| **Surface Hub 55”**|**Surface Hub 84”**| **Surface Hub 2S**|
+|:----- |:---- |:---- |:----- |
+|**Form Factor**| 55” | 84” | 50” |
+|**Dimension**| 31.75” x 59.62” x 3.38” (806.4 mm x 1514.3 mm x 85.8 mm) | 46.12” x 86.7” x 4.15” (1171.5 mm x 2202.9 mm x 105.4 mm) | 29.2" x 43.2" x 3.0" (741 mm x 1097 mm x 76 mm) |
+|**Weight**| 105 lbs. (48 kg) | 280 lbs. (127 kg) | 61.6 lbs. (28 kg) |
+|**Display**| Resolution: 1920 x 1080 @ 120 Hz Contrast ratio: 1300:1 Touch: 100-point multi-touch Projective Capacitance optically bonded sensor | Resolution: 3840 x 2160 @ 120 Hz Contrast Ratio: 1400:1 Touch: 100-point multi-touch Projective Capacitance optically bonded sensor | Resolution: 3840 x 2560 @ 60 Hz |
+|**Aspect Ratio**| 16:9 | 16:9 | 3:2 |
+|**Storage**| SSD 128 GB | SSD 128 GB | SSD 128 GB |
+|**RAM**| 8 GB RAM | 8 GB RAM | 8 GB RAM |
+|**Processor**| 4th Generation Intel® Core i5 | 4th Generation Intel Core i7 | Quad-core 8th Generation Intel Core i5 processor |
+|**Graphics**| Intel HD 4600 | NVIDIA Quadro K2200 | Intel UHD Graphics 620 |
+|**Network**| Wi-Fi (802.11 a/b/g/n/ac) Ethernet 1 Gbps Bluetooth 4.0 low energy Miracast enabled | Wi-Fi (802.11 a/b/g/n/ac) Ethernet 1 Gbps Bluetooth 4.0 low energy Miracast enabled | Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac) Ethernet 1 Gbps Bluetooth Wireless 4.1 technology Miracast Display |
+|**Ports**| (1) USB 3.0 (bottom) + (1) USB 3.0 (side access) (2) USB 2.0 DisplayPort Video Output 3.5 mm Stereo Out RJ11 Connector for system-level control
DisplayPort Video Input HDMI Video Input VGA Video Input 3.5 mm Stereo Input (1) USB 2.0 type B Touchback Output | (1) USB 3.0 (bottom) + (1) USB 3.0 (side access) (4) USB 2.0 DisplayPort Video Output 3.5 mm Stereo Out RJ11 Connector for system-level control
DisplayPort Video Input HDMI Video Input VGA Video Input 3.5 mm Stereo Input (1) USB 2.0 type B Touchback Output | (1) USB-A Mini-DisplayPort Video Output HDMI Video Input USB-C with DisplayPort Input (4) USB-C (on display) RJ45 Gigabit Ethernet |
+|**Sensors**| (2) Passive Infrared Presence Sensors, Ambient Light Sensors | (2) Passive Infrared Presence Sensors, Ambient Light Sensors | Doppler occupancy sensor, Accelerometer, Gyroscope |
+|**NFC**| NFC reader | NFC reader | N/A |
+|**Speakers**| (2) Front-facing stereo speakers | (2) Front-facing stereo speakers | Full range front facing 3-way stereo speakers |
+|**Microphone**| High-Performance, 4-Element Array | High-Performance, 4-Element Array | Full band 8-element MEMS microphone array |
+|**Camera**| (2) Wide angle HD cameras 1080p @ 30 fps | (2) Wide angle HD cameras 1080p @ 30 fps | (1) Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree horizontal field of view |
+|**Pen**| (2) Powered, active, subpixel accuracy | (2) Powered, active, subpixel accuracy | (1) Microsoft Surface Hub 2 Pen (active) |
+|**Physical buttons**| Power, Input Select, Volume, Brightness | Power, Input Select, Volume, Brightness | Power, Volume, Source |
+|**Software**| Windows 10 + Office (Word, PowerPoint, Excel) | Windows 10 + Office (Word, PowerPoint, Excel) | Windows 10 + Office (Word, PowerPoint, Excel) |
+
+> [!NOTE]
+> The NFC reader available in the original Surface Hub is discontinued in Surface Hub 2S and is no longer available.
diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md
index d85c5765d3..2ffa84dd12 100644
--- a/devices/surface-hub/surface-hub-authenticator-app.md
+++ b/devices/surface-hub/surface-hub-authenticator-app.md
@@ -16,7 +16,6 @@ localizationpriority: medium
People in your organization can sign in to a Surface Hub without a password using the Microsoft Authenticator app, available on Android and iOS.
-
## Organization prerequisites
To let people in your organization sign in to Surface Hub with their phones and other devices instead of a password, you’ll need to make sure that your organization meets these prerequisites:
@@ -35,36 +34,34 @@ To let people in your organization sign in to Surface Hub with their phones and
- Surface Hub is set up with either a local or domain-joined account.
-Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to Azure AD.
+Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to Azure AD.
## Individual prerequisites
- An Android phone running 6.0 or later, or an iPhone or iPad running iOS9 or later
-- The most recent version of the Microsoft Authenticator app from the appropriate app store
+- The most recent version of the Microsoft Authenticator app from the appropriate app store
+
>[!NOTE]
>On iOS, the app version must be 5.4.0 or higher.
>
>The Microsoft Authenticator app on phones running a Windows operating system can't be used to sign in to Surface Hub.
-
+
- Passcode or screen lock on your device is enabled
- A standard SMTP email address (example: joe@contoso.com). Non-standard or vanity SMTP email addresses (example: firstname.lastname@contoso.com) currently don’t work.
-
## How to set up the Microsoft Authenticator app
>[!NOTE]
>If Company Portal is installed on your Android device, uninstall it before you set up Microsoft Authenticator. After you set up the app, you can reinstall Company Portal.
>
->If you have already set up Microsoft Authenticator on your phone and registered your device, go to the [sign-in instructions](#signin).
+>If you have already set up Microsoft Authenticator on your phone and registered your device, go to the sign-in instructions.
1. Add your work or school account to Microsoft Authenticator for Multi-Factor Authentication. You will need a QR code provided by your IT department. For help, see [Get started with the Microsoft Authenticator app](https://docs.microsoft.com/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to).
2. Go to **Settings** and register your device.
-1. Return to the accounts page and choose **Enable phone sign-in** from the account dropdown menu.
+3. Return to the accounts page and choose **Enable phone sign-in** from the account dropdown menu.
-
-
## How to sign in to Surface Hub during a meeting
1. After you’ve set up a meeting, go to the Surface Hub and select **Sign in to see your meetings and files**.
@@ -77,14 +74,13 @@ Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs tha
2. You’ll see a list of the people invited to the meeting. Select yourself (or the person who wants to sign in – make sure this person has gone through the steps to set up their device before your meeting), and then select **Continue**.
-
+
You'll see a code on the Surface Hub.
-
+
-
+
3. To approve the sign-in, open the Authenticator app, enter the four-digit code that’s displayed on the Surface Hub, and select **Approve**. You will then be asked to enter the PIN or use your fingerprint to complete the sign in.
-
-You can now access all files through the OneDrive app.
+You can now access all files through the OneDrive app.
\ No newline at end of file
diff --git a/devices/surface-hub/surface-hub-site-readiness-guide.md b/devices/surface-hub/surface-hub-site-readiness-guide.md
index b4f8598526..44e8717278 100644
--- a/devices/surface-hub/surface-hub-site-readiness-guide.md
+++ b/devices/surface-hub/surface-hub-site-readiness-guide.md
@@ -89,7 +89,7 @@ The 55” Surface Hub requires two people to safely lift and mount. The 84” Su
## Mounting and setup
-See the [Technical information]() section, or your mounting guide at http://www.microsoft.com/surface/support/surface-hub, for detailed instructions.
+See your mounting guide at http://www.microsoft.com/surface/support/surface-hub for detailed instructions.
There are three ways to mount your Surface Hub:
@@ -97,6 +97,10 @@ There are three ways to mount your Surface Hub:
- **Floor support mount**: Supports Surface Hub on the floor while it is permanently anchored to a conference space wall.
- **Rolling stand**: Supports Surface Hub and lets you move it to other conference locations. For links to guides that provide details about each mounting method, including building requirements, see http://www.microsoft.com/surface/support/surface-hub.
+For specifications on available mounts for the original Surface Hub, see the following:
+
+- [Surface Hub Mounts and Stands Datasheet](http://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf)
+- [Surface Hub Stand and Wall Mount Specifications](http://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf)
## The Connect experience
diff --git a/devices/surface-hub/surface-hub-technical-55.md b/devices/surface-hub/surface-hub-technical-55.md
index 8b10f58716..353347476f 100644
--- a/devices/surface-hub/surface-hub-technical-55.md
+++ b/devices/surface-hub/surface-hub-technical-55.md
@@ -77,7 +77,7 @@ USB type A, side I/O |  | Provides 1 USB 3.0 connection for U
USB type A, bottom I/O with blue insulator |  | Provides USB 3.0 connection.
3.5mm, bottom I/O |  | Provides analog audio out.
Display port, bottom I/O |  | Provides mirrored video out function to another display.
-IEC/EN60320-C13 receptable with hard switch |  | Provides AC input and compliance with EU power requirements.
+IEC/EN60320-C13 receptacle with hard switch |  | Provides AC input and compliance with EU power requirements.
RJ45, bottom I/O |  | Connects to Ethernet.
RJ11, bottom I/O |  | Connects to room control systems.
diff --git a/devices/surface-hub/surface-hub-technical-84.md b/devices/surface-hub/surface-hub-technical-84.md
index 4c87d4ed53..fb52cf8797 100644
--- a/devices/surface-hub/surface-hub-technical-84.md
+++ b/devices/surface-hub/surface-hub-technical-84.md
@@ -79,7 +79,7 @@ USB type A, side I/O |  | Provides 1 USB 3.0 connection for U
USB type A, bottom I/O with blue insulator |  | Provides USB 3.0 connection.
3.5mm, bottom I/O |  | Provides analog audio out.
Display port, bottom I/O |  | Provides mirrored video out function to another display.
-IEC/EN60320-C13 receptable with hard switch |  | Provides AC input and compliance with EU power requirements.
+IEC/EN60320-C13 receptacle with hard switch |  | Provides AC input and compliance with EU power requirements.
RJ45, bottom I/O |  | Connects to Ethernet.
RJ11, bottom I/O |  | Connects to room control systems.
diff --git a/devices/surface-hub/surface-hub-update-history.md b/devices/surface-hub/surface-hub-update-history.md
new file mode 100644
index 0000000000..881dfa5e4b
--- /dev/null
+++ b/devices/surface-hub/surface-hub-update-history.md
@@ -0,0 +1,487 @@
+---
+title: Surface Hub update history
+description: Surface Hub update history
+ms.assetid: d66a9392-2b14-4cb2-95c3-92db0ae2de34
+ms.reviewer:
+manager:
+keywords:
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Surface Hub update history
+
+Windows 10 was designed to be a service, which means it automatically gets better through periodic software updates. The great news is that you usually don’t have to do anything to get the latest Windows 10 updates—they'll download and install whenever they’re available.
+
+Most Windows updates focus on performance and security improvements to keep you going 24/7.
+
+One thing we’re hearing from you is that you want to know more about what's in our Windows 10 updates, so we're providing more details on this page. In the list below, the most recent Windows update is listed first. Installing the most recent update ensures that you also get any previous updates you might have missed, including security updates. Microsoft Store apps are updated through the Microsoft Store (managed by the Surface Hub's system administrator). Details about app updates are provided on a per-app basis.
+We'll be refreshing this page as new updates are released, so stay tuned for the latest info. And thank you for helping us learn and get better with each update!
+
+Please refer to the “[Surface Hub Important Information](https://support.microsoft.com/products/surface-devices/surface-hub)” page for related topics on current and past releases that may require your attention.
+
+## Windows 10 Team Creators Update 1703
+
+
+May 28, 2019—update for Team edition based on KB4499162* (OS Build 15063.1835)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Ensures that Surface Hub users aren't prompted to enter proxy credentials after the "Use device account credentials" feature has been enabled.
+* Resolves an issue where Skype connections fail periodically because audio/video isn't using the correct proxy.
+* Adds support for TLS 1.2 in Skype for Business.
+* Resolves a SIP connection failure in the Skype client when the Skype server has TLS 1.0 or TLS 1.1 disabled.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4499162](https://support.microsoft.com/help/4499162)
+
+
+
+April 25, 2019—update for Team edition based on KB4493436* (OS Build 15063.1784)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves video and audio sync issue with some USB devices that are connected to the Surface Hub.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4493436](https://support.microsoft.com/help/4493436)
+
+
+
+November 27, 2018—update for Team edition based on KB4467699* (OS Build 15063.1478)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Addresses an issue that prevents some users from Signing-In to “My Meetings and Files.”
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KBKB4467699](https://support.microsoft.com/help/KB4467699)
+
+
+
+October 18, 2018 —update for Team edition based on KB4462939* (OS Build 15063.1418)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business fixes:
+ * Resolves Skype for Business connection issue when resuming from sleep
+ * Resolves Skype for Business network connection issue, when device is connected to Internet
+ * Resolves Skype for Business crash when searching for users from directory
+* Resolves issue where the Hub mistakenly reports “No Internet connection” in enterprise proxy environments.
+* Implemented a feature allowing customers to op-in to a new Whiteboard experience.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4462939](https://support.microsoft.com/help/4462939)
+
+
+
+August 31, 2018 —update for Team edition based on KB4343889* (OS Build 15063.1292)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Adds support for Microsoft Teams
+* Resolves task management issue with Intune registration
+* Enables Administrators to disable Instant Messaging and Email services for the Hub
+* Additional bug fixes and reliability improvements for the Surface Hub Skype for Business App
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4343889](https://support.microsoft.com/help/4343889)
+
+
+
+June 21, 2018 —update for Team edition based on KB4284830* (OS Build 15063.1182)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Telemetry change in support of GDPR requirements in EMEA
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4284830](https://support.microsoft.com/help/KB4284830)
+
+
+
+April 17, 2018 —update for Team edition based on KB4093117* (OS Build 15063.1058)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves a wired projection issue
+* Enables bulk update for certain MDM (Mobile Device Management) policies
+* Resolves phone dialer issue with international calls
+* Addresses image resolution issue when 2 Surface Hubs join the same meeting
+* Resolves OMS (Operations Management Suite) certificate handling error
+* Addresses a security issue when cleaning up at the end of a session
+* Addresses Miracast issue, when Surface Hub is specified to channels 149 through 165
+ * Channels 149 through 165 will continue to be unusable in Europe, Japan or Israel due to regional governmental regulations
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4093117](https://support.microsoft.com/help/4093117)
+
+
+
+February 23, 2018 —update for Team edition based on KB4077528* (OS Build 15063.907)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolved an issue where MDM settings were not being correctly applied
+* Improved Cleanup process
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4077528](https://support.microsoft.com/help/4077528)
+
+
+
+January 16, 2018 —update for Team edition based on KB4057144* (OS Build 15063.877)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Adds ability to manage Start Menu tile layout via MDM
+* MDM bug fix on password rotation configuration
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4057144](https://support.microsoft.com/help/4057144)
+
+
+
+December 12, 2017 —update for Team edition based on KB4053580* (OS Build 15063.786)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves camera video flashes (tearing or flickers) during Skype for Business calls
+* Resolves Notification Center SSD ID issue
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4053580](https://support.microsoft.com/help/4053580)
+
+
+
+November 14, 2017 —update for Team edition based on KB4048954* (OS Build 15063.726)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Feature update that allows customers to enable 802.1x wired network authentication using MDM policy.
+* A feature update that enables users to dynamically select an application of their choice when opening a file.
+* Fix that ensures that End Session cleanup fully removes all connections between the user’s account and the device.
+* Performance fix that improves cleanup time as well as Miracast connection time.
+* Introduces Easy Authentication utilization during ad-hock meetings.
+* Fix that ensures service components to use the same proxy that is configured across the device.
+* Reduces and more thoroughly secures the telemetry transmitted by the device, reducing bandwidth utilization.
+* Enables a feature allowing users to provide feedback to Microsoft after a meeting concludes.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4048954](https://support.microsoft.com/help/4048954)
+
+
+
+October 10, 2017 —update for Team edition based on KB4041676* (OS Build 15063.674)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business
+ * Resolves issue that required a device reboot when resuming from sleep.
+ * Fixes issue where external contacts did not resolve through Skype Online Hub account.
+* PowerPoint
+ * Fixes problem where some PowerPoint presentations would not project on Hub.
+* General
+ * Fix to resolve issue where USB port could not be disabled by System Administrator.
+
+*[KB4041676](https://support.microsoft.com/help/4041676)
+
+
+
+September 12, 2017 —update for Team edition based on KB4038788* (OS Build 15063.605)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Security
+ * Resolves issue with Bitlocker when device wakes from sleep.
+* General
+ * Reduces frequency/amount of device health telemetry, improving system performance.
+ * Fixes issue that prevented device from collecting system logs.
+
+*[KB4038788](https://support.microsoft.com/help/4038788)
+
+
+
+August 1, 2017 — update for Team edition based on KB4032188* (OS Build 15063.498)
+
+* Skype for Business
+ * Resolves Skype for Business Sign-In issue, which required retry or system reboot.
+ * Resolves Skype for Business meeting time being incorrectly displayed.
+ * Fixes to improve Surface Hub Skype for Business reliability.
+
+*[KB4032188](https://support.microsoft.com/help/4032188)
+
+
+
+June 27, 2017 — update for Team edition based on KB4022716* (OS Build 15063.442)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Address NVIDIA driver crashes that may necessitate sleeping 84” Surface Hub to power down, requiring a manual restart.
+* Resolved an issue where some apps fail to launch on an 84” Surface Hub.
+
+*[KB4022716](https://support.microsoft.com/help/4022716)
+
+
+
+June 13, 2017 — update for Team edition based on KB4022725* (OS Build 15063.413)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+ * Resolved Pen ink dropping issues with pens
+ * Resolved issue causing extended time to “cleanup” meeting
+
+*[KB4022725](https://support.microsoft.com/help/4022725)
+
+
+
+May 24, 2017 — update for Team edition based on KB4021573* (OS Build 15063.328)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+ * Resolved issue with proxy setting retention during update issue
+
+*[KB4021573](https://support.microsoft.com/help/4021573)
+
+
+
+May 9, 2017 — update for Team edition based on KB4016871* (OS Build 15063.296)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+ * Addressed sleep/wake cycle issue
+ * Resolved several Reset and Recovery issues
+ * Addressed Update History tab issue
+ * Resolved Miracast service launch issue
+* Apps
+ * Fixed App package update error
+
+*[KB4016871](https://support.microsoft.com/help/4016871)
+
+
+
+Windows 10 Team Creators Update 1703 for Surface Hub — General Release notes (OS Build 15063.0)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Evolving the large screen experience
+ * Improved the meeting carousel in Welcome and Start
+ * Join meetings and end the session directly from the Start menu
+ * Apps can utilize more of the screen during a session
+ * Simplified Skype controls
+ * Improved mechanisms for providing feedback
+* Access My Personal Content*
+ * Personal single sign-on from Welcome or Start
+ * Join meetings and end the session directly from the Start menu
+ * Access personal files through OneDrive for Business directly from Start
+ * Pre-populated attendee sign-in
+ * Streamlined authentication flows with “Authenticator” app**
+* Deployment & Manageability
+ * Simplified OOBE experience through bulk provisioning
+ * Cloud-based device recovery service
+ * Enterprise client certificate support
+ * Improved proxy credential support
+ * Added and /improved Skype Quality of Service (QoS) configuration support
+ * Added ability to set default device volume in Settings
+ * Improved MDM support for Surface Hub [settings](https://docs.microsoft.com/surface-hub/remote-surface-hub-management)
+* Improved Security
+ * Added ability to restrict USB drives to BitLocker only
+ * Added ability to disable USB ports via MDM
+ * Added ability to disable “Resume session” functionality on timeout
+ * Addition of wired 802.1x support
+* Audio and Projection
+ * Dolby Audio “Human Speaker” enhancements
+ * Reduced “pen tap” sounds when using Pen during Skype for Business calls
+ * Added support for Miracast infrastructure connections
+* Reliability and Performance fixes
+ * Resolved several Reset and Recovery issues
+ * Resolved Surface Hub Exchange authentication issue when utilizing client certificates
+ * Improved Wi-Fi network connection and credentials stability
+ * Fixed Miracast audio popping and sync issues during video playback
+ * Included setting to disable auto connect behavior
+
+*Single sign-in feature requires use of Office365 and OneDrive for Business
+**Refer to Admin Guide for service requirements
+
+
+
+## Windows 10 Team Anniversary Update 1607
+
+
+March 14th, 2017 — update for Team edition based on KB4013429* (OS Build 14393.953)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+ * Security fix for File Explorer to prevent navigation to restricted file locations
+* Skype for Business
+ * Fix to address latency during Remote Desktop based screen sharing
+
+*[KB4013429](https://support.microsoft.com/help/4013429)
+
+
+
+January 10th, 2017 — update for Team edition based on KB4000825* (OS Build 14393.693)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Enabled selection of 106/109 Keyboard Layouts for use with physical Japanese keyboards
+
+*[KB4000825](https://support.microsoft.com/help/4000825)
+
+
+
+December 13, 2016 — update for Team edition based on KB3206632* (OS Build 14393.576)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves wired connection audio distortion issue
+
+*[KB3206632](https://support.microsoft.com/help/3206632)
+
+
+
+November 4, 2016 — update for Windows 10 Team Anniversary edition based on KB3200970* (OS Build 14393.447)
+
+This update to the Windows 10 Team Anniversary Update (version 1607) for Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business bug fixes to improve reliability
+
+*[KB3200970](https://support.microsoft.com/help/3200970)
+
+
+
+October 25, 2016 — update for Team edition based on KB3197954* (OS Build 14393.351)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Enabling new Sleep feature in OS and Bios to reduce the Surface Hub’s power consumption and improve its long-term reliability
+* General
+ * Resolves scenarios where the on-screen keyboard would sometimes not appear
+ * Resolves Whiteboard application shift that occasionally occurs when opening scheduled meeting
+ * Resolves issue that prevented Admins from changing the local administrator password, after device has been Reset
+ * BIOS change resolving issue with status bar tracking during device Reset
+ * UEFI update to resolve powering down issues
+
+*[KB3197954](https://support.microsoft.com/help/3197954)
+
+
+
+October 11, 2016 — update for Team edition based on KB3194496* (OS Build 14393.222)
+
+This update brings the Windows 10 Team Anniversary Update to Surface Hub and includes quality improvements and security fixes. (Your device will be running Windows 10 Version 1607 after it's installed.) Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business
+ * Performance improvements when joining meetings, including issues when joining a meeting using federated accounts
+ * Video Based Screen Sharing (VBSS) support now available on Skype for Business for Surface Hub
+ * Resolved disconnection after 5 minutes of idle time issue
+ * Resolved Skype Hub-to-Hub screen sharing failure
+ * Improvements to Skype video, including:
+ * Loss of video during meeting with multiple video presenters
+ * Video cropping during calls
+ * Outgoing call video not displaying for other participants
+ * Addressed issue with UPN sign in error
+ * Addressed issue with dial pad during use of Session Initiation Protocol (SIP) calls
+* Whiteboard
+ * User can now save and recall Whiteboard sessions using OneDrive online service (via Share functionality)
+ * Improved launching Whiteboard when removing pen from dock
+* Apps
+ * Pre-installed OneDrive app, for access to your personal and work files
+ * Pre-installed Photos app, to view photos and video
+ * Pre-installed PowerBI app, to view dashboards
+ * The Office apps – Word, Excel, PowerPoint – are all ink-enabled
+ * Edge on Surface Hub now supports Flash-based websites
+* General
+ * Enabled Audio Device Selection (for Surface Hubs attached using external audio devices)
+ * Enabled support for HDCP on DisplayPort output connector
+ * System UI changes to settings for usability optimization (refer to [User and Admin Guides](http://www.microsoft.com/surface/support/surface-hub) for additional details)
+ * Bug fixes and performance optimizations to speed up the Azure Active Directory sign-in flow
+ * Significantly improved time needed to reset and restore Surface Hub
+ * Windows Defender UI has been added within settings
+ * Improved UX touch to start
+ * Enabled support for greater than 1080p wireless projection via Miracast, on supported devices
+ * Resolved “There’s no internet connection” and “Appointments may be out of date” false notification states from launch
+ * Improved reliability of on-screen keyboard
+ * Additional support for creating Surface Hub provisioning packages using Windows Imaging & Configuration Designer (ICD) and improved Surface Hub monitoring solution on Operations Management Suite (OMS)
+
+*[KB3194496](https://support.microsoft.com/help/3194496)
+
+
+## Updates for Windows 10 Version 1511
+
+
+November 4, 2016 — update for Windows 10 Team (version 1511) on KB3198586* (OS Build 10586.679)
+
+This update to the Windows 10 Team edition (version 1511) to Surface Hub includes quality improvements and security fixes that are outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history). There are no Surface Hub specific items in this update.
+
+*[KB3198586](https://support.microsoft.com/help/3198586)
+
+
+
+July 12, 2016 — KB3172985* (OS Build 10586.494)
+
+This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes specific to the Surface Hub (those not already included in the [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history)), include:
+
+* Fixed issue that caused Windows system crashes
+* Fixed issue that caused repeated Edge crashes
+* Fixed issue causing pre-shutdown service crashes
+* Fixed issue where some app data wasn’t properly removed after a session
+* Updated Broadcom NFC driver to improve NFC performance
+* Updated Marvell Wi-Fi driver to improve Miracast performance
+* Updated Nvidia driver to fix a display bug in which 84" Surface Hub devices show dim or fuzzy content
+* Numerous Skype for Business issues fixed, including:
+ * Issue that caused Skype for Business to disconnect during meetings
+ * Issue in which users were unable to join meetings when the meeting organizer was on a federated configuration
+ * Enabling Skype for Business application sharing
+ * Issue that caused Skype application crashes
+* Added a prompt in “Settings” to inform users that the OS can become corrupted if device reset is interrupted before completion
+
+*[KB3172985](https://support.microsoft.com/help/3172985)
+
+
+
+June 14, 2016 — KB3163018* (OS Build 10586.420)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Constrained release. Refer to July 12, 2016 — [KB3172985](https://support.microsoft.com/en-us/help/3172985) (OS Build 10586.494) for Surface Hub specific package details
+
+*[KB3163018](https://support.microsoft.com/help/3163018)
+
+
+
+May 10, 2016 — KB3156421* (OS Build 10586.318)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Fixed issue that prevented certain Store apps (OneDrive) from installing
+* Fixed issue that caused touch input to stop responding in applications
+
+*[KB3156421](https://support.microsoft.com/help/3156421)
+
+
+
+April 12, 2016 — KB3147458* (OS Build 10586.218)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Fixed issue where volume level wasn’t properly reset between sessions
+
+*[KB3147458](https://support.microsoft.com/help/3147458)
+
+
+## Related topics
+
+* [Windows 10 feature road map](http://go.microsoft.com/fwlink/p/?LinkId=785967)
+* [Windows 10 release information](http://go.microsoft.com/fwlink/p/?LinkId=724328)
+* [Windows 10 November update: FAQ](http://windows.microsoft.com/windows-10/windows-update-faq)
+* [Microsoft Surface update history](http://go.microsoft.com/fwlink/p/?LinkId=724327)
+* [Microsoft Lumia update history](http://go.microsoft.com/fwlink/p/?LinkId=785968)
+* [Get Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=616447)
\ No newline at end of file
diff --git a/devices/surface-hub/surface-hub-wifi-direct.md b/devices/surface-hub/surface-hub-wifi-direct.md
index cfe236376f..5d8fad351d 100644
--- a/devices/surface-hub/surface-hub-wifi-direct.md
+++ b/devices/surface-hub/surface-hub-wifi-direct.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: levinec
ms.author: ellevin
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
diff --git a/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md
new file mode 100644
index 0000000000..12678d2a9c
--- /dev/null
+++ b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md
@@ -0,0 +1,25 @@
+---
+title: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
+description: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
+ms.assetid: 8af3a832-0537-403b-823b-12eaa7a1af1f
+ms.reviewer:
+manager:
+keywords:
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Summary
+
+In compliance with regional governmental regulations, all 5-GHz wireless devices in Europe, Japan, and Israel do not support the U-NII-3 band. In Surface Hub, the channels that are associated with U-NII-3 are 149 through 165. This includes Miracast connection on these channels. Therefore, Surface Hubs that are used in Europe, Japan, and Israel can't use channels 149 through 165 for Miracast connection.
+
+## More Information
+
+For more information see the [U-NII](https://en.wikipedia.org/wiki/U-NII) topic on Wikipedia.
+
+> [!NOTE]
+> Microsoft provides third-party contact information to help you find additional information about this topic. This information may change without notice. Microsoft does not guarantee the accuracy of third-party information.
\ No newline at end of file
diff --git a/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md
new file mode 100644
index 0000000000..2cb3ab2414
--- /dev/null
+++ b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md
@@ -0,0 +1,79 @@
+---
+title: How to use cloud recovery for BitLocker on a Surface Hub
+description: How to use cloud recovery for BitLocker on a Surface Hub
+ms.assetid: c0bde23a-49de-40f3-a675-701e3576d44d
+ms.reviewer:
+manager:
+keywords: Accessibility settings, Settings app, Ease of Access
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Summary
+
+This article describes how to use the cloud recovery function if you are unexpectedly prompted by BitLocker on a Surface Hub device.
+
+> [!NOTE]
+> You should follow these steps only if a BitLocker recovery key isn't available.
+
+> [!WARNING]
+> * This recovery process deletes the contents of the internal drive. If the process fails, the internal drive will become completely unusable. If this occurs, you will have to log a service request with Microsoft for a resolution.
+> * After the recovery process is complete, the device will be reset to the factory settings and returned to its Out of Box Experience state.
+> * After the recovery, the Surface Hub must be completely reconfigured.
+
+> [!IMPORTANT]
+> This process requires an open Internet connection that does not use a proxy or other authentication method.
+
+## Cloud recovery process
+
+To perform a cloud recovery, follow these steps:
+
+1. Select **Press Esc for more recovery options**.
+
+ 
+
+1. Select **Skip this drive**.
+
+ 
+
+1. Select **Recover from the cloud**.
+
+ 
+
+1. Select **Yes**.
+
+ 
+
+1. Select **Reinstall**.
+
+ 
+
+ 
+
+1. After the cloud recovery process is complete, start the reconfiguration by using the **Out of Box Experience**.
+
+ 
+
+## "Something went Wrong" error message
+
+This error is usually caused by network issues that occur during the recovery download. When this issue occurs, don't turn off the Hub because you won't be able to restart it. If you receive this error message, return to the "Recover from the cloud" step, and then restart the recovery process.
+
+1. Select **Cancel**.
+
+ 
+
+1. Select **Troubleshoot**.
+
+ 
+
+1. Select **Recover from the cloud**.
+
+ 
+
+1. If the **Wired network isn't found** error occurs, select **Cancel**, and then let the Surface Hub rediscover the wired network.
+
+ 
\ No newline at end of file
diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
index 65b4f6f1ca..57f4f3faa0 100644
--- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
+++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
@@ -1,5 +1,5 @@
---
-title: Use fully qualified doman name with Surface Hub
+title: Use fully qualified domain name with Surface Hub
description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.
keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"]
author: levinec
diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index f8c792f932..e18ca0fcd5 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -76,7 +76,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change
| 0 | S5 | Off |
| 5 | S0 | Ready |
-For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and reponses.
+For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and responses.
| Command | State change| Response |
| --- | --- | --- |
diff --git a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
new file mode 100644
index 0000000000..eedbfe9ae5
--- /dev/null
+++ b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
@@ -0,0 +1,137 @@
+---
+title: Using the Surface Hub Hardware Diagnostic Tool to test a device account
+description: Using the Surface Hub Hardware Diagnostic Tool to test a device account
+ms.assetid: a87b7d41-d0a7-4acc-bfa6-b9070f99bc9c
+ms.reviewer:
+manager:
+keywords: Accessibility settings, Settings app, Ease of Access
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Using the Surface Hub Hardware Diagnostic Tool to test a device account
+
+## Introduction
+
+> [!NOTE]
+> The "Account Settings" section of the Surface Hub Hardware Diagnostic tool doesn’t collect any information. The email and password that are entered as input are used only directly on your environment and not collected or transferred to anyone. The login information persists only until the application is closed or you end the current session on the Surface Hub.
+
+> [!IMPORTANT]
+> * Administrator privileges are not required to run this application.
+> * The results of the diagnostic should be discussed with your local administrator before you open a service call with Microsoft.
+
+### Surface Hub Hardware Diagnostic
+
+By default, the [Surface Hub Hardware Diagnostic](https://www.microsoft.com/store/apps/9nblggh51f2g) application isn’t installed in earlier versions of the Surface Hub system. The application is available for free from the Microsoft Store. Administrator privileges are required to install the application.
+
+ 
+
+## About the Surface Hub Hardware Diagnostic Tool
+
+The Surface Hub Hardware Diagnostic tool is an easy-to-navigate tool that lets the user test many of the hardware components within the Surface Hub device. This tool can also test and verify a Surface Hub device account. This article describes how to use the Account Settings test within the Surface Hub Hardware Diagnostic tool.
+
+> [!NOTE]
+> The device account for the Surface Hub should be created before any testing is done. The Surface Hub Administrator Guide provides instructions and PowerShell scripts to help you create on-premises, online (Office365), or hybrid device accounts. For more information, go to the [Create and test a device account (Surface Hub)](https://docs.microsoft.com/surface-hub/create-and-test-a-device-account-surface-hub) topic in the guide.
+
+### Device account testing process
+
+1. Navigate to **All Apps**, and then locate the Surface Hub Hardware Diagnostic application.
+
+ 
+
+1. When the application starts, the **Welcome** page provides a text window to document the reason why you are testing the Hub. This note can be saved to USB together with the diagnostic results at the conclusion of testing. After you finish entering a note, select the **Continue** button.
+
+ 
+
+1. The next screen provides you the option to test all or some of the Surface Hub components. To begin testing the device account, select the **Test Results** icon.
+
+ 
+
+ 
+
+1. Select **Account Settings**.
+
+ 
+
+ The Account Settings screen is used to test your device account.
+
+ 
+
+1. Enter the email address of your device account. The password is optional but is recommended. Select the **Test Account** button when you are ready to continue.
+
+ 
+
+1. After testing is finished, review the results for the four areas of testing. Each section can be expanded or collapsed by selecting the Plus or Minus sign next to each topic.
+
+ **Network**
+
+ 
+
+ **Environment**
+
+ 
+
+ **Certificates**
+
+ 
+
+ **Trust Model**
+
+ 
+
+## Appendix
+
+### Field messages and resolution
+
+#### Network
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+Internet Connectivity |Device does have Internet connectivity |Device does not have Internet connectivity |Verifies internet connectivity, including proxy connection |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
+HTTP Version |1.1 |1.0 |If HTTP 1.0 found, it will cause issue with WU and Store |
+Direct Internet Connectivity |Device has a Proxy configured Device has no Proxy configured |N/A |Informational. Is your device behind a proxy? |
+Proxy Address | | |If configured, returns proxy address. |
+Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated thru the proxy. |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
+Proxy Auth Types | | |If proxy authentication is used, return the Authentication methods advertised by the proxy. |
+
+#### Environment
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+SIP Domain | | |Informational. |
+Skype Environment |Skype for Business Online, Skype for Business OnPrem, Skype for Business Hybrid |Informational. |What type of environment was detected. Note: Hybrid can only be detected if the password is entered.
+LyncDiscover FQDN | | |Informational. Displays the LyncDiscover DNS result |
+LyncDiscover URI | | |Informational. Displays the URL used to perform a LyncDiscover on your environment.|
+LyncDiscover |Connection Successful |Connection Failed |Response from LyncDiscover web service. |
+SIP Pool Hostname | | |Informational. Display the SIP pool name discovered from LyncDiscover |
+
+#### Certificates (in-premises hybrid only)
+
+LyncDiscover Certificate
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+LyncDiscover Cert CN | | |Informational. Displays the LD cert Common name |
+LyncDiscover Cert CA | | |Informational. Displays the LD Cert CA |
+LyncDiscover Cert Root CA | | |Informational. Displays the LD Cert Root CA, if available. |
+LD Trust Status |Certificate is Trusted. |Certificate is not trusted, please add the Root CA. |Verify the certificate against the local cert store. Returns positive if the machine trusts the certificate.|[Download and deploy Skype for Business certificates using PowerShell](https://blogs.msdn.microsoft.com/surfacehub/2016/06/07/download-and-deploy-skype-for-business-certificates-using-powershell/)/[Supported items for Surface Hub provisioning packages](https://docs.microsoft.com/surface-hub/provisioning-packages-for-surface-hub#supported-items-for-surface-hub-provisioning-packages)
+
+SIP Pool Certification
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+SIP Pool Cert CN | | |(CONTENTS) |
+SIP Pool Cert CA | | |(CONTENTS) |
+SIP Pool Trust Status |Certificate is Trusted. |Certificate is not trusted, please add the Root CA. |Verify the certificate against the local cert store and return a positive if the devices trusts the certificate. |
+SIP Pool Cert Root CA | | |Information. Display the SIP Pool Cert Root CA, if available. |
+
+#### Trust Model (on-premises hybrid only)
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+Trust Model Status |No Trust Model Issue Detected. |SIP Domain and server domain are different please add the following domains. |Check the LD FQDN/ LD Server Name/ Pool Server name for Trust model issue. |[Surface Hub and the Skype for Business Trusted Domain List](https://blogs.technet.microsoft.com/y0av/2017/10/25/95/)
+Domain Name(s) | | |Return the list of domains that should be added for SFB to connect. |
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index 525c84acb2..2c8a3793a6 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -44,14 +44,14 @@ To get Whiteboard to Whiteboard collaboration up and running, you’ll need to m
To start a collaboration session:
-1. In the Whiteboard app, tap the **Sign in** button.
-2. Sign in with your organization ID.
-3. Tap the **Invite** button next to your name at the top of the app.
-4. Tap **Start session**. Whiteboard will generate a link that you can share.
+1. In the Whiteboard app, tap the **Sign in** button.
+2. Sign in with your organization ID.
+3. Tap the **Invite** button next to your name at the top of the app.
+4. Tap **Start session**. Whiteboard will generate a link that you can share.
-5. Copy and paste this link into a Skype chat with another Surface Hub
+5. Copy and paste this link into a Skype chat with another Surface Hub
When the other Surface Hub receives the link, the recipient can tap on the link, sign in to Whiteboard, and then begin collaborating. You can copy and paste other content, use smart ink features like Ink to Shape, and co-author together.
diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md
index c83a77a2bd..15a51ed349 100644
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@@ -1,39 +1,57 @@
# [Surface](index.md)
-## [Deploy Surface devices](deploy.md)
+
+## Get started
+
+## Overview
+### [Surface Pro Tech specs](https://www.microsoft.com/surface/devices/surface-pro/tech-specs)
+### [Surface Book Tech specs](https://www.microsoft.com/surface/devices/surface-book/tech-specs)
+### [Surface Studio Tech specs](https://www.microsoft.com/surface/devices/surface-studio/tech-specs)
+### [Surface Go Tech specs](https://www.microsoft.com/surface/devices/surface-go/tech-specs)
+### [Surface Laptop 2 Tech specs](https://www.microsoft.com/surface/devices/surface-laptop/tech-specs)
+
+## Plan
### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md)
-#### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md)
+### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md)
+### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
+### [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
+### [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md)
+### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
+### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)
+
+## Deploy
+### [Deploy Surface devices](deploy.md)
+### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
+### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)
### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)
### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)
-### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)
-### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
-#### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
-#### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
-### [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
+### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
+### [Surface System SKU reference](surface-system-sku-reference.md)
+
+## Manage
+### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
### [Battery Limit setting](battery-limit.md)
### [Surface Brightness Control](microsoft-surface-brightness-control.md)
### [Surface Asset Tag](assettag.md)
-## [Surface firmware and driver updates](update.md)
+### [Surface firmware and driver updates](update.md)
### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
### [Surface Dock Updater](surface-dock-updater.md)
-### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
-## [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
-## [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md)
-## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
-## [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
+### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
+
+## Secure
+### [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
-### [Surface System SKU reference](surface-system-sku-reference.md)
-## [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
+### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
-### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
-## [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
+
+## Support
+### [Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md)
+### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
-## [Surface Data Eraser](microsoft-surface-data-eraser.md)
-## [Top support solutions for Surface devices](support-solutions-surface.md)
-## [Change history for Surface documentation](change-history-for-surface.md)
-
-
+### [Surface Data Eraser](microsoft-surface-data-eraser.md)
+### [Top support solutions for Surface devices](support-solutions-surface.md)
+### [Change history for Surface documentation](change-history-for-surface.md)
diff --git a/devices/surface/advanced-uefi-security-features-for-surface.md b/devices/surface/advanced-uefi-security-features-for-surface.md
deleted file mode 100644
index 9c6edd4717..0000000000
--- a/devices/surface/advanced-uefi-security-features-for-surface.md
+++ /dev/null
@@ -1,3 +0,0 @@
----
-redirect_url: https://technet.microsoft.com/itpro/surface/advanced-uefi-security-features-for-surface-pro-3
----
\ No newline at end of file
diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index d4e7df2e2b..14eea5c91d 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -15,11 +15,27 @@ ms.topic: article
This topic lists new and updated topics in the Surface documentation library.
+## July 2019
+
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | Renamed to reflect focus on deployment guidance for IT professionals. Covers minor changes in Version 2.41.139.0. |
+
+
+
+## June 2019
+
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+|[Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) | New introductory page for the Surface Diagnostic Toolkit for Business. |
+| [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) |Updated with summary of recommendations for managing power settings and optimizing battery life. |
+
+
## March 2019
-New or changed topic | Description
---- | ---
-[Surface System SKU reference](surface-system-sku-reference.md) | New
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Surface System SKU reference](surface-system-sku-reference.md) | New |
## February 2019
diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md
index 9448059c5b..5c4cc7c4a3 100644
--- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md
+++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md
@@ -54,7 +54,7 @@ Before users can install or deploy an app from a company’s Microsoft Store for
*Figure 1. Enable apps for offline use*
-4. Add Surface app to your Microsoft Store for Business account by following this procedure:
+4. Add Surface app to your Microsoft Store for Business account by following this procedure:
* Click the **Shop** menu.
* In the search box, type **Surface app**, and then click the search icon.
* After the Surface app is presented in the search results, click the app’s icon.
@@ -99,21 +99,21 @@ Figure 5 shows the required frameworks for the Surface app.
>The version numbers of the Surface app and required frameworks will change as the apps are updated. Check for the latest version of Surface app and each framework in Microsoft Store for Business. Always use the Surface app and recommended framework versions as provided by Microsoft Store for Business. Using outdated frameworks or the incorrect versions may result in errors or application crashes.
To download the required frameworks for the Surface app, follow these steps:
-1. Click the **Download** button under **Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx file to your specified folder.
-2. Click the **Download** button under **Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx file to your specified folder.
+1. Click the **Download** button under **Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx file to your specified folder.
+2. Click the **Download** button under **Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx file to your specified folder.
>[!NOTE]
>Only the 64-bit (x64) version of each framework is required for Surface devices. Surface devices are native 64-bit UEFI devices and are not compatible with 32-bit (x86) versions of Windows that would require 32-bit frameworks.
## Install Surface app on your computer with PowerShell
The following procedure provisions the Surface app onto your computer and makes it available for any user accounts created on the computer afterwards.
-1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file.
-2. Begin an elevated PowerShell session.
+1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file.
+2. Begin an elevated PowerShell session.
>[!NOTE]
>If you don’t run PowerShell as an Administrator, the session won’t have the required permissions to install the app.
-3. In the elevated PowerShell session, copy and paste the following command:
+3. In the elevated PowerShell session, copy and paste the following command:
```
Add-AppxProvisionedPackage –Online –PackagePath \ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle –LicensePath \ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml
```
@@ -125,7 +125,7 @@ The following procedure provisions the Surface app onto your computer and makes
Add-AppxProvisionedPackage –Online –PackagePath c:\Temp\ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle –LicensePath c:\Temp\ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml
```
-4. The Surface app will now be available on your current Windows computer.
+4. The Surface app will now be available on your current Windows computer.
Before the Surface app is functional on the computer where it has been provisioned, you must also provision the frameworks described earlier in this article. To provision these frameworks, use the following procedure in the elevated PowerShell session you used to provision the Surface app.
@@ -151,18 +151,18 @@ The following procedure uses MDT to automate installation of the Surface app at
* Working Directory: %DEPLOYROOT%\Applications\SurfaceApp
For the Surface app to function on the target computer, it will also require the frameworks described earlier in this article. Use the following procedure to import the frameworks required for the Surface app into MDT and to configure them as dependencies.
-1. Using the procedure described earlier in this article, download the framework files. Store each framework in a separate folder.
-2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
-3. On the **Command Details** page, type the file name of each application you downloaded in the **Command** field and the default Working Directory.
+1. Using the procedure described earlier in this article, download the framework files. Store each framework in a separate folder.
+2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
+3. On the **Command Details** page, type the file name of each application you downloaded in the **Command** field and the default Working Directory.
To configure the frameworks as dependencies of the Surface app, use this process:
-1. Open the properties of the Surface app in the MDT Deployment Workbench.
-2. Click the **Dependencies** tab, and then click **Add**.
-3. Select the check box for each framework using the name you provided in the New Application Wizard.
+1. Open the properties of the Surface app in the MDT Deployment Workbench.
+2. Click the **Dependencies** tab, and then click **Add**.
+3. Select the check box for each framework using the name you provided in the New Application Wizard.
After import, the Surface app will be available for selection in the **Applications** step of the Windows Deployment Wizard. You can also install the application automatically by specifying the application in the deployment task sequence by following this process:
-1. Open your deployment task sequence in the MDT Deployment Workbench.
-2. Add a new **Install Application** task in the **State Restore** section of deployment.
-3. Select **Install a single application** and specify the **Surface App** as the **Application to be installed**.
+1. Open your deployment task sequence in the MDT Deployment Workbench.
+2. Add a new **Install Application** task in the **State Restore** section of deployment.
+3. Select **Install a single application** and specify the **Surface App** as the **Application to be installed**.
For more information about including apps into your Windows deployments, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit).
diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
index e749f22972..ea5592fb85 100644
--- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
+++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
@@ -579,10 +579,10 @@ After the task sequence is created it can be modified for increased automation,
8. On the **Properties** tab of the new **Install Application** step, enter **Install Microsoft Office 2016 Click-to-Run** in the **Name** field.
9. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
-10. Select Office 2016 Click-to-Run from the list of applications, and then click **OK**.
-11. Repeat Steps 6 through 10 for the Surface app.
-12. Expand the **Preinstall** folder, and then click the **Enable BitLocker (Offline)** step.
-13. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
+10. Select Office 2016 Click-to-Run from the list of applications, and then click **OK**.
+11. Repeat Steps 6 through 10 for the Surface app.
+12. Expand the **Preinstall** folder, and then click the **Enable BitLocker (Offline)** step.
+13. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
14. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 22), configure the following options:
* **Name** – Set DriverGroup001
* **Task Sequence Variable** – DriverGroup001
@@ -592,8 +592,8 @@ After the task sequence is created it can be modified for increased automation,
*Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence*
-15. Select the **Inject Drivers** step, the next step in the task sequence.
-16. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 23), configure the following options:
+15. Select the **Inject Drivers** step, the next step in the task sequence.
+16. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 23), configure the following options:
* In the **Choose a selection profile** drop-down menu, select **Nothing**.
* Click the **Install all drivers from the selection profile** button.
@@ -601,7 +601,7 @@ After the task sequence is created it can be modified for increased automation,
*Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows*
-17. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
+17. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
### Configure deployment share rules
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
index 207b2119b7..75607e9f4d 100644
--- a/devices/surface/docfx.json
+++ b/devices/surface/docfx.json
@@ -22,12 +22,10 @@
}
],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/surface/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
- "ms.author": "jdecker",
"ms.date": "05/09/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/devices/surface/documentation/surface-system-sku-reference.md b/devices/surface/documentation/surface-system-sku-reference.md
new file mode 100644
index 0000000000..c0aa8460a0
--- /dev/null
+++ b/devices/surface/documentation/surface-system-sku-reference.md
@@ -0,0 +1,55 @@
+---
+title: Surface System SKU reference
+description: This topic provides a reference of System SKU names that you can use to quickly determine the machine state of a specific device.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: coveminer
+ms.author: v-jokai
+ms.topic: article
+ms.date: 03/12/2019
+---
+# Surface System SKU Reference
+This document provides a reference of System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell, WMI, and related tools.
+
+System SKU is a variable (along with System Model and others) stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. Use the System SKU name whenever you need to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.
+
+| **Device**| **System Model** | **System SKU**|
+| --- | ---| --- |
+| Surface 3 WiFI | Surface 3 | Surface_3 |
+| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 |
+| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 |
+| Surface 3 LTE North America | Surface 3 | Surface_3_NAG |
+| Surface 3 LTE Outside of North America and T-Mobile In Japan | Surface 3 | Surface_3_ROW |
+| Surface Pro | Surface Pro | Surface_Pro_1796 |
+| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 |
+| Surface Book 2 13inch | Surface Book 2 | Surface_Book_1832 |
+| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 |
+| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer |
+| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
+| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
+| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
+| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
+| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
+
+## Using System SKU variables
+
+### PowerShell
+
+ gwmi -namespace root\wmi -class MS_SystemInformation | select SystemSKU
+
+### System Information
+You can also find the System SKU and System Model for a device in System Information.
+- Click **Start** > **MSInfo32**.
+
+### WMI
+You can use System SKU variables in a Task Sequence WMI Condition in the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager. For example:
+
+ - WMI Namespace – Root\WMI
+ - WQL Query – SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796"
+
+
+
+
+
+
diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md
index 3d04792b01..7eb53c4ec9 100644
--- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md
+++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md
@@ -63,15 +63,15 @@ To create a Surface UEFI configuration package, follow these steps:
*Figure 4. Disable or enable individual Surface components*
-11. Click **Next**.
-12. To enable or disable advanced options in Surface UEFI or the display of Surface UEFI pages, on the **Choose the advanced settings for your devices** page, click the slider beside the desired setting to configure that option to **On** or **Off** (shown in Figure 5). In the **UEFI Front Page** section, you can use the sliders for **Security**, **Devices**, and **Boot** to control what pages are available to users who boot into Surface UEFI. (For more information about Surface UEFI settings, see [Manage Surface UEFI settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).) Click **Build** when you have finished selecting options to generate and save the package.
+11. Click **Next**.
+12. To enable or disable advanced options in Surface UEFI or the display of Surface UEFI pages, on the **Choose the advanced settings for your devices** page, click the slider beside the desired setting to configure that option to **On** or **Off** (shown in Figure 5). In the **UEFI Front Page** section, you can use the sliders for **Security**, **Devices**, and **Boot** to control what pages are available to users who boot into Surface UEFI. (For more information about Surface UEFI settings, see [Manage Surface UEFI settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).) Click **Build** when you have finished selecting options to generate and save the package.
*Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM*
-13. In the **Save As** dialog box, specify a name for the Surface UEFI configuration package, browse to the location where you would like to save the file, and then click **Save**.
-14. When the package is created and saved, the **Successful** page is displayed.
+13. In the **Save As** dialog box, specify a name for the Surface UEFI configuration package, browse to the location where you would like to save the file, and then click **Save**.
+14. When the package is created and saved, the **Successful** page is displayed.
>[!NOTE]
>Record the certificate thumbprint characters that are displayed on this page, as shown in Figure 6. You will need these characters to confirm enrollment of new Surface devices in SEMM. Click **End** to complete package creation and close Microsoft Surface UEFI Configurator.
diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md
new file mode 100644
index 0000000000..9294a400bc
--- /dev/null
+++ b/devices/surface/get-started.md
@@ -0,0 +1,164 @@
+---
+title: Get started with Surface devices
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+layout: LandingPage
+ms.assetid:
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: landing-page
+description: "Get started with Microsoft Surface devices"
+---
+# Get started with Surface devices
+
+Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization.
+
+
\ No newline at end of file
diff --git a/devices/surface/images/Surface-Devices-400x140.svg b/devices/surface/images/Surface-Devices-400x140.svg
new file mode 100644
index 0000000000..4414de0f16
--- /dev/null
+++ b/devices/surface/images/Surface-Devices-400x140.svg
@@ -0,0 +1,25 @@
+
+
+
diff --git a/devices/surface/images/Surface-Hub-400x140.svg b/devices/surface/images/Surface-Hub-400x140.svg
new file mode 100644
index 0000000000..f5a5c12a56
--- /dev/null
+++ b/devices/surface/images/Surface-Hub-400x140.svg
@@ -0,0 +1,51 @@
+
+
+
diff --git a/devices/surface/images/Surface-Workplace-400x140.svg b/devices/surface/images/Surface-Workplace-400x140.svg
new file mode 100644
index 0000000000..9bb3779192
--- /dev/null
+++ b/devices/surface/images/Surface-Workplace-400x140.svg
@@ -0,0 +1,33 @@
+
+
+
diff --git a/devices/surface/index.md b/devices/surface/index.md
index e559820d25..b6709b00f1 100644
--- a/devices/surface/index.md
+++ b/devices/surface/index.md
@@ -1,63 +1,150 @@
+---
+title: Microsoft Surface documentation and resources
+layout: HubPage
+hide_bc: true
+description: Surface and Surface Hub documentation for admins & IT professionals
+author: robmazz
+ms.author: robmazz
+manager: laurawi
+ms.topic: hub-page
+keywords: Microsoft Surface, Microsoft Surface Hub, Surface documentation
+localization_priority: Normal
+audience: ITPro
+ms.prod: Surface
+description: Learn about Microsoft Surface and Surface Hub devices.
---
-title: Surface (Surface)
-description:
-ms.assetid: 2a6aec85-b8e2-4784-8dc1-194ed5126a04
-ms.localizationpriority: high
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: heatherpoulsen
-ms.author: jdecker
-ms.topic: article
-ms.date: 10/16/2017
----
-
-# Surface
-
-
-This library provides guidance to help you deploy Windows on Microsoft Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization.
-
-For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/windows/surface).
-
-## In this section
-
-| Topic | Description |
-| --- | --- |
-| [Deploy Surface devices](deploy.md) | Get deployment guidance for your Surface devices including information about MDT, OOBE customization, Ethernet adaptors, and Surface Deployment Accelerator. |
-| [Surface firmware and driver updates](update.md) | Find out how to download and manage the latest firmware and driver updates for your Surface device. |
-| [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) | Get guidance on how to deploy and manage Surface devices with System Center Configuration Manager. |
-| [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md) | Find out how to add and download Surface app with Microsoft Store for Business, as well as install Surface app with PowerShell and MDT. |
-| [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) | Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. |
-| [Manage Surface UEFI settings](manage-surface-uefi-settings.md) | Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings. |
-| [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. |
-| [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | Learn how to investigate, troubleshoot, and resolve hardware, software, and firmware issues with Surface devices. |
-| [Surface Data Eraser](microsoft-surface-data-eraser.md) | Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. |
-| [Top support solutions for Surface devices](support-solutions-surface.md) | These are the top Microsoft Support solutions for common issues experienced using Surface devices in an enterprise. |
-| [Change history for Surface documentation](change-history-for-surface.md) | This topic lists new and updated topics in the Surface documentation library. |
-
-
-## Learn more
-
-[Certifying Surface Pro 4 and Surface Book as standard devices at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/849/Certifying-Surface-Pro-4-and-Surface-Book-as-standard-devices-at-Microsoft)
-
-
-
-
-
-
-## Related topics
-
-
-[Surface TechCenter](https://technet.microsoft.com/windows/surface)
-
-[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
-
+
+
+
Microsoft Surface
+
Learn how to plan, deploy, and manage Microsoft Surface and Surface Hub devices.
diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
index 57852f1b49..6dcd9db277 100644
--- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
+++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
@@ -1,5 +1,5 @@
---
-title: Maintain optimal power settings
+title: Best practice power settings for Surface devices
description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience.
ms.prod: w10
ms.mktglfcycl: manage
@@ -7,12 +7,11 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 01/17/2019
ms.reviewer:
manager: dansimp
---
-# Maintain optimal power settings on Surface devices
+# Best practice power settings for Surface devices
Surface devices are designed to take advantage of the latest advances in
mobile device energy consumption to deliver a streamlined experience
@@ -22,9 +21,20 @@ components, momentarily waking up system components to handle background
tasks -- such as an incoming email or network traffic -- before returning to a
low power idle state (S0ix).
+## Summary of recommendations for IT administrators
+
+To ensure Surface devices across your organization fully benefit from Surface power optimization features:
+
+- Exclude Surface devices from any existing power management policy settings and let the Surface default policy control the power policy and behavior of the device.
+- If you must manage the power profile of devices across your network (such as in highly managed organizations), use the powercfg command tool to export the power profile from the factory image of the Surface device and then import it into the provisioning package for your Surface devices. For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings).
+- Always use the newest available version of the drivers and firmware for your devices and for the version of Windows 10 they're running. For more information, refer to [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
+- Avoid creating custom power profiles or adjusting advanced power settings not visible in the default UI (**System** > **Power & sleep**). For more information, refer to User best practices for extended battery life in this document.
+
+## Background
+
The way Surface implements power management differs significantly from
the earlier OS standard that gradually reduces and turns off power via a
-series of sleep states (S1, S2, S3).
+series of sleep states; for example, cycling through S1, S2, S3, and so on.
Instead, Surface is imaged with a custom power profile that replaces
legacy sleep and energy consumption functionality with modern standby
@@ -36,6 +46,11 @@ works in conjunction with Windows power manager to allocate or throttle
only the exact amount of power required for hardware components to
function.
+## Utilizing the custom power profile in Surface
+
+If you go into the power options on a surface device, you'll see that there's a single power plan available. This is the custom power profile. And if you go to the advanced power settings, you’ll see a much smaller subset of power options compared to a generic PC running Windows 10. Unlike generic devices, Surface has firmware and custom components to manage these power options.
+
+
## Modern Standby
The algorithmically embedded custom power profile enables modern standby
@@ -78,6 +93,7 @@ experience by delivering a single power plan (balanced) that replaces
the multiple power plans from standard Windows builds.
### Simplified power settings user interface
+
Surface provides a simplified UI in accord with best practice power
setting recommendations. In general, it's recommended to only adjust settings visible in the default user interface and avoid configuring advanced power settings or Group Policy settings. Using the default screen and sleep timeouts while avoiding maximum
brightness levels are the most effective ways for users to maintain
@@ -103,7 +119,7 @@ Power slider enables four states as described in the following table:
| Slider mode| Description |
|---|---|
-| Battery saver| Helps conserve power and prolong battery life when the system is disconnected from a power source. When battery saver is on, some Windows features are disabled, throttled, or behave differently. Screen brightness is also reduced. Battery saver is only available when using battery power (DC). To learn more, see [Battery Saver](https://docs.microsoft.com/en-us/windows-hardware/design/component-guidelines/battery-saver).|
+| Battery saver| Helps conserve power and prolong battery life when the system is disconnected from a power source. When battery saver is on, some Windows features are disabled, throttled, or behave differently. Screen brightness is also reduced. Battery saver is only available when using battery power (DC). To learn more, see [Battery Saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver).|
| Recommended | Delivers longer battery life than the default settings in earlier versions of Windows. |
| Better Performance | Slightly favors performance over battery life, functioning as the default slider mode. |
| Best Performance | Favors performance over power for workloads requiring maximum performance and responsiveness, regardless of battery power consumption.|
@@ -145,13 +161,14 @@ To learn more, see:
# Learn more
-- [Modern
+- [Modern
standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources)
-- [Customize the Windows performance power
+- [Customize the Windows performance power
slider](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-power-slider)
-- [Battery
+- [Battery
saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver)
+- [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
\ No newline at end of file
diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md
index 7ce3009574..a1e5874ea2 100644
--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@@ -18,12 +18,10 @@ ms.date: 07/27/2017
# Step by step: Surface Deployment Accelerator
-
This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. This article also contains instructions on how to perform these tasks without an Internet connection or without support for Windows Deployment Services network boot (PXE).
## How to install Surface Deployment Accelerator
-
For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).
1. Download SDA, which is included in [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) on the Microsoft Download Center.
@@ -47,56 +45,51 @@ The tool installs in the SDA program group, as shown in Figure 2.
>[!NOTE]
>At this point, the tool has not yet prepared any deployment environment or downloaded any materials from the Internet.
-
-
## Create a deployment share
-
The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
>[!NOTE]
>SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
-
-
1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
2. On the **Welcome** page, click **Next** to continue.
-3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
+3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
- > [!NOTE]
- > As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
- > * Deployment tools
- > * User State Migration Tool (USMT)
- > * Windows Preinstallation Environment (WinPE)
- >
- > [!NOTE]
- > As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
+ >[!NOTE]
+ >As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
+ > * Deployment tools
+ > * User State Migration Tool (USMT)
+ > * Windows Preinstallation Environment (WinPE)
-4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
+ > [!NOTE]
+ > As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
-5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
+4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
- - **Configure Deployment Share for Windows 10**
+5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
- - **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
+ - **Configure Deployment Share for Windows 10**
- - **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
+ - **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
- - **Windows 10 Deployment Services**
+ - **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
- - Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
+ - **Windows 10 Deployment Services**
- - **Windows 10 Source Files**
+ - Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
- - **Local Path** – Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
+ - **Windows 10 Source Files**
- 
+ - **Local Path** – Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
- *Figure 3. Specify Windows 10 deployment share options*
+ 
-6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
+ *Figure 3. Specify Windows 10 deployment share options*
+
+6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
@@ -105,7 +98,7 @@ The following steps show you how to create a deployment share for Windows 10 tha
>[!NOTE]
>You cannot select both Surface 3 and Surface 3 LTE models at the same time.
-7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
+7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
- Download of Windows ADK
@@ -125,84 +118,85 @@ The following steps show you how to create a deployment share for Windows 10 tha
- Creation of rules and task sequences for Windows deployment
- 
+ 
- *Figure 5. The Installation Progress window*
- >[!NOTE]
- >The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this:
+ *Figure 5. The Installation Progress window*
+
+ ### Optional: Workaround for Webclient exception
+
+ You may see this error message while installing the latest version of ADK or MDT: _An exception occurred during a WebClient request._ This is due to incompatibility between the Surface Deployment Accelerator (SDA) and Background Intelligent Transfer Service (BITS). To work around this issue, do the following.
- ```
- In the following two PowerShell scripts:
- %ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
- %ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
+ In the two PowerShell scripts:
-Edit the $BITSTransfer variable in the input parameters to $False as shown below:
+ ```PowerShell
+ %ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
+ %ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
+ ```
-Param(
- [Parameter(
- Position=0,
- Mandatory=$False,
- HelpMessage="Download via BITS bool true/false"
+ Edit the $BITSTransfer variable in the input parameters to $False as shown below:
+
+ ```PowerShell
+ Param(
+ [Parameter(
+ Position=0,
+ Mandatory=$False,
+ HelpMessage="Download via BITS bool true/false"
)]
[string]$BITSTransfer = $False
)
- ```
+ ```
-8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
+8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
-### Optional: Create a deployment share without an Internet connection
+ ### Optional: Create a deployment share without an Internet connection
-If you are unable to connect to the Internet with your deployment server, or if you want to download the Surface drivers and apps separately, you can specify a local source for the driver an app files at the time of deployment share creation. On the **Configure** page of the SDA wizard, select the **Copy from a Local Directory** check box, as shown in Figure 6. The **Download from the Internet** check box will be automatically deselected. Enter the folder location where you have placed the driver and app files in the **Local Path** field, as shown in Figure 6.
+ If you are unable to connect to the Internet with your deployment server, or if you want to download the Surface drivers and apps separately, you can specify a local source for the driver and app files at the time of deployment share creation. On the **Configure** page of the SDA wizard, select the **Copy from a Local Directory** check box, as shown in Figure 6. The **Download from the Internet** check box will be automatically deselected. Enter the folder location where you have placed the driver and app files in the **Local Path** field, as shown in Figure 6.
->[!NOTE]
->All of the downloaded driver and applications files must be located in the same folder. If a required driver or application file is missing from the selected folder when you click **Next**, a warning is displayed and the wizard will not proceed to the next step.
+ >[!NOTE]
+ >All of the downloaded driver and applications files must be located in the same folder. If a required driver or application file is missing from the selected folder when you click **Next**, a warning is displayed and the wizard will not proceed to the next step.
->[!NOTE]
->The driver and app files do not need to be extracted from the downloaded .zip files.
+ >[!NOTE]
+ >The driver and app files do not need to be extracted from the downloaded .zip files.
->[!NOTE]
->Including Office 365 in your deployment share requires an Internet connection and cannot be performed if you use local files.
+ >[!NOTE]
+ >Including Office 365 in your deployment share requires an Internet connection and cannot be performed if you use local files.
-
+ 
-*Figure 6. Specify the Surface driver and app files from a local path*
+ *Figure 6. Specify the Surface driver and app files from a local path*
->[!NOTE]
->The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
+ >[!NOTE]
+ >The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
+ ### Optional: Prepare offline USB media
+ You can use USB media to perform an SDA deployment if your Surface device is unable to boot from the network. For example, if you do not have a Microsoft Surface Ethernet Adapter or Microsoft Surface dock to facilitate network boot (PXE boot). The USB drive produced by following these steps includes a complete copy of the SDA deployment share and can be run on a Surface device without a network connection.
-### Optional: Prepare offline USB media
+ >[!NOTE]
+ >The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
-You can use USB media to perform an SDA deployment if your Surface device is unable to boot from the network. For example, if you do not have a Microsoft Surface Ethernet Adapter or Microsoft Surface dock to facilitate network boot (PXE boot). The USB drive produced by following these steps includes a complete copy of the SDA deployment share and can be run on a Surface device without a network connection.
+ Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
->[!NOTE]
->The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
+ 1. **diskpart** – Opens DiskPart to manage disks and partitions.
+ 2. **list disk** – Displays a list of the disks available in your system; use this list to identify the disk number that corresponds with your USB drive.
+ 3. **sel disk 2** – Selects your USB drive; use the number that corresponds with the disk in your system.
-Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
-
-1. **diskpart** – Opens DiskPart to manage disks and partitions.
-
-2. **list disk** – Displays a list of the disks available in your system; use this list to identify the disk number that corresponds with your USB drive.
-
-3. **sel disk 2** – Selects your USB drive; use the number that corresponds with the disk in your system.
-
-4. **clean** – Removes all configuration from your USB drive.
+ 4. **clean** – Removes all configuration from your USB drive.
>[!WARNING]
>This step will remove all information from your drive. Verify that your USB drive does not contain any needed data before you perform the **clean** command.
-5. **create part pri** – Creates a primary partition on the USB drive.
+ 5. **create part pri** – Creates a primary partition on the USB drive.
-6. **format fs=fat32 quick** – Formats the partition with the FAT32 file system, performing a quick format. FAT32 is required to boot the device from UEFI systems like Surface devices.
+ 6. **format fs=fat32 quick** – Formats the partition with the FAT32 file system, performing a quick format. FAT32 is required to boot the device from UEFI systems like Surface devices.
-7. **assign** – Assigns the next available drive letter to the newly created FAT32 volume.
+ 7. **assign** – Assigns the next available drive letter to the newly created FAT32 volume.
-8. **active** – Sets the partition to be active, which is required to boot the volume.
+ 8. **active** – Sets the partition to be active, which is required to boot the volume.
-9. **exit** – Exits DiskPart, after which you can close the PowerShell or Command Prompt window.
+ 9. **exit** – Exits DiskPart, after which you can close the PowerShell or Command Prompt window.
@@ -211,15 +205,13 @@ Before you can create bootable media files within the MDT Deployment Workbench o
>[!NOTE]
>You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly.
+ After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps:
+ 1. Open the **Deployment Workbench** from the **Microsoft Deployment Toolkit** group on your Start screen.
-After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps:
+ 2. Expand the **Deployment Shares** node and the **Microsoft Surface Deployment Accelerator** deployment share.
-1. Open the **Deployment Workbench** from the **Microsoft Deployment Toolkit** group on your Start screen.
-
-2. Expand the **Deployment Shares** node and the **Microsoft Surface Deployment Accelerator** deployment share.
-
-3. Expand the folder **Advanced Configuration** and select the **Media** folder.
+ 3. Expand the folder **Advanced Configuration** and select the **Media** folder.
4. Right-click the **Media** folder and click **New Media** as shown in Figure 8 to start the New Media Wizard.
@@ -227,78 +219,78 @@ After you have prepared the USB drive for boot, the next step is to generate off
*Figure 8. The Media folder of the SDA deployment share*
-5. On the **General Settings** page in the **Media path** field, enter or browse to a folder where you will create the files for the new offline media. See the example **E:\\SDAMedia** in Figure 9. Leave the default profile **Everything** selected in the **Selection profile** drop-down menu, and then click **Next**.
+ 5. On the **General Settings** page in the **Media path** field, enter or browse to a folder where you will create the files for the new offline media. See the example **E:\\SDAMedia** in Figure 9. Leave the default profile **Everything** selected in the **Selection profile** drop-down menu, and then click **Next**.
*Figure 9. Specify a location and selection profile for your offline media*
-6. On the **Summary** page verify your selections, and then click **Next** to begin creation of the media.
+ 6. On the **Summary** page verify your selections, and then click **Next** to begin creation of the media.
-7. A **Progress** page is displayed while the media is created.
+ 7. A **Progress** page is displayed while the media is created.
-8. On the **Confirmation** page, click **Finish** to complete creation of the media.
+ 8. On the **Confirmation** page, click **Finish** to complete creation of the media.
-9. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab as shown in Figure 10.
+ 9. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab as shown in Figure 10.
*Figure 10. Rules of the SDA deployment share*
-10. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+C** to copy the text.
+ 10. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+C** to copy the text.
-11. Click **OK** to close the **Microsoft Surface Deployment Accelerator** deployment share properties.
+ 11. Click **OK** to close the **Microsoft Surface Deployment Accelerator** deployment share properties.
-12. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab.
+ 12. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab.
-13. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+V** to paste the text you copied from the **Microsoft Surface Deployment Accelerator** deployment share rules.
+ 13. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+V** to paste the text you copied from the **Microsoft Surface Deployment Accelerator** deployment share rules.
-14. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
+ 14. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
-15. Press **Ctrl+A** to select all of the text in the window, and then press **Ctrl+C** to copy the text.
+ 15. Press **Ctrl+A** to select all of the text in the window, and then press **Ctrl+C** to copy the text.
-16. Close Bootstrap.ini and click **OK** in **Microsoft Surface Deployment Accelerator** deployment share properties to close the window.
+ 16. Close Bootstrap.ini and click **OK** in **Microsoft Surface Deployment Accelerator** deployment share properties to close the window.
-17. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
+ 17. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
-18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file.
+ 18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file.
-19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file:
- ```
- UserID=
- UserDomain=
- UserPassword=
- DeployRoot=\\SDASERVER\SDAWin10
- UserID=
- UserDomain=
- UserPassword=
- ```
+ 19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file:
+
+ ```PowerShell
+ UserID=
+ UserDomain=
+ UserPassword=
+ DeployRoot=\\SDASERVER\SDAWin10
+ UserID=
+ UserDomain=
+ UserPassword=
+ ```
*Figure 11. The Bootstrap.ini file of MEDIA001*
-20. Close Bootstrap.ini and click **OK** in **MEDIA001** deployment share properties to close the window.
+ 20. Close Bootstrap.ini and click **OK** in **MEDIA001** deployment share properties to close the window.
-21. In the **Deployment Workbench** under the **Media** folder, right-click the newly created **MEDIA001** and click **Update Media Content**, as shown in Figure 12. This will update the media files with the content of the **Microsoft Surface Deployment Accelerator** deployment share.
+ 21. In the **Deployment Workbench** under the **Media** folder, right-click the newly created **MEDIA001** and click **Update Media Content**, as shown in Figure 12. This will update the media files with the content of the **Microsoft Surface Deployment Accelerator** deployment share.
*Figure 12. Select the Update Media Content option*
-22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.**
+ 22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.**
-The final step is to copy the offline media files to your USB drive.
+ The final step is to copy the offline media files to your USB drive.
-1. In File Explorer, open the path you specified in Step 5, for example **E:\\SDAMedia**.
+ 1. In File Explorer, open the path you specified in Step 5, for example **E:\\SDAMedia**.
-2. Copy all of the files from the Content folder to the root of the USB drive.
+ 2. Copy all of the files from the Content folder to the root of the USB drive.
-Your USB drive is now configured as bootable offline media that contains all of the resources required to perform a deployment to a Surface device.
+ Your USB drive is now configured as bootable offline media that contains all of the resources required to perform a deployment to a Surface device.
## SDA task sequences
-
The SDA deployment share is configured with all of the resources required to perform a Windows deployment to a Surface device. These resources include Windows source files, image, Surface drivers, and Surface apps. The deployment share also contains two pre-configured task sequences, as shown in Figure 13. These task sequences contain the steps required to perform a deployment to a Surface device using the default Windows image from the installation media or to create a reference image complete with Windows updates and applications. To learn more about task sequences, see [MDT 2013 Update 2 Lite Touch components](https://technet.microsoft.com/itpro/windows/deploy/mdt-2013-lite-touch-components).
@@ -335,7 +327,6 @@ Like the **1 – Deploy Microsoft Surface** task sequence, the **2 – Create Wi
>[!NOTE]
>Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
-
In addition to the information required by the **1 – Deploy Microsoft Surface** task sequence, you will also be prompted to capture an image when you run this task sequence on your reference virtual machine. The **Location** and **File name** fields are automatically populated with the proper information for your deployment share. All that you need to do is select the **Capture an image of this reference computer** option when you are prompted on the **Capture Image** page of the Windows Deployment Wizard.
## Deployment to Surface devices
@@ -414,12 +405,3 @@ To run the Deploy Microsoft Surface task sequence:
*Figure 17. The Installation Progress window*
8. When the deployment task sequence completes, a **Success** window is displayed. Click **Finish** to complete the deployment and begin using your Surface device.
-
-
-
-
-
-
-
-
-
diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md
index ad0823f286..cd0812b2d9 100644
--- a/devices/surface/surface-diagnostic-toolkit-business.md
+++ b/devices/surface/surface-diagnostic-toolkit-business.md
@@ -1,5 +1,5 @@
---
-title: Surface Diagnostic Toolkit for Business
+title: Deploy Surface Diagnostic Toolkit for Business
description: This topic explains how to use the Surface Diagnostic Toolkit for Business.
ms.prod: w10
ms.mktglfcycl: manage
@@ -12,7 +12,7 @@ ms.reviewer:
manager: dansimp
---
-# Surface Diagnostic Toolkit for Business
+# Deploy Surface Diagnostic Toolkit for Business
The Microsoft Surface Diagnostic Toolkit for Business (SDT) enables IT administrators to quickly investigate, troubleshoot, and resolve hardware, software, and firmware issues with Surface devices. You can run a range of diagnostic tests and software repairs in addition to obtaining device health insights and guidance for resolving issues.
@@ -33,7 +33,7 @@ To run SDT for Business, download the components listed in the following table.
Mode | Primary scenarios | Download | Learn more
--- | --- | --- | ---
Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues. Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package: Microsoft Surface Diagnostic Toolkit for Business Installer [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
-Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands: `-DataCollector` collects all log files `-bpa` runs health diagnostics using Best Practice Analyzer. `-windowsupdate` checks Windows update for missing firmware or driver updates. `-warranty` checks warranty information.
| SDT console app: Microsoft Surface Diagnostics App Console [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
+Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands: `-DataCollector` collects all log files `-bpa` runs health diagnostics using Best Practice Analyzer. `-windowsupdate` checks Windows Update for missing firmware or driver updates. `-warranty` checks warranty information.
| SDT console app: Microsoft Surface Diagnostics App Console [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
## Supported devices
@@ -59,9 +59,9 @@ SDT for Business is supported on Surface 3 and later devices, including:
To create an SDT package that you can distribute to users in your organization:
-1. Sign in to your Surface device using the Administrator account.
-2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
-3. The SDT setup wizard appears, as shown in figure 1. Click **Next**.
+1. Sign in to your Surface device using the Administrator account.
+2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
+3. The SDT setup wizard appears, as shown in figure 1. Click **Next**.
>[!NOTE]
>If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer.
@@ -72,15 +72,15 @@ To create an SDT package that you can distribute to users in your organization:
4. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA)
-5. On the Install Options screen, change the default install location if desired.
-6. Under Setup Type, select **Advanced**.
+5. On the Install Options screen, change the default install location if desired.
+6. Under Setup Type, select **Advanced**.
>[!NOTE]
>The standard option allows users to run the diagnostic tool directly on their Surface device provided they are signed into their device using an Administrator account.
-7. Click **Next** and then click **Install**.
+7. Click **Next** and then click **Install**.
## Installing using the command line
If desired, you can install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
@@ -90,7 +90,7 @@ If desired, you can install SDT at a command prompt and set a custom flag to ins
### To install SDT from the command line:
-1. Open a command prompt and enter:
+1. Open a command prompt and enter:
```
msiexec.exe /i ADMINMODE=1.
@@ -116,28 +116,29 @@ In addition to the .exe file, SDT installs a JSON file and an admin.dll file (mo
Creating a custom package allows you to target the tool to specific known issues.
-1. Click **Start > Run**, enter **Surface** and then click **Surface Diagnostic Toolkit for Business**.
-2. When the tool opens, click **Create Custom Package**, as shown in figure 3.
+1. Click **Start > Run**, enter **Surface** and then click **Surface Diagnostic Toolkit for Business**.
+2. When the tool opens, click **Create Custom Package**, as shown in figure 3.
*Figure 3. Create custom package*
-### Language and telemetry page
+### Language and telemetry settings
-
-When you start creating the custom package, you’re asked whether you agree to send data to Microsoft to help improve the application. For more information,see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). Sharing is on by default, so uncheck the box if you wish to decline.
+ When creating a package, you can select language settings or opt out of sending telemetry information to Microsoft. By default, SDT sends telemetry to Microsoft that is used to improve the application in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). If you wish to decline, clear the check box when creating a custom package, as shown below. Or clear the **Send telemetry to Microsoft** check box on the **Install Options** page during SDT Setup.
>[!NOTE]
->This setting is limited to only sharing data generated while running packages.
+>This setting does not affect the minimal telemetry automatically stored on Microsoft servers when running tests and repairs that require an Internet connection, such as Windows Update and Software repair, or providing feedback using the Smile or Frown buttons in the app toolbar.
+
*Figure 4. Select language and telemetry settings*
+
### Windows Update page
-Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows update packages or WSUS, enter the path as appropriate.
+Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows Update packages or WSUS, enter the path as appropriate.
@@ -166,6 +167,13 @@ You can select to run a wide range of logs across applications, drivers, hardwar
## Changes and updates
+### Version 2.41.139.0
+*Release date: June 24, 2019*
+This version of Surface Diagnostic Toolkit for Business adds support for the following:
+- Driver version information included in logs and report.
+- Ability to provide feedback about the app.
+
+
### Version 2.36.139.0
*Release date: April 26, 2019*
This version of Surface Diagnostic Toolkit for Business adds support for the following:
@@ -173,11 +181,3 @@ This version of Surface Diagnostic Toolkit for Business adds support for the fol
- Accessibility improvements.
- Surface brightness control settings included in logs.
- External monitor compatibility support link in report generator.
-
-
-
-
-
-
-
-
diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
index abce43dabc..9022fb4770 100644
--- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
+++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
@@ -16,9 +16,9 @@ manager: dansimp
This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error.
-1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests.
+1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests.
-2. Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1.
+2. Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1.
@@ -63,9 +63,9 @@ For each test, if functionality does not work as expected and the user clicks **
*Figure 4. Running hardware diagnostics*
-1. If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**.
-2. If the brightness fails to adjust from 0-100 percent as expected, direct the user to click **No** and then click **Continue**.
-3. Guide users through remaining tests as appropriate. When finished, SDT automatically provides a high-level summary of the report, including the possible causes of any hardware issues along with guidance for resolution.
+1. If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**.
+2. If the brightness fails to adjust from 0-100 percent as expected, direct the user to click **No** and then click **Continue**.
+3. Guide users through remaining tests as appropriate. When finished, SDT automatically provides a high-level summary of the report, including the possible causes of any hardware issues along with guidance for resolution.
### Repairing applications
diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
new file mode 100644
index 0000000000..83613f4a36
--- /dev/null
+++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
@@ -0,0 +1,42 @@
+---
+title: Fix common Surface problems using the Surface Diagnostic Toolkit for Business
+description: This page provides an introduction to the Surface Diagnostic Toolkit for Business for use in commercial environments.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.date: 06/11/2019
+ms.reviewer: cottmca
+manager: dansimp
+---
+
+# Fix common Surface problems using the Surface Diagnostic Toolkit for Business
+
+If your Surface isn’t working properly, the Microsoft Surface Diagnostic Toolkit for Business can help you or your administrator find and solve problems.
+
+> [!NOTE]
+> Surface Diagnostic Toolkit for Business is built for commercial devices. If your device is a personal device and not managed by your work or school run the [Surface Diagnostic Toolkit](https://support.microsoft.com/en-us/help/4037239/surface-fix-common-surface-problems-using-surface-diagnostic-toolkit) instead.
+
+## Run the Surface Diagnostic Toolkit for Business
+
+Before you run the diagnostic tool, make sure you have the latest Windows updates. Go to [Install Surface and Windows 10 updates](https://support.microsoft.com/en-us/help/4023505/surface-install-surface-and-windows-updates) for more information. If that doesn't solve the problem, you'll need to run the diagnostic tool.
+
+> [!NOTE]
+> The Surface Diagnostic Toolkit for Business only works on Surface devices running Windows 10. It does not work on Surface Pro, Surface Pro 2, or Surface devices configured in S mode.
+
+**To run the Surface Diagnostic Toolkit for Business:**
+
+1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/SDT4B).
+2. Select Run and follow the on-screen instructions.
+
+The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required. For more detailed information on Surface Diagnostic Toolkit for Business, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).
+
+# If you still need help
+
+If the Surface Diagnostic Toolkit for Business didn’t fix the problem, you can also:
+
+- Make an in-store appointment: We might be able to fix the problem or provide a replacement Surface at your local Microsoft Store. [Locate a Microsoft Store near you](https://www.microsoft.com/en-us/store/locations/find-a-store?WT.mc_id=MSC_Solutions_en_us_scheduleappt).
+- Contact customer support: If you want to talk to someone about how to fix your problem, [contact us](https://support.microsoft.com/en-us/help/4037645/contact-surface-warranty-and-software-support-for-business).
+- Get your Surface serviced: If your Surface product needs service, [request it online](https://mybusinessservice.surface.com/).
diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md
index 5dfb51b75b..df65b6c73d 100644
--- a/devices/surface/surface-enterprise-management-mode.md
+++ b/devices/surface/surface-enterprise-management-mode.md
@@ -29,7 +29,7 @@ There are two administrative options you can use to manage SEMM and enrolled Sur
The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
-
+
*Figure 1. Microsoft Surface UEFI Configurator*
@@ -51,7 +51,7 @@ You can download Microsoft Surface UEFI Configurator from the [Surface Tools for
Surface UEFI configuration packages are the primary mechanism to implement and manage SEMM on Surface devices. These packages contain a configuration file of UEFI settings specified during creation of the package in Microsoft Surface UEFI Configurator and a certificate file, as shown in Figure 2. When a configuration package is run for the first time on a Surface device that is not already enrolled in SEMM, it provisions the certificate file in the device’s firmware and enrolls the device in SEMM. When enrolling a device in SEMM, you will be prompted to confirm the operation by providing the last two digits of the SEMM certificate thumbprint before the certificate file is stored and the enrollment can complete. This confirmation requires that a user be present at the device at the time of enrollment to perform the confirmation.
-
+
*Figure 2. Secure a SEMM configuration package with a certificate*
@@ -64,11 +64,11 @@ After a device is enrolled in SEMM, the configuration file is read and the setti
You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
-
+
*Figure 3. Enable or disable devices in Surface UEFI with SEMM*
-
+
*Figure 4. Configure advanced settings with SEMM*
@@ -102,13 +102,13 @@ You can configure the following advanced settings with SEMM:
>[!NOTE]
>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
-
+
*Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
-
+
*Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
@@ -134,7 +134,7 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a
In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
-
+
*Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
@@ -226,8 +226,16 @@ create a reset package using PowerShell to reset SEMM.
## Version History
+
+
+### Version 2.43.136.0
+* Support to enable/disable simulatenous multithreating
+* Separate options for WiFi and Bluetooth for some devices
+* Battery Limit removed for Surface Studio
+
### Version 2.26.136.0
* Add support to Surface Studio 2
+* Battery Limit feature
### Version 2.21.136.0
* Add support to Surface Pro 6
diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md
index b193b9e336..6b6e75f7d4 100644
--- a/devices/surface/surface-system-sku-reference.md
+++ b/devices/surface/surface-system-sku-reference.md
@@ -16,9 +16,9 @@ manager: dansimp
# System SKU reference
-This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell or WMI.
+This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device by using PowerShell or WMI.
-System Model and System SKU are variables stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.
+System Model and System SKU are variables that are stored in the System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices that have the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.
| Device | System Model | System SKU |
| ---------- | ----------- | -------------- |
@@ -26,11 +26,13 @@ System Model and System SKU are variables stored in System Management BIOS (SMBI
| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 |
| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 |
| Surface 3 LTE North America | Surface 3 | Surface_3_NAG |
-| Surface 3 LTE Outside of North America and T-Mobile In Japan | Surface 3 | Surface_3_ROW |
+| Surface 3 LTE Outside of North America and Y!mobile In Japan | Surface 3 | Surface_3_ROW |
| Surface Pro | Surface Pro | Surface_Pro_1796 |
| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 |
| Surface Book 2 13inch | Surface Book 2 | Surface_Book_1832 |
| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 |
+| Surface Go LTE Consumer | Surface Go | Surface_Go_1825_Consumer |
+| Surface Go LTE Commercial | System Go | Surface_Go_1825_Commercial |
| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer |
| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
@@ -40,22 +42,23 @@ System Model and System SKU are variables stored in System Management BIOS (SMBI
## Examples
-**PowerShell**
- Use the following PowerShell command to pull System SKU:
+**Retrieving the SKU by using PowerShell**
+Use the following PowerShell command to pull the System SKU information:
- ```
+ ``` powershell
gwmi -namespace root\wmi -class MS_SystemInformation | select SystemSKU
```
-**System Information**
-You can also find the System SKU and System Model for a device in System Information.
+**Retrieving the SKU by using System Information**
+You can also find the System SKU and System Model for a device in **System Information**. To do this, follow these steps:
-- Go to **Start** > **MSInfo32**.
-
-One example of how you could use this in Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager is as part of a Task Sequence WMI Condition. For example:
-
-**Task Sequence WMI Condition**
+1. Select **Start**, and then type **MSInfo32** in the search box.
+1. Select **System Information**.
+**Using the SKU in a task sequence WMI condition**
+You can use the System SKU information in the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager as part of a task sequence WMI condition.
+ ``` powershell
- WMI Namespace – Root\WMI
- WQL Query – SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796"
+ ```
diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md
index 6531857a06..edcfcdf120 100644
--- a/devices/surface/unenroll-surface-devices-from-semm.md
+++ b/devices/surface/unenroll-surface-devices-from-semm.md
@@ -118,9 +118,9 @@ To initiate a Recovery Request, follow these steps:
*Figure 10. Click Recovery Request to begin the process to approve a Recovery Request*
-11. Click **Certificate Protection** to authenticate the Recovery Request with the SEMM certificate.
-12. Browse to and select your SEMM certificate file, and then click **OK**.
-13. When you are prompted to enter the certificate password as shown in Figure 11, type and confirm the password for the certificate file, and then click **OK**.
+11. Click **Certificate Protection** to authenticate the Recovery Request with the SEMM certificate.
+12. Browse to and select your SEMM certificate file, and then click **OK**.
+13. When you are prompted to enter the certificate password as shown in Figure 11, type and confirm the password for the certificate file, and then click **OK**.
@@ -137,7 +137,7 @@ To initiate a Recovery Request, follow these steps:
* If you displayed the Recovery Request (Reset Request) as a QR Code and then used a messaging or email application to send the code to the computer with Microsoft Surface UEFI Configurator, copy and paste the code into the provided field.
* If you saved the Recovery Request (Reset Request) as a file to a USB drive, click the **Import** button, browse to and select the Recovery Request (Reset Request) file, and then click **OK**.
-16. The reset verification code is displayed in Microsoft Surface UEFI Configurator, as shown in Figure 13.
+16. The reset verification code is displayed in Microsoft Surface UEFI Configurator, as shown in Figure 13.
@@ -145,13 +145,13 @@ To initiate a Recovery Request, follow these steps:
* Click the **Share** button to send the reset verification code by email.
-17. Enter the reset verification code in the provided field on the Surface device (shown in Figure 8), and then click or press **Verify** to reset the device and unenroll the device from SEMM.
-18. Click or press **Restart now** on the **SEMM reset successful** page to complete the unenrollment from SEMM, as shown in Figure 14.
+17. Enter the reset verification code in the provided field on the Surface device (shown in Figure 8), and then click or press **Verify** to reset the device and unenroll the device from SEMM.
+18. Click or press **Restart now** on the **SEMM reset successful** page to complete the unenrollment from SEMM, as shown in Figure 14.
*Figure 14. Successful unenrollment from SEMM*
-19. Click **End** in Microsoft Surface UEFI Configurator to complete the Recovery Request (Reset Request) process and close Microsoft Surface UEFI Configurator.
+19. Click **End** in Microsoft Surface UEFI Configurator to complete the Recovery Request (Reset Request) process and close Microsoft Surface UEFI Configurator.
diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
index af796bd2c4..dff968bbf3 100644
--- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
+++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
@@ -103,39 +103,45 @@ The sample scripts include examples of how to set Surface UEFI settings and how
### Specify certificate and package names
-The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates the names for the SEMM configuration package and SEMM reset package. The certificate and package names are specified on lines 56 through 67 in the ConfigureSEMM.ps1 script:
+The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates SurfaceUEFIManager version, the names for the SEMM configuration package and SEMM reset package. The certificate name and SurfaceUEFIManager version are specified on lines 56 through 73 in the ConfigureSEMM.ps1 script:
```
56 $WorkingDirPath = split-path -parent $MyInvocation.MyCommand.Definition
57 $packageRoot = "$WorkingDirPath\Config"
- 58
- 59 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot }
- 60 Copy-Item "$WorkingDirPath\FabrikamOwnerSigner.pfx" $packageRoot
- 61
- 62 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath "FabrikamOwnerSigner.pfx"
- 63 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamSignerProvisioningPackage.pkg"
- 64 $resetPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamUniversalResetPackage.pkg"
- 65
- 66 # If your PFX file requires a password then it can be set here, otherwise use a blank string.
- 67 $password = "1234"
+ 58 $certName = "FabrikamSEMMSample.pfx"
+ 59 $DllVersion = "2.26.136.0"
+ 60
+ 61 $certNameOnly = [System.IO.Path]::GetFileNameWithoutExtension($certName)
+ 62 $ProvisioningPackage = $certNameOnly + "ProvisioningPackage.pkg"
+ 63 $ResetPackage = $certNameOnly + "ResetPackage.pkg"
+ 64
+ 65 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot }
+ 66 Copy-Item "$WorkingDirPath\$certName" $packageRoot
+ 67
+ 68 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath $certName
+ 69 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath $ProvisioningPackage
+ 70 $resetPackageName = Join-Path -Path $packageRoot -ChildPath $ResetPackage
+ 71
+ 72 # If your PFX file requires a password then it can be set here, otherwise use a blank string.
+ 73 $password = "1234"
```
-Replace the **FabrikamOwnerSigner.pfx** value for the **$privateOwnerKey** variable with the name of your SEMM Certificate file on both lines 60 and 62. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory.
+Replace the **FabrikamSEMMSample.pfx** value for the **$certName** variable with the name of your SEMM Certificate file on line 58. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory.
-Replace the **FabrikamSignerProvisioningPackage.pkg** and **FabrikamUniversalResetPackage.pkg** values on lines 63 and 64 to define the **$ownerPackageName** and **$resetPackageName** variables with your desired names for the SEMM configuration and reset packages. These packages will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
+Owner package and reset package will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
-On line 67, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text.
+On line 73, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text.
>[!Note]
->The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 144-149, to accomplish this:
+>The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 150-155, to accomplish this:
```
-144 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
-145 # For convenience we get the thumbprint here and present to the user.
-146 $pw = ConvertTo-SecureString $password -AsPlainText -Force
-147 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
-148 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
-149 Write-Host "Thumbprint =" $certPrint.Thumbprint
+150 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
+151 # For convenience we get the thumbprint here and present to the user.
+152 $pw = ConvertTo-SecureString $password -AsPlainText -Force
+153 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
+154 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
+155 Write-Host "Thumbprint =" $certPrint.Thumbprint
```
Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
@@ -153,46 +159,47 @@ Administrators with access to the certificate file (.pfx) can read the thumbprin
### Configure permissions
-The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 202 in the sample script with the comment **# Configure Permissions** and continues to line 238. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras:
+The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 210 in the sample script with the comment **# Configure Permissions** and continues to line 247. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras:
```
-202 # Configure Permissions
-203 foreach ($uefiV2 IN $surfaceDevices.Values) {
-204 # Here we define which "identities" will be allowed to modify which settings
-205 # PermissionSignerOwner = The primary SEMM enterprise owner identity
-206 # PermissionLocal = The user when booting to the UEFI pre-boot GUI
-207 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 =
-208 # Additional user identities created so that the signer owner
-209 # can delegate permission control for some settings.
-210 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner
-211 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal)
-212
-213 # Make all permissions owner only by default
-214 foreach ($setting IN $uefiV2.Settings.Values) {
-215 $setting.ConfiguredPermissionFlags = $ownerOnly
-216 }
-217 # Allow the local user to change their own password
-218 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser
-219
-220 # Allow the local user to change the state of the TPM
-221 $uefiV2.Settings["Trusted Platform Module (TPM)"].ConfiguredPermissionFlags = $ownerAndLocalUser
-222
-223 # Allow the local user to change the state of the Front and Rear cameras
-224 $uefiV2.SettingsById[302].ConfiguredPermissionFlags = $ownerAndLocalUser
-225 $uefiV2.SettingsById[304].ConfiguredPermissionFlags = $ownerAndLocalUser
-226
-227
-228 # Create a unique package name based on family and LSV.
-229 # We will choose a name that can be parsed by later scripts.
-230 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg"
-231 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
-232
-233 # Build and sign the Permission package then save it to a file.
-234 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv)
-235 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
-236 $permissionPackageStream.CopyTo($permissionPackage)
-237 $permissionPackage.Close()
-238 }
+210 # Configure Permissions
+211 foreach ($uefiV2 IN $surfaceDevices.Values) {
+212 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) {
+213 Write-Host "Configuring permissions"
+214 Write-Host $Device.Model
+215 Write-Host "======================="
+216
+217 # Here we define which "identities" will be allowed to modify which settings
+218 # PermissionSignerOwner = The primary SEMM enterprise owner identity
+219 # PermissionLocal = The user when booting to the UEFI pre-boot GUI
+220 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 =
+221 # Additional user identities created so that the signer owner
+222 # can delegate permission control for some settings.
+223 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner
+224 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal)
+225
+226 # Make all permissions owner only by default
+227 foreach ($setting IN $uefiV2.Settings.Values) {
+228 $setting.ConfiguredPermissionFlags = $ownerOnly
+229 }
+230
+231 # Allow the local user to change their own password
+232 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser
+233
+234 Write-Host ""
+235
+236 # Create a unique package name based on family and LSV.
+237 # We will choose a name that can be parsed by later scripts.
+238 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg"
+239 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
+240
+241 # Build and sign the Permission package then save it to a file.
+242 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv)
+243 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
+244 $permissionPackageStream.CopyTo($permissionPackage)
+245 $permissionPackage.Close()
+246 }
+247 }
```
Each **$uefiV2** variable identifies a Surface UEFI setting by setting name or ID, and then configures the permissions to one of the following values:
@@ -204,69 +211,169 @@ You can find information about the available settings names and IDs for Surface
### Configure settings
-The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 282 through line 312 in the sample script. The region appears as follows:
+The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 291 through line 335 in the sample script. The region appears as follows:
```
-282 # Configure Settings
-283 foreach ($uefiV2 IN $surfaceDevices.Values) {
-284 # In this demo, we will start by setting every setting to the default factory setting.
-285 # You may want to start by doing this in your scripts
-286 # so that every setting gets set to a known state.
-287 foreach ($setting IN $uefiV2.Settings.Values) {
-288 $setting.ConfiguredValue = $setting.DefaultValue
-289 }
-290
-291 # If you want to set something to a different value from the default,
-292 # here are examples of how to accomplish this.
-293 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = "Disabled"
-294
-295 # If you want to leave the setting unmodified, set it to $null
-296 # PowerShell has issues setting things to $null so ClearConfiguredValue()
-297 # is supplied to do this explicitly.
-298 # Here is an example of leaving the UEFI administrator password as-is,
-299 # even after we initially set it to factory default above.
-300 $uefiV2.SettingsById[501].ClearConfiguredValue()
-301
-302 # Create a unique package name based on family and LSV.
-303 # We will choose a name that can be parsed by later scripts.
-304 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg"
-305 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
-306
-307 # Build and sign the Settings package then save it to a file.
-308 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv)
-309 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
-310 $settingsPackageStream.CopyTo($settingsPackage)
-311 $settingsPackage.Close()
-312 }
+291 # Configure Settings
+292 foreach ($uefiV2 IN $surfaceDevices.Values) {
+293 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) {
+294 Write-Host "Configuring settings"
+295 Write-Host $Device.Model
+296 Write-Host "===================="
+297
+298 # In this demo, we will start by setting every setting to the default factory setting.
+299 # You may want to start by doing this in your scripts
+300 # so that every setting gets set to a known state.
+301 foreach ($setting IN $uefiV2.Settings.Values) {
+302 $setting.ConfiguredValue = $setting.DefaultValue
+303 }
+304
+305 $EnabledValue = "Enabled"
+306 $DisabledValue = "Disabled"
+307
+308 # If you want to set something to a different value from the default,
+309 # here are examples of how to accomplish this.
+310 # This disables IPv6 PXE boot by name:
+311 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = $DisabledValue
+312
+313 # This disables IPv6 PXE Boot by ID:
+314 $uefiV2.SettingsById[400].ConfiguredValue = $DisabledValue
+315
+316 Write-Host ""
+317
+318 # If you want to leave the setting unmodified, set it to $null
+319 # PowerShell has issues setting things to $null so ClearConfiguredValue()
+320 # is supplied to do this explicitly.
+321 # Here is an example of leaving the UEFI administrator password as-is,
+322 # even after we initially set it to factory default above.
+323 $uefiV2.SettingsById[501].ClearConfiguredValue()
+324
+325 # Create a unique package name based on family and LSV.
+326 # We will choose a name that can be parsed by later scripts.
+327 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg"
+328 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
+329
+330 # Build and sign the Settings package then save it to a file.
+331 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv)
+332 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
+333 $settingsPackageStream.CopyTo($settingsPackage)
+334 $settingsPackage.Close()
+335 }
```
Like the permissions set in the **Configure Permissions** section of the script, the configuration of each Surface UEFI setting is performed by defining the **$uefiV2** variable. For each line defining the **$uefiV2** variable, a Surface UEFI setting is identified by setting name or ID and the configured value is set to **Enabled** or **Disabled**.
-If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 300 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**.
+If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 323 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**.
You can find information about the available settings names and IDs for Surface UEFI in the [Settings Names and IDs](#settings-names-and-ids) section later in this article.
### Settings registry key
-To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes a registry key that can be used to identify enrolled systems as having been installed with the SEMM configuration script. This key can be found at the following location:
+To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes registry keys that can be used to identify enrolled systems as having been installed with the SEMM configuration script. These keys can be found at the following location:
-`HKLM\SOFTWARE\Microsoft\Surface\SEMM\Enabled_Version1000`
+`HKLM\SOFTWARE\Microsoft\Surface\SEMM`
-The following code fragment, found on lines 352-363, is used to write this registry key:
+The following code fragment, found on lines 380-477, is used to write these registry keys:
```
-352 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM"
-353 New-RegKey $SurfaceRegKey
-354 $SurfaceRegValue = Get-ItemProperty $SurfaceRegKey Enabled_Version1000 -ErrorAction SilentlyContinue
-355
-356 If ($SurfaceRegValue -eq $null)
-357 {
-358 New-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -PropertyType String -Value 1 | Out-Null
-359 }
-360 Else
-361 {
-362 Set-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -Value 1
-363 }
+380 # For SCCM or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry:
+381 $UTCDate = (Get-Date).ToUniversalTime().ToString()
+382 $certIssuer = $certPrint.Issuer
+383 $certSubject = $certPrint.Subject
+384
+385 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM"
+386 New-RegKey $SurfaceRegKey
+387 $LSVRegValue = Get-ItemProperty $SurfaceRegKey LSV -ErrorAction SilentlyContinue
+388 $DateTimeRegValue = Get-ItemProperty $SurfaceRegKey LastConfiguredUTC -ErrorAction SilentlyContinue
+389 $OwnershipSessionIdRegValue = Get-ItemProperty $SurfaceRegKey OwnershipSessionId -ErrorAction SilentlyContinue
+390 $PermissionSessionIdRegValue = Get-ItemProperty $SurfaceRegKey PermissionSessionId -ErrorAction SilentlyContinue
+391 $SettingsSessionIdRegValue = Get-ItemProperty $SurfaceRegKey SettingsSessionId -ErrorAction SilentlyContinue
+392 $IsResetRegValue = Get-ItemProperty $SurfaceRegKey IsReset -ErrorAction SilentlyContinue
+393 $certUsedRegValue = Get-ItemProperty $SurfaceRegKey CertName -ErrorAction SilentlyContinue
+394 $certIssuerRegValue = Get-ItemProperty $SurfaceRegKey CertIssuer -ErrorAction SilentlyContinue
+395 $certSubjectRegValue = Get-ItemProperty $SurfaceRegKey CertSubject -ErrorAction SilentlyContinue
+396
+397
+398 If ($LSVRegValue -eq $null)
+399 {
+400 New-ItemProperty -Path $SurfaceRegKey -Name LSV -PropertyType DWORD -Value $lsv | Out-Null
+401 }
+402 Else
+403 {
+404 Set-ItemProperty -Path $SurfaceRegKey -Name LSV -Value $lsv
+405 }
+406
+407 If ($DateTimeRegValue -eq $null)
+408 {
+409 New-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -PropertyType String -Value $UTCDate | Out-Null
+410 }
+411 Else
+412 {
+413 Set-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -Value $UTCDate
+414 }
+415
+416 If ($OwnershipSessionIdRegValue -eq $null)
+417 {
+418 New-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -PropertyType String -Value $ownerSessionIdValue | Out-Null
+419 }
+420 Else
+421 {
+422 Set-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -Value $ownerSessionIdValue
+423 }
+424
+425 If ($PermissionSessionIdRegValue -eq $null)
+426 {
+427 New-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -PropertyType String -Value $permissionSessionIdValue | Out-Null
+428 }
+429 Else
+430 {
+431 Set-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -Value $permissionSessionIdValue
+432 }
+433
+434 If ($SettingsSessionIdRegValue -eq $null)
+435 {
+436 New-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -PropertyType String -Value $settingsSessionIdValue | Out-Null
+437 }
+438 Else
+439 {
+440 Set-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -Value $settingsSessionIdValue
+441 }
+442
+443 If ($IsResetRegValue -eq $null)
+444 {
+445 New-ItemProperty -Path $SurfaceRegKey -Name IsReset -PropertyType DWORD -Value 0 | Out-Null
+446 }
+447 Else
+448 {
+449 Set-ItemProperty -Path $SurfaceRegKey -Name IsReset -Value 0
+450 }
+451
+452 If ($certUsedRegValue -eq $null)
+453 {
+454 New-ItemProperty -Path $SurfaceRegKey -Name CertName -PropertyType String -Value $certName | Out-Null
+455 }
+456 Else
+457 {
+458 Set-ItemProperty -Path $SurfaceRegKey -Name CertName -Value $certName
+459 }
+460
+461 If ($certIssuerRegValue -eq $null)
+462 {
+463 New-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -PropertyType String -Value $certIssuer | Out-Null
+464 }
+465 Else
+466 {
+467 Set-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -Value $certIssuer
+468 }
+469
+470 If ($certSubjectRegValue -eq $null)
+471 {
+472 New-ItemProperty -Path $SurfaceRegKey -Name CertSubject -PropertyType String -Value $certSubject | Out-Null
+473 }
+474 Else
+475 {
+476 Set-ItemProperty -Path $SurfaceRegKey -Name CertSubject -Value $certSubject
+477 }
```
### Settings names and IDs
diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md
index de79c73b49..52e96859b3 100644
--- a/devices/surface/using-the-sda-deployment-share.md
+++ b/devices/surface/using-the-sda-deployment-share.md
@@ -141,23 +141,23 @@ In the previous example for including drivers for a POS system, you would also n
9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
-10. Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
+10. Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
-11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
+11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
*Figure 3. A new Install Application step for Sample POS App*
-12. On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.
+12. On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.
-13. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
+13. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
-14. Select your app from the list of applications, and then click **OK**.
+14. Select your app from the list of applications, and then click **OK**.
-15. Click **OK** to close the task sequence properties.
+15. Click **OK** to close the task sequence properties.
-16. Close the Deployment Workbench.
+16. Close the Deployment Workbench.
## Work with existing deployment shares
diff --git a/education/docfx.json b/education/docfx.json
index 5e87a91352..c336a4de5b 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -14,7 +14,9 @@
"resource": [
{
"files": [
- "**/images/**"
+ "**/*.png",
+ "**/*.jpg",
+ "**/*.svg"
],
"exclude": [
"**/obj/**"
@@ -22,9 +24,7 @@
}
],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"ROBOTS": "INDEX, FOLLOW",
- "ms.author": "celested",
"audience": "windows-education",
"ms.topic": "article",
"breadcrumb_path": "/education/breadcrumb/toc.json",
diff --git a/education/get-started/change-history-ms-edu-get-started.md b/education/get-started/change-history-ms-edu-get-started.md
index c53e6d17a6..5273dbe9ce 100644
--- a/education/get-started/change-history-ms-edu-get-started.md
+++ b/education/get-started/change-history-ms-edu-get-started.md
@@ -1,44 +1,44 @@
----
-title: Change history for Microsoft Education Get Started
-description: New and changed topics in the Microsoft Education get started guide.
-keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-author: levinec
-ms.author: ellevin
-ms.date: 07/07/2017
-ms.reviewer:
-manager: dansimp
----
-
-# Change history for Microsoft Education Get Started
-
-This topic lists the changes in the Microsoft Education IT admin get started.
-
-## July 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Broke up the get started guide to highlight each phase in the Microsoft Education deployment and management process. |
-| [Set up an Office 365 Education tenant](set-up-office365-edu-tenant.md) | New. Shows the video and step-by-step guide on how to set up an Office 365 for Education tenant. |
-| [Use School Data Sync to import student data](use-school-data-sync.md) | New. Shows the video and step-by-step guide on School Data Sync and sample CSV files to import student data in a trial environment. |
-| [Enable Microsoft Teams for your school](enable-microsoft-teams.md) | New. Shows how IT admins can enable and deploy Microsoft Teams in schools. |
-| [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) | New. Shows the video and step-by-step guide on how to accept the services agreement and ensure your Microsoft Store account is associated with Intune for Education. |
-| [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) | New. Shows the video and step-by-step guide on how to set up Intune for Education, buy apps from the Microsoft Store for Education, and install the apps for all users in your tenant. |
-| [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) | New. Shows options available to you when you need to set up new Windows 10 devices and enroll them to your education tenant. Each option contains a video and step-by-step guide. |
-| [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) | New. Shows the video and step-by-step guide on how to finish preparing your Windows 10 devices for use in the classroom. |
-
-
-## June 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Includes the following updates: - New configuration guidance for IT administrators to deploy Microsoft Teams. - Updated steps for School Data Sync to show the latest workflow and user experience. - Updated steps for Option 2: Try out Microsoft Education in a trial environment. You no longer need the SDS promo code to try SDS in a trial environment. |
-
-## May 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | New. Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. |
+---
+title: Change history for Microsoft Education Get Started
+description: New and changed topics in the Microsoft Education get started guide.
+keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: edu
+author: levinec
+ms.author: ellevin
+ms.date: 07/07/2017
+ms.reviewer:
+manager: dansimp
+---
+
+# Change history for Microsoft Education Get Started
+
+This topic lists the changes in the Microsoft Education IT admin get started.
+
+## July 2017
+
+| New or changed topic | Description |
+| --- | ---- |
+| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Broke up the get started guide to highlight each phase in the Microsoft Education deployment and management process. |
+| [Set up an Office 365 Education tenant](set-up-office365-edu-tenant.md) | New. Shows the video and step-by-step guide on how to set up an Office 365 for Education tenant. |
+| [Use School Data Sync to import student data](use-school-data-sync.md) | New. Shows the video and step-by-step guide on School Data Sync and sample CSV files to import student data in a trial environment. |
+| [Enable Microsoft Teams for your school](enable-microsoft-teams.md) | New. Shows how IT admins can enable and deploy Microsoft Teams in schools. |
+| [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) | New. Shows the video and step-by-step guide on how to accept the services agreement and ensure your Microsoft Store account is associated with Intune for Education. |
+| [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) | New. Shows the video and step-by-step guide on how to set up Intune for Education, buy apps from the Microsoft Store for Education, and install the apps for all users in your tenant. |
+| [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) | New. Shows options available to you when you need to set up new Windows 10 devices and enroll them to your education tenant. Each option contains a video and step-by-step guide. |
+| [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) | New. Shows the video and step-by-step guide on how to finish preparing your Windows 10 devices for use in the classroom. |
+
+
+## June 2017
+
+| New or changed topic | Description |
+| --- | ---- |
+| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Includes the following updates: - New configuration guidance for IT administrators to deploy Microsoft Teams. - Updated steps for School Data Sync to show the latest workflow and user experience. - Updated steps for Option 2: Try out Microsoft Education in a trial environment. You no longer need the SDS promo code to try SDS in a trial environment. |
+
+## May 2017
+
+| New or changed topic | Description |
+| --- | ---- |
+| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | New. Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. |
diff --git a/education/get-started/enable-microsoft-teams.md b/education/get-started/enable-microsoft-teams.md
index 350f3be922..170c94d505 100644
--- a/education/get-started/enable-microsoft-teams.md
+++ b/education/get-started/enable-microsoft-teams.md
@@ -19,12 +19,12 @@ manager: dansimp
Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education.
-To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school.
+To get started, IT administrators need to use the Microsoft 365 Admin Center to enable Microsoft Teams for your school.
## Enable Microsoft Teams for your school
1. Sign in to Office 365 with your work or school account.
-2. Click **Admin** to go to the Office 365 admin center.
+2. Click **Admin** to go to the admin center.
3. Go to **Settings > Services & add-ins**.
4. On the **Services & add-ins** page, select **Microsoft Teams**.
diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md
index 64361b412b..9495aa1d31 100644
--- a/education/get-started/finish-setup-and-other-tasks.md
+++ b/education/get-started/finish-setup-and-other-tasks.md
@@ -105,11 +105,11 @@ If you need to make changes or updates to any of the apps or settings for the gr
After completing the basic setup for your cloud infrastructure and confirming that it is up and running, it's time to prepare for additional devices to be added and enable capabilities for the user to use.
### Enable many devices to be added by a single person
-When a device is owned by the school, you may need to have a single persion adding many devices to your cloud infrastructure.
+When a device is owned by the school, you may need to have a single person adding many devices to your cloud infrastructure.
Follow the steps in this section to enable a single person to add many devices to your cloud infrastructure.
-1. Sign in to the Office 365 admin center.
+1. Sign in to the admin center.
2. Configure the device settings for the school's Active Directory. To do this, go to the new Azure portal, https://portal.azure.com.
3. Select **Azure Active Directory > Users and groups > Device settings**.
@@ -125,7 +125,7 @@ When students move from using one device to another, they may need to have their
Follow the steps in this section to ensure that settings for the each user follow them when they move from one device to another.
-1. Sign in to the Office 365 admin center.
+1. Sign in to the admin center.
2. Go to the new Azure portal, https://portal.azure.com.
3. Select **Azure Active Directory > Users and groups > Device settings**.
4. Find the setting **Users may sync settings and enterprise app data** and change the value to **All**.
@@ -142,12 +142,12 @@ Now that your basic cloud infrastructure is up and running, it's time to complet
## Enable Microsoft Teams for your school
Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education.
-To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school.
+To get started, IT administrators need to use the Microsoft 365 Admin Center to enable Microsoft Teams for your school.
**To enable Microsoft Teams for your school**
1. Sign in to Office 365 with your work or school account.
-2. Click **Admin** to go to the Office 365 admin center.
+2. Click **Admin** to go to the admin center.
3. Go to **Settings > Services & add-ins**.
4. On the **Services & add-ins** page, select **Microsoft Teams**.
@@ -198,7 +198,7 @@ Adding a new device to your cloud-based tenant is easy. For new devices, you can
Depending on the organization's policy, the user may be asked to update the password.
-5. After the user's credentails are validated, the window will refresh and will now include an entry that shows the device is now connected to the organization's MDM. This means the device is now enrolled in Intune for Education MDM and the account should have access to the organization's resources.
+5. After the user's credentials are validated, the window will refresh and will now include an entry that shows the device is now connected to the organization's MDM. This means the device is now enrolled in Intune for Education MDM and the account should have access to the organization's resources.
**Figure 8** - Device is connected to organization's MDM
diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md
index a67cc68626..d8c3f7273d 100644
--- a/education/get-started/inclusive-classroom-it-admin.md
+++ b/education/get-started/inclusive-classroom-it-admin.md
@@ -22,19 +22,19 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea
1. [Inclusive Classroom features](#features)
2. [Deploying apps with Microsoft Intune](#intune)
-3. [How to show/hide the Ease of Accesss settings for text in Windows 10](#ease)
+3. [How to show/hide the Ease of Access settings for text in Windows 10](#ease)
4. [How to change your Office 365 account from monthly, semi-annual, or yearly](#account)
## Inclusive Classroom features
| Reading features | Available in which apps | Office 2016 MSI | Office 2019 | Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) |
|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------|
-| Read aloud with simultaneous highlighting |
OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word Online, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
|
X
(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
|
X
|
X
(N/A for Outlook PC)
|
X
(N/A for any OneNote apps or Outlook PC)
|
-| Adjustable text spacing and font size |
OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word Online, Word Mac, Word for iPad
Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
|
X
(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
|
X
|
X
|
X
(N/A for any OneNote apps)
|
-| Syllabification |
OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word Online
Outlook Web Access
| |
X
(N/A for Word for iOS, Word Online, Outlook Web Access)
|
X
(N/A for Word iOS)
|
X
(N/A for Word iOS)
|
X
(N/A for any OneNote apps or Word iOS)
|
-| Parts of speech identification |
OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word Online, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word Online, Outlook Web Access)
|
X
(N/A for Word Online, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
-| Line focus mode |
Word 2016, Word Online, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
| |
X
(N/A for Word Online, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
-| Picture Dictionary |
Word 2016, Word Online, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
| |
X
(N/A for Word Online, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
+| Read aloud with simultaneous highlighting |
OneNote 2016 (add-in), OneNote in a browser, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word in a browser, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word for iOS, Word in a browser, Outlook Web Access, or Office Lens)
|
X
(N/A for Word for iOS, Word in a browser, Outlook Web Access, or Office Lens)
|
X
|
X
(N/A for Outlook PC)
|
X
(N/A for any OneNote apps or Outlook PC)
|
+| Adjustable text spacing and font size |
OneNote 2016 (add-in), OneNote in a browser, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word in a browser, Word Mac, Word for iPad
Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word for iOS, Word in a browser, Outlook Web Access, or Office Lens)
|
X
(N/A for Word for iOS, Word in a browser, Outlook Web Access, or Office Lens)
|
X
|
X
|
X
(N/A for any OneNote apps)
|
+| Syllabification |
OneNote 2016 (add-in), OneNote in a browser, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word in a browser
Outlook Web Access
| |
X
(N/A for Word for iOS, Word in a browser, Outlook Web Access)
|
X
(N/A for Word iOS)
|
X
(N/A for Word iOS)
|
X
(N/A for any OneNote apps or Word iOS)
|
+| Parts of speech identification |
OneNote 2016 (add-in), OneNote in a browser, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word in a browser, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word in a browser, Outlook Web Access)
|
X
(N/A for Word in a browser, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
+| Line focus mode |
Word 2016, Word in a browser, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
| |
X
(N/A for Word in a browser, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
+| Picture Dictionary |
Word 2016, Word in a browser, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
| |
X
(N/A for Word in a browser, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
@@ -42,11 +42,11 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea
| Writing and proofing features | Available in which apps | Office 2016 MSI | Office 2019 | Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) |
|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|---------------------------------|
| Dictation |
OneNote 2016, OneNote for Windows 10
Word 2016
Outlook 2016
PowerPoint 2016
| |
X
|
X
| | |
-| Spelling suggestions for phonetic misspellings |
Word 2016, Word Online, Word for Mac
Outlook 2016
| |
X
|
X
|
X
| |
+| Spelling suggestions for phonetic misspellings |
Word 2016, Word in a browser, Word for Mac
Outlook 2016
| |
X
|
X
|
X
| |
| Synonyms alongside spelling suggestions that can be read aloud |
Word 2016
Outlook 2016
| |
X
|
X
|
X
| |
-| Grammar checks |
Word 2016, Word Online, Word for Mac
Outlook 2016
| |
X
|
X
| | |
+| Grammar checks |
Word 2016, Word in a browser, Word for Mac
Outlook 2016
| |
X
|
X
| | |
| Customizable writing critiques |
Word 2016, Word for Mac
Outlook 2016
|
X
|
X
|
X
| | |
-| Tell me what you want to do |
Office 2016
Office Online
Office on iOS, Android, Windows 10
|
X
|
X
|
X
|
X
| |
+| Tell me what you want to do |
Office 2016
Office in a browser
Office on iOS, Android, Windows 10
|
X
|
X
|
X
|
X
| |
| Editor |
Word 2016
| |
X
|
X
| | |
diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md
index 65cd88c27c..582134817f 100644
--- a/education/get-started/set-up-windows-education-devices.md
+++ b/education/get-started/set-up-windows-education-devices.md
@@ -17,7 +17,7 @@ manager: dansimp
# Set up Windows 10 devices using Windows OOBE
-If you are setting up a Windows 10 device invidividually, and network bandwidth is not an issue, you can go through the Windows 10 first-run setup experience, also known as OOBE (out-of-box-experience) to set up the device, and join it to your school's Office 365 and Azure Active Directory.
+If you are setting up a Windows 10 device individually, and network bandwidth is not an issue, you can go through the Windows 10 first-run setup experience, also known as OOBE (out-of-box-experience) to set up the device, and join it to your school's Office 365 and Azure Active Directory.
You can watch the video to see how this is done, or follow the step-by-step guide.
diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md
index c6192599ba..6a025b3ff4 100644
--- a/education/get-started/use-school-data-sync.md
+++ b/education/get-started/use-school-data-sync.md
@@ -74,7 +74,7 @@ To learn more about the CSV files that are required and the info you need to inc
5. In the **Sync options** screen:
- 1. In the **Select new or existing users** section, you can select either **Existing users** or **New users** based on the scenaro that applies to you. For this walkthrough, select **New users**.
+ 1. In the **Select new or existing users** section, you can select either **Existing users** or **New users** based on the scenario that applies to you. For this walkthrough, select **New users**.
2. In the **Import data** section, click **Upload Files** to bring up the **Select data files to be uploaded** window.
3. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import.
4. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**.
diff --git a/education/images/data-streamer.png b/education/images/data-streamer.png
new file mode 100644
index 0000000000..6473d9da33
Binary files /dev/null and b/education/images/data-streamer.png differ
diff --git a/education/images/education-partner-aep-2.svg b/education/images/education-partner-aep-2.svg
index 96ecbf019b..6bf0c2c3ac 100644
--- a/education/images/education-partner-aep-2.svg
+++ b/education/images/education-partner-aep-2.svg
@@ -1,4 +1,4 @@
-
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index c0c253a025..2579fa4d39 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -4,7 +4,7 @@ description: Defender CSP
ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index d9e0290636..fb7628c241 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -4,7 +4,7 @@ description: Defender DDF file
ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
-
-
-
-
-
-
-
Node operation
-
Contrary node operation
-
-
-
-
-
Add
-
Clear and DeleteChild
-
-
-
Copy
-
To copy to a new node: Clear and DeleteChild
-
To copy to an existing node: Add and SetValue
-
-
-
Clear
-
To restore the state of the deleted node: SetValue and SetProperty
-
-
-
DeleteChild
-
To restore the old node: Add
-
-
-
DeleteProperty
-
To restore the deleted property: SetProperty
-
-
-
Execute
-
Externally transactioned nodes do not support the Execute command.
-
-
-
GetValue
-
None
-
-
-
Move
-
To restore a source node: Move
-
To restore an overwritten target node: Add and SetValue
-
-
-
SetValue
-
To restore the previous value: SetValue
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 1fe3abbba1..9292eb002c 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -4,7 +4,7 @@ description: DevDetail CSP
ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -188,7 +188,7 @@ Value type is string. Supported operation is Get.
**Ext/DeviceHardwareData**
Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
-> [!Note]
+> [!NOTE]
> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.
Supported operation is Get.
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index cf446d6f9a..b313ad3605 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -4,7 +4,7 @@ description: DevDetail DDF file
ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -23,7 +23,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
$CmdID$
@@ -912,14 +912,14 @@ The following screenshots of the administrator console shows the list of update
-
+
## SyncML example
Set auto update to notify and defer.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md
index c6e8ab6ccd..09d6af05e4 100644
--- a/windows/client-management/mdm/deviceinstanceservice-csp.md
+++ b/windows/client-management/mdm/deviceinstanceservice-csp.md
@@ -4,7 +4,7 @@ description: DeviceInstanceService CSP
ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -70,7 +70,7 @@ The parent node to group SIM2 specific information in case of dual SIM mode.
The following sample shows how to query roaming status and phone number on the device.
-``` syntax
+```xml
2
@@ -88,7 +88,7 @@ The following sample shows how to query roaming status and phone number on the d
Response from the phone.
-``` syntax
+```xml
31
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 2bece89b6c..246408076e 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -4,7 +4,7 @@ description: DeviceLock CSP
ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -126,7 +126,7 @@ Required. This node has the same set of policy nodes as the **ProviderID** node.
Set device lock policies:
-``` syntax
+```xml
13
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index cc93e15019..545ebcdb9b 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -4,7 +4,7 @@ description: DeviceLock DDF file
ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -17,7 +17,7 @@ ms.date: 06/26/2017
This topic shows the OMA DM device description framework (DDF) for the **DeviceLock** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-``` syntax
+```xml
**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**
Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask.
-- 0x0: System meets hardware configuration requirements
-- 0x1: SecureBoot required
-- 0x2: DMA Protection required
-- 0x4: HyperV not supported for Guest VM
-- 0x8: HyperV feature is not available
+- 0x0: System meets hardware configuration requirements
+- 0x1: SecureBoot required
+- 0x2: DMA Protection required
+- 0x4: HyperV not supported for Guest VM
+- 0x8: HyperV feature is not available
Supported operation is Get.
**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
Added in Windows, version 1709. Virtualization-based security status. Value is one of the following:
-- 0 - Running
-- 1 - Reboot required
-- 2 - 64 bit architecture required
-- 3 - not licensed
-- 4 - not configured
-- 5 - System doesn't meet hardware requirements
-- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details
+- 0 - Running
+- 1 - Reboot required
+- 2 - 64 bit architecture required
+- 3 - not licensed
+- 4 - not configured
+- 5 - System doesn't meet hardware requirements
+- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details
Supported operation is Get.
@@ -301,11 +301,11 @@ Supported operation is Get.
**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**
Added in Windows, version 1709. Local System Authority (LSA) credential guard status.
-- 0 - Running
-- 1 - Reboot required
-- 2 - Not licensed for Credential Guard
-- 3 - Not configured
-- 4 - VBS not running
+- 0 - Running
+- 1 - Reboot required
+- 2 - Not licensed for Credential Guard
+- 3 - Not configured
+- 4 - VBS not running
Supported operation is Get.
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 5aa865e2d8..fbdf08a6d0 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid: 780DC6B4-48A5-4F74-9F2E-6E0D88902A45
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1803.
-``` syntax
+```xml
@@ -192,7 +192,7 @@ You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is
Add a collector node
-``` syntax
+```xml
@@ -214,7 +214,7 @@ Add a collector node
Add the ETW provider to the trace
-``` syntax
+```xml
@@ -236,7 +236,7 @@ Add the ETW provider to the trace
Start collector trace logging
-``` syntax
+```xml
@@ -259,7 +259,7 @@ Start collector trace logging
Stop collector trace logging
-``` syntax
+```xml
@@ -314,7 +314,7 @@ For best results, ensure that the PC or VM on which you are viewing logs matches
Here's an example of how to collect current MDM device state data using the [DiagnosticLog CSP](diagnosticlog-csp.md), version 1.3, which was added in Windows 10, version 1607. You can collect the file from the device using the same FileDownload node in the CSP as you do for the etl files.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 5336d57012..44c558fde0 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -4,7 +4,7 @@ description: DiagnosticLog CSP
ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -121,7 +121,7 @@ Supported operations are Add, Delete, and Get.
Add a collector
-``` syntax
+```xml
@@ -143,7 +143,7 @@ Add a collector
Delete a collector
-``` syntax
+```xml
@@ -232,7 +232,7 @@ To stop the trace, running an execute command on this node with the value STOP.
Start collector trace logging
-``` syntax
+```xml
@@ -255,7 +255,7 @@ Start collector trace logging
Stop collector trace logging
-``` syntax
+```xml
@@ -301,7 +301,7 @@ Supported operations are Add, Delete, and Get.
Add a provider
-``` syntax
+```xml
@@ -323,7 +323,7 @@ Add a provider
Delete a provider
-``` syntax
+```xml
@@ -388,7 +388,7 @@ The following table lists the possible values.
Set provider **TraceLevel**
-``` syntax
+```xml
@@ -420,7 +420,7 @@ Default value is 0 meaning no keyword.
Get provider **Keywords**
-``` syntax
+```xml
@@ -440,7 +440,7 @@ Get provider **Keywords**
Set provider **Keywords**
-``` syntax
+```xml
@@ -499,7 +499,7 @@ The following table lists the possible values. Default value is TRUE.
Set provider **State**
-``` syntax
+```xml
@@ -532,7 +532,7 @@ Supported operations are Add, Delete, and Get.
Add a channel
-``` syntax
+```xml
@@ -554,7 +554,7 @@ Add a channel
Delete a channel
-``` syntax
+```xml
@@ -578,7 +578,7 @@ The supported operation is Execute.
Export channel event data
-``` syntax
+```xml
@@ -606,7 +606,7 @@ Default value is empty string.
Get channel **Filter**
-``` syntax
+```xml
@@ -659,7 +659,7 @@ The following table lists the possible values.
Get channel **State**
-``` syntax
+```xml
@@ -678,7 +678,7 @@ Get channel **State**
Set channel **State**
-``` syntax
+```xml
@@ -707,7 +707,7 @@ Added in version 1.3 of the CSP in Windows 10, version 1607. Triggers the snapp
The supported value is Execute.
-``` syntax
+```xml
@@ -748,7 +748,7 @@ Supported operations are Get and Replace.
Set **BlockSizeKB**
-``` syntax
+```xml
@@ -771,7 +771,7 @@ Set **BlockSizeKB**
Get **BlockSizeKB**
-``` syntax
+```xml
@@ -797,7 +797,7 @@ The only supported operation is Get.
Get **BlockCount**
-``` syntax
+```xml
@@ -823,7 +823,7 @@ Supported operations are Get and Replace.
Set **BlockIndexToRead** at 0
-``` syntax
+```xml
@@ -846,7 +846,7 @@ Set **BlockIndexToRead** at 0
Set **BlockIndexToRead** at 1
-``` syntax
+```xml
@@ -874,7 +874,7 @@ The only supported operation is Get.
Get **BlockData**
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 3478b5e5d9..dc23032029 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -4,7 +4,7 @@ description: DiagnosticLog DDF
ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
index 416d53867b..3cb1682333 100644
--- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
@@ -7,7 +7,7 @@ MS-HAID:
ms.assetid: 33B2B248-631B-451F-B534-5DA095C4C8E8
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -105,7 +105,7 @@ After the previous package is sent, the unenrollment process begins.
When the server initiates disconnection, all undergoing sessions for the enrollment ID are aborted immediately to avoid deadlocks. The server will not get a response for the unenrollment, instead a generic alert notification is sent with messageid=1.
-``` syntax
+```xml
4
1226
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index 52960d3977..09b61984c1 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -4,7 +4,7 @@ description: DMAcc CSP
ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 08a6e0517f..232f5672cd 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -4,7 +4,7 @@ description: DMAcc DDF file
ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
12
@@ -173,7 +173,7 @@ To work around the timeout, you can use this setting to keep the session alive b
Here is an example of DM message sent by the device when it is in pending state:
-``` syntax
+```xml
1.2
@@ -229,7 +229,7 @@ Added in Windows 10, version 1607. The list of management server URLs in the fo
-``` syntax
+```xml
101
@@ -770,7 +770,7 @@ Note that <LocURI>./Vendor/MSFT/DMClient/Unenroll</LocURI> is suppor
The following SyncML shows how to remotely unenroll the device. Note that this command should be inserted in the general DM packages sent from the server to the device.
-``` syntax
+```xml
2
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index fe540b8745..c93fe4da96 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -4,7 +4,7 @@ description: DMClient DDF file
ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1803.
-``` syntax
+```xml
Default value is False. Supported operations are Get and Replace.
Example to turn on NotificationsEnabled:
-``` syntax
+```xml
100
@@ -84,7 +84,7 @@ The following diagram shows the DynamicManagement configuration service provider
Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 meters radius of the specified latitude/longitude
-``` syntax
+```xml
200
@@ -138,7 +138,7 @@ Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 me
Disable camera using network trigger with time trigger, from 9-5, when ip4 gateway is 192.168.0.1
-``` syntax
+```xml
300
@@ -193,7 +193,7 @@ Disable camera using network trigger with time trigger, from 9-5, when ip4 gatew
Delete a context
-``` syntax
+```xml
400
@@ -206,7 +206,7 @@ Delete a context
Get ContextStatus and SignalDefinition from a specific context
-``` syntax
+```xml
400
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 535ff0c740..3439bf646a 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -4,7 +4,7 @@ description: DynamicManagement DDF file
ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -20,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
+- For Wi-Fi, look for the `` section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under `` with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
- For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field.
For information about EAP Settings, see
@@ -142,11 +142,11 @@ The following list describes the prerequisites for a certificate to be used with
- The certificate must have at least one of the following EKU (Extended Key Usage) properties:
- Client Authentication
- - As defined by RFC 5280, this is a well-defined OID with Value 1.3.6.1.5.5.7.3.2
+ - As defined by RFC 5280, this is a well-defined OID with Value 1.3.6.1.5.5.7.3.2
- Any Purpose
- - An EKU Defined and published by Microsoft, is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that additional non-critical or custom EKUs can still be added to the certificate for effective filtering.
+ - An EKU Defined and published by Microsoft, is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that additional non-critical or custom EKUs can still be added to the certificate for effective filtering.
- All Purpose
- - As defined by RFC 5280, If a CA includes extended key usages to satisfy some application needs, but does not want to restrict usage of the key, the CA can add an Extended Key Usage Value of 0. A certificate with such an EKU can be used for all purposes.
+ - As defined by RFC 5280, If a CA includes extended key usages to satisfy some application needs, but does not want to restrict usage of the key, the CA can add an Extended Key Usage Value of 0. A certificate with such an EKU can be used for all purposes.
- The user or the computer certificate on the client chains to a trusted root CA
- The user or the computer certificate does not fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
- The user or the computer certificate does not fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index 1971fbca41..ddb14a8d3f 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -4,7 +4,7 @@ description: EMAIL2 CSP
ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index b0f92b1548..f24a64e3e3 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -4,7 +4,7 @@ description: EMAIL2 DDF file
ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
[!Note]
+> [!NOTE]
> The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
-``` syntax
+```xml
@@ -114,7 +114,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
Here is the snippet from appv.admx:
- ``` syntax
+ ```xml
@@ -223,10 +223,10 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
Here is the example for **AppVirtualization/PublishingAllowServer2**:
-> [!Note]
+> [!NOTE]
> The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
- ``` syntax
+ ```xml
@@ -264,7 +264,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
The \ payload is \. Here is an example to disable AppVirtualization/PublishingAllowServer2.
-``` syntax
+```xml
@@ -289,7 +289,7 @@ The \ payload is \. Here is an example to disable AppVirtualiza
The \ payload is empty. Here an example to set AppVirtualization/PublishingAllowServer2 to "Not Configured."
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
index b177cf578b..e05ab31e6f 100644
--- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
+++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
@@ -4,7 +4,7 @@ description: Like any Windows devices, Windows 10 Mobile devices use Microsoft
ms.assetid: ED3DAF80-847C-462B-BDB1-486577906772
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -275,7 +275,7 @@ After the installation of updates is completed, the IT Admin can use the DURepor
## Example PowerShell script
-``` syntax
+```powershell
param (
# [Parameter (Mandatory=$true, HelpMessage="Input File")]
[String]$inputFile,
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index c6cbf4062b..f374eaec31 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -1,7 +1,7 @@
---
title: Enroll a Windows 10 device automatically using Group Policy
description: Enroll a Windows 10 device automatically using Group Policy
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Requirements:
- The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md)
- The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
-> [!Tip]
+> [!TIP]
> [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup)
To verify if the device is Azure AD registered, run `dsregcmd /status` from the command line.
@@ -32,7 +32,7 @@ Here is a partial screenshot of the result:
The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
-> [!Note]
+> [!NOTE]
> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
@@ -50,7 +50,7 @@ Requirements:
- Enterprise has MDM service already configured
- Enterprise AD must be registered with Azure AD
-1. Run GPEdit.msc
+1. Run GPEdit.msc
Click Start, then in the text box type gpedit.
@@ -62,11 +62,11 @@ Requirements:
-4. Double-click **Auto MDM Enrollment with AAD Token**.
+4. Double-click **Auto MDM Enrollment with AAD Token**.
-5. Click **Enable**, then click **OK**.
+5. Click **Enable**, then click **OK**.
A task is created and scheduled to run every 5 minutes for the duration of 1 day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
@@ -76,9 +76,9 @@ Requirements:
-6. To verify successful enrollment to MDM , click **Start > Settings > Accounts > Access work or school**, then select your domain account.
+6. To verify successful enrollment to MDM , click **Start > Settings > Accounts > Access work or school**, then select your domain account.
-7. Click **Info** to see the MDM enrollment information.
+7. Click **Info** to see the MDM enrollment information.
@@ -91,9 +91,9 @@ Requirements:
-2. Under **Best match**, click **Task Scheduler** to launch it.
+2. Under **Best match**, click **Task Scheduler** to launch it.
-3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
+3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
@@ -109,7 +109,7 @@ Requirements:
- Enterprise AD must be integrated with Azure AD.
- Ensure that PCs belong to same computer group.
->[!IMPORTANT]
+>[!IMPORTANT]
>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps:
> 1. Download:
> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/en-us/download/details.aspx?id=56880) or
@@ -122,13 +122,13 @@ Requirements:
> 5. Restart the Primary Domain Controller for the policy to be available.
> This procedure will work for any future version as well.
-1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
-2. Create a Security Group for the PCs.
-3. Link the GPO.
-4. Filter using Security Groups.
-5. Enforce a GPO link.
+1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
+2. Create a Security Group for the PCs.
+3. Link the GPO.
+4. Filter using Security Groups.
+5. Enforce a GPO link.
->[!NOTE]
+> [!NOTE]
> Version 1903 (March 2019) is actually on the Insider program and doesn't yet contain a downloadable version of Templates (version 1903).
### Related topics
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index ae85ee06e1..85e0516dfd 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -1,7 +1,7 @@
---
title: EnrollmentStatusTracking CSP
description: EnrollmentStatusTracking CSP
-ms.author: v-madhi@microsoft.com
+ms.author: dansimp@microsoft.com
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -18,7 +18,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
### EnrollmentStatusTracking CSP
-``` syntax
+```xml
- These settings are read by the Enrollment Status Page (ESP) during the the Device Preparation phase. These setting are used to orchestrate any setup activities prior to provisioning the device in the Device Setup phase of the ESP.
+ These settings are read by the Enrollment Status Page (ESP) during the Device Preparation phase. These setting are used to orchestrate any setup activities prior to provisioning the device in the Device Setup phase of the ESP.
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index 2f213bb910..40733a7170 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -1,7 +1,7 @@
---
title: EnrollmentStatusTracking CSP
description: EnrollmentStatusTracking CSP
-ms.author: v-madhi@microsoft.com
+ms.author: dansimp@microsoft.com
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -12,7 +12,7 @@ ms.date: 05/21/2019
# EnrollmentStatusTracking CSP
-During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/enrollment-status).
+During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status).
ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. See [DMClient CSP](dmclient-csp.md) for more information.
diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md
index 42c5475d1f..b809041a65 100644
--- a/windows/client-management/mdm/enterprise-app-management.md
+++ b/windows/client-management/mdm/enterprise-app-management.md
@@ -4,7 +4,7 @@ description: This topic covers one of the key mobile device management (MDM) fea
ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -78,7 +78,7 @@ Note that performing a full inventory of a device can be resource intensive on t
Here is an example of a query for all apps on the device.
-``` syntax
+```xml
1
@@ -92,7 +92,7 @@ Here is an example of a query for all apps on the device.
Here is an example of a query for a specific app for a user.
-``` syntax
+```xml
1
@@ -121,7 +121,7 @@ For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](
Here is an example of a query for all app licenses on a device.
-``` syntax
+```xml
1
@@ -135,7 +135,7 @@ Here is an example of a query for all app licenses on a device.
Here is an example of a query for all app licenses for a user.
-``` syntax
+```xml
1
@@ -161,7 +161,7 @@ For more information about the AllowAllTrustedApps policy, see [Policy CSP](poli
Here are some examples.
-``` syntax
+```xml
1
@@ -199,7 +199,7 @@ For more information about the AllowDeveloperUnlock policy, see [Policy CSP](pol
Here is an example.
-``` syntax
+```xml
1
@@ -244,7 +244,7 @@ Here are the requirements for this scenario:
Here are some examples.
-``` syntax
+```xml
1
@@ -281,7 +281,7 @@ In the SyncML, you need to specify the following information in the Exec command
Here is an example of an offline license installation.
-``` syntax
+```xml
1
@@ -315,7 +315,7 @@ The Add command for the package family name is required to ensure proper removal
Here is an example of a line-of-business app installation.
-``` syntax
+```xml
0
@@ -342,7 +342,7 @@ Here is an example of a line-of-business app installation.
Here is an example of an app installation with dependencies.
-``` syntax
+```xml
0
@@ -376,7 +376,7 @@ Here is an example of an app installation with dependencies.
Here is an example of an app installation with dependencies and optional packages.
-``` syntax
+```xml
0
@@ -438,7 +438,7 @@ Here is an example of app installation.
> **Note** This is only supported in Windows 10 for desktop editions.
-``` syntax
+```xml
0
@@ -475,7 +475,7 @@ Here is an example of app installation with dependencies.
> **Note** This is only supported in Windows 10 for desktop editions.
-``` syntax
+```xml
0
@@ -526,7 +526,7 @@ When an app is installed successfully, the node is cleaned up and no longer pres
Here is an example of a query for a specific app installation.
-``` syntax
+```xml
2
@@ -540,7 +540,7 @@ Here is an example of a query for a specific app installation.
Here is an example of a query for all app installations.
-``` syntax
+```xml
2
@@ -558,7 +558,7 @@ Application installations can take some time to complete, hence they are done as
Here is an example of an alert.
-``` syntax
+```xml
4
1226
@@ -594,7 +594,7 @@ To uninstall an app, you delete it under the origin node, package family name, a
Here is an example for uninstalling all versions of an app for a user.
-``` syntax
+```xml
1
@@ -608,7 +608,7 @@ Here is an example for uninstalling all versions of an app for a user.
Here is an example for uninstalling a specific version of the app for a user.
-``` syntax
+```xml
1
@@ -631,7 +631,7 @@ Removing provisioned app occurs in the device context.
Here is an example for removing a provisioned app from a device.
-``` syntax
+```xml
1
@@ -645,7 +645,7 @@ Here is an example for removing a provisioned app from a device.
Here is an example for removing a specific version of a provisioned app from a device:
-``` syntax
+```xml
1
@@ -663,7 +663,7 @@ You can remove app licenses from a device per app based on the content ID.
Here is an example for removing an app license for a user.
-``` syntax
+```xml
1
@@ -677,7 +677,7 @@ Here is an example for removing an app license for a user.
Here is an example for removing an app license for a provisioned package (device context).
-``` syntax
+```xml
1
@@ -697,7 +697,7 @@ For user-based uninstallation, use ./User in the LocURI, and for provisioning, u
Here is an example. There is only one uninstall for hosted and store apps.
-``` syntax
+```xml
1226
@@ -723,7 +723,7 @@ To update an app from Microsoft Store, the device requires contact with the stor
Here is an example of an update scan.
-``` syntax
+```xml
1
@@ -737,7 +737,7 @@ Here is an example of an update scan.
Here is an example of a status check.
-``` syntax
+```xml
1
@@ -766,7 +766,7 @@ Turning off updates only applies to updates from the Microsoft Store at the devi
Here is an example.
-``` syntax
+```xml
1
@@ -795,7 +795,7 @@ You can install app on non-system volumes, such as a secondary partition or remo
Here is an example.
-``` syntax
+```xml
1
@@ -832,7 +832,7 @@ The RestrictAppDataToSystemVolume policy in [Policy CSP](policy-configuration-se
Here is an example.
-``` syntax
+```xml
1
@@ -873,7 +873,7 @@ The valid values are 0 (off, default value) and 1 (on).
Here is an example.
-``` syntax
+```xml
1
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index 29b5d5bdd5..d2b3bddc1d 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -4,7 +4,7 @@ description: The EnterpriseAPN configuration service provider is used by the ent
ms.assetid: E125F6A5-EE44-41B1-A8CC-DF295082E6B2
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -132,7 +132,7 @@ The following image shows the EnterpriseAPN configuration service provider in tr
## Examples
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 1d9abd598e..319356f336 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -4,7 +4,7 @@ description: EnterpriseAPN DDF
ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -22,13 +22,13 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The content below are the different versions of the DDF for this CSP.
-- [EnterpriseAPN CSP version 1.0 DDF](#enterpriseapn-csp-version-1-0-ddf)
-- [EnterpriseAPN CSP version 1.1 DDF](#enterpriseapn-csp-version-1-1-ddf)
-- [EnterpriseAPN CSP version 1.2 DDF](#enterpriseapn-csp-version-1-2-ddf)
+- [EnterpriseAPN CSP version 1.0 DDF](#enterpriseapn-csp-version-10-ddf)
+- [EnterpriseAPN CSP version 1.1 DDF](#enterpriseapn-csp-version-11-ddf)
+- [EnterpriseAPN CSP version 1.2 DDF](#enterpriseapn-csp-version-12-ddf)
-### EnterpriseAPN CSP version 1.0 DDF
+### EnterpriseAPN CSP version 1.0 DDF
-``` syntax
+```xml
```
-### EnterpriseAPN CSP version 1.1 DDF
+### EnterpriseAPN CSP version 1.1 DDF
-``` syntax
+```xml
```
-### EnterpriseAPN CSP version 1.2 DDF
+### EnterpriseAPN CSP version 1.2 DDF
-``` syntax
+```xml
1
@@ -222,7 +222,7 @@ Use the following SyncML format to query to see if the application is installed
Response from the device (it contains list of subnodes if this app is installed in the device).
-``` syntax
+```xml
31
@@ -266,7 +266,7 @@ The value actually applied to the device can be queried via the nodes under the
Enroll enterprise ID “4000000001” for the first time:
-``` syntax
+```xml
2
@@ -293,7 +293,7 @@ Enroll enterprise ID “4000000001” for the first time:
Update the enrollment token (for example, to update an expired application enrollment token):
-``` syntax
+```xml
2
@@ -310,7 +310,7 @@ Update the enrollment token (for example, to update an expired application enrol
Query all installed applications that belong to enterprise id “4000000001”:
-``` syntax
+```xml
2
@@ -325,7 +325,7 @@ Query all installed applications that belong to enterprise id “4000000001”:
Response from the device (that contains two installed applications):
-``` syntax
+```xml
31
@@ -444,7 +444,7 @@ To perform an XAP update, create the Name, URL, Version, and DownloadInstall nod
-``` syntax
+```xml
2Large
@@ -123,7 +123,7 @@ Folder example:
```
An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder.
-``` syntax
+```xml
Medium
@@ -252,7 +252,7 @@ For example, in place of SettingPageDisplay, you would use ms-settings:display.
Here is an example for Windows 10, version 1703.
-``` syntax
+```xml
@@ -268,7 +268,7 @@ Here is an example for Windows 10, version 1703.
Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
-> [!Note]
+> [!NOTE]
> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
@@ -327,14 +327,14 @@ Starting in Windows 10, version 1703, Quick action settings no longer require an
In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked.
-``` syntax
+```xml
```
In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.
-``` syntax
+```xml
@@ -350,7 +350,7 @@ In this example for Windows 10, version 1511, all System setting pages are ena
```
Here is an example for Windows 10, version 1703.
-``` syntax
+```xml
@@ -376,13 +376,13 @@ Buttons | The following list identifies the hardware buttons on the device that
Custom3
-> [!Note]
+> [!NOTE]
> Lock down of the Start button only prevents the press and hold event.
>
> Custom buttons are hardware buttons that can be added to devices by OEMs.
Buttons example:
-``` syntax
+```xml
@@ -400,14 +400,14 @@ Buttons example:
```
The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users.
-> [!Note]
+> [!NOTE]
> The lockdown settings for a button, per user role, will apply regardless of the button mapping.
>
> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.
-``` syntax
+```xml
-
-
-
-
-
-
-
-
-
-
-
-
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md
index d1f0ed0a9f..e5392fcc55 100644
--- a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md
+++ b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md
@@ -4,7 +4,7 @@ description: EnterpriseAssignedAccess DDF
ms.assetid: 8BD6FB05-E643-4695-99A2-633995884B37
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -19,7 +19,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Enterpr
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-``` syntax
+```xml
block of the AssignedAccessXML node.
-``` syntax
+```xml
@@ -345,7 +345,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
The following example sets the value for the 'Server'
-``` syntax
+```xml
0
@@ -363,7 +363,7 @@ The following example sets the value for the 'Server'
The following example gets all managed app settings for a specific app.
-``` syntax
+```xml
0
@@ -583,7 +583,7 @@ For examples of how to use this CSP to for reporting apps inventory, installatio
Query the device for a specific app subcategory, such as nonStore apps.
-``` syntax
+```xml
1
@@ -598,8 +598,7 @@ The result contains a list of apps, such as \App1/App2/App\.
Subsequent query for a specific app for its properties.
-``` syntax
-
+```xml
1
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 803f46cf73..4b86f38ff0 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -4,7 +4,7 @@ description: EnterpriseModernAppManagement DDF
ms.assetid:
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -23,7 +23,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 1fad0a54a6..386f5a8c48 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -14,13 +14,13 @@ ms.topic:
# How Mobile Device Management Providers support eSIM Management on Windows
The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following:
-- Onboard to Azure Active Directory
-- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties.
-- Assess solution type that you would like to provide your customers
-- Batch/offline solution
-- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
-- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
-- Real-time solution
-- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
-- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
+- Onboard to Azure Active Directory
+- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties.
+- Assess solution type that you would like to provide your customers
+- Batch/offline solution
+- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
+- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
+- Real-time solution
+- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
+- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
**Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator.
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 22341aa348..43626310a0 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -1,7 +1,7 @@
---
title: eUICCs CSP
description: eUICCs CSP
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 0f282ff7df..3f3e71df8d 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -4,7 +4,7 @@ description: eUICCs DDF file
ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below if for Windows 10, version 1803.
-``` syntax
+```xml
@@ -198,7 +198,7 @@ The server has to send a POST to a redirect URL of the form ms-app://string (the
The following example shows a response received from the discovery web service which requires authentication via WAB.
-``` syntax
+```xml
@@ -252,7 +252,7 @@ wsse:BinarySecurityToken/attributes/EncodingType: The <wsse:BinarySecurityTok
The following is an enrollment policy request example with a received security token as client credential.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md
index f0745bb496..653b03b527 100644
--- a/windows/client-management/mdm/filesystem-csp.md
+++ b/windows/client-management/mdm/filesystem-csp.md
@@ -4,7 +4,7 @@ description: FileSystem CSP
ms.assetid: 9117ee16-ca7a-4efa-9270-c9ac8547e541
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index c6322ae0bb..b8f27a73dc 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -1,7 +1,7 @@
---
title: Firewall CSP
description: Firewall CSP
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -162,7 +162,7 @@ The following diagram shows the Firewall configuration service provider in tree
Sample syncxml to provision the firewall settings to evaluate
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index c3d8ccf3cf..20172a8f10 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -1,7 +1,7 @@
---
title: Firewall DDF file
description: Firewall DDF file
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -18,7 +18,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Firewal
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-``` syntax
+```xml
[INT]
@@ -476,7 +476,7 @@ The following list of data points are verified by the DHA-Service in DHA-Report
- [CodeIntegrityEnabled](#codeintegrityenabled)
- [TestSigningEnabled](#testsigningenabled)
- [SafeMode](#safemode)
-- [WinPE ](#winpe)
+- [WinPE](#winpe)
- [ELAMDriverLoaded](#elamdriverloaded) ***
- [VSMEnabled](#vsmenabled)
- [PCRHashAlgorithmID](#pcrhashalgorithmid)
@@ -1123,7 +1123,7 @@ Each of these are described in further detail in the following sections, along w
## DHA-Report example
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/iconfigserviceprovider2.md b/windows/client-management/mdm/iconfigserviceprovider2.md
deleted file mode 100644
index 048b953696..0000000000
--- a/windows/client-management/mdm/iconfigserviceprovider2.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-title: IConfigServiceProvider2
-description: IConfigServiceProvider2
-ms.assetid: 8deec0fb-59a6-4d08-8ddb-6d0d3d868a10
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# IConfigServiceProvider2
-
-
-OEMs are required to implement this interface once per configuration service provider. ConfigManager2 clients use this interface to instantiate the configuration service provider, to communicate general state information to the configuration service provider, and often to access or create nodes.
-
-The following table shows the methods defined by this interface that OEMs must implement.
-
-
Enables ConfigManager2 to send notifications to a configuration service provider of events such as when the configuration service provider is loaded or unloaded, when rollbacks are performed, and when actions are called on nodes.
Returns a node from the configuration service provider based on the path relative to the root node.
-
-
-
-
-
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md b/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md
deleted file mode 100644
index 55f2a25518..0000000000
--- a/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md
+++ /dev/null
@@ -1,146 +0,0 @@
----
-title: IConfigServiceProvider2 ConfigManagerNotification
-description: IConfigServiceProvider2 ConfigManagerNotification
-ms.assetid: b1f0fe0f-afbe-4b36-a75d-34239a86a75c
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# IConfigServiceProvider2::ConfigManagerNotification
-
-
-This method enables ConfigManager2 to send notifications of events to a configuration service provider, such as when the configuration service provider is loaded or unloaded, when rollbacks are performed, and when actions are called on nodes.
-
-## Syntax
-
-
-``` syntax
-HRESULT ConfigManagerNotification([in] CFGMGR_NOTIFICATION cmnfyState,
- [in] LPARAM lpParam);
-```
-
-## Parameters
-
-
-*cmnfyState*
-
-
-The following events are supported by all configuration service providers.
-
-
-
-
-
-
-
-
-
Event
-
Description
-
-
-
-
-
CFGMGR_NOTIFICATION_LOAD
-
First time the configuration service provider is loaded/instantiated.
-
-
-
CFGMGR_NOTIFICATION_BEGINCOMMANDPROCESSING
-
About to run the first command of a transaction.
-
-
-
CFGMGR_NOTIFICATION_ENDCOMMANDPROCESSING
-
Last command of transaction has executed. This event is always raised if BEGINCOMMANDPROCESSING was raised, even if the handling of BEGINCOMMANDPROCESSING failed.
-
-
-
CFGMGR_NOTIFICATION_BEGINCOMMIT
-
About to commit the first command of a transaction.
-
-
-
CFGMGR_NOTIFICATION_ENDCOMMIT
-
Last command of a transaction has been committed. This event is always raised if BEGINCOMMIT was raised, even if the handling of BEGINCOMMIT failed.
-
-
-
CFGMGR_NOTIFICATION_BEGINROLLBACK
-
About to roll back the first command of the transaction.
-
-
-
CFGMGR_NOTIFICATION_ENDROLLBACK
-
Last command of the transaction has been rolled back. This event is always raised if BEGINROLLBACK was raised, even if the handling of BEGINROLLBACK failed.
-
-
-
CFGMGR_NOTIFICATION_UNLOAD
-
The configuration service provider is about to be unloaded/deleted.
-
-
-
CFGMGR_NOTIFICATION_SETSESSIONOBJ
-
Session object is available for use; lpParam can be cast to an IConfigSession2 pointer.
-
-
-
CFGMGR_NOTIFICATION_BEGINTRANSACTIONING
-
Primarily used for compatibility with v1 configuration service providers. Signals the beginning of a transactioning sequence.
-
-
-
CFGMGR_NOTIFICATION_ENDTRANSACTIONING
-
Primarily used for compatibility with v1 configuration service providers. Signals the end of a transactioning sequence.
-
-
-
-
-
-
-
-
-*lpParam*
-
-
-Normally NULL, but contains a pointer to an IConfigSession2 instance if cmnfState is CFGMGR_NOTIFICATION_SETSESSIONOBJ.
-
-
-
-
-## Return Value
-
-A value of S\_OK indicates success.
-
-## Remarks
-
-ConfigManager2 guarantees that if it raised one of the BEGIN events
-
-- CFGMGR\_NOTIFICATION\_BEGINCOMMANDPROCESSING
-- CFGMGR\_NOTIFICATION\_BEGINCOMMIT
-- CFGMGR\_NOTIFICATION\_BEGINROLLBACK
-
-then the corresponding END event will be raised, even if the handling of the BEGIN notification failed.
-For each transaction, the sequence of notifications is:
-
-1. BEGINCOMMANDPROCESSING
-
-2. BEGINTRANSACTIONING
-
-3. ENDTRANSACTIONING
-
-4. ENDCOMMANDPROCESSING
-
-5. Either BEGINCOMMIT or BEGINROLLBACK, depending on whether the transaction succeeded or failed.
-
-6. Either ENDCOMMIT or ENDROLLBACK, depending on whether the transaction succeeded or failed.
-
-Each configuration service provider will receive the relevant BEGIN/END notifications exactly once per each transaction that ConfigManager2 executes.
-
-## Requirements
-
-**Header:** None
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/iconfigserviceprovider2getnode.md b/windows/client-management/mdm/iconfigserviceprovider2getnode.md
deleted file mode 100644
index c89523b033..0000000000
--- a/windows/client-management/mdm/iconfigserviceprovider2getnode.md
+++ /dev/null
@@ -1,106 +0,0 @@
----
-title: IConfigServiceProvider2 GetNode
-description: IConfigServiceProvider2 GetNode
-ms.assetid: 4dc10a59-f6a2-45c0-927c-d594afc9bb91
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# IConfigServiceProvider2::GetNode
-
-
-This method returns a node from the configuration service provider based on the path that was passed in. The returned node is a descendent of the root node.
-
-## Syntax
-
-
-``` syntax
-HRESULT GetNode([in] IConfigManager2URI* pURI,
- [out] ICSPNode** ppNode,
- [in, out] DWORD* pgrfNodeOptions);
-```
-
-## Parameters
-
-*pUri*
-
-
-URI of the child node, relative to the root node. For example, to access the "./Vendor/Contoso/SampleCSP/ContainerA/UserName" node, ConfigManager2 calls the configuration service provider's GetNode method and passes in an IConfigManager2URI instance representing the URI “SampleCSP/ContainerA/UserName”.
-
-
-
-ppNode
-
-
-If the query is successful, this returns the ICSPNode instance at the pUri location in the configuration service provider's tree.
-
-
-
-pgrfNodeOptions
-
-
-Nodes support the following features.
-
-
-
-
-
-
-
-
-
-
Feature name
-
Bit value (in hex)
-
Notes
-
-
-
-
-
CSPNODE_OPTION_NATIVESECURITY
-
0x01
-
The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.
-
-
-
CSPNODE_OPTION_INTERNALTRANSACTION
-
0x02
-
The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.
-
-
-
CSPNODE_OPTION_HANDLEALLPROPERTIES
-
0x04
-
Unused.
-
-
-
CSPNODE_OPTION_SECRETDATA
-
0x08
-
Unused.
-
-
-
-
-
-
-
-## Return Value
-
-This method returns an ICSPNode. If the function returns null, call GetLastError to get the error value.
-
-A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_NODENOTFOUND indicates that the node does not exist. Note that this may be normal, as in the case of optional nodes.
-
-## Requirements
-
-**Header:** None
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnode.md b/windows/client-management/mdm/icspnode.md
deleted file mode 100644
index c0a1f975f8..0000000000
--- a/windows/client-management/mdm/icspnode.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: ICSPNode
-description: ICSPNode
-ms.assetid: 023466e6-a8ab-48ad-8548-291409686ac2
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode
-
-This interface does most of the work in a configuration service provider. Each individual node in a configuration service provider tree is represented by a separate implementation of this interface. The actions of a ConfigManager2 client are typically translated into calls to an instance of an ICSPNode.
-
-These methods must be implemented so that, if they fail, the node's state at the end of the method matches the state before the method was called.
-
-Some nodes will not be able to perform certain actions, and can return CFGMGR\_E\_COMMANDNOTALLOWED for those methods. For each method that is implemented for externally–transactioned nodes, the contrary method must also be implemented, as defined by "Determine node operations" in [Designing a custom configuration service provider](design-a-custom-windows-csp.md).
-
-The following table shows the methods defined by this interface that OEMs must implement.
-
-
Sets the value for the configuration service provider node. It is an error to attempt to set the value of an interior node.
-
-
-
-
-
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodeadd.md b/windows/client-management/mdm/icspnodeadd.md
deleted file mode 100644
index a373d48773..0000000000
--- a/windows/client-management/mdm/icspnodeadd.md
+++ /dev/null
@@ -1,118 +0,0 @@
----
-title: ICSPNode Add
-description: ICSPNode Add
-ms.assetid: 5f03d350-c82b-4747-975f-385fd8b5b3a8
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::Add
-
-This method adds an immediate child node to a configuration service provider node and returns a pointer to the new node.
-
-## Syntax
-
-``` syntax
-HRESULT Add([in] IConfigManager2URI* pChildName,
- [in] CFG_DATATYPE DataType,
- [in] VARIANT varValue,
- [in, out] ICSPNode** ppNewNode,
- [in, out] DWORD* pgrfNodeOptions);
-```
-
-## Parameters
-
-*pChildName*
- Name of child node to add.
-
-*DataType*
- Data type of the child node to add. Supported types include:
-- CFG\_DATATYPE\_NODE
-
-- CFG\_DATATYPE\_NULL
-
-- CFG\_DATATYPE\_BINARY
-
-- CFG\_DATATYPE\_INTEGER
-
-- CFG\_DATATYPE\_STRING
-
-- CFG\_DATATYPE\_MULTIPLE\_STRING
-
-*varValue*
- Value of the child node to add.
-
-*ppNewNode*
- New child node to return.
-
-*pgrfNodeOptions*
- Features supported on the new child node.
-
-
-
-
-
-
-
-
-
Feature name
-
Bit value (in hex)
-
Notes
-
-
-
-
-
CSPNODE_OPTION_NATIVESECURITY
-
0x01
-
The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.
-
-
-
CSPNODE_OPTION_INTERNALTRANSACTION
-
0x02
-
The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.
-
-
-
CSPNODE_OPTION_HANDLEALLPROPERTIES
-
0x04
-
Unused.
-
-
-
CSPNODE_OPTION_SECRETDATA
-
0x08
-
Unused.
-
-
-
-
-
-## Return Value
-
-This method returns an ICSPNode and the feature options supported on that child node. If the method returns null, call GetLastError to get the error value.
-
-A value of S\_OK indicates that a node was successfully found. CMN\_E\_ALREADY\_EXISTS indicates that a child node with the same name already exists. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Add** method.
-
-## Remarks
-
-For externally–transactioned nodes, if this method is implemented, then [ICSPNode::Clear](icspnodeclear.md) and [ICSPNode::DeleteChild](icspnodedeletechild.md) must also be implemented or rollback will fail.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodeclear.md b/windows/client-management/mdm/icspnodeclear.md
deleted file mode 100644
index aad47f0a81..0000000000
--- a/windows/client-management/mdm/icspnodeclear.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: ICSPNode Clear
-description: ICSPNode Clear
-ms.assetid: b414498b-110a-472d-95c0-2d5b38cd78a6
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-
-# ICSPNode::Clear
-
-This method deletes the contents and child nodes of the current configuration service provider node. This method is always called on the child node before [ICSPNode::DeleteChild](icspnodedeletechild.md) is called on the parent node.
-
-
-## Syntax
-
-``` syntax
-HRESULT Clear();
-```
-
-
-## Return Value
-
-A value of S\_OK indicates that the node was successfully cleared. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Clear** method.
-
-
-## Remarks
-
-For externally–transactioned nodes, if this method is implemented, then [ICSPNode::SetValue](icspnodesetvalue.md) and [ICSPNode::SetProperty](icspnodesetproperty.md) must also be implemented or rollback will fail.
-
-Before calling **Clear** on the target node, ConfigManager2 attempts to gather the current state of the node; the parent node does not have to preserve the state of its child nodes if they are externally-transactioned.
-
-## Requirements
-
-**Header:** None
-
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodecopy.md b/windows/client-management/mdm/icspnodecopy.md
deleted file mode 100644
index 0d9ef070a4..0000000000
--- a/windows/client-management/mdm/icspnodecopy.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: ICSPNode Copy
-description: ICSPNode Copy
-ms.assetid: cd5ce0bc-a08b-4f82-802d-c7ff8701b41f
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::Copy
-
-This method makes a copy of the current node at the specified path within the configuration service provider. If the target node exists, it should be overwritten.
-
-## Syntax
-
-``` syntax
-HRESULT Copy([in] IConfigManager2URI* puriDestination,
- [in, out] ICSPNode** ppNewNode,
- [in, out] DWORD* pgrfNodeOptions);
-```
-
-## Parameters
-
-*puriDestination*
- Path and name of new node's location, relative to the configuration service provider's root node.
-
-*ppNewNode*
- New node created by the copy operation.
-
-*pgrfNodeOptions*
- Features supported on the new node.
-
-
-
-
-
-
-
-
-
-
Feature name
-
Bit value (in hex)
-
Notes
-
-
-
-
-
CSPNODE_OPTION_NATIVESECURITY
-
0x01
-
The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.
-
-
-
CSPNODE_OPTION_INTERNALTRANSACTION
-
0x02
-
The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.
-
-
-
CSPNODE_OPTION_HANDLEALLPROPERTIES
-
0x04
-
Unused.
-
-
-
CSPNODE_OPTION_SECRETDATA
-
0x08
-
Unused.
-
-
-
-
-
-## Return Value
-
-A value of S\_OK indicates that the node was successfully copied to the new location. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Copy** method.
-
-## Remarks
-
-For externally–transactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md), [ICSPNode::SetValue](icspnodesetvalue.md), [ICSPNode::Clear](icspnodeclear.md), and [ICSPNode::DeleteChild](icspnodedeletechild.md) must also be implemented or rollback will fail.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodedeletechild.md b/windows/client-management/mdm/icspnodedeletechild.md
deleted file mode 100644
index e3c4861398..0000000000
--- a/windows/client-management/mdm/icspnodedeletechild.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: ICSPNode DeleteChild
-description: ICSPNode DeleteChild
-ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::DeleteChild
-
-Deletes the specified child node from the configuration service provider node. [ICSPNode::Clear](icspnodeclear.md) must always be called first on the child node that is to be deleted.
-
-## Syntax
-
-``` syntax
-HRESULT DeleteChild([in] IConfigManager2URI* puriChildToDelete);
-```
-
-## Parameters
-
-*puriChildToDelete*
- The name of the child node to delete.
-
-## Return Values
-
-| Return Value | Description |
-|------------------------------|--------------------------------------------------|
-| CFGMGR\_E\_NODENOTFOUND | The child node does not exist |
-| CFGMGR\_E\_COMMANDNOTALLOWED | The child node to be deleted is a read-only node |
-| S\_OK | Success. |
-
-
-A value of S\_OK indicates that a node was successfully deleted. CFGMGR\_E\_NODENOTFOUND indicates that the child node does not exist. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::DeleteChild** method, or that the child node to be deleted is a read-only node.
-
-## Remarks
-
-For externally–transactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md) must also be implemented or rollback will fail.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodedeleteproperty.md b/windows/client-management/mdm/icspnodedeleteproperty.md
deleted file mode 100644
index 3bb5c390b4..0000000000
--- a/windows/client-management/mdm/icspnodedeleteproperty.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: ICSPNode DeleteProperty
-description: ICSPNode DeleteProperty
-ms.assetid: 7e21851f-d663-4558-b3e8-590d24b4f6c4
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::DeleteProperty
-
-This method deletes a property from a configuration service provider node.
-
-## Syntax
-
-``` syntax
-HRESULT DeleteProperty([in] REFGUID guidProperty);
-```
-
-## Parameters
-
-*guidProperty*
- The GUID of the property to delete.
-
-## Return Value
-
-A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_PROPERTYNOTSUPPORTED indicates that this node does not manage or implement the property itself, but delegates it to ConfigManager2. E\_NOTIMPL indicates this method is not supported by this node.
-
-## Remarks
-
-For externally–transactioned nodes, if this method is implemented, then [ICSPNode::SetProperty](icspnodesetproperty.md) must also be implemented or rollback will fail.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodeexecute.md b/windows/client-management/mdm/icspnodeexecute.md
deleted file mode 100644
index 95583c91f8..0000000000
--- a/windows/client-management/mdm/icspnodeexecute.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: ICSPNode Execute
-description: ICSPNode Execute
-ms.assetid: 5916e7b7-256d-49fd-82b6-db0547a215ec
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::Execute
-
-This method runs a task on an internally-transactioned configuration service provider node by passing in the specified user data and returning a result. The exact meaning of **Execute** and whether it is even supported depends on the purpose of the node. For example, **Execute** called on a node that represents a file should probably **ShellExecute** the file, whereas calling **Execute** on a registry node generally does not make sense.
-
-## Syntax
-
-``` syntax
-HRESULT Execute([in] VARIANT varUserData);
-```
-
-## Parameters
-
-*varUserData*
- Data to pass into the execution.
-
-## Return Value
-
-A value of S\_OK indicates that the operation was performed successfully on the node. E\_NOTIMPL should be returned if this method is not implemented.
-
-## Remarks
-
-Externally–transactioned nodes do not support this method.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodegetchildnodenames.md b/windows/client-management/mdm/icspnodegetchildnodenames.md
deleted file mode 100644
index dd7dc2fe59..0000000000
--- a/windows/client-management/mdm/icspnodegetchildnodenames.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: ICSPNode GetChildNodeNames
-description: ICSPNode GetChildNodeNames
-ms.assetid: dc057f2b-282b-49ac-91c4-bb83bd3ca4dc
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::GetChildNodeNames
-
-This method returns the list of child nodes for a configuration service provider node.
-
-## Syntax
-
-``` syntax
-HRESULT GetChildNodeNames([out] ULONG* pulCount,
- [out,size_is(,*pulCount)] BSTR** pbstrNodeNames);
-```
-
-## Parameters
-
-*pulCount*
-
The number of child nodes to return.
-
-*pbstrNodeNames*
-
The array of child node names. The returned array must be allocated with CoTaskMemAlloc. Each element of the array must be a valid, non-NULL BSTR, allocated by SysAllocString or SysAllocStringLen. The names returned must not be encoded in any way, including URI-encoding, for canonicalization reasons.
-
-## Return Value
-
-A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this was called on a leaf node (no children will be returned).
-
-## Remarks
-
-For externally–transactioned nodes, no additional methods are required for successful rollback.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodegetproperty.md b/windows/client-management/mdm/icspnodegetproperty.md
deleted file mode 100644
index 4b325efd51..0000000000
--- a/windows/client-management/mdm/icspnodegetproperty.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: ICSPNode GetProperty
-description: ICSPNode GetProperty
-ms.assetid: a2bdc158-72e0-4cdb-97ce-f5cf1a44b7db
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::GetProperty
-
-This method returns a property value from a configuration service provider node.
-
-## Syntax
-
-``` syntax
-HRESULT GetProperty([in] REFGUID guidProperty,
- [in,out] VARIANT* pvarValue);
-```
-
-## Parameters
-
-*guidProperty*
-
GUID that specifies the property to return.
-
-*pvarValue*
-
Value to return.
-
-## Return Value
-
-A value of S\_OK indicates that the value was successfully returned. CFGMGR\_E\_COMMANDNOTSUPPORTED indicates that the node does not implement the property itself, but delegates the management of the property to ConfigManager2.
-
-## Remarks
-
-Every node must handle the CFGMGR\_PROPERTY\_DATATYPE property.
-
-For externally–transactioned nodes, no additional methods are required for successful rollback.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodegetpropertyidentifiers.md b/windows/client-management/mdm/icspnodegetpropertyidentifiers.md
deleted file mode 100644
index 4660b81365..0000000000
--- a/windows/client-management/mdm/icspnodegetpropertyidentifiers.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: ICSPNode GetPropertyIdentifiers
-description: ICSPNode GetPropertyIdentifiers
-ms.assetid: 8a052cd3-d74c-40c4-845f-f804b920deb4
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::GetPropertyIdentifiers
-
-This method returns a list of non-standard properties supported by the node. The returned array must be allocated with `CoTaskMemAlloc`.
-
-## Syntax
-
-``` syntax
-HRESULT GetPropertyIdentifiers([out] ULONG* pulCount,
- [out,size_is(,*pulCount)] GUID** pguidProperties);
-```
-
-## Parameters
-
-*pulCount*
-
The number of non-standard properties to return.
-
-*pguidProperties*
-
The array of property GUIDs to return. This array must be allocated with CoTaskMemAlloc.
-
-## Return Value
-
-A value of S\_OK indicates that the properties were successfully returned. E\_NOTIMPL indicates that this method is not supported by the node.
-
-## Remarks
-
-For externally–transactioned nodes, no additional methods are required for successful rollback.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodegetvalue.md b/windows/client-management/mdm/icspnodegetvalue.md
deleted file mode 100644
index b01be8e614..0000000000
--- a/windows/client-management/mdm/icspnodegetvalue.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: ICSPNode GetValue
-description: ICSPNode GetValue
-ms.assetid: c684036d-98be-4659-8ce8-f72436a39b90
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::GetValue
-
-This method gets the value and data type for the node. Interior (non-leaf) nodes may not have a value.
-
-## Syntax
-
-``` syntax
-HRESULT GetValue([in,out] VARIANT* pvarValue);
-```
-
-## Parameters
-
-*pvarValue*
-
Data value to return. A node containing a password value returns 16 asterisks (‘*’) for this method. A leaf node whose value has not been set returns a variant whose type is VT_NULL.
-
-
-## Return Value
-
-A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::GetValue** methods, or that this is an interior node.
-
-## Remarks
-
-For externally–transactioned nodes, this node is not required to implement any other methods for a successful rollback.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodemove.md b/windows/client-management/mdm/icspnodemove.md
deleted file mode 100644
index 2740a4caf3..0000000000
--- a/windows/client-management/mdm/icspnodemove.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: ICSPNode Move
-description: ICSPNode Move
-ms.assetid: efb359c3-5c86-4975-bf6f-a1c33922442a
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::Move
-
-This method moves the node to a new location within the configuration service provider. If the target node already exists, it should be overwritten.
-
-## Syntax
-
-``` syntax
-HRESULT Move([in] IConfigManager2URI* puriDestination);
-```
-
-## Parameters
-
-*puriDestination*
-
Path and name of the node's new location, relative to the configuration service provider's root node.
-
-## Return Value
-
-A value of S\_OK indicates that the node was successfully moved. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::Move** method.
-
-## Remarks
-
-For externally–transactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md) and [ICSPNode::SetValue](icspnodesetvalue.md) must also be implemented or rollback will fail.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodesetproperty.md b/windows/client-management/mdm/icspnodesetproperty.md
deleted file mode 100644
index d27d12ce60..0000000000
--- a/windows/client-management/mdm/icspnodesetproperty.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: ICSPNode SetProperty
-description: ICSPNode SetProperty
-ms.assetid: e235c38f-ea04-4cd8-adec-3c6c0ce7172d
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::SetProperty
-
-This method sets a property value for a configuration service provider node.
-
-## Syntax
-
-``` syntax
-HRESULT SetProperty([in] REFGUID guidProperty,
- [in] VARIANT varValue);
-```
-
-## Parameters
-
-*guidProperty*
-
The GUID of the property.
-
-*varValue*
-
The value to return.
-
-## Return Value
-
-A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTSUPPORTED indicates that this node delegates the management of the property to ConfigManager2.
-
-## Remarks
-
-Every node must properly handle the CFGMGR\_PROPERTY\_DATATYPE property.
-
-For externally–transactioned nodes, no additional methods are required for successful rollback.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodesetvalue.md b/windows/client-management/mdm/icspnodesetvalue.md
deleted file mode 100644
index 1aa5cbdd52..0000000000
--- a/windows/client-management/mdm/icspnodesetvalue.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: ICSPNode SetValue
-description: ICSPNode SetValue
-ms.assetid: b218636d-fe8b-4a0f-b4e8-a621f65619d3
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNode::SetValue
-
-This method sets the value for the configuration service provider node. It is an error to attempt to set the value of an interior node.
-
-## Syntax
-
-``` syntax
-HRESULT SetValue([in] VARIANT varValue);
-```
-
-## Parameters
-
-*varValue*
-
Value to set. To clear a leaf node’s value, set varValue’s type to VT_NULL.
-
-## Return Value
-
-A value of S\_OK indicates that the value was set successfully. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::SetValue** method, or that it's an internal node.
-
-## Remarks
-
-For externally–transactioned nodes, no additional methods must be implemented to support rollback.
-
-## Requirements
-
-**Header:** None
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspnodetransactioning.md b/windows/client-management/mdm/icspnodetransactioning.md
deleted file mode 100644
index 9e3b4e5d78..0000000000
--- a/windows/client-management/mdm/icspnodetransactioning.md
+++ /dev/null
@@ -1,83 +0,0 @@
----
-title: ICSPNodeTransactioning
-description: ICSPNodeTransactioning
-ms.assetid: 24dc518a-4a8d-41fe-9bc6-217bbbdf6a3f
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPNodeTransactioning
-
-This is an optional interface that enables a configuration service provider to define its own transactioning scheme (internal transactioning) for an individual node. Transactioning supports the ability to roll back previous actions on a node. The majority of nodes use external transactioning, which is handled automatically, and do not need to implement this interface. For more information about internal and external transactioning, including how to handle the `RollbackAction` functions, see "Determine node operations" in [Designing a custom configuration service provider](design-a-custom-windows-csp.md).
-
-``` syntax
-interface ICSPNodeTransactioning : IUnknown
-{
- HRESULT PersistRollbackAddState([in] IConfigManager2URI* puriChild,
- [in] CFG_DATATYPE DataType,
- [in] VARIANT varValue,
- [in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT PersistRollbackCopyState([in] IConfigManager2URI* puriDestination,
- [in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT PersistRollbackDeleteChildState([in] IConfigManager2URI* puriChild,
- [in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT PersistRollbackClearState([in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT PersistRollbackExecuteState([in] VARIANT varUserData,
- [in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT PersistRollbackMoveState([in] IConfigManager2URI* puriDestination,
- [in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT PersistRollbackSetValueState([in] VARIANT varValue,
- [in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT PersistRollbackSetPropertyState([in] REFGUID guidProperty,
- [in] VARIANT varValue,
- [in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT PersistRollbackDeletePropertyState([in] REFGUID guidProperty,
- [in] ISequentialStream* pRollbackStream,
- [in] ISequentialStream* pUninstallStream);
- HRESULT RollbackAdd([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
- HRESULT RollbackCopy([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
- HRESULT RollbackDeleteChild([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
- HRESULT RollbackClear([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
- HRESULT RollbackExecute([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
- HRESULT RollbackMove([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
- HRESULT RollbackSetValue([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
- HRESULT RollbackSetProperty([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
- HRESULT RollbackDeleteProperty([in] ISequentialStream* pUndoStream,
- [in] BOOL fRecoveryRollback);
-
- HRESULT Commit();
-};
-```
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/icspvalidate.md b/windows/client-management/mdm/icspvalidate.md
deleted file mode 100644
index 9041f535c7..0000000000
--- a/windows/client-management/mdm/icspvalidate.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: ICSPValidate
-description: ICSPValidate
-ms.assetid: b0993f2d-6269-412f-a329-af25fff34ca2
-ms.reviewer:
-manager: dansimp
-ms.author: v-madhi
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# ICSPValidate
-
-This interface is optional. It is called by ConfigManager2 as it batches commands before transactioning begins. This allows the configuration service provider to validate the node before performing specific actions. It is generally only used for configuration service providers that need to expose UI.
-
-``` syntax
-interface ICSPValidate : IUnknown
-{
- HRESULT ValidateAdd([in] IConfigNodeState* pNodeState,
- [in] IConfigManager2URI* puriChild,
- [in] CFG_DATATYPE DataType,
- [in] VARIANT varValue);
- HRESULT ValidateCopy([in] IConfigNodeState* pNodeState,
- [in] IConfigManager2URI* puriDestination);
- HRESULT ValidateDeleteChild([in] IConfigNodeState* pNodeState,
- [in] IConfigManager2URI* puriChild);
- HRESULT ValidateClear([in] IConfigNodeState* pNodeState);
- HRESULT ValidateExecute([in] IConfigNodeState* pNodeState,
- [in] VARIANT varUserData);
- HRESULT ValidateMove([in] IConfigNodeState* pNodeState,
- [in] IConfigManager2URI* puriDestination);
- HRESULT ValidateSetValue([in] IConfigNodeState* pNodeState,
- [in] VARIANT varValue);
- HRESULT ValidateSetProperty([in] IConfigNodeState* pNodeState,
- [in] REFGUID guidProperty,
- [in] VARIANT varValue);
- HRESULT ValidateDeleteProperty([in] IConfigNodeState* pNodeState,
- [in] REFGUID guidProperty);
-```
-
-## Related topics
-
-[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png b/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png
new file mode 100644
index 0000000000..012b0b392b
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png differ
diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
index da6438913d..a3dc006fc8 100644
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@@ -1,7 +1,7 @@
---
title: Implement server-side support for mobile application management on Windows
description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP).
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -59,7 +59,7 @@ Below are protocol changes for MAM enrollment:
Here is an example provisioning XML for MAM enrollment.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
index 02f521dce2..682ae5b63d 100644
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@@ -29,7 +29,7 @@ Third-party MDM servers can manage Windows 10 by using the MDM protocol. The bu
With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros’ operational needs, addressing security concerns for modern cloud-managed devices.
->[!NOTE]
+> [!NOTE]
>Intune support for the MDM security baseline is coming soon.
The MDM security baseline includes policies that cover the following areas:
@@ -42,11 +42,11 @@ The MDM security baseline includes policies that cover the following areas:
- And much more
For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see:
-- [MDM Security baseline for Windows 10, version 1903](http://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
+- [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
-- [MDM Security baseline for Windows 10, version 1809](http://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
+- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
-For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/en-us/intune/security-baseline-settings-windows)
+For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
index c9c8076463..98f5020545 100644
--- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
+++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
@@ -7,7 +7,7 @@ MS-HAID:
ms.assetid: 0E39AE85-1703-4B24-9A7F-831C6455068F
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/maps-csp.md b/windows/client-management/mdm/maps-csp.md
index d2e6000b6f..dd51d6cb8b 100644
--- a/windows/client-management/mdm/maps-csp.md
+++ b/windows/client-management/mdm/maps-csp.md
@@ -4,7 +4,7 @@ description: The Maps configuration service provider (CSP) is used to configure
ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -126,7 +126,7 @@ Here is a list of GUIDs of the most downloaded reqions.
Here is an example queuing a map package of New York for download.
-``` syntax
+```xml
@@ -144,7 +144,7 @@ Here is an example queuing a map package of New York for download.
Here is an example that gets the status of the New York map package on the device.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/maps-ddf-file.md b/windows/client-management/mdm/maps-ddf-file.md
index 9eeaa9f169..517d02109c 100644
--- a/windows/client-management/mdm/maps-ddf-file.md
+++ b/windows/client-management/mdm/maps-ddf-file.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid: EF22DBB6-0578-4FD0-B8A6-19DC03288FAF
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
[Note] Starting in Windows 10, version 1709, the **Manage** button is no longer available.
+> [NOTE]
+> Starting in Windows 10, version 1709, the **Manage** button is no longer available.
### Disconnect
diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md
index d7beeeadcc..e7fcc04cf0 100644
--- a/windows/client-management/mdm/messaging-csp.md
+++ b/windows/client-management/mdm/messaging-csp.md
@@ -1,7 +1,7 @@
---
title: Messaging CSP
description: Messaging CSP
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -55,7 +55,7 @@ The following diagram shows the Messaging configuration service provider in tree
**SyncML example**
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/messaging-ddf.md b/windows/client-management/mdm/messaging-ddf.md
index dd130d307d..3dd896d26b 100644
--- a/windows/client-management/mdm/messaging-ddf.md
+++ b/windows/client-management/mdm/messaging-ddf.md
@@ -1,7 +1,7 @@
---
title: Messaging DDF file
description: Messaging DDF file
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -19,7 +19,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rstrc/wstep
@@ -200,7 +200,7 @@ The enrollment server can decline enrollment messages using the SOAP Fault forma
In Windows 10, version 1507, we added the deviceenrollmentserviceerror element. Here is an example:
-``` syntax
+```xml
http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rstrc/wstep
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index ec04186730..7d719b40aa 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -1,7 +1,7 @@
---
title: MultiSIM CSP
description: MultiSIM CSP allows the enterprise to manage devices with dual SIM single active configuration.
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -74,7 +74,7 @@ Supported operation is Get and Replace. Value type is bool.
## Examples
Get modem
-``` syntax
+```xml
@@ -93,7 +93,7 @@ Get modem
```
Get slots
-``` syntax
+```xml
@@ -112,7 +112,7 @@ Get slots
```
Get slot state
-``` syntax
+```xml
@@ -131,7 +131,7 @@ Get slot state
```
Select slot
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md
index 52afa1defc..24cf91748a 100644
--- a/windows/client-management/mdm/multisim-ddf.md
+++ b/windows/client-management/mdm/multisim-ddf.md
@@ -1,7 +1,7 @@
---
title: MultiSIM DDF file
description: XML file containing the device description framework
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -18,7 +18,7 @@ This topic shows the OMA DM device description framework (DDF) for the **MultiSI
The XML below is for Windows 10, version 1803.
-``` syntax
+```xml
[!Note]
+> [!NOTE]
> In Windows 10 Mobile, the NetworkProxy CSP only works in ethernet connections. Use the WiFi CSP to configure per-network proxy for Wi-Fi connections in mobile devices.
How the settings work:
@@ -40,7 +40,7 @@ Added in Windows 10, version 1803. When set to 0, it enables proxy configuration
Supported operations are Add, Get, Replace, and Delete.
-> [!Note]
+> [!NOTE]
> Per user proxy configuration setting is not supported.
**AutoDetect**
@@ -52,12 +52,12 @@ Valid values:
1 (default) - Enabled
-The data type is int. Supported operations are Get and Replace. Starting in Window 10, version 1803, the Delete operation is also supported.
+The data type is int. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
**SetupScriptUrl**
Address to the PAC script you want to use.
-The data type is string. Supported operations are Get and Replace. Starting in Window 10, version 1803, the Delete operation is also supported.
+The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
**ProxyServer**
Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.
@@ -67,12 +67,12 @@ Supported operation is Get.
**ProxyAddress**
Address to the proxy server. Specify an address in the format <server>[“:”<port>].
-The data type is string. Supported operations are Get and Replace. Starting in Window 10, version 1803, the Delete operation is also supported.
+The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
**Exceptions**
Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries.
-The data type is string. Supported operations are Get and Replace. Starting in Window 10, version 1803, the Delete operation is also supported.
+The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
**UseProxyForLocalAddresses**
Specifies whether the proxy server should be used for local (intranet) addresses.
@@ -82,4 +82,4 @@ Valid values:
1 - Do not use proxy server for local addresses
-The data type is int. Supported operations are Get and Replace. Starting in Window 10, version 1803, the Delete operation is also supported.
+The data type is int. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md
index 505da111aa..226b6ca0ba 100644
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@@ -1,7 +1,7 @@
---
title: NetworkProxy DDF file
description: AppNetworkProxyLocker DDF file
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -19,7 +19,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
[!NOTE]
> The NetworkQoSPolicy configuration service provider is supported only in Microsoft Surface Hub.
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 42b8ea6792..7ee6042e75 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid:
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -20,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
@@ -1583,7 +1602,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
In Windows 10, a Get command inside an atomic command is not supported. This was allowed in Windows Phone 8 and Windows Phone 8.1.
-### Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10
+### Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10
During an upgrade from Windows 8.1 to Windows 10, the notification channel URI information is not preserved. In addition, the MDM client loses the PFN, AppID, and client secret.
@@ -1645,11 +1664,11 @@ The software version information from **DevDetail/SwV** does not match the versi
Applies only to phone prior to build 10586.218: When ApplicationManagement/ApplicationRestrictions policy is deployed to Windows 10 Mobile, installation and update of apps dependent on Microsoft Frameworks may get blocked with error 0x80073CF9. To work around this issue, you must include the Microsoft Framework Id to your list of allowed apps.
-``` syntax
+```xml
```
-### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile
+### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile
In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria such that it matches only one certificate.
@@ -1690,11 +1709,11 @@ The following list describes the prerequisites for a certificate to be used with
The following XML sample explains the properties for the EAP TLS XML including certificate filtering.
->[!NOTE]
+> [!NOTE]
>For PEAP or TTLS Profiles the EAP TLS XML is embedded within some PEAP or TTLS specific elements.
-``` syntax
+```xml
13
@@ -1793,7 +1812,7 @@ The following XML sample explains the properties for the EAP TLS XML including c
```
->[!NOTE]
+> [!NOTE]
>The EAP TLS XSD is located at **%systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd**
@@ -1818,7 +1837,7 @@ Alternatively you can use the following procedure to create an EAP Configuration
7. Close the rasphone dialog box.
8. Continue following the procedure in the [EAP configuration](eap-configuration.md) topic from Step 9 to get an EAP TLS profile with appropriate filtering.
->[!NOTE]
+> [!NOTE]
>You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](https://technet.microsoft.com/library/hh945104.aspx) topic.
@@ -1830,7 +1849,7 @@ In Windows 10 Mobile, remote PIN reset in Azure AD joined devices are not suppo
Starting in Windows 10, after the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
-### User provisioning failure in Azure Active Directory joined Windows 10 PC
+### User provisioning failure in Azure Active Directory joined Windows 10 PC
In Azure AD joined Windows 10 PC, provisioning /.User resources fails when the user is not logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, make sure to log off and log on with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
@@ -1845,7 +1864,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
## Frequently Asked Questions
-### **Can there be more than 1 MDM server to enroll and manage devices in Windows 10?**
+### **Can there be more than 1 MDM server to enroll and manage devices in Windows 10?**
No. Only one MDM is allowed.
### **How do I set the maximum number of Azure Active Directory joined devices per user?**
@@ -1868,6 +1887,24 @@ How do I turn if off? | The service can be stopped from the "Services" console o
## Change history in MDM documentation
+### July 2019
+
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following list: Policies supported by HoloLens 2|
+|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
+|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies: LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
+|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported: Create a custom configuration service provider Design a custom configuration service provider IConfigServiceProvider2 IConfigServiceProvider2::ConfigManagerNotification IConfigServiceProvider2::GetNode ICSPNode ICSPNode::Add ICSPNode::Clear ICSPNode::Copy ICSPNode::DeleteChild ICSPNode::DeleteProperty ICSPNode::Execute ICSPNode::GetChildNodeNames ICSPNode::GetProperty ICSPNode::GetPropertyIdentifiers ICSPNode::GetValue ICSPNode::Move ICSPNode::SetProperty ICSPNode::SetValue ICSPNodeTransactioning ICSPValidate Samples for writing a custom configuration service provider|
+
+
+### June 2019
+
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP - DeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md)|Added the following new policies: AllowDeviceHealthMonitoring, ConfigDeviceHealthMonitoringScope, ConfigDeviceHealthMonitoringUploadDestination.|
+|[Policy CSP - TimeLanguageSettings](policy-csp-timelanguagesettings.md)|Added the following new policy: ConfigureTimeZone.|
+
+
### May 2019
|New or updated topic | Description|
@@ -1883,7 +1920,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|[Policy CSP - System](policy-csp-system.md)|Added the following new policies: AllowCommercialDataPipeline, TurnOffFileHistory.|
|[Policy CSP - Troubleshooting](policy-csp-troubleshooting.md)|Added the following new policy: AllowRecommendations.|
|[Policy CSP - Update](policy-csp-update.md)|Added the following new policies: AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.|
-|[Policy CSP - WindowsLogon](policy-csp-windowslogon.md)|Added the following new policies: AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.|
+|[Policy CSP - WindowsLogon](policy-csp-windowslogon.md)|Added the following new policies: AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.
Removed the following policy: SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart. This policy is replaced by AllowAutomaticRestartSignOn.|
### April 2019
diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md
index 2e9c9128db..9072c3eb82 100644
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@@ -4,7 +4,7 @@ description: NodeCache CSP
ms.assetid: b4dd2b0d-79ef-42ac-ab5b-ee07b3097876
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -19,7 +19,7 @@ The NodeCache configuration service provider is used to manage the client cache.
NodeCache supports the comparison of hash values instead of actual node values:
-``` syntax
+```xml
application/x-nodemon-sha256
@@ -76,7 +76,7 @@ Supported operations are Get, Add, and Delete.
Here's an example for setting the ExpectedValue to nonexistent.
-``` syntax
+```xml
10
@@ -146,7 +146,7 @@ Supported operations are Add, Get, and Delete.
Creating settings for node caching:
-``` syntax
+```xml
2
@@ -222,7 +222,7 @@ Creating settings for node caching:
Getting nodes under Provider ID MDMSRV1, cache version, changed nodes, node, expected value:
-``` syntax
+```xml
18
@@ -267,7 +267,7 @@ Getting nodes under Provider ID MDMSRV1, cache version, changed nodes, node, exp
Replacing the cache version, node URI, and expected value:
-``` syntax
+```xml
2
@@ -299,7 +299,7 @@ Replacing the cache version, node URI, and expected value:
For AutoSetExpectedValue, a Replace operation with empty data will query the ./DevDetail/Ext/Microsoft/DeviceName.
-```syntax
+```xml
2001
@@ -335,12 +335,12 @@ A Get operation on ./Vendor/MSFT/NodeCache/MDM%20SyncML%20Server/Nodes/20/Expect
A Get operation on the ChangedNodesData returns an encoded XML. Here is example:
-```syntax
+```xml
U09NRU5FV1ZBTFVF
```
It represents this:
-```syntax
+```xml
U09NRU5FV1ZBTFVF
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index ffc211aaf6..7d58ebbea3 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -4,7 +4,7 @@ description: NodeCache DDF file
ms.assetid: d7605098-12aa-4423-89ae-59624fa31236
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
@@ -89,7 +89,7 @@ Sample SyncML to install Office 365 Business Retail from current channel.
To uninstall the Office 365 from the system:
-```syntax
+```xml
@@ -111,7 +111,7 @@ To uninstall the Office 365 from the system:
To get the current status of Office 365 on the device.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index 56bc6f77e2..7f8b60345e 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid:
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -23,7 +23,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
[!NOTE]
+> [!NOTE]
>The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com.
The device’s automatic discovery flow uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc
@@ -86,7 +86,7 @@ https://EnterpriseEnrollment.Contoso.com/EnrollmentServer/Discovery.svc
The following example shows the discovery service request.
-``` syntax
+```xml
@@ -129,12 +129,12 @@ The discovery response is in the XML format and includes the following fields:
- Authentication policy (AuthPolicy) – Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory.
- Federated is added as another supported value. This allows the server to leverage the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
->[!NOTE]
+> [!NOTE]
>The HTTP server response must not be chunked; it must be sent as one message.
The following example shows a response received from the discovery web service for OnPremise authentication:
-``` syntax
+```xml
@@ -171,7 +171,7 @@ For the OnPremise authentication policy, the UsernameToken in GetPolicies contai
The following example shows the policy web service request.
-``` syntax
+```xml
[!NOTE]
+> [!NOTE]
>The HTTP server response must not be chunked; it must be sent as one message.
The following snippet shows the policy web service response.
-``` syntax
+```xml
//schema
The RST may also specify a number of AdditionalContext items, such as DeviceType and Version. Based on these values, for example, the web service can return device-specific and version-specific DM configuration.
->[!NOTE]
+> [!NOTE]
>The policy service and the enrollment service must be on the same server; that is, they must have the same host name.
The following example shows the enrollment web service request for OnPremise authentication.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index f7f0c17f2d..63bdce6713 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -4,7 +4,7 @@ description: The PassportForWork configuration service provider is used to provi
ms.assetid: 3BAE4827-5497-41EE-B47F-5C071ADB2C51
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -273,7 +273,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index 78de64402b..f9dcc69e22 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index 271a29ec21..e3914d786d 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -1,7 +1,7 @@
---
title: Personalization CSP
description: Personalization CSP
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -71,7 +71,7 @@ The following diagram shows the Personalization configuration service provider i
## Example SyncML
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index 42b94d8104..2492302fed 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,7 +1,7 @@
---
title: Personalization DDF file
description: Personalization DDF file
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -19,7 +19,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
Accounts/AllowMicrosoftAccountSignInAssistant
-
+
### ActiveXControls policies
@@ -1006,6 +1004,20 @@ The following diagram shows the Policy configuration service provider in tree fo
+### DeviceHealthMonitoring policies
+
+
-
+
@@ -198,65 +195,26 @@ The following list shows the supported values:
-
-**Accounts/DomainNamesForEmailSync**
-
-
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Specifies a list of the domains that are allowed to sync email on the device.
-
-The data type is a string.
-
-The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov".
-
-
-
-
-
-## Accounts policies supported by Windows Holographic
+
+## Accounts policies supported by HoloLens 2
- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
-
+
-## Accounts policies supported by Windows Holographic for Business
+## Accounts policies supported by HoloLens (1st gen) Commercial Suite
- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
+
+## Accounts policies supported by HoloLens (1st gen) Development Edition
+
+- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
+
+
Footnotes:
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 722bfbdd40..09639791f8 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - ActiveXControls
description: Policy CSP - ActiveXControls
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 929ca3cd9f..7bbea44531 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - ApplicationDefaults
description: Policy CSP - ApplicationDefaults
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -92,7 +92,7 @@ To create the SyncML, follow these steps:
Here is an example output from the dism default association export command:
-``` syntax
+```xml
@@ -111,7 +111,7 @@ PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25z
Here is the SyncMl example:
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 5c136c592b..5ce6a56526 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - ApplicationManagement
description: Policy CSP - ApplicationManagement
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -537,7 +537,7 @@ Added in Windows 10, version 1607. Boolean value that disables the launch of al
ADMX Info:
-- GP English name: *Disable all apps from Microsoft Store *
+- GP English name: *Disable all apps from Microsoft Store*
- GP name: *DisableStoreApps*
- GP path: *Windows Components/Store*
- GP ADMX file name: *WindowsStore.admx*
@@ -594,13 +594,13 @@ List of semi-colon delimited Package Family Names of Windows apps. Listed Window
For this policy to work, the Windows apps need to declare in their manifest that they will use the start up task. Example of the declaration here:
-``` syntax
+```xml
```
-> [!Note]
+> [!NOTE]
> This policy only works on modern apps.
@@ -972,7 +972,7 @@ Value type is string.
Sample SyncML:
-``` syntax
+```xml
@@ -999,7 +999,7 @@ Sample SyncML:
```
XSD:
-``` syntax
+```xml
@@ -1042,22 +1042,32 @@ XSD:
-
-## ApplicationManagement policies supported by Windows Holographic
+
+## ApplicationManagement policies supported by HoloLens 2
+
+- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
-- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
-
+
+
-## ApplicationManagement policies supported by Windows Holographic for Business
+## ApplicationManagement policies supported by HoloLens (ist gen) Commercial Suite
+- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
-- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
+
+## ApplicationManagement policies supported by HoloLens (1st gen) Development Edition
+
+- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
+- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
+- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
+
+
Footnotes:
@@ -1067,4 +1077,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
-- 6 - Added in the next major release of Windows 10.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 96fb236ede..6f998bebf9 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - AppRuntime
description: Policy CSP - AppRuntime
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index a1c25ca11b..7ecd3a228b 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - AppVirtualization
description: Policy CSP - AppVirtualization
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index 6253a5f07d..f5630e76f5 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - AttachmentManager
description: Policy CSP - AttachmentManager
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 183ee25611..6ce830a730 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Authentication
description: Policy CSP - Authentication
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -358,6 +358,9 @@ The following list shows the supported values:
This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts.
+> [!Important]
+> Pre-configured candidate local accounts are any local accounts (pre-configured or added) in your device.
+
Value type is integer. Supported values:
- 0 - (default) The feature defaults to the existing SKU and device capabilities.
@@ -498,18 +501,28 @@ Value type is string.
-
-## Authentication policies supported by Windows Holographic
+
+
+## Authentication policies supported by HoloLens 2
- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
-
+- [Authentication/PreferredAadTenantDomainName](#authentication-preferredaadtenantdomainname)
+
-## Authentication policies supported by Windows Holographic for Business
+## Authentication policies supported by HoloLens (1st gen) Commercial Suite
- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
- [Authentication/PreferredAadTenantDomainName](#authentication-preferredaadtenantdomainname)
+
+
+## Authentication policies supported by HoloLens (1st gen) Development Edition
+
+- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
+
+
+
Footnotes:
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 6991b2357f..0845e952f8 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Autoplay
description: Policy CSP - Autoplay
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index 544d40112c..85d8f6acdc 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Bitlocker
description: Policy CSP - Bitlocker
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -83,12 +83,17 @@ The following list shows the supported values:
+> [!NOTE]
+> To manage encryption of PCs and devices, use [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp)
+
Footnote:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index 22f4c98cec..32fe01163f 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - BITS
description: Policy CSP - BITS
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -456,7 +456,7 @@ ADMX Info:
This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk.
-> [!Note]
+> [!NOTE]
> Any property changes to the job or any successful download action will reset this timeout.
Value type is integer. Default is 90 days.
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 12986ccfe5..2475975ca6 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Bluetooth
description: Policy CSP - Bluetooth
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -335,7 +335,7 @@ If this policy is not set or it is deleted, the default local radio name is used
-Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
+Added in Windows 10, version 1511. Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
The default value is an empty string. For more information, see [ServicesAllowedList usage guide](#servicesallowedlist-usage-guide)
@@ -344,30 +344,31 @@ The default value is an empty string. For more information, see [ServicesAllowed
+
+## Bluetooth policies supported by HoloLens 2
+
+- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
+- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
+
+
+
+## Bluetooth policies supported by HoloLens (1st gen) Commercial Suite
+
+- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
+- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
+- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
+
+
-## Bluetooth policies supported by Windows Holographic
+## Bluetooth policies supported by HoloLens (1st gen) Development Edition
- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
-
-## Bluetooth policies supported by Windows Holographic for Business
-
-- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
-- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
-- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
-
-Footnotes:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
## ServicesAllowedList usage guide
@@ -481,3 +482,13 @@ Disabling file transfer shall have the following effects
- Fsquirt shall not allow receiving of files
- Fsquirt shall display error message informing user of policy preventing file transfer
- 3rd-party apps shall not be permitted to send or receive files using MSFT Bluetooth API
+
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 1ba7caf16f..6553368bef 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -13,10 +13,6 @@ manager: dansimp
# Policy CSP - Browser
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-
@@ -633,9 +629,9 @@ ADMX Info:
Supported values:
-- Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit.
-- 0 - Never send tracking information.
-- 1 - Send tracking information.
+- Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit.
+- 0 - Never send tracking information.
+- 1 - Send tracking information.
Most restricted value: 1
@@ -3807,7 +3803,7 @@ Most restricted value: 0
[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../../../browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
-> [!NOTE]
+> [!NOTE]
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@@ -3968,28 +3964,40 @@ Most restricted value: 0
-
-## Browser policies supported by Windows Holographic
-
-- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
-- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
-- [Browser/AllowPopups](#browser-allowpopups)
-- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
-- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
-- [Browser/AllowCookies](#browser-allowcookies)
-
-
-
-## Browser policies supported by Windows Holographic for Business
+
+## Browser policies supported by HoloLens 2
- [Browser/AllowAutofill](#browser-allowautofill)
+- [Browser/AllowCookies](#browser-allowcookies)
- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
- [Browser/AllowPopups](#browser-allowpopups)
- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
+
+
+
+## Browser policies supported by HoloLens (1st gen) Commercial Suite
+
+- [Browser/AllowAutofill](#browser-allowautofill)
- [Browser/AllowCookies](#browser-allowcookies)
-
+- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
+- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
+- [Browser/AllowPopups](#browser-allowpopups)
+- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
+- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
+
+
+
+## Browser policies supported by HoloLens (1st gen) Development Edition
+
+- [Browser/AllowCookies](#browser-allowcookies)
+- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
+- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
+- [Browser/AllowPopups](#browser-allowpopups)
+- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
+- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
+
@@ -4000,3 +4008,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 626376e2ba..0852d91632 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Camera
description: Policy CSP - Camera
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 09a587860d..ff738aa2e1 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Cellular
description: Policy CSP - Cellular
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 6a794dd7a4..d86d214339 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Connectivity
description: Policy CSP - Connectivity
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -966,20 +966,27 @@ ADMX Info:
-
-## Connectivity policies supported by Windows Holographic
+
+## Connectivity policies supported by HoloLens 2
- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
-
+
-## Connectivity policies supported by Windows Holographic for Business
+## Connectivity policies supported by HoloLens (1st gen) Commercial Suite
- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
+
+## Connectivity policies supported by HoloLens (1st gen) Development Edition
+
+- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
+- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
+
+
Footnotes:
@@ -989,6 +996,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
-
-
-
+- 6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 54c61771de..c9d03ef5de 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - ControlPolicyConflict
description: Policy CSP - ControlPolicyConflict
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -66,7 +66,7 @@ manager: dansimp
Added in Windows 10, version 1803. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.
-> [!Note]
+> [!NOTE]
> MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined on other configuration service providers.
This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 1eb6215b47..1e3b1dd91e 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - CredentialProviders
description: Policy CSP - CredentialProviders
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index 0d204f9001..80a987c29b 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - CredentialsDelegation
description: Policy CSP - CredentialsDelegation
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 1c535f7394..723426a323 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - CredentialsUI
description: Policy CSP - CredentialsUI
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index b7e7fa115c..4aaf66a50c 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -1,39 +1,61 @@
---
title: Policy CSP - Cryptography
description: Policy CSP - Cryptography
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 05/14/2018
+ms.date: 06/19/2019
ms.reviewer:
manager: dansimp
---
# Policy CSP - Cryptography
+
+
## Cryptography policies
+
@@ -49,32 +71,53 @@ manager: dansimp
Allows or disallows the Federal Information Processing Standard (FIPS) policy.
-
-GP Info:
+
+
+ADMX Info:
- GP English name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
-
+
The following list shows the supported values:
- 0 (default) – Not allowed.
- 1– Allowed.
-
+
+
+
+
+
+
-
-# Cryptography/TLSCipherSuites
+**Cryptography/TLSCipherSuites**
-|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise |
-| :---: | :---: | :---: | :---: | :---: | :---: | :---: |
-|![][x] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check]|
-
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
@@ -90,26 +133,36 @@ The following list shows the supported values:
Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-
-
-# Cryptography policies supported by Microsoft Surface Hub
+## Cryptography policies supported by Microsoft Surface Hub
-- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
-- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
-
+- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
+- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
+
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
-[check]: images/checkmark.png "Check"
-[x]: images/crossmark.png "X"
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index efbd0b0ba5..cfa533aef2 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - DataProtection
description: Policy CSP - DataProtection
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index acd292df91..1268e6243c 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - DataUsage
description: Policy CSP - DataUsage
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 536b67fd62..f796a9ae53 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Defender
description: Policy CSP - Defender
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -1244,7 +1244,7 @@ If this setting is on, Windows Defender Antivirus will be more aggressive when i
For more information about specific values that are supported, see the Windows Defender Antivirus documentation site.
-> [!Note]
+> [!NOTE]
> This feature requires the "Join Microsoft MAPS" setting enabled in order to function.
@@ -1315,7 +1315,7 @@ The typical cloud check timeout is 10 seconds. To enable the extended cloud chec
For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds.
-> [!Note]
+> [!NOTE]
> This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index dd2a915a30..66ac43c7f6 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - DeliveryOptimization
description: Policy CSP - DeliveryOptimization
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 3d779f0c64..ebe8a9efb2 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Desktop
description: Policy CSP - Desktop
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index ed32572a3d..44a9b306d9 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - DeviceGuard
description: Policy CSP - DeviceGuard
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
new file mode 100644
index 0000000000..c945a7c66c
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -0,0 +1,229 @@
+---
+title: Policy CSP - TimeLanguageSettings
+description: Policy CSP - TimeLanguageSettings
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 06/14/2019
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - DeviceHealthMonitoring
+
+
+
+
+
+## DeviceHealthMonitoring policies
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+DeviceHealthMonitoring is an opt-in health monitoring connection between the device and Microsoft. You should enable this policy only if your organization is using a Microsoft device monitoring service which requires it.
+
+
+
+The following list shows the supported values:
+
+- 1 — The DeviceHealthMonitoring connection is enabled.
+- 0 (default) — The DeviceHealthMonitoring connection is disabled.
+
+
+
+
+
+
+
+
+
+
+
+
+
+**DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
6
+
6
+
6
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device.
+This policy modifies which health events are sent to Microsoft on the DeviceHealthMonitoring connection.
+IT Pros do not need to set this policy. Instead, Microsoft Intune is expected to dynamically manage this value in coordination with the Microsoft device health monitoring service.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
6
+
6
+
6
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device.
+The value of this policy constrains the DeviceHealthMonitoring connection to certain destinations in order to support regional and sovereign cloud scenarios.
+In most cases, an IT Pro does not need to define this policy. Instead, it is expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. Only configure this policy manually if explicitly instructed to do so by a Microsoft device monitoring service.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## DeviceHealthMonitoring policies supported by IoT Core
+
+- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring)
+- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](#devicehealthmonitoring-configdevicehealthmonitoringscope)
+- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
+
+
+
+## DeviceHealthMonitoring policies supported by IoT Enterprise
+
+- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring)
+- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](#devicehealthmonitoring-configdevicehealthmonitoringscope)
+- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
+
+
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 29bff22868..1ff5f4fa3a 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -3,7 +3,7 @@ title: Policy CSP - DeviceInstallation
ms.reviewer:
manager: dansimp
description: Policy CSP - DeviceInstallation
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -87,7 +87,7 @@ If you enable this policy setting, Windows is allowed to install or update any d
If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
-Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
@@ -121,7 +121,7 @@ ADMX Info:
To enable this policy, use the following SyncML. This example allows Windows to install compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use `` as a delimiter.
-``` syntax
+```xml
@@ -198,7 +198,7 @@ This setting allows device installation based on the serial number of a removabl
If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
-Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
@@ -238,7 +238,7 @@ To enable this policy, use the following SyncML. This example allows Windows to
Enclose the class GUID within curly brackets {}. To configure multiple classes, use `` as a delimiter.
-``` syntax
+```xml
@@ -417,7 +417,7 @@ ADMX Info:
To enable this policy, use the following SyncML. This example prevents Windows from installing devices that are not specifically described by any other policy setting.
-``` syntax
+```xml
@@ -494,7 +494,7 @@ If you enable this policy setting, Windows is prevented from installing a device
If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
-Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
> [!TIP]
@@ -519,7 +519,7 @@ ADMX Info:
To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use  as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_IDs_Deny_Retroactive to true.
-``` syntax
+```xml
@@ -596,7 +596,7 @@ If you enable this policy setting, Windows is prevented from installing or updat
If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
-Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
> [!TIP]
@@ -626,7 +626,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f
Enclose the class GUID within curly brackets {}. To configure multiple classes, use `` as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_Classes_Deny_Retroactive to true.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index dcc8261939..1682e10bd8 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - DeviceLock
description: Policy CSP - DeviceLock
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -387,12 +387,12 @@ Specifies whether device lock is enabled.
> [!Important]
> **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below:
> - **DevicePasswordEnabled** is the parent policy of the following:
-> - AllowSimpleDevicePassword
-> - MinDevicePasswordLength
-> - AlphanumericDevicePasswordRequired
-> - MinDevicePasswordComplexCharacters
-> - DevicePasswordExpiration
-> - DevicePasswordHistory
+> - AllowSimpleDevicePassword
+> - MinDevicePasswordLength
+> - AlphanumericDevicePasswordRequired
+> - MinDevicePasswordComplexCharacters
+> - DevicePasswordExpiration
+> - DevicePasswordHistory
> - MaxDevicePasswordFailedAttempts
> - MaxInactivityTimeDeviceLock
@@ -1210,34 +1210,51 @@ Most restricted value is 0.
-
-## DeviceLock policies supported by Windows Holographic
+
+## DeviceLock policies supported by HoloLens 2
+- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+- [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration)
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
-- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
-- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
-- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
-- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
-- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
-
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
+
+
-## DeviceLock policies supported by Windows Holographic for Business
+## DeviceLock policies supported by HoloLens (1st gen) Commercial Suite
+- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
-- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
-- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
-- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
-- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
-- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
+
+## DeviceLock policies supported by HoloLens (1st gen) Development Edition
+
+- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
+- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
+- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
+- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
+- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
+
+
+
Footnotes:
@@ -1247,3 +1264,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 1e1c95c276..e6bdb26828 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Display
description: Policy CSP - Display
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 46b9b17b84..84edbd082b 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - DmaGuard
description: Policy CSP - DmaGuard
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -73,7 +73,7 @@ Device memory sandboxing allows the OS to leverage the I/O Memory Management Uni
This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
-> [!Note]
+> [!NOTE]
> This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices.
Supported values:
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index fe7b0e9b71..75f755f4fb 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Education
description: Policy CSP - Education
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index de47e20c44..606cfc2ceb 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - EnterpriseCloudPrint
description: Policy CSP - EnterpriseCloudPrint
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 8535ed7dc0..d498c385d6 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - ErrorReporting
description: Policy CSP - ErrorReporting
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 5ca67b16c6..a12bf88937 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - EventLogService
description: Policy CSP - EventLogService
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 6ba6f5a35c..7e61e7696e 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Experience
description: Policy CSP - Experience
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -937,6 +937,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+> Prior to Windows 10, version 1803, this policy had User scope.
This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.
@@ -1462,13 +1463,13 @@ _**Sync the browser settings automatically**_
_**Prevent syncing of browser settings and prevent users from turning it on**_
-1. Set **DoNotSyncBrowserSettings** to 2 (Prevented/turned off).
-2. Set **PreventUsersFromTurningOnBrowserSyncing** to 1 (Prevented/turned off).
+1. Set **DoNotSyncBrowserSettings** to 2 (Prevented/turned off).
+2. Set **PreventUsersFromTurningOnBrowserSyncing** to 1 (Prevented/turned off).
_**Prevent syncing of browser settings and let users turn on syncing**_
-1. Set **DoNotSyncBrowserSettings** to 2 (Prevented/turned off).
-2. Set **PreventUsersFromTurningOnBrowserSyncing** to 0 (Allowed/turned on).
+1. Set **DoNotSyncBrowserSettings** to 2 (Prevented/turned off).
+2. Set **PreventUsersFromTurningOnBrowserSyncing** to 0 (Allowed/turned on).
_**Turn syncing off by default but don’t disable**_
@@ -1549,13 +1550,13 @@ _**Sync the browser settings automatically**_
_**Prevent syncing of browser settings and prevent users from turning it on**_
-1. Set **DoNotSyncBrowserSettings** to 2 (Prevented/turned off).
-2. Set **PreventUsersFromTurningOnBrowserSyncing** to 1 (Prevented/turned off).
+1. Set **DoNotSyncBrowserSettings** to 2 (Prevented/turned off).
+2. Set **PreventUsersFromTurningOnBrowserSyncing** to 1 (Prevented/turned off).
_**Prevent syncing of browser settings and let users turn on syncing**_
-1. Set **DoNotSyncBrowserSettings** to 2 (Prevented/turned off).
-2. Set **PreventUsersFromTurningOnBrowserSyncing** to 0 (Allowed/turned on).
+1. Set **DoNotSyncBrowserSettings** to 2 (Prevented/turned off).
+2. Set **PreventUsersFromTurningOnBrowserSyncing** to 0 (Allowed/turned on).
@@ -1641,18 +1642,25 @@ Supported values:
-
-## Experience policies supported by Windows Holographic
+
+## Experience policies supported by HoloLens 2
- [Experience/AllowCortana](#experience-allowcortana)
-
+- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)
+
-## Experience policies supported by Windows Holographic for Business
+## Experience policies supported by HoloLens (1st gen) Commercial Suite
- [Experience/AllowCortana](#experience-allowcortana)
+
+## Experience policies supported by HoloLens (1st gen) Development Edition
+
+- [Experience/AllowCortana](#experience-allowcortana)
+
+
Footnotes:
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 41ed8b20f3..8e0abebf9d 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - ExploitGuard
description: Policy CSP - ExploitGuard
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -82,7 +82,7 @@ ADMX Info:
Here is an example:
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index f0c7dbd3e0..f2666b4442 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - FileExplorer
description: Policy CSP - FileExplorer
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index c3bfe395e7..750f00f237 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Games
description: Policy CSP - Games
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index 939b2d50a6..12cb543539 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Handwriting
description: Policy CSP - Handwriting
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 7e8466865c..c39e01b943 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - InternetExplorer
description: Policy CSP - InternetExplorer
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -2227,7 +2227,7 @@ Value - A number indicating the zone with which this site should be associated f
If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
-> [!Note]
+> [!NOTE]
> This policy is a list that contains the site and index value.
The list is a set of pairs of strings. Each string is seperated by F000. Each pair of strings is stored as a registry name and value. The registry name is the site and the value is an index. The index has to be sequential. See an example below.
@@ -2249,7 +2249,7 @@ ADMX Info:
-```syntax
+```xml
2
@@ -2850,7 +2850,7 @@ ADMX Info:
This setting determines whether IE automatically downloads updated versions of Microsoft’s VersionList.XML. IE uses this file to determine whether an ActiveX control should be stopped from loading.
> [!Caution]
-> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download breaks the [out-of-date ActiveX control blocking feature](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer.
+> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download breaks the [out-of-date ActiveX control blocking feature](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer.
If you disable or do not configure this setting, IE continues to download updated versions of VersionList.XML.
@@ -13428,7 +13428,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
ADMX Info:
-- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer *
+- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer*
- GP name: *VerMgmtDisableRunThisTime*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -16504,7 +16504,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy.
ADMX Info:
-- GP English name: *Security Zones: Use only machine settings *
+- GP English name: *Security Zones: Use only machine settings*
- GP name: *Security_HKLM_only*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index d7aa81c2a1..2df8f06e1a 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Kerberos
description: Policy CSP - Kerberos
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index df19d6da30..99fb4e9a1b 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - KioskBrowser
description: Policy CSP - KioskBrowser
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -88,7 +88,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -134,7 +134,7 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -180,7 +180,7 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -269,7 +269,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -315,7 +315,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -363,7 +363,7 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle
The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index 51460c13dc..d185745718 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - LanmanWorkstation
description: Policy CSP - LanmanWorkstation
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index a86f14229c..4c7c69815e 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Licensing
description: Policy CSP - Licensing
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index b730a05ff6..ec391230a3 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - LocalPoliciesSecurityOptions
description: Policy CSP - LocalPoliciesSecurityOptions
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -692,7 +692,7 @@ GP Info:
-> [!Warning]
+> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Digitally encrypt or sign secure channel data (always)
@@ -762,7 +762,7 @@ GP Info:
-> [!Warning]
+> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Digitally encrypt secure channel data (when possible)
@@ -829,7 +829,7 @@ GP Info:
-> [!Warning]
+> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Disable machine account password changes
@@ -1567,10 +1567,10 @@ GP Info:
-
5
-
5
-
5
-
5
+
+
+
+
@@ -1587,6 +1587,10 @@ GP Info:
+
+> [!WARNING]
+> Starting in Windows 10, version 1803, this policy is deprecated.
+
Microsoft network server: Amount of idle time required before suspending a session
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
@@ -2638,6 +2642,9 @@ GP Info:
**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon**
+> [!Warning]
+> Starting with Windows 10 version 1803, this policy is deprecated.
+
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 78acd3913e..0f90b19790 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - LockDown
description: Policy CSP - LockDown
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 1606fceb57..1028e204b8 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Maps
description: Policy CSP - Maps
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index b42eb48017..b2efd6a840 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Messaging
description: Policy CSP - Messaging
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 36fa5d0cc8..4e53332f72 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - MSSecurityGuide
description: Policy CSP - MSSecurityGuide
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index f12f2f997f..722b58c97c 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - MSSLegacy
description: Policy CSP - MSSLegacy
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index a06abada5b..9404b184fc 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - NetworkIsolation
description: Policy CSP - NetworkIsolation
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index c6d8e5217d..1624dfe21f 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Notifications
description: Policy CSP - Notifications
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -81,7 +81,7 @@ If you disable or do not configure this policy setting, the client computer will
No reboots or service restarts are required for this policy setting to take effect.
-> [!Warning]
+> [!WARNING]
> This policy is designed for zero exhaust. This policy may cause some MDM processes to break because WNS notification is used by the MDM server to send real time tasks to the device, such as remote wipe, unenroll, remote find, and mandatory app installation. When this policy is set to disallow WNS, those real time processes will no longer work and some time-sensitive actions such as remote wipe when the device is stolen or unenrollment when the device is compromised will not work.
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 95e8f4591b..643ff5cea3 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Power
description: Policy CSP - Power
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 5d3b5f3b49..16470df06b 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Printers
description: Policy CSP - Printers
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -106,6 +106,19 @@ ADMX Info:
- GP ADMX file name: *Printing.admx*
+
+
+Example
+```
+Name: Point and Print Enable Oma-URI: ./Device/Vendor/MSFT/Policy/Config/Printers/PointAndPrintRestrictions
+Data type: String Value:
+
+
+
+
+
+```
+
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 8b9c744102..65dea5a83d 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,22 +1,18 @@
---
title: Policy CSP - Privacy
description: Policy CSP - Privacy
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 05/01/2019
+ms.date: 07/09/2019
ms.reviewer:
manager: dansimp
---
# Policy CSP - Privacy
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-
@@ -53,6 +49,18 @@ manager: dansimp
@@ -318,7 +332,7 @@ manager: dansimp
Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
-> [!Note]
+> [!NOTE]
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
@@ -861,6 +875,260 @@ ADMX Info:
+
+**Privacy/LetAppsAccessBackgroundSpatialPerception**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1903.
+> [!NOTE]
+> Currently, this policy is supported only in HoloLens 2.
+
+Specifies whether Windows apps can access the movement of the user's head, hands, motion controllers, and other tracked objects, while the apps are running in the background.
+
+Value type is integer.
+
+
+
+ADMX Info:
+- GP English name: Let Windows apps access background spatial perception
+- GP name: LetAppsAccessBackgroundSpatialPerception
+- GP element: LetAppsAccessBackgroundSpatialPerception_Enum
+- GP path: Windows Components/App Privacy
+- GP ADMX file name: AppPrivacy.admx
+
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1903.
+> [!NOTE]
+> Currently, this policy is supported only in HoloLens 2.
+
+List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
+
+Value type is chr.
+
+
+
+ADMX Info:
+- GP English name: Let Windows apps access background spatial perception
+- GP name: LetAppsAccessBackgroundSpatialPerception
+- GP element: LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps_List
+- GP path: Windows Components/App Privacy
+- GP ADMX file name: AppPrivacy.admx
+
+
+
+
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1903.
+> [!NOTE]
+> Currently, this policy is supported only in HoloLens 2.
+
+List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
+
+Value type is chr.
+
+
+
+ADMX Info:
+- GP English name: Let Windows apps access background spatial perception
+- GP name: LetAppsAccessBackgroundSpatialPerception
+- GP element: LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps_List
+- GP path: Windows Components/App Privacy
+- GP ADMX file name: AppPrivacy.admx
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1903.
+> [!NOTE]
+> Currently, this policy is supported only in HoloLens 2.
+
+List of semi-colon delimited Package Family Names of Windows Store Apps.
+The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
+
+Value type is chr.
+
+
+
+ADMX Info:
+- GP English name: Let Windows apps access background spatial perception
+- GP name: LetAppsAccessBackgroundSpatialPerception
+- GP element: LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps_List
+- GP path: Windows Components/App Privacy
+- GP ADMX file name: AppPrivacy.admx
+
+
+
+
+
+
+
+
**Privacy/LetAppsAccessCalendar**
@@ -4088,6 +4356,126 @@ ADMX Info:
+
+**Privacy/LetAppsActivateWithVoice**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
6
+
6
+
6
+
6
+
6
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Specifies if Windows apps can be activated by voice.
+
+
+
+ADMX Info:
+- GP English name: *Allow voice activation*
+- GP name: *LetAppsActivateWithVoice*
+- GP element: *LetAppsActivateWithVoice_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – User in control. Users can decide if Windows apps can be activated by voice using Settings > Privacy options on the device.
+- 1 – Force allow. Windows apps can be activated by voice and users cannot change it.
+- 2 - Force deny. Windows apps cannot be activated by voice and users cannot change it.
+
+
+
+
+
+
+
+**Privacy/LetAppsActivateWithVoiceAboveLock**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
6
+
6
+
6
+
6
+
6
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Specifies if Windows apps can be activated by voice while the screen is locked.
+
+
+
+ADMX Info:
+- GP English name: *Allow voice activation above locked screen*
+- GP name: *LetAppsActivateWithVoiceAboveLock*
+- GP element: *LetAppsActivateWithVoiceAboveLock_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device.
+- 1 – Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it.
+- 2 - Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it.
+
+
+
+
+
+
**Privacy/LetAppsGetDiagnosticInfo**
@@ -4856,18 +5244,46 @@ ADMX Info:
-
-## Privacy policies supported by Windows Holographic
+
+## Privacy policies supported by HoloLens 2
- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
-
+- [LetAppsAccessAccountInfo](#privacy-letappsaccessaccountinfo)
+- [LetAppsAccessAccountInfo_ForceAllowTheseApps](#privacy-letappsaccessaccountinfo-forceallowtheseapps)
+- [LetAppsAccessAccountInfo_ForceDenyTheseApps](#privacy-letappsaccessaccountinfo-forcedenytheseapps)
+- [LetAppsAccessAccountInfo_UserInControlOfTheseApps](#privacy-letappsaccessaccountinfo-userincontroloftheseapps)
+- [LetAppsAccessBackgroundSpatialPerception](#privacy-letappsaccessbackgroundspatialperception)
+- [LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps](#privacy-letappsaccessbackgroundspatialperception-forceallowtheseapps)
+- [LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps](#privacy-letappsaccessbackgroundspatialperception-forcedenytheseapps)
+- [LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps](#privacy-letappsaccessbackgroundspatialperception-userincontroloftheseapps)
+- [Privacy/LetAppsAccessCamera](#privacy-letappsaccesscamera)
+- [Privacy/LetAppsAccessLocation](#privacy-letappsaccesslocation)
+- [Privacy/LetAppsAccessMicrophone](#privacy-letappsaccessmicrophone)
+
-## Privacy policies supported by Windows Holographic for Business
+## Privacy policies supported by HoloLens (1st gen) Commercial Suite
- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
+
+## Privacy policies supported by HoloLens (1st gen) Development Edition
+
+- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
+
+
+## Privacy policies supported by Windows 10 IoT Core
+- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice)
+- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock)
+
+
+
+## Privacy policies supported by Windows 10 IoT Enterprise
+- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice)
+- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock)
+
+
Footnotes:
@@ -4877,4 +5293,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
-- 6 - Added in the next major release of Windows 10.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 35c9418f05..338d517c12 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - RemoteAssistance
description: Policy CSP - RemoteAssistance
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -290,9 +290,9 @@ If you enable this policy setting, you have two ways to allow helpers to provide
To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format:
-\ or
+`\` or
-\
+`\`
If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 7ec935f89a..c9c9ba51bf 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - RemoteDesktopServices
description: Policy CSP - RemoteDesktopServices
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -222,9 +222,9 @@ ADMX Info:
This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).
-By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format on . You can use this policy setting to override this behavior.
+By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format `` on ``. You can use this policy setting to override this behavior.
-If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP.
+If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2019 and Windows 10.
If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 5ab20bb4a9..f176045650 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - RemoteManagement
description: Policy CSP - RemoteManagement
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -365,7 +365,7 @@ If you disable or do not configure this policy setting, the WinRM service will n
The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges.
-You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
+You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty.
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index f91881863d..ade921ae21 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - RemoteProcedureCall
description: Policy CSP - RemoteProcedureCall
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 6e881739c8..21cfd117d2 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - RemoteShell
description: Policy CSP - RemoteShell
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index ccbebbf6fa..2ee10fa612 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - RestrictedGroups
description: Policy CSP - RestrictedGroups
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -76,7 +76,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of 0 members when applying the policy implies clearing the access group and should be used with caution.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 8b85ea7b5a..f551f810e3 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Search
description: Policy CSP - Search
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -921,18 +921,24 @@ The following list shows the supported values:
-
-## Search policies supported by Windows Holographic
+
+## Search policies supported by HoloLens 2
- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
-
+
-## Search policies supported by Windows Holographic for Business
+## Search policies supported by HoloLens (1st gen) Commercial Suite
- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
+
+## Search policies supported by HoloLens (1st gen) Development Edition
+
+- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
+
+
Footnotes:
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index abcd218b57..22bddbe478 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Security
description: Policy CSP - Security
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -744,18 +744,24 @@ The following list shows the supported values:
-
-## Security policies supported by Windows Holographic
+
+## Security policies supported by HoloLens 2
- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
-
+
-## Security policies supported by Windows Holographic for Business
+## Security policies supported by HoloLens (1st gen) Commercial Suite
- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
+
+## Security policies supported by HoloLens (1st gen) Development Edition
+
+- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
+
+
Footnotes:
@@ -765,4 +771,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
-- 6 - Added in the next major release of Windows 10.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 1afcd6368d..e2a1e35daf 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Settings
description: Policy CSP - Settings
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -806,11 +806,11 @@ If the policy is not specified, the behavior will be that no pages are affected.
The format of the PageVisibilityList value is as follows:
-- The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
-- There are two variants: one that shows only the given pages and one which hides the given pages.
-- The first variant starts with the string "showonly:" and the second with the string "hide:".
-- Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
-- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
+- The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
+- There are two variants: one that shows only the given pages and one which hides the given pages.
+- The first variant starts with the string "showonly:" and the second with the string "hide:".
+- Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
+- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
The default value for this setting is an empty string, which is interpreted as show everything.
@@ -844,20 +844,27 @@ To validate on Desktop, do the following:
-
-## Settings policies supported by Windows Holographic
+
+## Settings policies supported by HoloLens 2
- [Settings/AllowDateTime](#settings-allowdatetime)
- [Settings/AllowVPN](#settings-allowvpn)
-
+
-## Settings policies supported by Windows Holographic for Business
+## Settings policies supported by HoloLens (1st gen) Commercial Suite
- [Settings/AllowDateTime](#settings-allowdatetime)
- [Settings/AllowVPN](#settings-allowvpn)
+
+## Settings policies supported by HoloLens (1st gen) Development Edition
+
+- [Settings/AllowDateTime](#settings-allowdatetime)
+- [Settings/AllowVPN](#settings-allowvpn)
+
+
Footnotes:
@@ -867,3 +874,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index ed50500741..333716f687 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - SmartScreen
description: Policy CSP - SmartScreen
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -73,6 +73,9 @@ manager: dansimp
Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
+> [!Note]
+> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.
+
ADMX Info:
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index da41b5caa4..0f385479cb 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Speech
description: Policy CSP - Speech
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -87,18 +87,24 @@ The following list shows the supported values:
-
-## Speech policies supported by Windows Holographic
+
+## Speech policies supported by HoloLens 2
- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
-
+
-## Speech policies supported by Windows Holographic for Business
+## Speech policies supported by HoloLens (1st gen) Commercial Suite
- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
+
+## Speech policies supported by HoloLens (1st gen) Development Edition
+
+- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
+
+
Footnotes:
@@ -108,3 +114,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 5b21ccc24a..05e37d1dc9 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Start
description: Policy CSP - Start
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index c889fc7bec..02d36e60d9 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Storage
description: Policy CSP - Storage
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index cd2c32f688..65f8aca2b1 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - System
description: Policy CSP - System
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -444,7 +444,7 @@ This MDM setting corresponds to the EnableFontProviders Group Policy setting. If
This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content.
-> [!Note]
+> [!NOTE]
> Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
@@ -632,7 +632,7 @@ The following list shows the supported values:
Allow the device to send diagnostic and usage telemetry data, such as Watson.
-For more information about diagnostic data, including what is and what is not collected by Windows, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
+For more information about diagnostic data, including what is and what is not collected by Windows, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
The following tables describe the supported values:
@@ -1068,7 +1068,7 @@ If you disable or don't configure this policy setting, the Delete diagnostic dat
ADMX Info:
-- GP English name: *Disable deleting diagnostic data *
+- GP English name: *Disable deleting diagnostic data*
- GP name: *DisableDeviceDelete*
- GP element: *DisableDeviceDelete*
- GP path: *Data Collection and Preview Builds*
@@ -1131,7 +1131,7 @@ If you disable or don't configure this policy setting, the Diagnostic Data Viewe
ADMX Info:
-- GP English name: *Disable diagnostic data viewer. *
+- GP English name: *Disable diagnostic data viewer.*
- GP name: *DisableDiagnosticDataViewer*
- GP element: *DisableDiagnosticDataViewer*
- GP path: *Data Collection and Preview Builds*
@@ -1581,20 +1581,29 @@ The following list shows the supported values:
-
-## System policies supported by Windows Holographic
+
+## System policies supported by HoloLens 2
-- [System/AllowTelemetry](#system-allowtelemetry)
+- [System/AllowCommercialDataPipeline](#system-allowcommercialdatapipeline)
- [System/AllowLocation](#system-allowlocation)
-
+- [System/AllowStorageCard](#system-allowstoragecard)
+- [System/AllowTelemetry](#system-allowtelemetry)
+
-## System policies supported by Windows Holographic for Business
+## System policies supported by HoloLens (1st gen) Commercial Suite
-- [System/AllowTelemetry](#system-allowtelemetry)
- [System/AllowLocation](#system-allowlocation)
+- [System/AllowTelemetry](#system-allowtelemetry)
+
+## System policies supported by HoloLens (1st gen) Development Edition
+
+- [System/AllowLocation](#system-allowlocation)
+- [System/AllowTelemetry](#system-allowtelemetry)
+
+
Footnotes:
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index ded40a8b16..1b98e5a487 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - SystemServices
description: Policy CSP - SystemServices
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 5e56b287a7..5e4b03fa34 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - TaskManager
description: Policy CSP - TaskManager
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 38a4f44179..ca2b448d50 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - TaskScheduler
description: Policy CSP - TaskScheduler
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 08dea14a3e..ce3e59ecc4 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - TextInput
description: Policy CSP - TextInput
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 72a3a6ee06..5feefe04ae 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,12 +1,12 @@
---
title: Policy CSP - TimeLanguageSettings
description: Policy CSP - TimeLanguageSettings
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 03/12/2018
+ms.date: 06/15/2019
ms.reviewer:
manager: dansimp
---
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - TimeLanguageSettings
-
@@ -24,6 +23,9 @@ manager: dansimp
@@ -65,7 +67,7 @@ manager: dansimp
-Allows for the configuration of the default clock setting to be the 24 hour format. If set to 0 (zero), the device uses the default clock as prescribed by the current locale setting.
+Allows for the configuration of the default clock setting to be the 24 hour format. If set to 0 (zero), the device uses the default clock as prescribed by the current locale setting.
@@ -76,14 +78,68 @@ The following list shows the supported values:
+
-Footnote:
+
+**TimeLanguageSettings/ConfigureTimeZone**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
6
+
6
+
6
+
6
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Footnotes:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
-
-
-
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 2531787f7f..fbef0fce58 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Update
description: Policy CSP - Update
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -1053,7 +1053,7 @@ Supported values:
-Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
+Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value.
@@ -1071,8 +1071,8 @@ The following list shows the supported values:
- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
-- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
-- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
+- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
+- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903)
@@ -1896,7 +1896,7 @@ For Quality Updates, this policy specifies the deadline in days before automatic
The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
-> [!Note]
+> [!NOTE]
> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule are not set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
Value type is integer. Default is 14.
@@ -2722,7 +2722,7 @@ The following list shows the supported values:
Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates.
-Value type is string. Supported operations are Add, Get, Delete, and Replace.
+Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
@@ -2835,7 +2835,7 @@ The following list shows the supported values:
Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates.
-Value type is string. Supported operations are Add, Get, Delete, and Replace.
+Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
@@ -3786,7 +3786,7 @@ Options:
- 1 – Turn off all notifications, excluding restart warnings
- 2 – Turn off all notifications, including restart warnings
-> [!Important]
+> [!IMPORTANT]
> If you choose not to get update notifications and also define other Group policies so that devices aren’t automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
@@ -3847,7 +3847,7 @@ ADMX Info:
-> [!Important]
+> [!IMPORTANT]
> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
@@ -3939,7 +3939,7 @@ To use this setting, you must set two server name values: the server from which
Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
-> [!Note]
+> [!NOTE]
> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.
> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
@@ -3958,21 +3958,25 @@ ADMX Info:
-
-## Update policies supported by Windows Holographic
+
+## Update policies supported by HoloLens 2
- [Update/AllowAutoUpdate](#update-allowautoupdate)
- [Update/AllowUpdateService](#update-allowupdateservice)
-- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
-- [Update/RequireUpdateApproval](#update-requireupdateapproval)
+- [Update/BranchReadinessLevel](#update-branchreadinesslevel)
+- [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays)
+- [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays)
+- [Update/ManagePreviewBuilds](#update-managepreviewbuilds)
+- [Update/PauseFeatureUpdates](#update-pausefeatureupdates)
+- [Update/PauseQualityUpdates](#update-pausequalityupdates)
- [Update/ScheduledInstallDay](#update-scheduledinstallday)
- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
- [Update/UpdateServiceUrl](#update-updateserviceurl)
-
+
-## Update policies supported by Windows Holographic for Business
+## Update policies supported by HoloLens (1st gen) Commercial Suite
- [Update/AllowAutoUpdate](#update-allowautoupdate)
- [Update/AllowUpdateService](#update-allowupdateservice)
@@ -3984,6 +3988,19 @@ ADMX Info:
+
+## Update policies supported by HoloLens (1st gen) Development Edition
+
+- [Update/AllowAutoUpdate](#update-allowautoupdate)
+- [Update/AllowUpdateService](#update-allowupdateservice)
+- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
+- [Update/RequireUpdateApproval](#update-requireupdateapproval)
+- [Update/ScheduledInstallDay](#update-scheduledinstallday)
+- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
+- [Update/UpdateServiceUrl](#update-updateserviceurl)
+
+
+
## Update policies supported by IoT Core
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index ad3586a7b2..bf7b2a8067 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - UserRights
description: Policy CSP - UserRights
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -20,7 +20,7 @@ User rights are assigned for user accounts or groups. The name of the policy def
Here is an example syncml for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
-```syntax
+```xml
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 1aa0d39661..9bc832c1ff 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - Wifi
description: Policy CSP - Wifi
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -391,18 +391,24 @@ Supported operations are Add, Delete, Get, and Replace.
- [Wifi/AllowWiFi](#wifi-allowwifi)
-
-## Wifi policies supported by Windows Holographic
+
+## Wifi policies supported by HoloLens 2
- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration)
-
-
+
+
-## Wifi policies supported by Windows Holographic for Business
+## Wifi policies supported by HoloLens (1st gen) Commercial Suite
- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration)
+
+## Wifi policies supported by HoloLens (1st gen) Development Edition
+
+- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration)
+
+
## Wifi policies supported by IoT Core
@@ -427,3 +433,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 3765d7bdde..6824a34e5c 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - WindowsConnectionManager
description: Policy CSP - WindowsConnectionManager
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 0e523a9d77..cc8580325d 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - WindowsDefenderSecurityCenter
description: Policy CSP - WindowsDefenderSecurityCenter
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -436,7 +436,7 @@ Valid values:
Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
-> [!Note]
+> [!NOTE]
> If Suppress notification is enabled then users will not see critical or non-critical messages.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 398b717f8d..ca2a0c7b72 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - WindowsInkWorkspace
description: Policy CSP - WindowsInkWorkspace
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 5c3f33f450..dd40314d62 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - WindowsLogon
description: Policy CSP - WindowsLogon
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -305,7 +305,7 @@ If you disable or don't configure this policy setting, any user can disconnect t
Here is an example to enable this policy:
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index fd6fa0ab4c..9e2d0223b5 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - WindowsPowerShell
description: Policy CSP - WindowsPowerShell
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index a35ddea58f..1ba5d5ec2d 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - WirelessDisplay
description: Policy CSP - WirelessDisplay
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 0155da04e8..86b57361ab 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -4,7 +4,7 @@ description: Policy DDF file
ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -17,21 +17,22 @@ ms.date: 05/21/2019
This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-You can download the DDF files from the links below:
+You can view various Policy DDF files by clicking the following links:
-- [Download the Policy DDF file for Windows 10, version 1903](http://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
-- [Download the Policy DDF file for Windows 10, version 1809](http://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/PolicyDDF_all_1809.xml)
-- [Download the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
-- [Download the Policy DDF file for Windows 10, version 1803 release C](http://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
-- [Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
-- [Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
-- [Download the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
-- [Download the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
-- [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)
+- [View the Policy DDF file for Windows 10, version 1903](http://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
+- [View the Policy DDF file for Windows 10, version 1809](http://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
+- [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
+- [View the Policy DDF file for Windows 10, version 1803 release C](http://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
+- [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
+- [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
+- [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
+- [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
+
+You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is the DDF for Windows 10, version 1903.
-``` syntax
+```xml
+- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
+- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
+- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)
@@ -11032,11 +11033,11 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
-- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)
+- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
+- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
+- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)
@@ -23030,11 +23031,11 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
-- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)
+- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
+- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
+- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)
@@ -51684,11 +51685,11 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
-- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)
+- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
+- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
+- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)
diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md
index ca6963743e..ad4bb24be7 100644
--- a/windows/client-management/mdm/policymanager-csp.md
+++ b/windows/client-management/mdm/policymanager-csp.md
@@ -4,7 +4,7 @@ description: PolicyManager CSP
ms.assetid: 048427b1-6024-4660-8660-bd91c583f7f9
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md
index f6f151d7d1..9dfabcfba3 100644
--- a/windows/client-management/mdm/provisioning-csp.md
+++ b/windows/client-management/mdm/provisioning-csp.md
@@ -4,7 +4,7 @@ description: The Provisioning configuration service provider is used for bulk us
ms.assetid: 5D6C17BE-727A-4AFA-9F30-B34C1EA1D2AE
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md
index 9078c67e05..cced09bc2b 100644
--- a/windows/client-management/mdm/proxy-csp.md
+++ b/windows/client-management/mdm/proxy-csp.md
@@ -4,7 +4,7 @@ description: PROXY CSP
ms.assetid: 9904d44c-4a1e-4ae7-a6c7-5dba06cb16ce
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md
index 71cc999c8b..bcae3dceaf 100644
--- a/windows/client-management/mdm/push-notification-windows-mdm.md
+++ b/windows/client-management/mdm/push-notification-windows-mdm.md
@@ -7,7 +7,7 @@ MS-HAID:
ms.assetid: 9031C4FE-212A-4481-A1B0-4C3190B388AE
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md
index 614473916d..5e0bc0b2d9 100644
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@@ -4,7 +4,7 @@ description: PXLOGICAL configuration service provider
ms.assetid: b5fc84d4-aa32-4edd-95f1-a6a9c0feb459
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 227a21008a..9711b4b2a4 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -4,7 +4,7 @@ description: Reboot CSP
ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -29,7 +29,7 @@ The following diagram shows the Reboot configuration service provider management
**RebootNow**
This node executes a reboot of the device. RebootNow triggers a reboot within 5 minutes to allow the user to wrap up any active work.
-> [!Note]
+> [!NOTE]
> If this node is set to execute during a sync session, the device will reboot at the end of the sync session.
The supported operations are Execute and Get.
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 8c894e3a4e..1cf001cffb 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid: ABBD850C-E744-462C-88E7-CA3F43D80DB1
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
1.2
diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md
index 9c7fc9451d..554e07f2d4 100644
--- a/windows/client-management/mdm/remotefind-csp.md
+++ b/windows/client-management/mdm/remotefind-csp.md
@@ -4,7 +4,7 @@ description: The RemoteFind configuration service provider retrieves the locatio
ms.assetid: 2EB02824-65BF-4B40-A338-672D219AF5A0
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -102,7 +102,7 @@ Supported operation is Get.
## Examples
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md
index ea247fdcee..211fd88e78 100644
--- a/windows/client-management/mdm/remotefind-ddf-file.md
+++ b/windows/client-management/mdm/remotefind-ddf-file.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid: 5864CBB8-2030-459E-BCF6-9ACB69206FEA
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
(lpParam);
- m_pSession->AddRef();
- }
-
- bstrContext = SysAllocString(L"ICCID");
- if (NULL == bstrContext)
- {
- hr = E_OUTOFMEMORY;
- goto Error;
- }
-
- hr = m_pSession->GetSessionVariable(bstrContext, &varValue);
- if (FAILED(hr))
- {
- goto Error;
- }
- break;
-```
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index 195eb13662..7d972a5a96 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -4,7 +4,7 @@ description: SecureAssessment CSP
ms.assetid: 6808BE4B-961E-4638-BF15-FD7841D1C00A
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index b7fa178864..f294bbb8a3 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid: 68D17F2A-FAEA-4608-8727-DBEC1D7BE48A
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -20,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
**SetPowerPolicies**
Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode.
-> [!Note]
+> [!NOTE]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Add, Get, Replace, and Delete.
@@ -55,7 +55,7 @@ The default value is Not Configured and the effective power settings are determi
**MaintenanceStartTime**
Optional. An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440.
-> [!Note]
+> [!NOTE]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Add, Get, Replace, and Delete.
@@ -65,7 +65,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p
**SignInOnResume**
Optional. A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode.
-> [!Note]
+> [!NOTE]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Add, Get, Replace, and Delete.
@@ -75,7 +75,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p
**SleepTimeout**
The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional.
-> [!Note]
+> [!NOTE]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Add, Get, Replace, and Delete.
@@ -85,7 +85,7 @@ The default value is Not Configured, and effective behavior is determined by the
**EnableAccountManager**
A boolean that enables the account manager for shared PC mode.
-> [!Note]
+> [!NOTE]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Add, Get, Replace, and Delete.
@@ -95,7 +95,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p
**AccountModel**
Configures which type of accounts are allowed to use the PC.
-> [!Note]
+> [!NOTE]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Add, Get, Replace, and Delete.
@@ -111,7 +111,7 @@ Its value in the SharedPC provisioning package is 1 or 2.
**DeletionPolicy**
Configures when accounts are deleted.
-> [!Note]
+> [!NOTE]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Add, Get, Replace, and Delete.
@@ -132,7 +132,7 @@ The default value is Not Configured. Its value in the SharedPC provisioning pack
**DiskLevelDeletion**
Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first.
-> [!Note]
+> [!NOTE]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The default value is Not Configured. Its default value in the SharedPC provisioning package is 25.
@@ -144,7 +144,7 @@ The supported operations are Add, Get, Replace, and Delete.
**DiskLevelCaching**
Sets the percentage of available disk space a PC should have before it stops deleting cached accounts.
-> [!Note]
+> [!NOTE]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
The default value is Not Configured. The default value in the SharedPC provisioning package is 25.
@@ -158,7 +158,7 @@ Added in Windows 10, version 1703. Restricts the user from using local storage.
The default value is Not Configured and behavior is no such restriction applied. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False.
-> [!Note]
+> [!NOTE]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
**KioskModeAUMID**
@@ -166,7 +166,7 @@ Added in Windows 10, version 1703. Specifies the AUMID of the app to use with as
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-> [!Note]
+> [!NOTE]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
**KioskModeUserTileDisplayText**
@@ -174,7 +174,7 @@ Added in Windows 10, version 1703. Specifies the display text for the account sh
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-> [!Note]
+> [!NOTE]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
**InactiveThreshold**
@@ -187,7 +187,7 @@ The default in the SharedPC provisioning package is 30.
**MaxPageFileSizeMB**
Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. This node is optional.
-> [!Note]
+> [!NOTE]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
Default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 3131b3f57a..b9ea9c1767 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -4,7 +4,7 @@ description: SharedPC DDF file
ms.assetid: 70234197-07D4-478E-97BB-F6C651C0B970
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the DDF for Windows 10, version 1703.
-``` syntax
+```xml
@@ -449,7 +449,7 @@ Adding new configuration information for a H-SLP server for SUPL. Values in ital
Adding a SUPL and a V2 UPL account to the same device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index 6c8f177ce6..bf899e6c8e 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid: 514B7854-80DC-4ED9-9805-F5276BF38034
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -23,7 +23,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
[!Note]
+> [!NOTE]
> The forced network connection is only applicable to devices after reset (not new).
The following diagram shows the TenantLockdown configuration service provider in tree format.
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index e558f2f609..041b690a01 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -1,7 +1,7 @@
---
title: TenantLockdown DDF file
description: XML file containing the device description framework
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -22,7 +22,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
[!Note]
+> [!NOTE]
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
-> [!Note]
+> [!NOTE]
> The production UEFI CSP is present in 1809, but it depends upon the Device Firmware Configuration Interface (DFCI) and UEFI firmware to comply with this interface. The specification for this interface and compatible firmware is not yet available.
The following diagram shows the UEFI CSP in tree format.
diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md
index b3638650b6..808685d36d 100644
--- a/windows/client-management/mdm/uefi-ddf.md
+++ b/windows/client-management/mdm/uefi-ddf.md
@@ -1,7 +1,7 @@
---
title: UEFI DDF file
description: UEFI DDF file
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -20,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
`.
- - The MDM client stack receives this command, which causes the Policy CSP to either delete the device’s registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition.
+- If **Disabled** is selected and you click **Apply**, the following events occur:
+ - The MDM ISV server sets up a Replace SyncML command with a payload set to ``.
+ - The MDM client stack receives this command, which causes the Policy CSP to either delete the device’s registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition.
-- If **Not Configured** is selected and you click **Apply**, the following events occur:
- - MDM ISV server sets up a Delete SyncML command.
- - The MDM client stack receives this command, which causes the Policy CSP to delete the device’s registry settings per the ADMX-backed policy definition.
+- If **Not Configured** is selected and you click **Apply**, the following events occur:
+ - MDM ISV server sets up a Delete SyncML command.
+ - The MDM client stack receives this command, which causes the Policy CSP to delete the device’s registry settings per the ADMX-backed policy definition.
The following diagram shows the main display for the Group Policy Editor.
diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md
index 9376c73530..f9ff52da32 100644
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@@ -4,7 +4,7 @@ description: The UnifiedWriteFilter (UWF) configuration service provider enables
ms.assetid: F4716AC6-0AA5-4A67-AECE-E0F200BA95EB
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md
index 48f98b6e31..2eb8bf1445 100644
--- a/windows/client-management/mdm/unifiedwritefilter-ddf.md
+++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md
@@ -4,7 +4,7 @@ description: UnifiedWriteFilter DDF File
ms.assetid: 23A7316E-A298-43F7-9407-A65155C8CEA6
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -19,7 +19,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Unified
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-``` syntax
+```xml
Supported operations are Get and Add.
Specifies the time the update gets approved.
@@ -166,7 +167,7 @@ If the conditions are not true, the device will not Roll Back the Latest Quality
**Rollback/FeatureUpdate**
Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machine meets the following conditions:
-- Condition 1: Device must be Windows Update for Business Connnected
+- Condition 1: Device must be Windows Update for Business Connected
- Condition 2: Device must be in Paused State
- Condition 3: Device must have the Latest Feature Update Installed on the device (Current State)
- Condition 4: Machine should be within the uninstall period
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index 868f1787eb..731adeeb60 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -4,7 +4,7 @@ description: Update DDF file
ms.assetid: E236E468-88F3-402A-BA7A-834ED38DD388
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -20,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1803.
-``` syntax
+```xml
Roll Back Latest Feature Update, if the machine meets the following conditions:
- Condition 1: Device must be WUfB Connnected
+ Condition 1: Device must be WUfB Connected
Condition 2: Device must be in Paused State
Condition 3: Device must have the Latest Feature Update Installed on the device (Current State)
Condition 4: Machine should be within the uninstall period
@@ -615,7 +615,7 @@ The XML below is for Windows 10, version 1803.
- Returns the result of last RollBack QualityUpdate opearation.
+ Returns the result of last RollBack QualityUpdate operation.
@@ -637,7 +637,7 @@ The XML below is for Windows 10, version 1803.
- Returns the result of last RollBack FeatureUpdate opearation.
+ Returns the result of last RollBack FeatureUpdate operation.
diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
index 1930fc6093..300711d733 100644
--- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -4,7 +4,7 @@ description: This topic covers using PowerShell Cmdlet scripts to configure per-
ms.assetid: 238D45AD-3FD8-46F9-B7FB-6AEE42BE4C08
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 335fb97ae1..7b8f154145 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -4,7 +4,7 @@ description: VPN CSP
ms.assetid: 05ca946a-1c0b-4e11-8d7e-854e14740707
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index 62a304fa14..b3e8aef28c 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -4,7 +4,7 @@ description: VPN DDF file
ms.assetid: 728FCD9C-0B8E-413B-B54A-CD72C9F2B9EE
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -17,7 +17,7 @@ ms.date: 06/26/2017
This topic shows the OMA DM device description framework (DDF) for the **VPN** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index 65d8caed7b..e4c93ad525 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -4,7 +4,7 @@ description: w4 APPLICATION CSP
ms.assetid: ef42b82a-1f04-49e4-8a48-bd4e439fc43a
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index 391e3063db..0a7adafa8c 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -4,7 +4,7 @@ description: w7 APPLICATION CSP
ms.assetid: 10f8aa16-5c89-455d-adcd-d7fb45d4e768
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index bcbbe82cd4..7db7e01ffb 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -4,12 +4,12 @@ description: WiFi CSP
ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 10/24/2018
+ms.date: 06/18/2019
---
# WiFi CSP
@@ -25,7 +25,7 @@ Programming considerations:
- Because the Windows 10 Mobile emulator does not support Wi-Fi, you cannot test the Wi-Fi configuration with an emulator. You can still provision a Wi-Fi network using the WiFi CSP, then check it in the Wi-Fi settings page, but you cannot test the network connectivity in the emulator.
- For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it is stored on the device.
- The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping are not supported.
-- The *name\_goes\_here* must match *name\_goes\_here*.
+- The \*name\_goes\_here*\\ must match \\ *name\_goes\_here*\\.
- For the WiFi CSP, you cannot use the Replace command unless the node already exists.
- Using Proxyis only supported in Windows 10 Mobile. Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure.
@@ -43,10 +43,10 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is
Supported operation is Get.
-****
+**\**
Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. The SSID is added when the WlanXML node is added. When the SSID node is deleted, then all the subnodes are also deleted.
-SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, ./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml.
+SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, \./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml\.
The supported operations are Add, Get, Delete, and Replace.
@@ -79,7 +79,10 @@ If it is an IPvFuture address, then it must be specified as an IP literal as "\[
Supported operations are Get, Add, Delete, and Replace.
**DisableInternetConnectivityChecks**
-Added in Windows 10, version 1511.Optional. Disable the internet connectivity check for the profile.
+> [!Note]
+> This node has been deprecated since Windows 10, version 1607.
+
+Added in Windows 10, version 1511. Optional. Disable the internet connectivity check for the profile.
Value type is chr.
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index e9138d6030..2c51e50a62 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -4,7 +4,7 @@ description: WiFi DDF file
ms.assetid: 00DE1DA7-23DE-4871-B3F0-28EB29A62D61
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **WiFi**
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
XML describing the network configuration and follows Windows WLAN_profile schema.
- Link to schema: http://msdn.microsoft.com/library/windows/desktop/ms707341(v=vs.85).aspx
+ Link to schema: https://msdn.microsoft.com/library/windows/desktop/ms707341(v=vs.85).aspx
diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
index a55ac7648e..cb2908dda2 100644
--- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
@@ -1,7 +1,7 @@
---
title: Win32 and Desktop Bridge app policy configuration
description: Starting in Windows 10, version 1703, you can import ADMX files and set those ADMX-backed policies for Win32 and Desktop Bridge apps.
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index ca8daa77fc..abcbb92914 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -4,7 +4,7 @@ description: Win32AppInventory CSP
ms.assetid: C0DEDD51-4EAD-4F8E-AEE2-CBE9658BCA22
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index 4079510fc6..8757e65d3b 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -4,7 +4,7 @@ description: Win32AppInventory DDF file
ms.assetid: F6BCC10B-BFE4-40AB-AEEE-34679A4E15B0
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
[!Important]
+> [!IMPORTANT]
> Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
**Settings/PrintingSettings**
@@ -128,7 +128,7 @@ If you enable this policy, applications inside Windows Defender Application Guar
If you disable or don't configure this policy, applications inside Windows Defender Application Guard will be unable to access the camera and microphone on the user’s device.
-> [!Important]
+> [!IMPORTANT]
> If you turn on this policy, a compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge. To prevent unauthorized access, we recommend that camera and microphone privacy settings be turned off on the user's device when they are not needed.
**Status**
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index e8d01e0172..6b319f1404 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,7 +1,7 @@
---
title: WindowsDefenderApplicationGuard DDF file
description: WindowsDefenderApplicationGuard DDF file
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 0aa177f8cf..58a5040b72 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -4,7 +4,7 @@ description: WindowsLicensing CSP
ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -31,7 +31,7 @@ The supported operation is Get.
**UpgradeEditionWithProductKey**
Enters a product key for an edition upgrade of Windows 10 desktop devices.
-> [!NOTE]
+> [!NOTE]
> This upgrade process requires a system restart.
@@ -44,7 +44,7 @@ When a product key is pushed from an MDM server to a user's device, **changepk.e
After the device restarts, the edition upgrade process completes. The user will receive a notification of the successful upgrade.
-> [!IMPORTANT]
+> [!IMPORTANT]
> If another policy requires a system reboot that occurs when **changepk.exe** is running, the edition upgrade will fail.
@@ -55,7 +55,7 @@ After the device restarts, the edition upgrade process completes. The user will
This node can also be used to activate or change a product key on a particular edition of Windows 10 desktop device by entering a product key. Activation or changing a product key does not require a reboot and is a silent process for the user.
-> [!IMPORTANT]
+> [!IMPORTANT]
> The product key entered must be 29 characters (that is, it should include dashes), otherwise the activation, edition upgrade, or product key change on Windows 10 desktop devices will fail. The product key is acquired from Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal.
@@ -97,7 +97,7 @@ The supported operation is Get.
**UpgradeEditionWithLicense**
Provides a license for an edition upgrade of Windows 10 mobile devices.
-> [!NOTE]
+> [!NOTE]
> This upgrade process does not require a system restart.
@@ -106,7 +106,7 @@ The date type is XML.
The supported operation is Execute.
-> [!IMPORTANT]
+> [!IMPORTANT]
> The XML license file contents must be properly escaped (that is, it should not simply be a copied XML), otherwise the edition upgrade on Windows 10 mobile devices will fail. For more information on proper escaping of the XML license file, see Section 2.4 of the [W3C XML spec](http://www.w3.org/TR/xml/) . The XML license file is acquired from the Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal.
@@ -196,7 +196,7 @@ Values:
**CheckApplicability**
-``` syntax
+```xml
@@ -216,14 +216,14 @@ Values:
```
-> [!NOTE]
+> [!NOTE]
> `XXXXX-XXXXX-XXXXX-XXXXX-XXXXX` in the **Data** tag should be replaced with your product key.
**Edition**
-``` syntax
+```xml
@@ -241,7 +241,7 @@ Values:
**LicenseKeyType**
-``` syntax
+```xml
@@ -259,7 +259,7 @@ Values:
**Status**
-``` syntax
+```xml
@@ -277,7 +277,7 @@ Values:
**UpgradeEditionWithProductKey**
-``` syntax
+```xml
@@ -297,14 +297,14 @@ Values:
```
-> [!NOTE]
+> [!NOTE]
> `XXXXX-XXXXX-XXXXX-XXXXX-XXXXX` in the **Data** tag should be replaced with your product key.
**UpgradeEditionWithLicense**
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index bc6224b71a..c5037971d9 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -4,7 +4,7 @@ description: WindowsLicensing DDF file
ms.assetid: 2A24C922-A167-4CEE-8F74-08E7453800D2
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -23,7 +23,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
index c2bb095f66..a42d7ec535 100644
--- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
+++ b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
@@ -4,7 +4,7 @@ description: This topic shows the OMA DM device description framework (DDF) for
ms.assetid: B1F9A5FA-185B-48C6-A7F4-0F0F23B971F0
ms.reviewer:
manager: dansimp
-ms.author: v-madhi
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
Mkdir BootBackup
@@ -144,7 +144,7 @@ R:\> Copy *.* D:\BootBackup
Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL
```
- For example: if we assign the ,System Drive> (WinRE drive) the letter R and the is the letter D, this command would be the following:
+ For example: if we assign the `` (WinRE drive) the letter R and the `` is the letter D, this command would be the following:
```cmd
Bcdboot D:\windows /s R: /f ALL
@@ -155,13 +155,13 @@ R:\> Copy *.* D:\BootBackup
If you do not have a Windows 10 ISO, you must format the partition and copy **bootmgr** from another working computer that has a similar Windows build. To do this, follow these steps:
-1. Start **Notepad** .
+1. Start **Notepad** .
-2. Press Ctrl+O.
+2. Press Ctrl+O.
-3. Navigate to the system partition (in this example, it is R).
+3. Navigate to the system partition (in this example, it is R).
-4. Right-click the partition, and then format it.
+4. Right-click the partition, and then format it.
### Troubleshooting if this issue occurs after a Windows Update installation
@@ -171,35 +171,35 @@ Run the following command to verify the Windows update installation and dates:
Dism /Image:: /Get-packages
```
-After you run this command, you will see the **Install pending** and **Uninstall Pending ** packages:
+After you run this command, you will see the **Install pending** and **Uninstall Pending** packages:
-1. Run the `dism /Image:C:\ /Cleanup-Image /RevertPendingActions` command. Replace **C:** with the system partition for your computer.
+1. Run the `dism /Image:C:\ /Cleanup-Image /RevertPendingActions` command. Replace **C:** with the system partition for your computer.
-2. Navigate to ***OSdriveLetter* :\Windows\WinSxS** , and then check whether the **pending.xml** file exists. If it does, rename it to **pending.xml.old**.
+2. Navigate to ***OSdriveLetter* :\Windows\WinSxS** , and then check whether the **pending.xml** file exists. If it does, rename it to **pending.xml.old**.
-3. To revert the registry changes, type **regedit** at the command prompt to open **Registry Editor**.
+3. To revert the registry changes, type **regedit** at the command prompt to open **Registry Editor**.
-4. Select **HKEY_LOCAL_MACHINE**, and then go to **File** > **Load Hive**.
+4. Select **HKEY_LOCAL_MACHINE**, and then go to **File** > **Load Hive**.
-5. Navigate to **OSdriveLetter:\Windows\System32\config**, select the file that is named **COMPONENT** (with no extension), and then select **Open**. When you are prompted, enter the name **OfflineComponentHive** for the new hive
+5. Navigate to **OSdriveLetter:\Windows\System32\config**, select the file that is named **COMPONENT** (with no extension), and then select **Open**. When you are prompted, enter the name **OfflineComponentHive** for the new hive
-6. Expand **HKEY_LOCAL_MACHINE\OfflineComponentHive**, and check whether the **PendingXmlIdentifier** key exists. Create a backup of the **OfflineComponentHive** key, and then delete the **PendingXmlIdentifier** key.
+6. Expand **HKEY_LOCAL_MACHINE\OfflineComponentHive**, and check whether the **PendingXmlIdentifier** key exists. Create a backup of the **OfflineComponentHive** key, and then delete the **PendingXmlIdentifier** key.
-7. Unload the hive. To do this, highlight **OfflineComponentHive**, and then select **File** > **Unload hive**.
+7. Unload the hive. To do this, highlight **OfflineComponentHive**, and then select **File** > **Unload hive**.
-8. Select **HKEY_LOCAL_MACHINE**, go to **File** > **Load Hive**, navigate to ***OSdriveLetter* :\Windows\System32\config**, select the file that is named **SYSTEM** (with no extension), and then select **Open** . When you are prompted, enter the name **OfflineSystemHive** for the new hive.
+8. Select **HKEY_LOCAL_MACHINE**, go to **File** > **Load Hive**, navigate to ***OSdriveLetter* :\Windows\System32\config**, select the file that is named **SYSTEM** (with no extension), and then select **Open** . When you are prompted, enter the name **OfflineSystemHive** for the new hive.
-9. Expand **HKEY_LOCAL_MACHINE\OfflineSystemHive**, and then select the **Select** key. Check the data for the **Default** value.
+9. Expand **HKEY_LOCAL_MACHINE\OfflineSystemHive**, and then select the **Select** key. Check the data for the **Default** value.
-10. If the data in **HKEY_LOCAL_MACHINE\OfflineSystemHive\Select\Default** is **1** , expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001**. If it is **2**, expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet002**, and so on.
+10. If the data in **HKEY_LOCAL_MACHINE\OfflineSystemHive\Select\Default** is **1** , expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001**. If it is **2**, expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet002**, and so on.
11. Expand **Control\Session Manager**. Check whether the **PendingFileRenameOperations** key exists. If it does, back up the **SessionManager** key, and then delete the **PendingFileRenameOperations** key.
@@ -209,9 +209,9 @@ After you run this command, you will see the **Install pending** and **Uninstall
1. Follow steps 1-10 in the "Troubleshooting if this issue occurs after an Windows Update installation" section. (Step 11 does not apply to this procedure.)
-2. Expand **Services**.
+2. Expand **Services**.
-3. Make sure that the following registry keys exist under **Services**:
+3. Make sure that the following registry keys exist under **Services**:
* ACPI
diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md
index 9562483162..57398a2764 100644
--- a/windows/client-management/troubleshoot-networking.md
+++ b/windows/client-management/troubleshoot-networking.md
@@ -29,7 +29,7 @@ The following topics are available to help you troubleshoot common problems rela
[802.1X authenticated wired access overview](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831831(v=ws.11))
[802.1X authenticated wireless access overview](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994700(v%3dws.11))
[Wireless cccess deployment overview](https://docs.microsoft.com/windows-server/networking/core-network-guide/cncg/wireless/b-wireless-access-deploy-overview)
-[TCP/IP technical reference](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd379473(v=ws.10))
+[TCP/IP technical reference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd379473(v=ws.10))
[Network Monitor](https://docs.microsoft.com/windows/desktop/netmon2/network-monitor)
[RPC and the network](https://docs.microsoft.com/windows/desktop/rpc/rpc-and-the-network)
[How RPC works](https://docs.microsoft.com/windows/desktop/rpc/how-rpc-works)
diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index 42fb6ef17e..0c13fc8950 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -107,8 +107,8 @@ You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that
More information on how to use Dumpchk.exe to check your dump files:
-- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
-- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
+- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
### Pagefile Settings
@@ -142,7 +142,7 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols
4. Start the install and choose **Debugging Tools for Windows**. This will install the WinDbg tool.
5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.
a. If the computer is connected to the Internet, enter the [Microsoft public symbol server](https://docs.microsoft.com/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.
- b. If the computer is not connected to the Internet, you must specify a local [symbol path](https://docs.microsoft.com/en-in/windows-hardware/drivers/debugger/symbol-path).
+ b. If the computer is not connected to the Internet, you must specify a local [symbol path](https://docs.microsoft.com/windows-hardware/drivers/debugger/symbol-path).
6. Click on **Open Crash Dump**, and then open the memory.dmp file that you copied. See the example below.
7. There should be a link that says **!analyze -v** under **Bugcheck Analysis**. Click that link. This will enter the command !analyze -v in the prompt at the bottom of the page.
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index 2049a34777..a33d808d2f 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -78,9 +78,9 @@ Reboot of the server will resolve the issue temporarily, but you would see all t
If you suspect that the machine is in a state of port exhaustion:
-1. Try making an outbound connection. From the server/machine, access a remote share or try an RDP to another server or telnet to a server on a port. If the outbound connection fails for all of these, go to the next step.
+1. Try making an outbound connection. From the server/machine, access a remote share or try an RDP to another server or telnet to a server on a port. If the outbound connection fails for all of these, go to the next step.
-2. Open event viewer and under the system logs, look for the events which clearly indicate the current state:
+2. Open event viewer and under the system logs, look for the events which clearly indicate the current state:
a. **Event ID 4227**
@@ -133,12 +133,12 @@ For Windows 7 and Windows Server 2008 R2, you can update your Powershell version
If method 1 does not help you identify the process (prior to Windows 10 and Windows Server 2012 R2), then have a look at Task Manager:
-1. Add a column called “handles” under details/processes.
-2. Sort the column handles to identify the process with the highest number of handles. Usually the process with handles greater than 3000 could be the culprit except for processes like System, lsass.exe, store.exe, sqlsvr.exe.
+1. Add a column called “handles” under details/processes.
+2. Sort the column handles to identify the process with the highest number of handles. Usually the process with handles greater than 3000 could be the culprit except for processes like System, lsass.exe, store.exe, sqlsvr.exe.
-3. If any other process than these has a higher number, stop that process and then try to login using domain credentials and see if it succeeds.
+3. If any other process than these has a higher number, stop that process and then try to login using domain credentials and see if it succeeds.
### Method 3
@@ -147,13 +147,13 @@ If Task Manager did not help you identify the process, then use Process Explorer
Steps to use Process explorer:
1. [Download Process Explorer](https://docs.microsoft.com/sysinternals/downloads/process-explorer) and run it **Elevated**.
-2. Alt + click the column header, select **Choose Columns**, and on the **Process Performance** tab, add **Handle Count**.
-3. Select **View \ Show Lower Pane**.
-4. Select **View \ Lower Pane View \ Handles**.
-5. Click the **Handles** column to sort by that value.
-6. Examine the processes with higher handle counts than the rest (will likely be over 10,000 if you can't make outbound connections).
-7. Click to highlight one of the processes with a high handle count.
-8. In the lower pane, the handles listed as below are sockets. (Sockets are technically file handles).
+2. Alt + click the column header, select **Choose Columns**, and on the **Process Performance** tab, add **Handle Count**.
+3. Select **View \ Show Lower Pane**.
+4. Select **View \ Lower Pane View \ Handles**.
+5. Click the **Handles** column to sort by that value.
+6. Examine the processes with higher handle counts than the rest (will likely be over 10,000 if you can't make outbound connections).
+7. Click to highlight one of the processes with a high handle count.
+8. In the lower pane, the handles listed as below are sockets. (Sockets are technically file handles).
File \Device\AFD
diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
index 7022b0feb4..7fd5ff086f 100644
--- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md
+++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
@@ -73,16 +73,16 @@ With Registry Editor, you can modify the following parameters for RPC. The RPC P
In this example ports 5000 through 6000 inclusive have been arbitrarily selected to help illustrate how the new registry key can be configured. This is not a recommendation of a minimum number of ports needed for any particular system.
-1. Add the Internet key under: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
+1. Add the Internet key under: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
-2. Under the Internet key, add the values "Ports" (MULTI_SZ), "PortsInternetAvailable" (REG_SZ), and "UseInternetPorts" (REG_SZ).
+2. Under the Internet key, add the values "Ports" (MULTI_SZ), "PortsInternetAvailable" (REG_SZ), and "UseInternetPorts" (REG_SZ).
For example, the new registry key appears as follows:
Ports: REG_MULTI_SZ: 5000-6000
PortsInternetAvailable: REG_SZ: Y
UseInternetPorts: REG_SZ: Y
-3. Restart the server. All applications that use RPC dynamic port allocation use ports 5000 through 6000, inclusive.
+3. Restart the server. All applications that use RPC dynamic port allocation use ports 5000 through 6000, inclusive.
You should open up a range of ports above port 5000. Port numbers below 5000 may already be in use by other applications and could cause conflicts with your DCOM application(s). Furthermore, previous experience shows that a minimum of 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other.
@@ -156,7 +156,7 @@ Netsh trace stop
Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md) or Message Analyzer and filter the trace for
-- Ipv4.address== and ipv4.address== and tcp.port==135 or just tcp.port==135 should help.
+- `Ipv4.address==` and `ipv4.address==` and `tcp.port==135` or just `tcp.port==135` should help.
- Look for the “EPM” Protocol Under the “Protocol” column.
@@ -166,7 +166,7 @@ Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md)
- Check if we are connecting successfully to this Dynamic port successfully.
-- The filter should be something like this: tcp.port== and ipv4.address==
+- The filter should be something like this: `tcp.port==` and `ipv4.address==`
diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index 4c111bd5f7..664dc7700e 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -16,7 +16,7 @@ ms.author: dansimp
This article describes how to troubleshoot freeze issues on Windows-based computers and servers. It also provides methods for collecting data that will help administrators or software developers diagnose, identify, and fix these issues.
-> [!Note]
+> [!NOTE]
> The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
## Identify the problem
@@ -76,14 +76,14 @@ To collect data for a server freeze, check the following table, and use one or m
### Method 1: Memory dump
-> [!Note]
+> [!NOTE]
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
A complete memory dump file records all the contents of system memory when the computer stops unexpectedly. A complete memory dump file may contain data from processes that were running when the memory dump file was collected.
If the computer is no longer frozen and now is running in a good state, use the following steps to enable memory dump so that you can collect memory dump when the freeze issue occurs again. If the virtual machine is still running in a frozen state, use the following steps to enable and collect memory dump.
-> [!Note]
+> [!NOTE]
> If you have a restart feature that is enabled on the computer, such as the Automatic System Restart (ASR) feature in Compaq computers, disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS doesn't detect a heartbeat from the operating system, it will restart the computer. The restart can interrupt the dump process.
@@ -97,7 +97,7 @@ If the computer is no longer frozen and now is running in a good state, use the
3. In the **Write Debugging Information** section, select **Complete Memory Dump**.
- > [!Note]
+ > [!NOTE]
> For Windows versions that are earlier than Windows 8 or Windows Server 2012, the Complete Memory Dump type isn't available in the GUI. You have to change it in Registry Editor. To do this, change the value of the following **CrashDumpEnabled** registry entry to **1** (REG_DWORD):
>**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled**
@@ -129,14 +129,14 @@ If the computer is no longer frozen and now is running in a good state, use the
3. On some physical computers, you may generate a nonmakeable interruption (NMI) from the Web Interface feature (such as DRAC, iLo, and RSA). However, by default, this setting will stop the system without creating a memory dump.
- To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change.
+ To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change.
- > [!Note]
+ > [!NOTE]
> This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146).
4. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file.
- > [!Note]
+ > [!NOTE]
> By default, the dump file is located in the following path:
> %SystemRoot%\MEMORY.DMP
@@ -145,8 +145,8 @@ If the computer is no longer frozen and now is running in a good state, use the
Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid.
-- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
-- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
+- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
Learn how to use Dumpchk.exe to check your dump files:
@@ -187,24 +187,24 @@ The Performance Monitor log is located in the path: C:\PERFLOGS
#### Use memory dump to collect data for the physical computer that's running in a frozen state
-> [!Warning]
+> [!WARNING]
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
If the physical computer is still running in a frozen state, follow these steps to enable and collect memory dump:
1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network. To do this, follow these steps:
- > [!Note]
+ > [!NOTE]
> If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI interruption. The result of the action may not collect a memory dump file if some of the following settings aren't qualified.
1. Try to access the desktop of the computer by any means.
- > [!Note]
+ > [!NOTE]
> In case accessing the operating system isn't possible, try to access Registry Editor on the computer remotely in order to check the type of memory dump file and page file with which the computer is currently configured.
2. From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings:
- * ` `*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`
+ * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`
Make sure that the [CrashDumpEnabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`.
@@ -218,7 +218,7 @@ If the physical computer is still running in a frozen state, follow these steps
If the page file is customized, the size will be reflected in the registry, such as ‘?:\pagefile.sys 1024 1124’ where 1024 is the initial size and 1124 is the max size.
- > [!Note]
+ > [!NOTE]
> If the size isn't reflected in the Registry, try to access an Administrative share where the page file is located (such as \\\\**ServerName**\C$).
3. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM.
@@ -244,7 +244,7 @@ If the physical computer is still running in a frozen state, follow these steps
4. Restart the computer.
3. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump.
- > [!Note]
+ > [!NOTE]
> By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP
### Use Pool Monitor to collect data for the physical computer that is no longer frozen
@@ -267,7 +267,7 @@ To debug the virtual machines on Hyper-V, run the following cmdlet in Windows Po
Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname
```
-> [!Note]
+> [!NOTE]
> This method is applicable only to Windows 8, Windows Server 2012, and later versions of Windows virtual machines. For the earlier versions of Windows, see methods 1 through 4 that are described earlier in this section.
#### VMware
diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md
index f78666d243..9790bdb770 100644
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ b/windows/client-management/windows-10-mobile-and-mdm.md
@@ -27,11 +27,11 @@ Employees increasingly depend on smartphones to complete daily work tasks, but t
Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution.
**In this article**
-- [Deploy](#deploy)
-- [Configure](#configure)
-- [Apps](#apps)
-- [Manage](#manage)
-- [Retire](#retire)
+- [Deploy](#deploy)
+- [Configure](#configure)
+- [Apps](#apps)
+- [Manage](#manage)
+- [Retire](#retire)
## Deploy
@@ -365,18 +365,18 @@ You can define and deploy APN profiles in MDM systems that configure cellular da
- **APN name** The APN name
- *IP connection type* The IP connection type; set to one of the following values:
- - IPv4 only
- - IPv6 only
- - IPv4 and IPv6 concurrently
- - IPv6 with IPv4 provided by 46xlat
+ - IPv4 only
+ - IPv6 only
+ - IPv4 and IPv6 concurrently
+ - IPv6 with IPv4 provided by 46xlat
- **LTE attached** Whether the APN should be attached as part of an LTE Attach
- **APN class ID** The globally unique identifier that defines the APN class to the modem
- **APN authentication type** The APN authentication type; set to one of the following values:
- - None
- - Auto
- - PAP
- - CHAP
- - MSCHAPv2
+ - None
+ - Auto
+ - PAP
+ - CHAP
+ - MSCHAPv2
- **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type
- **Password** The password for the user account specified in User name
- **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile
@@ -978,12 +978,12 @@ Thisis a lists of attributes that are supported by DHA and can trigger the corre
Windows 10 mobile has protective measures that work together and integrate with Microsoft Intune or third-party Mobile Device Management (MDM) solutions. IT administrators can monitor and verify compliance to ensure corporate resources are protected end-to–end with the security and trust rooted in the physical hardware of the device.
Here is what occurs when a smartphone is turned on:
-1. Windows 10 Secure Boot protects the boot sequence, enables the device to boot into a defined and trusted configuration, and loads a factory trusted boot loader.
-2. Windows 10 Trusted Boot takes control, verifies the digital signature of the Windows kernel, and the components are loaded and executed during the Windows startup process.
-3. In parallel to Steps 1 and 2, Windows 10 Mobile TPM (Trusted Platform Modules – measured boot) runs independently in a hardware-protected security zone (isolated from boot execution path monitors boot activities) to create an integrity protected and tamper evident audit trail - signed with a secret that is only accessible by TPM.
-4. Devices managed by a DHA-enabled MDM solution send a copy of this audit trail to Microsoft Health Attestation Service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.
-5. Microsoft HAS reviews the audit trails, issues an encrypted/signed report, and forwards it to the device.
-6. IT managers can use a DHA-enabled MDM solution to review the report in a protected, tamper-resistant and tamper-evident communication channel. They can assess if a device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with security needs and enterprise policies.
+1. Windows 10 Secure Boot protects the boot sequence, enables the device to boot into a defined and trusted configuration, and loads a factory trusted boot loader.
+2. Windows 10 Trusted Boot takes control, verifies the digital signature of the Windows kernel, and the components are loaded and executed during the Windows startup process.
+3. In parallel to Steps 1 and 2, Windows 10 Mobile TPM (Trusted Platform Modules – measured boot) runs independently in a hardware-protected security zone (isolated from boot execution path monitors boot activities) to create an integrity protected and tamper evident audit trail - signed with a secret that is only accessible by TPM.
+4. Devices managed by a DHA-enabled MDM solution send a copy of this audit trail to Microsoft Health Attestation Service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.
+5. Microsoft HAS reviews the audit trails, issues an encrypted/signed report, and forwards it to the device.
+6. IT managers can use a DHA-enabled MDM solution to review the report in a protected, tamper-resistant and tamper-evident communication channel. They can assess if a device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with security needs and enterprise policies.
### Asset reporting
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index afcec998a5..7d787f544d 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -49,26 +49,26 @@ These are the top Microsoft Support solutions for the most common issues experie
## Solutions related to installing Windows Updates
-- [How does Windows Update work](https://docs.microsoft.com/en-us/windows/deployment/update/how-windows-update-works)
-- [Windows Update log files](https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-logs)
-- [Windows Update troubleshooting](https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting)
-- [Windows Update common errors and mitigation](https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-errors)
-- [Windows Update - additional resources](https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-resources)
+- [How does Windows Update work](https://docs.microsoft.com/windows/deployment/update/how-windows-update-works)
+- [Windows Update log files](https://docs.microsoft.com/windows/deployment/update/windows-update-logs)
+- [Windows Update troubleshooting](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting)
+- [Windows Update common errors and mitigation](https://docs.microsoft.com/windows/deployment/update/windows-update-errors)
+- [Windows Update - additional resources](https://docs.microsoft.com/windows/deployment/update/windows-update-resources)
## Solutions related to installing or upgrading Windows
-- [Quick Fixes](https://docs.microsoft.com/en-us/windows/deployment/upgrade/quick-fixes)
-- [Troubleshooting upgrade errors](https://docs.microsoft.com/en-us/windows/deployment/upgrade/troubleshoot-upgrade-errors)
-- [Resolution procedures](https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolution-procedures)
+- [Quick Fixes](https://docs.microsoft.com/windows/deployment/upgrade/quick-fixes)
+- [Troubleshooting upgrade errors](https://docs.microsoft.com/windows/deployment/upgrade/troubleshoot-upgrade-errors)
+- [Resolution procedures](https://docs.microsoft.com/windows/deployment/upgrade/resolution-procedures)
- [0xc1800118 error when you push Windows 10 Version 1607 by using WSUS](https://support.microsoft.com/en-in/help/3194588/0xc1800118-error-when-you-push-windows-10-version-1607-by-using-wsus)
- [0xC1900101 error when Windows 10 upgrade fails after the second system restart](https://support.microsoft.com/en-in/help/3208485/0xc1900101-error-when-windows-10-upgrade-fails-after-the-second-system)
## Solutions related to BitLocker
-- [BitLocker recovery guide](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan)
-- [BitLocker: How to enable Network Unlock](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock)
-- [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker)
-- [BitLocker Group Policy settings](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings)
+- [BitLocker recovery guide](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan)
+- [BitLocker: How to enable Network Unlock](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock)
+- [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker)
+- [BitLocker Group Policy settings](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings)
## Solutions related to Bugchecks or Stop Errors
- [Troubleshooting Stop error problems for IT Pros](https://support.microsoft.com/help/3106831/troubleshooting-stop-error-problems-for-it-pros)
@@ -92,8 +92,8 @@ These are the top Microsoft Support solutions for the most common issues experie
- [Modern apps are blocked by security software when you start the applications on Windows 10 Version 1607](https://support.microsoft.com/help/4016973/modern-apps-are-blocked-by-security-software-when-you-start-the-applic)
## Solutions related to wireless networking and 802.1X authentication
-- [Advanced Troubleshooting Wireless Network](Connectivity]https://docs.microsoft.com/en-us/windows/client-management/advanced-troubleshooting-wireless-network-connectivity)
-- [Advanced Troubleshooting 802.1x Authentication](https://docs.microsoft.com/en-us/windows/client-management/advanced-troubleshooting-802-authentication)
-- [Troubleshooting Windows 802.11 Wireless Connections](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc766215(v=ws.10))
-- [Troubleshooting Windows Secure 802.3 Wired Connections](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc749352(v%3dws.10))
+- [Advanced Troubleshooting Wireless Network](Connectivity]https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-wireless-network-connectivity)
+- [Advanced Troubleshooting 802.1x Authentication](https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-802-authentication)
+- [Troubleshooting Windows 802.11 Wireless Connections](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-vista/cc766215(v=ws.10))
+- [Troubleshooting Windows Secure 802.3 Wired Connections](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-vista/cc749352(v%3dws.10))
- [Windows 10 devices can't connect to an 802.1X environment](https://support.microsoft.com/kb/3121002)
diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md
index c6dc6eab15..b5977c0973 100644
--- a/windows/client-management/windows-libraries.md
+++ b/windows/client-management/windows-libraries.md
@@ -117,7 +117,7 @@ See the [Library Description Schema](https://go.microsoft.com/fwlink/?LinkId=159
### Concepts
-- [Windows Search Features ](https://technet.microsoft.com/library/dd744686.aspx)
+- [Windows Search Features](https://technet.microsoft.com/library/dd744686.aspx)
- [Windows Indexing Features](https://technet.microsoft.com/library/dd744700.aspx)
- [Federated Search Features](https://technet.microsoft.com/library/dd744682.aspx)
- [Administrative How-to Guides](https://technet.microsoft.com/library/ee461108.aspx)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 6e4fc5d47e..cca3071cad 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -214,7 +214,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also
| New or changed topic | Description |
| --- | --- |
| [Configure cellular settings for tablets and PCs](provisioning-apn.md) | New |
-| [ Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added MDM policies for privacy settings |
+| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added MDM policies for privacy settings |
## April 2017
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
index 73ee1abcef..095fa77861 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
@@ -30,22 +30,22 @@ You must be a CRM administrator to turn on and use Preview features. For more in
**To turn on Cortana with Dynamics CRM**
-1. Go to **Settings**, and then click **Administration**.
+1. Go to **Settings**, and then click **Administration**.
-2. Choose **System Settings**, and then click the **Previews** tab.
+2. Choose **System Settings**, and then click the **Previews** tab.
-3. Read the license terms, and if you agree, select the **I’ve read and agree to the license terms** check box.
+3. Read the license terms, and if you agree, select the **I’ve read and agree to the license terms** check box.
-4. For each preview feature you want to enable, click **Yes**.
+4. For each preview feature you want to enable, click **Yes**.
## Turn on Cortana with Dynamics CRM on your employees’ devices
You must tell your employees to turn on Cortana, before they’ll be able to use it with Dynamics CRM.
**To turn on local Cortana with Dynamics CRM**
-1. Click on the **Cortana** search box in the taskbar, and then click the **Notebook** icon.
+1. Click on the **Cortana** search box in the taskbar, and then click the **Notebook** icon.
-2. Click on **Connected Services**, click **Dynamics CRM**, and then click **Connect**.
+2. Click on **Connected Services**, click **Dynamics CRM**, and then click **Connect**.
@@ -55,10 +55,10 @@ You must tell your employees to turn on Cortana, before they’ll be able to use
Cortana can only access data in Dynamics CRM when it’s turned on. If you don’t want Cortana to access your corporate data, you can turn it off.
**To turn off Cortana with Dynamics CRM**
-1. Go to **Settings**, and then click **Administration**.
+1. Go to **Settings**, and then click **Administration**.
-2. Choose **System Settings**, and then click the **Previews** tab.
+2. Choose **System Settings**, and then click the **Previews** tab.
-3. Click **No** for **Cortana**.
+3. Click **No** for **Cortana**.
All Dynamics CRM functionality related to Cortana is turned off in your organization.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
index 30bfd1ac31..351942547a 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@@ -45,25 +45,25 @@ You must tell your employees to turn on Cortana before they’ll be able to use
**To turn on local Cortana with Office 365**
-1. Click on the **Cortana** search box in the taskbar, and then click the **Notebook** icon.
+1. Click on the **Cortana** search box in the taskbar, and then click the **Notebook** icon.
-2. Click on **Connected Services**, click **Office 365**, and then click **Connect**.
+2. Click on **Connected Services**, click **Office 365**, and then click **Connect**.
The employee can also disconnect by clicking **Disconnect** from the **Office 365** screen.
## Turn off Cortana with Office 365
-Cortana can only access data in your Office 365 org when it’s turned on. If you don’t want Cortana to access your corporate data, you can turn it off in the Office 365 admin center.
+Cortana can only access data in your Office 365 org when it’s turned on. If you don’t want Cortana to access your corporate data, you can turn it off in the Microsoft 365 admin center.
**To turn off Cortana with Office 365**
-1. [Sign in to Office 365](https://www.office.com/signin) using your Azure AD account.
+1. [Sign in to Office 365](https://www.office.com/signin) using your Azure AD account.
-2. Go to the [Office 365 admin center](https://support.office.com/article/Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547).
+2. Go to the [admin center](https://support.office.com/article/Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547).
-3. Expand **Service Settings**, and select **Cortana**.
+3. Expand **Service Settings**, and select **Cortana**.
-4. Click **Cortana** to toggle Cortana off.
+4. Click **Cortana** to toggle Cortana off.
All Office 365 functionality related to Cortana is turned off in your organization and your employees are unable to use her at work.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
index b0dd7c40b5..8ca269aefe 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
@@ -35,9 +35,9 @@ To use this walkthrough, you’ll need:
- **Azure Active Directory (Azure AD)/Work or School account**. You can use the account that you created for Office 365, or you can create a new one while you’re establishing your Power BI account. If you choose to use Azure AD, you must connect your Azure AD account to your Windows account.
**To connect your account to Windows**
- a. Open **Windows Settings**, click **Accounts**, click **Access work or school**, and then in the **Connect to work or school** section, click **Connect**.
+ a. Open **Windows Settings**, click **Accounts**, click **Access work or school**, and then in the **Connect to work or school** section, click **Connect**.
- b. Follow the instructions to add your Azure Active Directory (Azure AD) account to Windows.
+ b. Follow the instructions to add your Azure Active Directory (Azure AD) account to Windows.
## Set up your test environment for Cortana for Power BI
Before you can start this testing scenario, you must first set up your test environment and data, and then you must turn on and set up Cortana to connect and work with Power BI.
@@ -50,31 +50,31 @@ Before you can start this testing scenario, you must first set up your test envi
-3. Click **Get Data** from the left-hand navigation in Power BI.
+3. Click **Get Data** from the left-hand navigation in Power BI.
-4. Click **Samples** from the **Content Pack Library** area of the **Get Data** screen.
+4. Click **Samples** from the **Content Pack Library** area of the **Get Data** screen.
-5. Click **Retail Analysis Sample**, and then click **Connect**.
+5. Click **Retail Analysis Sample**, and then click **Connect**.
The sample data is imported and you’re returned to the **Power BI** screen.
-6. Click **Dashboards** from the left pane of the **Power BI** screen, and then click **Retail Analysis Sample**.
+6. Click **Dashboards** from the left pane of the **Power BI** screen, and then click **Retail Analysis Sample**.
-7. In the upper right-hand menu, click the **Settings** icon, and then click **Settings**.
+7. In the upper right-hand menu, click the **Settings** icon, and then click **Settings**.
-8. Click the **Datasets** tab, and then pick the **Retail Analysis Sample** dataset from the list.
+8. Click the **Datasets** tab, and then pick the **Retail Analysis Sample** dataset from the list.
-9. Click **Q&A and Cortana**, check the **Allow Cortana to access this dataset** box, and then click **Apply**.
+9. Click **Q&A and Cortana**, check the **Allow Cortana to access this dataset** box, and then click **Apply**.
@@ -90,31 +90,31 @@ After you’ve finished creating your Answer Page, you can continue to the inclu
>It can take up to 30 minutes for a custom Answer Page to appear for Power BI and Cortana. Logging in and out of Windows 10, or otherwise restarting Cortana, causes the new content to appear immediately.
**To create a custom sales data Answer Page for Cortana**
-1. In Power BI, click **My Workspace**, click **Create**, and then click **Report**.
+1. In Power BI, click **My Workspace**, click **Create**, and then click **Report**.
-2. In the **Create Report** screen, click the **Retail Analysis Sample**, and then click **Create**.
+2. In the **Create Report** screen, click the **Retail Analysis Sample**, and then click **Create**.
A blank report page appears.
-3. In the **Visualizations** pane, click the paint roller icon, expand **Page Size**, and then pick **Cortana** from the **Type** drop-down list.
+3. In the **Visualizations** pane, click the paint roller icon, expand **Page Size**, and then pick **Cortana** from the **Type** drop-down list.
-4. In the **Fields** pane, click to expand **Sales**, expand **This year sales**, and then add both **Value** and **Goal**.
+4. In the **Fields** pane, click to expand **Sales**, expand **This year sales**, and then add both **Value** and **Goal**.
The automatically generated graph is added to your blank report. You have the option to change colors, add borders, add additional visualizations, and modify this page so that it answers the question about sales data as precisely, and in as custom a way, as you want. You just need to make sure that it all stays within the page borders.
-5. In the **Visualizations** pane, click the paint roller icon again, expand **Page Information**, type _Sales data 2016_ into the **Name** box, turn on **Q&A**, and then add alternate report names (separated by commas) into the text box.
+5. In the **Visualizations** pane, click the paint roller icon again, expand **Page Information**, type _Sales data 2016_ into the **Name** box, turn on **Q&A**, and then add alternate report names (separated by commas) into the text box.
The alternate names help Cortana to know what questions to look for and when to show this report. To also improve your results, you should avoid using the names of your report columns.
-6. Click **File**, click **Save as**, and save the report as _Sales data 2016_.
+6. Click **File**, click **Save as**, and save the report as _Sales data 2016_.
Because this is part of the Retail Analysis Sample, it will automatically be included as part of the dataset you included for Cortana. However, you will still need to log in and out of Windows 10, or otherwise restart Cortana, before the new content appears.
@@ -122,15 +122,15 @@ After you’ve finished creating your Answer Page, you can continue to the inclu
Now that you’ve set up your device, you can use Cortana to show your info from within Power BI.
**To use Cortana with Power BI**
-1. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+1. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-2. Type _This year in sales_.
+2. Type _This year in sales_.
Cortana shows you the available results.
-3. In the **Power BI** area, click **This year in sales – in Retail Analysis Sample**.
+3. In the **Power BI** area, click **This year in sales – in Retail Analysis Sample**.
Cortana returns your custom report.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index 8842961ced..a1dfe7d5c0 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -47,14 +47,14 @@ This process helps you to sign out of a Microsoft Account and to sign into an Az
## Use Cortana to manage the notebook content
This process helps you to manage the content Cortana shows in your Notebook.
-1. Click on the **Cortana** icon in the taskbar, click the **Notebook**, scroll down and click **Weather**.
+1. Click on the **Cortana** icon in the taskbar, click the **Notebook**, scroll down and click **Weather**.
-2. In the **Weather** settings, scroll down to the **Cities your tracking** area, and then click **Add a city**.
+2. In the **Weather** settings, scroll down to the **Cities your tracking** area, and then click **Add a city**.
-3. Add *Redmond, Washington*, double-click the search result, click **Add**, and then click **Save**.
+3. Add *Redmond, Washington*, double-click the search result, click **Add**, and then click **Save**.
-4. Click on the **Home** icon and scroll to the weather forecast for Redmond, Washington.
+4. Click on the **Home** icon and scroll to the weather forecast for Redmond, Washington.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index 27a951f3bc..70a280cb22 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -38,6 +38,6 @@ This process helps you to use Cortana at work and voice commands to perform a qu
1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box).
-2. Say *What's the weather in Chicago?* Cortana tells you and shows you the current weather in Chicago.
+2. Say *What's the weather in Chicago?* Cortana tells you and shows you the current weather in Chicago.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
index f01109a686..e82abbd92a 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@@ -85,4 +85,4 @@ This process helps you to edit or archive and existing or completed reminder.
-3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click **Save** to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**.
+3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click **Save** to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index 4a461ce194..3283f2d1ad 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -41,9 +41,9 @@ This process helps you find your upcoming meetings.
## Find out about upcoming meetings by using voice commands
This process helps you to use Cortana at work and voice commands to find your upcoming meetings.
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box.
+1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box.
-2. Say _Show me what meeting I have at 3pm tomorrow_.
+2. Say _Show me what meeting I have at 3pm tomorrow_.
>[!IMPORTANT]
>Make sure that you have a meeting scheduled for the time you specify here.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index fa8db5b62f..7fe284c023 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -25,34 +25,34 @@ This scenario helps you to send an email to a co-worker listed in your work addr
## Send an email to a co-worker
This process helps you to send a quick message to a co-worker from the work address book.
-1. Check to make sure your Microsoft Outlook or mail app is connected and synchronized with your Azure AD account.
+1. Check to make sure your Microsoft Outlook or mail app is connected and synchronized with your Azure AD account.
-2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-3. Type _Send an email to <contact_name>_.
+3. Type _Send an email to <contact_name>_.
Where _<contact_name>_ is the name of someone in your work address book.
-4. Type your email message subject into the **Quick message** (255 characters or less) box and your message into the **Message** (unlimited characters) box, and then click **Send**.
+4. Type your email message subject into the **Quick message** (255 characters or less) box and your message into the **Message** (unlimited characters) box, and then click **Send**.
## Send an email to a co-worker by using voice commands
This process helps you to use Cortana at work and voice commands to send a quick message to a co-worker from the work address book.
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box.
+1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box.
-2. Say _Send an email to <contact_name>_.
+2. Say _Send an email to <contact_name>_.
Where _<contact_name>_ is the name of someone in your work address book.
-3. Add your email message by saying, _Hello this is a test email using Cortana at work._
+3. Add your email message by saying, _Hello this is a test email using Cortana at work._
The message is added and you’re asked if you want to **Send it**, **Add more**, or **Make changes**.
-4. Say _Send it_.
+4. Say _Send it_.
The email is sent.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index 65a1d5f319..f731e345d8 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -41,7 +41,7 @@ Cortana automatically finds patterns in your email, suggesting reminders based t
5. Create and send an email to yourself (so you can see the Suggested reminder), including the text, _I’ll finish this project by end of day today_.
-6. After you get the email, click on the Cortana **Home** icon, and scroll to today’s events.
+6. After you get the email, click on the Cortana **Home** icon, and scroll to today’s events.
If the reminder has a specific date or time associated with it, like end of day, Cortana notifies you at the appropriate time and puts the reminder into the Action Center. Also from the Home screen, you can view the email where you made the promise, set aside time on your calendar, officially set the reminder, or mark the reminder as completed.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
index 2a804ea6f2..01f326616c 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@@ -24,16 +24,16 @@ This optional scenario helps you to protect your organization’s data on a devi
## Use Cortana and WIP to protect your organization’s data
-1. Create and deploy an WIP policy to your organization. For info about how to do this, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip).
+1. Create and deploy an WIP policy to your organization. For info about how to do this, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip).
-2. Create a new email from a non-protected or personal mailbox, including the text _I’ll send you that presentation tomorrow_.
+2. Create a new email from a non-protected or personal mailbox, including the text _I’ll send you that presentation tomorrow_.
-3. Wait up to 2 hours to make sure everything has updated, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+3. Wait up to 2 hours to make sure everything has updated, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
Cortana automatically pulls your commitment to sending the presentation out of your email, showing it to you.
-4. Create a new email from a protected mailbox, including the same text as above, _I’ll send you that presentation tomorrow_.
+4. Create a new email from a protected mailbox, including the same text as above, _I’ll send you that presentation tomorrow_.
-5. Wait until everything has updated again, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+5. Wait until everything has updated again, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
Because it was in an WIP-protected email, the presentation info isn’t pulled out and it isn’t shown to you.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
index af76d42aea..825037d62d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
@@ -42,23 +42,23 @@ To enable voice commands in Cortana
While these aren't line-of-business apps, we've worked to make sure to implement a VCD file, allowing you to test how the functionality works with Cortana in your organization.
**To get a Microsoft Store app**
-1. Go to the Microsoft Store, scroll down to the **Collections** area, click **Show All**, and then click **Better with Cortana**.
+1. Go to the Microsoft Store, scroll down to the **Collections** area, click **Show All**, and then click **Better with Cortana**.
-2. Click **Uber**, and then click **Install**.
+2. Click **Uber**, and then click **Install**.
-3. Open Uber, create an account or sign in, and then close the app.
+3. Open Uber, create an account or sign in, and then close the app.
**To set up the app with Cortana**
-1. Click on the **Cortana** search box in the taskbar, and then click the **Notebook** icon.
+1. Click on the **Cortana** search box in the taskbar, and then click the **Notebook** icon.
-2. Click on **Connected Services**, click **Uber**, and then click **Connect**.
+2. Click on **Connected Services**, click **Uber**, and then click **Connect**.
**To use the voice-enabled commands with Cortana**
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box).
+1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box).
-2. Say _Uber get me a taxi_.
+2. Say _Uber get me a taxi_.
Cortana changes, letting you provide your trip details for Uber.
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index 53cd1f9039..7ac4b1ff90 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -45,10 +45,8 @@ You can deploy the resulting .xml file to devices using one of the following met
- [Mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-
## Customize the Start screen on your test computer
-
To prepare a Start layout for export, you simply customize the Start layout on a test computer.
**To prepare a test computer**
@@ -57,7 +55,6 @@ To prepare a Start layout for export, you simply customize the Start layout on a
2. Create a new user account that you will use to customize the Start layout.
-
**To customize Start**
1. Sign in to your test computer with the user account that you created.
@@ -81,10 +78,8 @@ To prepare a Start layout for export, you simply customize the Start layout on a
>
>In earlier versions of Windows 10, no tile would be pinned.
-
## Export the Start layout
-
When you have the Start layout that you want your users to see, use the [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell to export the Start layout to an .xml file. Start layout is located by default at C:\Users\username\AppData\Local\Microsoft\Windows\Shell\
>[!IMPORTANT]
@@ -96,7 +91,7 @@ When you have the Start layout that you want your users to see, use the [Export-
2. On a device running Windows 10, version 1607, 1703, or 1803, at the Windows PowerShell command prompt, enter the following command:
- `Export-StartLayout –path .xml `
+ `Export-StartLayout –path .xml`
On a device running Windows 10, version 1809, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:
@@ -176,12 +171,12 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
**To configure a partial Start screen layout**
-1. [Customize the Start layout](#bmk-customize-start).
+1. [Customize the Start layout](#customize-the-start-screen-on-your-test-computer).
-2. [Export the Start layout](#bmk-exportstartscreenlayout).
+2. [Export the Start layout](#export-the-start-layout).
3. Open the layout .xml file. There is a `` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows:
- ``` syntax
+ ```xml
```
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index 95610629f1..0647e4eec3 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -28,7 +28,7 @@ In Windows 10 Pro, Enterprise, and Education, you can use a Group Policy Object
This topic describes how to update Group Policy settings to display a customized Start and taskbar layout when the users sign in. By creating a domain-based GPO with these settings, you can deploy a customized Start and taskbar layout to users in a domain.
->[!WARNING]
+>[!WARNING]
>When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. When you apply a taskbar layout, users will still be able to pin and unpin apps, and change the order of pinned apps.
@@ -49,14 +49,14 @@ Three features enable Start and taskbar layout control:
- The [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
- >[!NOTE]
+ >[!NOTE]
>To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet.
- [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration.
- In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied. The Group Policy object doesn't support an empty tile layout, so the default tile layout for Windows is loaded in that case.
->[!NOTE]
+>[!NOTE]
>To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863).
@@ -79,7 +79,7 @@ For information about deploying GPOs in a domain, see [Working with Group Policy
You can use the Local Group Policy Editor to provide a customized Start and taskbar layout for any user who signs in on the local computer. To display the customized Start and taskbar layout for any user who signs in, configure **Start Layout** policy settings for the **Start Menu and Taskbar** administrative template. You can use the **Start Menu and Taskbar** administrative template in **User Configuration** or **Computer Configuration**.
->[!NOTE]
+>[!NOTE]
>This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment).
>
>This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620881). The guide was written for Windows Vista and the procedures still apply to Windows 10.
@@ -130,7 +130,7 @@ After you use Group Policy to apply a customized Start and taskbar layout on a c
- [Add image for secondary tiles](start-secondary-tiles.md)
- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
index a125aa663d..bda947c233 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -30,9 +30,9 @@ In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can us
>[!NOTE]
>Support for applying a customized taskbar using MDM is added in Windows 10, version 1703.
-**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions.
+**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions (also works for taskbar customization).
->[!WARNING]
+>[!WARNING]
>When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups.
@@ -44,7 +44,7 @@ Two features enable Start layout control:
- The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
- >[!NOTE]
+ >[!NOTE]
>To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet.
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index d9b3a37932..56de2504c6 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -39,7 +39,7 @@ Three features enable Start and taskbar layout control:
- The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
- >[!NOTE]
+ >[!NOTE]
>To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet.
- [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration.
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index e2e249e9d1..1ca640e263 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -31,11 +31,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
- "ms.author": "jdecker",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 33cf15dabb..b08ebebd2c 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -31,59 +31,59 @@ Here’s an example to set AssignedAccess configuration:
3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell.
4. Execute the following script:
-```ps
+```xml
$nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = @"
-<?xml version="1.0" encoding="utf-8" ?>
-<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
- <Profiles>
- <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
- <AllAppsList>
- <AllowedApps>
- <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
- <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
- <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
- <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
- <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
- <App DesktopAppPath="%windir%\system32\mspaint.exe" />
- <App DesktopAppPath="C:\Windows\System32\notepad.exe" />
- </AllowedApps>
- </AllAppsList>
- <StartLayout>
- <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
- <LayoutOptions StartTileGroupCellWidth="6" />
- <DefaultLayoutOverride>
- <StartLayoutCollection>
- <defaultlayout:StartLayout GroupCellWidth="6">
- <start:Group Name="Group1">
- <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
- <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
- <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
- <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
- <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
- </start:Group>
- <start:Group Name="Group2">
- <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
- <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
- </start:Group>
- </defaultlayout:StartLayout>
- </StartLayoutCollection>
- </DefaultLayoutOverride>
- </LayoutModificationTemplate>
- ]]>
- </StartLayout>
- <Taskbar ShowTaskbar="true"/>
- </Profile>
- </Profiles>
- <Configs>
- <Config>
- <Account>MultiAppKioskUser</Account>
- <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
- </Config>
- </Configs>
-</AssignedAccessConfiguration>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+ MultiAppKioskUser
+
+
+
+
"@
Set-CimInstance -CimInstance $obj
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 053041d24b..c3491784d7 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -71,7 +71,7 @@ In addition to the settings in the table, you may want to set up **automatic log
1. Open Registry Editor (regedit.exe).
- >[!NOTE]
+ >[!NOTE]
>If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).
@@ -251,7 +251,7 @@ The following table describes some features that have interoperability issues we
Customers sometimes use virtual machines (VMs) to test configurations before deploying those configurations to physical devices. If you use a VM to test your single-app kiosk configuration, you need to know how to connect to the VM properly.
-A single-app kiosk kiosk configuration runs an app above the lockscreen. It doesn't work when it's accessed remotely, which includes *enhanced* sessions in Hyper-V.
+A single-app kiosk configuration runs an app above the lockscreen. It doesn't work when it's accessed remotely, which includes *enhanced* sessions in Hyper-V.
When you connect to a VM configured as a single-app kiosk, you need a *basic* session rather than an enhanced session. In the following image, notice that **Enhanced session** is not selected in the **View** menu; that means it's a basic session.
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 1e484e0795..327042ee5c 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -45,7 +45,7 @@ Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new e
In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers additional enhancements:
- You can use a custom Windows desktop application that can then launch UWP apps, such as **Settings** and **Touch Keyboard**.
- From a custom UWP shell, you can launch secondary views and run on multiple monitors.
-- The custom shell app runs in full screen, and and can run other apps in full screen on user’s demand.
+- The custom shell app runs in full screen, and can run other apps in full screen on user’s demand.
For sample XML configurations for the different app combinations, see [Samples for Shell Launcher v2](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2).
@@ -94,7 +94,7 @@ You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to confi
The following XML sample works for **Shell Launcher v1**:
-```
+```xml
@@ -110,9 +110,9 @@ The following XML sample works for **Shell Launcher v1**:
```
-For **Shell Launcher v2**, you will use a different schema reference and a different app type for `Shell`, as shown in the following example.
+For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `v2:AppType` to specify the type, as shown in the following example. If `v2:AppType` is not specified, it implies the shell is Win32 app.
-```
+```xml
@@ -138,7 +138,7 @@ In your MDM service, you can create a [custom OMA-URI setting](https://docs.micr
The OMA-URI path is `./Device/Vendor/MSFT/AssignedAccess/ShellLauncher`.
-For the value, you can select data type `String` and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type `String (XML file)` instead.
+For the value, you can select data type `String` and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type `String (XML file)`.
@@ -150,7 +150,7 @@ For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scri
For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
-```
+```powershell
# Check if shell launcher license is enabled
function Check-ShellLauncherLicenseEnabled
{
@@ -282,3 +282,27 @@ $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
```
+
+## default action, custom action, exit code
+Shell launcher defines 4 actions to handle app exits, you can customize shell launcher and use these actions based on different exit code.
+
+Value|Description
+--- | ---
+0|Restart the shell
+1|Restart the device
+2|Shut down the device
+3|Do nothing
+
+These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](https://docs.microsoft.com/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
+
+To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommeded to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
+``` xml
+
+
+
+
+
+
+
+
+```
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 89c720dbc9..fec62e33fd 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -31,7 +31,7 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th
>[!IMPORTANT]
>[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
>
->Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk. Apps that run in kiosk mode cannot use copy and paste.
You have several options for configuring your single-app kiosk.
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 29544ec314..ea34adf834 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -28,7 +28,7 @@ Optionally, run Event Viewer (eventvwr.exe) and look through logs under **Applic
To test the kiosk, sign in with the assigned access user account you specified in the configuration to check out the multi-app experience.
->[!NOTE]
+>[!NOTE]
>The kiosk configuration setting will take effect the next time the assigned access user signs in. If that user account is signed in when you apply the configuration, make sure the user signs out and signs back in to validate the experience.
The following sections explain what to expect on a multi-app kiosk.
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index f2ab6d4bd9..2cde6940fa 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -26,7 +26,7 @@ ms.topic: article
## Full XML sample
>[!NOTE]
->Updated for Windows 10, version 1809.
+>Updated for Windows 10, version 1903, and Windows 10 Prerelease
```xml
@@ -165,11 +165,479 @@ ms.topic: article
```
+## Auto Launch Sample XML
+
+This sample demonstrates that both UWP and Win32 apps can be configured to automatically launch, when assigned access account logs in. One profile can have at most one app configured for auto launch. AutoLaunchArguments are passed to the apps as is and the app needs to handle the arguments explicitly.
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+ aauser1
+
+
+
+ aauser2
+
+
+
+
+
+```
+
+## [Preview] Global Profile Sample XML
+Global Profile is currently supported in Windows 10 Prerelease. Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
+
+This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+```
+
+Below sample shows dedicated profile and global profile mixed usage, aauser would use one profile, everyone else that's non-admin will use another profile.
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+ aauser
+
+
+
+
+
+```
+
+## [Preview] Folder Access sample xml
+In Windows 10 1809 release, folder access is locked down that when common file dialog is opened, IT Admin can specify if user has access to the Downloads folder, or no access to any folder at all. This restriction has be redesigned for finer granulatity and easier use, available in current Windows 10 Prerelease.
+
+IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Note that Downloads and Removable Drives can be allowed at the same time.
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+ multi1
+
+
+
+ multi2
+
+
+
+ multi3
+
+
+
+ multi4
+
+
+
+ multi5
+
+
+
+ multi6
+
+
+
+
+
+
+```
## XSD for AssignedAccess configuration XML
>[!NOTE]
->Updated for Windows 10, version 1809.
+>Updated for Windows 10, version 1903 and Windows 10 Prerelease.
+Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
```xml
@@ -179,172 +647,174 @@ ms.topic: article
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
+ xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
>
-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
```
-## XSD schema for new elements in Windows 10, version 1809
-
+Here is the schema for new features introduced in Windows 10 1809 release
```xml
-
-
-
-
-
+
-
-
-
+
+
+
+
+
+
+
+
+
-
-
-
-
-
+
+
+
-
+
+
+
+
+
-
+
-
+
-
+
+
+
```
+
+Schema for Windows 10 prerelease
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
+
+To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. e.g. to configure auto-launch feature which is added in 1809 release, use below sample, notice an alias r1809 is given to the 201810 namespace for 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+```xml
+
+
+
+
+
+
+```
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index bc31032e3e..5d8414295c 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -18,16 +18,13 @@ ms.topic: article
# Set up a multi-app kiosk
-
**Applies to**
-- Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
-A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
-
-The following table lists changes to multi-app kiosk in recent updates.
-
+The following table lists changes to multi-app kiosk in recent updates.
| New features and improvements | In update |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -39,21 +36,21 @@ The following table lists changes to multi-app kiosk in recent updates.
You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
-
>[!TIP]
>Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
-## Configure a kiosk in Microsoft Intune
+## Configure a kiosk in Microsoft Intune
To configure a kiosk in Microsoft Intune, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](https://docs.microsoft.com/intune/kiosk-settings). For explanations of the specific settings, see [Windows 10 and later device settings to run as a kiosk in Intune](https://docs.microsoft.com/intune/kiosk-settings-windows).
-
+
## Configure a kiosk using a provisioning package
Process:
+
1. [Create XML file](#create-xml-file)
2. [Add XML file to provisioning package](#add-xml)
3. [Apply provisioning package to device](#apply-ppkg)
@@ -70,19 +67,19 @@ If you don't want to use a provisioning package, you can deploy the configuratio
- The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709 or later
>[!NOTE]
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
+>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
### Create XML file
-Let's start by looking at the basic structure of the XML file.
+Let's start by looking at the basic structure of the XML file.
-- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout.
+- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout.
-- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**.
+- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**.
- Multiple config sections can be associated to the same profile.
-- A profile has no effect if it’s not associated to a config section.
+- A profile has no effect if it’s not associated to a config section.
@@ -90,7 +87,7 @@ You can start your file by pasting the following XML (or any other examples in t
```xml
-
@@ -98,7 +95,7 @@ You can start your file by pasting the following XML (or any other examples in t
-
+
@@ -119,11 +116,11 @@ There are two types of profiles that you can specify in the XML:
- **Lockdown profile**: Users assigned a lockdown profile will see the desktop in tablet mode with the specific apps on the Start screen.
- **Kiosk profile**: New in Windows 10, version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile will not see the desktop, but only the kiosk app running in full-screen mode.
-A lockdown profile section in the XML has the following entries:
+A lockdown profile section in the XML has the following entries:
-- [**Id**](#id)
+- [**Id**](#id)
-- [**AllowedApps**](#allowedapps)
+- [**AllowedApps**](#allowedapps)
- [**FileExplorerNamespaceRestrictions**](#fileexplorernamespacerestrictions)
@@ -133,15 +130,13 @@ A lockdown profile section in the XML has the following entries:
A kiosk profile in the XML has the following entries:
-- [**Id**](#id)
+- [**Id**](#id)
- [**KioskModeApp**](#kioskmodeapp)
-
-
##### Id
-The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file.
+The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file.
```xml
@@ -151,35 +146,33 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
##### AllowedApps
-**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
+**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
-
-
-- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout).
+- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout).
- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
-- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both "C:\Program Files\internet explorer\iexplore.exe" and “C:\Program Files (x86)\Internet Explorer\iexplore.exe”.
+- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both "C:\Program Files\internet explorer\iexplore.exe" and “C:\Program Files (x86)\Internet Explorer\iexplore.exe”.
- To configure a single app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample).
-When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**:
+When the multi-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**:
-1. Default rule is to allow all users to launch the signed package apps.
-2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list.
+1. Default rule is to allow all users to launch the signed package apps.
+2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list.
>[!NOTE]
>You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration.
>
- >Multi-app kiosk mode doesn’t block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list.
+ >Multi-app kiosk mode doesn’t block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list.
Here are the predefined assigned access AppLocker rules for **desktop apps**:
-1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
-2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration.
-3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list.
+1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
+2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration.
+3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list.
The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
-xml
+```xml
<AllAppsList>
<AllowedApps>
<App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
@@ -191,13 +184,17 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
<App DesktopAppPath="C:\Windows\System32\notepad.exe" rs5:AutoLaunch="true" rs5:AutoLaunchArguments="123.txt"/>
</AllowedApps>
</AllAppsList>
+```
##### FileExplorerNamespaceRestrictions
-Starting in Windows 10, version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog box in multi-app assigned access by including **FileExplorerNamespaceRestrictions** in your XML file. Currently, **Downloads** is the only folder supported.
+Starting in Windows 10, version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog box in multi-app assigned access by including **FileExplorerNamespaceRestrictions** in your XML file. Currently, **Downloads** is the only folder supported. This can also be set using Microsoft Intune.
The following example shows how to allow user access to the Downloads folder in the common file dialog box.
+>[!TIP]
+> To grant access to the Downloads folder through File Explorer, add "Explorer.exe" to the list of allowed apps, and pin a file explorer shortcut to the kiosk start menu.
+
```xml
-
+
```
+FileExplorerNamespaceRestriction has been extended in current Windows 10 Prerelease for finer granularity and easier use, see in the [Assigned access XML reference.](kiosk-xml.md) for full samples. The changes will allow IT Admin to configure if user can access Downloads folder, Removable drives, or no restriction at all by using certain new elements. Note that FileExplorerNamesapceRestrictions and AllowedNamespace:Downloads are available in namespace http://schemas.microsoft.com/AssignedAccess/201810/config, AllowRemovableDrives and NoRestriction are defined in a new namespace http://schemas.microsoft.com/AssignedAccess/2020/config.
+
+* When FileExplorerNamespaceRestrictions node is not used, or used but left empty, user will not be able to access any folder in common dialog (e.g. Save As in Microsoft Edge browser).
+* When Downloads is mentioned in allowed namespace, user will be able to access Downloads folder.
+* When AllowRemovableDrives is used, user will be to access removable drives.
+* When NoRestriction is used, no restriction will be applied to the dialog.
+* AllowRemovableDrives and AllowedNamespace:Downloads can be used at the same time.
##### StartLayout
-After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
+After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
A few things to note here:
-- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
-- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
+- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
+- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
- There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the `` tag in a layout modification XML as part of the assigned access configuration.
-- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
+- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start.
@@ -264,14 +268,13 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
```
>[!NOTE]
->If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen.
-
+>If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen.
##### Taskbar
-Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
+Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
The following example exposes the taskbar to the end user:
@@ -286,9 +289,9 @@ The following example hides the taskbar:
```
>[!NOTE]
->This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden.
+>This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden.
-##### KioskModeApp
+##### KioskModeApp
**KioskModeApp** is used for a [kiosk profile](#profile) only. Enter the AUMID for a single app. You can only specify one kiosk profile in the XML.
@@ -299,27 +302,25 @@ The following example hides the taskbar:
>[!IMPORTANT]
>The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Directory account could potentially compromise confidential information.
-
#### Configs
-Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
+Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
-The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.
+The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.
You can assign:
- [A local standard user account that signs in automatically](#config-for-autologon-account) (Applies to Windows 10, version 1803 only)
- [An individual account, which can be local, domain, or Azure Active Directory (Azure AD)](#config-for-individual-accounts)
-- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only)
+- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only).
>[!NOTE]
->Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request.
+>Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request.
##### Config for AutoLogon Account
When you use `` and the configuration is applied to a device, the specified account (managed by Assigned Access) is created on the device as a local standard user account. The specified account is signed in automatically after restart.
-
The following example shows how to specify an account to sign in automatically.
```xml
@@ -328,7 +329,7 @@ The following example shows how to specify an account to sign in automatically.
-
+
```
In Windows 10, version 1809, you can configure the display name that will be shown when the user signs in. The following example shows how to create an AutoLogon Account that shows the name "Hello World".
@@ -344,13 +345,12 @@ In Windows 10, version 1809, you can configure the display name that will be sho
On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. (The corresponding MDM policy setting is [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers in the Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-enumeratelocalusersondomainjoinedcomputers).)
-
>[!IMPORTANT]
>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
##### Config for individual accounts
-Individual accounts are specified using ``.
+Individual accounts are specified using ``.
- Local account can be entered as `machinename\account` or `.\account` or just `account`.
- Domain account should be entered as `domain\account`.
@@ -359,58 +359,117 @@ Individual accounts are specified using ``.
>[!WARNING]
>Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
-
Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
>[!NOTE]
>For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
-
```xml
MultiAppKioskUser
-
+
```
-
-
##### Config for group accounts
-Group accounts are specified using ``. Nested groups are not supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A will not have the kiosk experience.
+Group accounts are specified using ``. Nested groups are not supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A will not have the kiosk experience.
- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Azure AD accounts that are added to the local group will not have the kiosk settings applied.
```xml
-
-
-
-
+
+
+
+
```
+
- Domain group: Both security and distribution groups are supported. Specify the group type as ActiveDirectoryGroup. Use the domain name as the prefix in the name attribute.
```xml
-
-
-
-
+
+
+
+
```
- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign in.
```xml
-
-
-
-
+
+
+
+
```
>[!NOTE]
- >If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
+ >If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
+
+#### [Preview] Global Profile
+Global profile is added in curernt Windows 10 Prerelease. There are times when IT Admin wants to everyone who logging into a specific devices are assigned access users, even there is no dedicated profile for that user, or there are times that Assigned Access could not identify a profile for the user and a fallback profile is wished to use. Global Profile is designed for these scenarios.
+
+Usage is demonstrated below, by using the new xml namespace and specify GlobalProfile from that namespace. When GlobalProfile is configured, a non-admin account logs in, if this user does not have designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, global profile will be applied for the user.
+
+Note:
+1. GlobalProfile can only be multi-app profile
+2. Only one GlobalProfile can be used in one AssignedAccess Configuration Xml
+3. GlobalProfile can be used as the only config, or it can be used among with regular user or group Config.
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+```
+
### Add XML file to provisioning package
Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
@@ -436,7 +495,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
-8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
+8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
@@ -448,9 +507,9 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
13. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
- - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
+ - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
+ - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
@@ -466,12 +525,13 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
+ - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+ - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
18. Copy the provisioning package to the root directory of a USB drive.
+
### Apply provisioning package to device
Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
@@ -501,46 +561,28 @@ Provisioning packages can be applied to a device during the first-run experience
-
-
#### After setup, from a USB drive, network folder, or SharePoint site
1. Sign in with an admin account.
2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
>[!NOTE]
->if your provisioning package doesn’t include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
+>if your provisioning package doesn’t include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
-
-
-
-### Use MDM to deploy the multi-app configuration
+### Use MDM to deploy the multi-app configuration
+Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
-Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
-
-If your device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely.
+If your device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely.
The OMA-URI for multi-app policy is `./Device/Vendor/MSFT/AssignedAccess/Configuration`.
-
-
-
-
-
-
-
-
-
-
-
## Considerations for Windows Mixed Reality immersive headsets
-
-With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps.
+With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps.
To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
@@ -558,14 +600,12 @@ After the admin has completed setup, the kiosk account can sign in and repeat th
There is a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](https://developer.microsoft.com/windows/mixed-reality/navigating_the_windows_mixed_reality_home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they will see only a blank display in the device, and will not have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen.
-
## Policies set by multi-app kiosk configuration
It is not recommended to set policies enforced in assigned access multi-app mode to different values using other channels, as the multi-app mode has been optimized to provide a locked-down experience.
When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
-
### Group Policy
The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This includes local users, domain users, and Azure Active Directory users.
@@ -602,11 +642,8 @@ Prevent access to drives from My Computer | Enabled - Restrict all drivers
>[!NOTE]
>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
-
-
### MDM policy
-
Some of the MDM policies based on the [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (i.e. system-wide).
Setting | Value | System-wide
@@ -630,13 +667,14 @@ Start/DisableContextMenus | 1 - Context menus are hidden for Start apps | No
[WindowsLogon/DontDisplayNetworkSelectionUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes
+
## Provision .lnk files using Windows Configuration Designer
First, create your desktop app's shortcut file by installing the app on a test device, using the default installation location. Right-click the installed application, and choose **Send to** > **Desktop (create shortcut)**. Rename the shortcut to `.lnk`
-Next, create a batch file with two commands. If the desktop app is already installed on the target device, skip the first command for MSI install.
+Next, create a batch file with two commands. If the desktop app is already installed on the target device, skip the first command for MSI install.
-```
+```PowerShell
msiexec /I ".msi" /qn /norestart
copy .lnk "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\.lnk"
```
diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md
index 8cf37ded02..a6c43780bc 100644
--- a/windows/configuration/manage-wifi-sense-in-enterprise.md
+++ b/windows/configuration/manage-wifi-sense-in-enterprise.md
@@ -22,7 +22,7 @@ ms.topic: article
- Windows 10
- Windows 10 Mobile
->[!IMPORTANT]
+>[!IMPORTANT]
>Beginning with Windows 10, version 1803, Wifi-Sense is no longer available. The following information only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details.
Wi-Fi Sense learns about open Wi-Fi hotspots your Windows PC or Windows phone connects to by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it.
diff --git a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
index c5adf378ee..15522142ec 100644
--- a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
+++ b/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
@@ -46,7 +46,7 @@ In AssignedAccessXml, for Application, you enter the product ID for the app to r
### Set up assigned access using Windows Configuration Designer
->[!IMPORTANT]
+>[!IMPORTANT]
>When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
#### Create the *AssignedAccess*.xml file
@@ -184,7 +184,7 @@ Apps Corner lets you set up a custom Start screen on your Windows 10 Mobile or
1. On Start , swipe over to the App list, then tap **Settings**  > **Accounts** > **Apps Corner** > launch .
- >[!TIP]
+ >[!TIP]
>Want to get to Apps Corner with one tap? In **Settings**, tap **Apps Corner** > **pin** to pin the Apps Corner tile to your Start screen.
2. Give the device to someone else, so they can use the device and only the one app you chose.
diff --git a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
index 5603c46bfa..4ea4c7f814 100644
--- a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
+++ b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
@@ -462,7 +462,7 @@ Quick action buttons are locked down in exactly the same way as Settings pages/g
You can specify the quick actions as follows:
-``` syntax
+```xml
diff --git a/windows/configuration/mobile-devices/start-layout-xml-mobile.md b/windows/configuration/mobile-devices/start-layout-xml-mobile.md
index 7907f8b9a4..0682606ac4 100644
--- a/windows/configuration/mobile-devices/start-layout-xml-mobile.md
+++ b/windows/configuration/mobile-devices/start-layout-xml-mobile.md
@@ -36,7 +36,7 @@ On Windows 10 Mobile, the customized Start works by:
The following diagrams show the default Windows 10, version 1607 Start layouts for single SIM and dual SIM devices with Cortana support, and single SIM and dual SIM devices with no Cortana support.
-
+
The diagrams show:
@@ -50,7 +50,7 @@ The diagrams show:
IT admins can provision the Start layout by creating a LayoutModification.xml file. This file supports several mechanisms to modify or replace the default Start layout and its tiles.
->[!NOTE]
+>[!NOTE]
>To make sure the Start layout XML parser processes your file correctly, follow these guidelines when writing your LayoutModification.xml file:
>- Do not leave spaces or white lines in between each element.
>- Do not add comments inside the StartLayout node or any of its children elements.
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index f2a8d0bcc3..107e1b4b1c 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,6 +1,6 @@
---
title: Introduction to configuration service providers (CSPs) for IT pros (Windows 10)
-description: Configuration service providers (CSPs) expose device configuration settings in Windows 10.
+description: Configuration service providers (CSPs) expose device configuration settings in Windows 10.
ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
ms.reviewer:
manager: dansimp
@@ -16,35 +16,33 @@ ms.date: 07/27/2017
# Introduction to configuration service providers (CSPs) for IT pros
-
**Applies to**
-- Windows 10
-- Windows 10 Mobile
+- Windows 10
+- Windows 10 Mobile
-Configuration service providers (CSPs) expose device configuration settings in Windows 10. This topic is written for people who have no experience with CSPs.
+Configuration service providers (CSPs) expose device configuration settings in Windows 10. This topic is written for people who have no experience with CSPs.
-The CSPs are documented on the [Hardware Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
+The CSPs are documented on the [Hardware Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
->[!NOTE]
->The explanation of CSPs and CSP documentation also apply to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
+>[!NOTE]
+>This explanation of CSPs and CSP documentation also applies to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
[See what's new for CSPs in Windows 10, version 1809.](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1809)
## What is a CSP?
+A CSP is an interface in the client operating system, between configuration settings specified in a provisioning document, and configuration settings on the device. CSPs are similar to Group Policy client-side extensions, in that they provide an interface to read, set, modify, or delete configuration settings for a given feature. Typically, these settings map to registry keys, files or permissions. Some of these settings are configurable, and some are read-only.
-A CSP is an interface in the client operating system between configuration settings specified in a provisioning document and configuration settings on the device. Their function is similar to that of Group Policy client-side extensions in that they provide an interface to read, set, modify, or delete configuration settings for a given feature. Typically, these settings map to registry keys, files or permissions. Some of these settings are configurable and some are read-only.
-
-Starting in Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. In the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.
+Starting with Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. On the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.
Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkId=717438) contains the settings to create a Wi-Fi profile.
-CSPs are behind many of the management tasks and policies for Windows 10 in Microsoft Intune and non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244).
+CSPs are behind many of the management tasks and policies for Windows 10, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244).
-CSPs receive configuration policies in the XML-based SyncML format pushed to it from an MDM-compliant management server such as Microsoft Intune. Traditional enterprise management systems, such as System Center Configuration Manager, can also target CSPs by using a client-side WMI-to-CSP bridge.
+CSPs receive configuration policies in the XML-based SyncML format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as System Center Configuration Manager, can also target CSPs, by using a client-side WMI-to-CSP bridge.
### Synchronization Markup Language (SyncML)
@@ -52,22 +50,21 @@ The Open Mobile Alliance Device Management (OMA-DM) protocol uses the XML-based
### The WMI-to-CSP Bridge
-The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs via scripts and traditional enterprise management software such as Configuration Manager using Windows Management Instrumentation (WMI). The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
+The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs via scripts and traditional enterprise management software, such as Configuration Manager using Windows Management Instrumentation (WMI). The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
[Learn how to use the WMI Bridge Provider with PowerShell.](https://go.microsoft.com/fwlink/p/?LinkId=761090)
## Why should you learn about CSPs?
-
Generally, enterprises rely on Group Policy or MDM to configure and manage devices. For devices running Windows, MDM services use CSPs to configure your devices.
-In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management, or you want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried.
+In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. You may also want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried.
-In addition, some of the topics in the [Windows 10 and Windows 10 Mobile](/windows/windows-10) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](../cortana-at-work/cortana-at-work-overview.md) which links to the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244). In the CSP topics, you can learn about all of the available configuration settings.
+Some of the topics in the [Windows 10 and Windows 10 Mobile](/windows/windows-10) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](../cortana-at-work/cortana-at-work-overview.md), which links to the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244). In the CSP topics, you can learn about all of the available configuration settings.
-### CSPs in Windows Configuration Designer
+### CSPs in Windows Configuration Designer
-You can use Windows Configuration Designer to create [provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=717466) to apply settings to devices during the out-of-box-experience (OOBE) and after devices are set up. You can use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows Configuration Designer are based on CSPs.
+You can use Windows Configuration Designer to create [provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=717466) to apply settings to devices during the out-of-box-experience (OOBE), and after the devices are set up. You can also use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows Configuration Designer are based on CSPs.
Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
@@ -83,12 +80,11 @@ When a CSP is available but is not explicitly included in your MDM solution, you
### CSPs in Lockdown XML
-Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](../mobile-devices/lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601). In Windows 10, version 1703, you can also use the new [Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) to configure your Lockdown XML.
+Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](../mobile-devices/lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601). In Windows 10, version 1703, you can also use the new [Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) to configure your Lockdown XML.
## How do you use the CSP documentation?
-
-All CSPs in Windows 10 are documented in the [Configuration service provider reference](https://go.microsoft.com/fwlink/p/?LinkId=717390).
+All CSPs in Windows 10 are documented in the [Configuration service provider reference](https://go.microsoft.com/fwlink/p/?LinkId=717390).
The [main CSP topic](https://go.microsoft.com/fwlink/p/?LinkId=717390) tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.
@@ -98,17 +94,17 @@ The documentation for each CSP follows the same structure. After an introduction
The full path to a specific configuration setting is represented by its Open Mobile Alliance - Uniform Resource Identifier (OMA-URI). The URI is relative to the devices’ root node (MSFT, for example). Features supported by a particular CSP can be set by addressing the complete OMA-URI path.
-The following example shows the diagram for the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes and rectangular elements are settings or policies for which a value must be supplied.
+The following example shows the diagram for the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.
-The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see it uses the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608).
+The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608).
```XML
./Vendor/MSFT/AssignedAccess/KioskModeApp
```
-When an element in the diagram uses italic font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
+When an element in the diagram uses _italic_ font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
@@ -120,12 +116,11 @@ The documentation for most CSPs will also include an XML example.
## CSP examples
-
CSPs provide access to a number of settings useful to enterprises. This section introduces two CSPs that an enterprise might find particularly useful.
- [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601)
- The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings on a Windows 10 Mobile device. An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.
+ The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings on a Windows 10 Mobile device. An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.
In addition to lockscreen wallpaper, theme, time zone, and language, the EnterpriseAssignedAccess CSP includes AssignedAccessXml which can be used to lock down the device through the following settings:
@@ -139,7 +134,7 @@ CSPs provide access to a number of settings useful to enterprises. This section
- Creating role-specific configurations.
- [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244)
- The Policy configuration service provider enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
+ The Policy configuration service provider enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
Some of the settings available in the Policy CSP include the following:
@@ -159,7 +154,7 @@ CSPs provide access to a number of settings useful to enterprises. This section
- **Update**, such as specifying whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store
- **WiFi**, such as whether to enable Internet sharing
-Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both:
+Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both:
- [ActiveSync CSP](https://go.microsoft.com/fwlink/p/?LinkId=723219)
- [Application CSP](https://go.microsoft.com/fwlink/p/?LinkId=723220)
@@ -218,13 +213,3 @@ Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile E
- [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkID=71743)
- [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723274)
- [WindowsSecurityAuditing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723415)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
index 1a383af035..a906cf7e68 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
@@ -91,7 +91,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
6. In the **Available customizations** pane, click the **LicenseProductId** that you just added.
-7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed **.**ms-windows-store-license**, and select the license file.
+7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *\*.**ms-windows-store-license**, and select the license file.
[Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
@@ -132,7 +132,7 @@ For details about the settings you can customize in provisioning packages, see [
5. Set a value for **Package Version**.
- > [!TIP]
+ > [!TIP]
> You can make changes to existing packages and change the version number to update previously applied packages.
6. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index e7d1272fda..b6d2e80dc0 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -27,7 +27,7 @@ In Windows 10, version 1703, you can install multiple Universal Windows Platform
When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv).
>[!IMPORTANT]
->If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Cilent, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365)
+>If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Client, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365)
## Settings for UWP apps
@@ -103,7 +103,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
6. In the **Available customizations** pane, click the **LicenseProductId** that you just added.
-7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed **.**ms-windows-store-license**, and select the license file.
+7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *\*.**ms-windows-store-license**, and select the license file.
[Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
@@ -144,7 +144,7 @@ For details about the settings you can customize in provisioning packages, see [
5. Set a value for **Package Version**.
- > [!TIP]
+ > [!TIP]
> You can make changes to existing packages and change the version number to update previously applied packages.
6. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 782997dd02..62e14f6e7a 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -44,7 +44,7 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML: /PackagePath:
| /CustomizationXML | No | Specifies the path to a Windows provisioning XML file that contains the customization assets and settings. For more information, see Windows provisioning answer file. |
| /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
| /StoreFile | NoSee Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows Configuration Designer.**Important** If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
-| /Variables | No | Specifies a semicolon separated and macro pair. The format for the argument must be =. |
+| /Variables | No | Specifies a semicolon separated `` and `` macro pair. The format for the argument must be `=`. |
| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer auto-generates the decryption password and includes this information in the output.Precede with + for encryption or - for no encryption. The default is no encryption. |
| Overwrite | No | Denotes whether to overwrite an existing provisioning package.Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
| /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 1871931333..61ab4d40ae 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -135,7 +135,7 @@ Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName MDM_SharedPC
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.
13. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location.
@@ -189,7 +189,7 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
## Guidance for accounts on shared PCs
* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
-* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
+* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
* On a Windows PC joined to Azure Active Directory:
* By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
* With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index b6a9ef0edc..b7a9b2ca2d 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -185,7 +185,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
**Resolution**: This issue was resolved in the June 2017 updates. Please update Windows 10, version 1607 to the latest cumulative or feature updates.
->[!Note]
+>[!NOTE]
>When the Group Policy is enabled, the desired behavior also needs to be selected. By default, it is set to **None**.
@@ -214,7 +214,7 @@ XML files can and should be tested locally on a Hyper-V or other virtual machine
### Symptom: Start menu no longer works after a PC is refreshed using F12 during start up
-**Description**: If a user is having problems with a PC, is can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at start up. Refreshing the PC finishes, but Start Menu is not accessible.
+**Description**: If a user is having problems with a PC, is can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at start up. Refreshing the PC finishes, but Start Menu is not accessible.
**Cause**: This is a known issue and has been resolved in a cumulative update released August 30th 2018.
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index 98e4062fa9..529e59e779 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -59,7 +59,7 @@ Comments are not supported in the `LayoutModification.xml` file.
### Supported elements and attributes
->[!NOTE]
+>[!NOTE]
>To make sure the Start layout XML parser processes your file correctly, follow these guidelines when working with your LayoutModification.xml file:
>- Do not leave spaces or white lines in between each element.
>- Do not add comments inside the StartLayout node or any of its children elements.
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md
index 5c93aacf5e..fd49af9302 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start-secondary-tiles.md
@@ -64,7 +64,7 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
## Export Start layout and assets
-1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#bkmkcustomizestartscreen) to customize the Start screen on your test computer.
+1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#customize-the-start-screen-on-your-test-computer) to customize the Start screen on your test computer.
2. Open Windows PowerShell as an administrator and enter the following command:
```
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 68f04ffda2..156e4af29b 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -241,7 +241,7 @@ Version identifies the version of the settings location template for administrat
**Hint:** You can save notes about version changes using XML comment tags ``, for example:
-``` syntax
+```xml
+>[!NOTE]
+>Microsoft has a strong commitment to providing the tools and resources that put you in control of your privacy. As a result, Microsoft doesn't collect the following data from devices located in European countries (EEA and Switzerland):
+>- Windows diagnostic data from Windows 8.1 devices
+>- App usage data for Windows 7 devices
+
+
### Configuring endpoint access with SSL inspection
To ensure privacy and data integrity Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. Accordingly SSL interception and inspection is not possible. To use Windows Analytics services you should exclude the above endpoints from SSL inspection.
@@ -98,6 +103,7 @@ The compatibility update scans your devices and enables application usage tracki
| Windows 7 SP1 | The compatibility update is included in monthly quality updates for Windows 7. We recommend installing the latest [Windows Monthly Rollup](http://www.catalog.update.microsoft.com/Search.aspx?q=security%20monthly%20quality%20rollup%20for%20windows%207) before attempting to enroll devices into Windows Analytics. |
### Connected User Experiences and Telemetry service
+
With Windows diagnostic data enabled, the Connected User Experience and Telemetry service (DiagTrack) collects system, application, and driver data. Microsoft analyzes this data, and shares it back to you through Windows Analytics. For the best experience, install these updates depending upon the operating system version.
- For Windows 10, install the latest Windows 10 cumulative update.
@@ -135,7 +141,7 @@ You can use the Upgrade Readiness deployment script to automate and verify your
See the [Upgrade Readiness deployment script](../upgrade/upgrade-readiness-deployment-script.md) topic for information about obtaining and running the script, and for a description of the error codes that can be displayed. See ["Understanding connectivity scenarios and the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog for a summary of setting the ClientProxy for the script, which will enable the script properly check for diagnostic data endpoint connectivity.
-After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics in about 1-2 weeks after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
+After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics within 1-2 days after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
## Deploy additional optional settings
@@ -167,20 +173,23 @@ When you run the deployment script, it initiates a full scan. The daily schedule
Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Readiness deployment script at scale. For more information, see [Upgrade Readiness deployment script](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-deployment-script). For information on how to deploy PowerShell scripts by using Windows Intune, see [Manage PowerShell scripts in Intune for Windows 10 devices](https://docs.microsoft.com/intune/intune-management-extension).
### Distributing policies at scale
+
There are a number of policies that can be centrally managed to control Windows Analytics device configuration. All of these policies have *preference* registry key equivalents that can be set by using the deployment script. Policy settings override preference settings if both are set.
>[!NOTE]
->You can only set the diagnostic data level to Enhanced by using policy. For example, this is necessary for using Device Health.
+>You can only set the diagnostic data level to Enhanced by using policy. For example, this is necessary to use Device Health.
-These policies are under Microsoft\Windows\DataCollection:
+These policies are defined by values under **Microsoft\Windows\DataCollection**. All are REG_DWORD policies (except CommercialId which is REG_SZ).
-| Policy | Value |
+>[!IMPORTANT]
+>Configuring these keys independently without using the enrollment script is not recommended. There is additional validation that occurs when you use the enrollment script.
+
+| Policy | Value |
|-----------------------|------------------|
-| CommercialId | In order for your devices to show up in Windows Analytics, they must be configured with your organization’s Commercial ID. |
-| AllowTelemetry (in Windows 10) | 1 (Basic), 2 (Enhanced) or 3 (Full) diagnostic data. Windows Analytics will work with basic diagnostic data, but more features are available when you use the Enhanced level (for example, Device Health requires Enhanced diagnostic data and Upgrade Readiness only collects app usage and site discovery data on Windows 10 devices with Enhanced diagnostic data). For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). |
-| LimitEnhancedDiagnosticDataWindowsAnalytics (in Windows 10) | Only applies when AllowTelemetry=2. Limits the Enhanced diagnostic data events sent to Microsoft to just those needed by Windows Analytics. For more information, see [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields).|
-| AllowDeviceNameInTelemetry (in Windows 10) | In Windows 10, version 1803, a separate opt-in is required to enable devices to continue to send the device name. Allowing device names to be collected can make it easier for you to identify individual devices that report problems. Without the device name, Windows Analytics can only label devices by a GUID that it generates. |
-| CommercialDataOptIn (in Windows 7 and Windows 8) | 1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. |
-
+| CommercialId | In order for your devices to show up in Windows Analytics, they must be configured with your organization’s Commercial ID. |
+| AllowTelemetry | **In Windows 10**: 1 (Basic), 2 (Enhanced) or 3 (Full) diagnostic data. Windows Analytics will work with basic diagnostic data, but more features are available when you use the Enhanced level (for example, Device Health requires Enhanced diagnostic data and Upgrade Readiness only collects app usage and site discovery data on Windows 10 devices with Enhanced diagnostic data). For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). |
+| LimitEnhancedDiagnosticDataWindowsAnalytics | **In Windows 10**: Only applies when AllowTelemetry=2. Limits the Enhanced diagnostic data events sent to Microsoft to just those needed by Windows Analytics. For more information, see [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields).|
+| AllowDeviceNameInTelemetry | **In Windows 10, version 1803**: A separate opt-in is required to enable devices to continue to send the device name. Allowing device names to be collected can make it easier for you to identify individual devices that report problems. Without the device name, Windows Analytics can only label devices by a GUID that it generates. |
+| CommercialDataOptIn | **In Windows 7 and Windows 8**: 1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. |
You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/*Provider ID*/CommercialID). (If you are using Microsoft Intune, use `MS DM Server` as the provider ID.) For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation.
@@ -202,3 +211,4 @@ Note that it is possible to intiate a full inventory scan on a device by calling
- CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun ent
For details on how to run these and how to check results, see the deployment script.
+
diff --git a/windows/deployment/update/windows-analytics-overview.md b/windows/deployment/update/windows-analytics-overview.md
index b302f6f1ff..22d20bf71a 100644
--- a/windows/deployment/update/windows-analytics-overview.md
+++ b/windows/deployment/update/windows-analytics-overview.md
@@ -1,15 +1,15 @@
---
title: Windows Analytics
ms.reviewer:
-manager: dansimp
+manager: laurawi
description: Introduction and overview of Windows Analytics
keywords: Device Health, Upgrade Readiness, Update Compliance, oms, operations management suite, prerequisites, requirements, monitoring, crash, drivers
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
-author: lomayor
-ms.author: lomayor
+author: greg-lindsay
+ms.author: greg-lindsay
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md
index 98f8b7cc8e..0252876b56 100644
--- a/windows/deployment/update/windows-analytics-privacy.md
+++ b/windows/deployment/update/windows-analytics-privacy.md
@@ -1,15 +1,15 @@
---
title: Windows Analytics and privacy
ms.reviewer:
-manager: dansimp
+manager: laurawi
description: How Windows Analytics uses data
keywords: windows analytics, oms, privacy, data, diagnostic, operations management suite, prerequisites, requirements, updates, upgrades, log analytics, health, FAQ, problems, troubleshooting, error
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
-author: lomayor
-ms.author: lomayor
+author: greg-lindsay
+ms.author: greg-lindsay
ms.localizationpriority: high
ms.collection: M365-analytics
ms.topic: article
@@ -30,12 +30,12 @@ The following illustration shows how diagnostic data flows from individual devic
The data flow sequence is as follows:
-1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
-2. An IT administrator creates an Azure Log Analytics workspace. The administrator chooses the location, copies the Commercial ID (which identifies that workspace), and then pushes Commercial ID to devices they want to monitor. This is the mechanism that specifies which devices appear in which workspaces.
-3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management service.
-4. These snapshots are copied to transient storage which is used only by Windows Analytics (also hosted in US data centers) where they are segregated by Commercial ID.
-5. The snapshots are then copied to the appropriate Azure Log Analytics workspace.
-6. If the IT administrator is using the Upgrade Readiness solution, user input from the IT administrator (specifically, the target operating system release and the importance and upgrade readiness per app) is stored in the Windows Analytics Azure Storage. (Upgrade Readiness is the only Windows Analytics solution that takes such user input.)
+1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
+2. An IT administrator creates an Azure Log Analytics workspace. The administrator chooses the location, copies the Commercial ID (which identifies that workspace), and then pushes Commercial ID to devices they want to monitor. This is the mechanism that specifies which devices appear in which workspaces.
+3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management service.
+4. These snapshots are copied to transient storage which is used only by Windows Analytics (also hosted in US data centers) where they are segregated by Commercial ID.
+5. The snapshots are then copied to the appropriate Azure Log Analytics workspace.
+6. If the IT administrator is using the Upgrade Readiness solution, user input from the IT administrator (specifically, the target operating system release and the importance and upgrade readiness per app) is stored in the Windows Analytics Azure Storage. (Upgrade Readiness is the only Windows Analytics solution that takes such user input.)
See these topics for additional background information about related privacy issues:
diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md
index 525b7c99b1..6254ed3b81 100644
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@@ -4,11 +4,11 @@ ms.prod: windows-10
layout: LandingPage
ms.topic: landing-page
ms.manager: elizapo
-author: lomayor
-ms.author: lomayor
+author: greg-lindsay
+ms.author: greg-lindsay
ms.date: 01/24/2019
ms.reviewer:
-manager: dansimp
+manager: laurawi
ms.localizationpriority: high
ms.collection: M365-modern-desktop
---
@@ -21,20 +21,19 @@ Find the tools and resources you need to help deploy and support Windows as a se
Find the latest and greatest news on Windows 10 deployment and servicing.
**Discovering the Windows 10 Update history pages**
-> [!VIDEO https://www.youtube-nocookie.com/embed/GADIXBf9R58]
+> [!VIDEO https://www.youtube-nocookie.com/embed/mTnAb9XjMPY]
-Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. The Windows update history page is for anyone looking to gain an immediate, precise understanding of particular Windows update issues.
+Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. Bookmark the Windows release health dashboard for near real-time information on known issues, workarounds, and resolutions--as well as the current status of the latest feature update rollout.
The latest news:
[See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog).
@@ -44,9 +43,15 @@ Written by IT pros for IT pros, sharing real world examples and scenarios for Wi
-**NEW** Classifying Windows updates in common deployment tools
+**NEW** Tactical considerations for creating Windows deployment rings
-NEW Express updates for Windows Server 2016 re-enabled for November 2018 update
+**NEW** Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization
+
+Deployment rings: The hidden [strategic] gem of Windows as a service
+
+Classifying Windows updates in common deployment tools
+
+Express updates for Windows Server 2016 re-enabled for November 2018 update
2019 SHA-2 Code Signing Support requirement for Windows and WSUS
diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md
index cca22ab6ad..476a82bf7b 100644
--- a/windows/deployment/update/windows-update-error-reference.md
+++ b/windows/deployment/update/windows-update-error-reference.md
@@ -4,12 +4,12 @@ description: Reference information for Windows Update error codes
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.localizationpriority: medium
-ms.author: lomayor
+ms.author: greg-lindsay
ms.date: 09/18/2018
ms.reviewer:
-manager: dansimp
+manager: laurawi
ms.topic: article
---
diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index 44bb1240ca..7d473f04c2 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -4,12 +4,12 @@ description: Learn about some common issues you might experience with Windows Up
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.localizationpriority: medium
-ms.author: lomayor
+ms.author: greg-lindsay
ms.date: 09/18/2018
ms.reviewer:
-manager: dansimp
+manager: laurawi
ms.topic: article
---
@@ -26,8 +26,8 @@ The following table provides information about common errors you might run into
| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again: Rename the following folders to \*.BAK: - %systemroot%\system32\catroot2
To do this, type the following commands at a command prompt. Press ENTER after you type each command. - Ren %systemroot%\SoftwareDistribution\DataStore \*.bak - Ren %systemroot%\SoftwareDistribution\Download \*.bak Ren %systemroot%\system32\catroot2 \*.bak |
| 0x80070BC9 | ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that we do not have any policies that control the start behavior for the Windows Module Installer. This service should not be hardened to any start value and should be managed by the OS. |
| 0x80200053 | BG_E_VALIDATION_FAILED | NA | Ensure that there is no Firewalls that filter downloads. The Firewall filtering may lead to invalid responses being received by the Windows Update Client.
If the issue still persists, run the [WU reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc). |
-| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked: http://.update.microsoft.com https://.update.microsoft.com
Additionally , you can take a network trace and see what is timing out. |
-| 0x80072EFD 0x80072EFE 0x80D02002 | TIME OUT ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs. Take a network monitor trace to understand better. |
+| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked: http://.update.microsoft.com https://.update.microsoft.com
@@ -72,7 +71,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
-
Home Premium
@@ -83,7 +81,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
-
Professional
@@ -94,7 +91,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Ultimate
@@ -105,7 +101,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Enterprise
@@ -116,7 +111,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Windows 8.1
@@ -130,7 +124,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
-
Connected
@@ -141,7 +134,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
-
Pro
@@ -152,7 +144,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Pro Student
@@ -163,7 +154,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Pro WMC
@@ -174,7 +164,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Enterprise
@@ -185,7 +174,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Embedded Industry
@@ -196,7 +184,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Windows RT
@@ -207,7 +194,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
-
Windows Phone 8.1
@@ -218,18 +204,16 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
Windows 10
Home
-
✔
-
✔
-
✔
-
✔
+
✔
+
✔
+
✔
@@ -237,11 +221,10 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
Pro
D
-
✔
-
✔
-
✔
-
✔
+
✔
+
✔
+
✔
@@ -250,9 +233,8 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
-
✔
-
D
+
D
@@ -262,7 +244,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
✔
@@ -276,7 +257,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
✔
-
✔
Mobile Enterprise
@@ -285,9 +265,8 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
-
D
-
✔
+
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
index b76cbcc4c0..8397184345 100644
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -1,15 +1,15 @@
---
title: Windows error reporting - Windows IT Pro
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
-author: lomayor
+author: greg-lindsay
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index 5e98406385..3d4945693b 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -3,12 +3,12 @@ title: Windows Upgrade and Migration Considerations (Windows 10)
description: Windows Upgrade and Migration Considerations
ms.assetid: 7f85095c-5922-45e9-b28e-91b1263c7281
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.topic: article
---
@@ -40,7 +40,7 @@ You can use USMT to automate migration during large deployments of the Windows o
Whether you are upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
### Application compatibility
-For more information about application compatibility in Windows, see the [Application Compatibility Toolkit (ACT)](https://go.microsoft.com/fwlink/p/?LinkId=131349).
+For more information about application compatibility in Windows, see [Use Upgrade Readiness to manage Windows upgrades](https://docs.microsoft.com/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades).
### Multilingual Windows image upgrades
When performing multilingual Windows upgrades, cross-language upgrades are not supported by USMT. If you are upgrading or migrating an operating system with multiple language packs installed, you can upgrade or migrate only to the system default user interface (UI) language. For example, if English is the default but you have a Spanish language pack installed, you can upgrade or migrate only to English.
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index 4091d13b4e..18c68ba130 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -3,13 +3,12 @@ title: Getting Started with the User State Migration Tool (USMT) (Windows 10)
description: Getting Started with the User State Migration Tool (USMT)
ms.assetid: 506ff1d2-94b8-4460-8672-56aad963504b
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
-ms.date: 04/19/2017
+author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md
index 6cdbb764fc..42df4ca724 100644
--- a/windows/deployment/usmt/migrate-application-settings.md
+++ b/windows/deployment/usmt/migrate-application-settings.md
@@ -3,12 +3,12 @@ title: Migrate Application Settings (Windows 10)
description: Migrate Application Settings
ms.assetid: 28f70a83-0a3e-4a6b-968a-2b78ccd3cc07
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md
index c0a4e086b3..b27a83634c 100644
--- a/windows/deployment/usmt/migration-store-types-overview.md
+++ b/windows/deployment/usmt/migration-store-types-overview.md
@@ -3,12 +3,12 @@ title: Migration Store Types Overview (Windows 10)
description: Migration Store Types Overview
ms.assetid: 3b6ce746-76c6-43ff-8cd5-02ed0ae0cf70
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md
index 8ae2bd96b0..4b040c9e52 100644
--- a/windows/deployment/usmt/offline-migration-reference.md
+++ b/windows/deployment/usmt/offline-migration-reference.md
@@ -3,12 +3,12 @@ title: Offline Migration Reference (Windows 10)
description: Offline Migration Reference
ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@@ -104,7 +104,7 @@ It is possible to run the ScanState tool while the drive remains encrypted by su
User-group membership is not preserved during offline migrations. You must configure a **<ProfileControl>** section in the Config.xml file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group:
-``` syntax
+```xml
@@ -242,7 +242,7 @@ Syntax: <failOnMultipleWinDir>1</failOnMultipleWinDir> or Syntax: &l
The following XML example illustrates some of the elements discussed earlier in this topic.
-``` syntax
+```xml
C:\Windows
diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md
index 69edbd4515..afdad114f9 100644
--- a/windows/deployment/usmt/understanding-migration-xml-files.md
+++ b/windows/deployment/usmt/understanding-migration-xml-files.md
@@ -3,12 +3,12 @@ title: Understanding Migration XML Files (Windows 10)
description: Understanding Migration XML Files
ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@@ -319,7 +319,7 @@ MigXmlHelper.GenerateDocPatterns ("", "", "
@@ -329,7 +329,7 @@ To create include data patterns for only the system drive:
To create an include rule to gather files for registered extensions from the %PROGRAMFILES% directory:
-``` syntax
+```xml
@@ -339,7 +339,7 @@ To create an include rule to gather files for registered extensions from the %PR
To create exclude data patterns:
-``` syntax
+```xml
@@ -440,7 +440,7 @@ To exclude the new text document.txt file as well as any .txt files in “new fo
To exclude Rule 1, there needs to be an exact match of the file name. However, for Rule 2, you can create a pattern to exclude files by using the file name extension.
-``` syntax
+```xml
D:\Newfolder\[new text document.txt]
@@ -453,7 +453,7 @@ To exclude Rule 1, there needs to be an exact match of the file name. However, f
If you do not know the file name or location of the file, but you do know the file name extension, you can use the **GenerateDrivePatterns** function. However, the rule will be less specific than the default include rule generated by the MigDocs.xml file, so it will not have precedence. You must use the <UnconditionalExclude> element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
-``` syntax
+```xml
@@ -465,7 +465,7 @@ If you do not know the file name or location of the file, but you do know the fi
If you want the <UnconditionalExclude> element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts.
-``` syntax
+```xml
MigDocExcludes
@@ -490,7 +490,7 @@ The application data directory is the most common location that you would need t
This rule will include .pst files that are located in the default location, but are not linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer.
-``` syntax
+```xml
%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook\*[*.pst]
@@ -502,7 +502,7 @@ This rule will include .pst files that are located in the default location, but
For locations outside the user profile, such as the Program Files folder, you can add the rule to the system context component.
-``` syntax
+```xml
%CSIDL_PROGRAM_FILES%\*[*.pst]
diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md
index 71c900fa77..abd95bff7e 100644
--- a/windows/deployment/usmt/usmt-best-practices.md
+++ b/windows/deployment/usmt/usmt-best-practices.md
@@ -3,12 +3,12 @@ title: USMT Best Practices (Windows 10)
description: USMT Best Practices
ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@@ -98,7 +98,7 @@ As the authorized administrator, it is your responsibility to protect the privac
Although it is not a requirement, it is good practice for <CustomFileName> to match the name of the file. For example, the following is from the MigApp.xml file:
- ``` syntax
+ ```xml
```
diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md
index 30f49c1574..50445e7561 100644
--- a/windows/deployment/usmt/usmt-choose-migration-store-type.md
+++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md
@@ -3,12 +3,12 @@ title: Choose a Migration Store Type (Windows 10)
description: Choose a Migration Store Type
ms.assetid: 4e163e90-9c57-490b-b849-2ed52ab6765f
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md
index c4e0977727..2f513af87c 100644
--- a/windows/deployment/usmt/usmt-command-line-syntax.md
+++ b/windows/deployment/usmt/usmt-command-line-syntax.md
@@ -3,12 +3,12 @@ title: User State Migration Tool (USMT) Command-line Syntax (Windows 10)
description: User State Migration Tool (USMT) Command-line Syntax
ms.assetid: f9d205c9-e824-46c7-8d8b-d7e4b52fd514
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md
index 6944af7cea..45c41d0914 100644
--- a/windows/deployment/usmt/usmt-common-issues.md
+++ b/windows/deployment/usmt/usmt-common-issues.md
@@ -3,13 +3,13 @@ title: Common Issues (Windows 10)
description: Common Issues
ms.assetid: 5a37e390-8617-4768-9eee-50397fbbb2e1
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.date: 09/19/2017
-author: lomayor
+author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md
index 4442b789c5..89f0dae0bd 100644
--- a/windows/deployment/usmt/usmt-common-migration-scenarios.md
+++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md
@@ -3,12 +3,12 @@ title: Common Migration Scenarios (Windows 10)
description: Common Migration Scenarios
ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index bde6f9635e..62d952f3be 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -3,12 +3,12 @@ title: Config.xml File (Windows 10)
description: Config.xml File
ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@@ -95,7 +95,7 @@ The following example specifies that all locked files, regardless of their locat
Additionally, the order in the **<ErrorControl>** section implies priority. In this example, the first **<nonFatal>** tag takes precedence over the second **<fatal>** tag. This precedence is applied, regardless of how many tags are listed.
-``` syntax
+```xml
* [*]
@@ -265,7 +265,7 @@ The **<ErrorControl>** section can be configured to conditionally ignore f
-``` syntax
+```xml
@@ -383,7 +383,7 @@ Syntax: ``` `
Refer to the following sample Config.xml file for additional details about items you can choose to exclude from a migration.
-``` syntax
+```xml
diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
index ed6b77296b..528a5076a2 100644
--- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md
+++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
@@ -3,12 +3,12 @@ title: Conflicts and Precedence (Windows 10)
description: Conflicts and Precedence
ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@@ -68,7 +68,7 @@ If you have an <include> rule in one component and a <locationModify>
The following .xml file migrates all files from C:\\Userdocs, including .mp3 files, because the <exclude> rule is specified in a separate component.
-``` syntax
+```xml
User Documents
@@ -102,7 +102,7 @@ The following .xml file migrates all files from C:\\Userdocs, including .mp3 fil
Specifying `migrate="no"` in the Config.xml file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded.
-``` syntax
+```xml
%CSIDL_PERSONAL%\* [*.doc]
@@ -135,7 +135,7 @@ If there are conflicting rules within a component, the most specific rule is app
In the following example, mp3 files will not be excluded from the migration. This is because directory names take precedence over the file extensions.
-``` syntax
+```xml
C:\Data\* [*]
@@ -390,7 +390,7 @@ The destination computer contains the following files:
You have a custom .xml file that contains the following code:
-``` syntax
+```xml
c:\data\* [*]
diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md
index c937f9a6ab..0ef105ca40 100644
--- a/windows/deployment/usmt/usmt-custom-xml-examples.md
+++ b/windows/deployment/usmt/usmt-custom-xml-examples.md
@@ -3,13 +3,12 @@ title: Custom XML Examples (Windows 10)
description: Custom XML Examples
ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
-ms.date: 04/19/2017
+author: greg-lindsay
ms.topic: article
---
@@ -37,7 +36,7 @@ Because the tables in this topic are wide, you may need to adjust the width of i
The following is a template for the sections that you need to migrate your application. The template is not functional on its own, but you can use it to write your own .xml file.
-``` syntax
+```xml
@@ -135,7 +134,7 @@ The following is a custom .xml file named CustomFile.xml that migrates My Videos
-``` syntax
+```xml
@@ -196,7 +195,7 @@ This table describes the behavior in the following example .xml file.
-``` syntax
+```xml
File Migration Test
@@ -232,7 +231,7 @@ This table describes the behavior in the following example .xml file.
The behavior for this custom .xml file is described within the <`displayName`> tags in the code.
-``` syntax
+```xml
diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md
index 113321c67a..e1e7522f96 100644
--- a/windows/deployment/usmt/usmt-customize-xml-files.md
+++ b/windows/deployment/usmt/usmt-customize-xml-files.md
@@ -3,12 +3,12 @@ title: Customize USMT XML Files (Windows 10)
description: Customize USMT XML Files
ms.assetid: d58363c1-fd13-4f65-8b91-9986659dc93e
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@@ -89,7 +89,7 @@ In addition, note the following functionality with the Config.xml file:
- If a parent component is removed from the migration in the Config.xml file by specifying `migrate="no"`, all of its child components will automatically be removed from the migration, even if the child component is set to `migrate="yes"`.
-- If you mistakenly have two lines of code for the same component where one line specifies `migrate="no" `and the other line specifies `migrate="yes"`, the component will be migrated.
+- If you mistakenly have two lines of code for the same component where one line specifies `migrate="no"` and the other line specifies `migrate="yes"`, the component will be migrated.
- In USMT there are several migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. For more information, see the [Config.xml File](usmt-configxml-file.md) topic.
diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
index 5d036e690f..c301d5075d 100644
--- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md
+++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
@@ -3,12 +3,12 @@ title: Determine What to Migrate (Windows 10)
description: Determine What to Migrate
ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
index 48949d7a00..0c2253be96 100644
--- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md
+++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
@@ -3,12 +3,12 @@ title: Estimate Migration Store Size (Windows 10)
description: Estimate Migration Store Size
ms.assetid: cfb9062b-7a2a-467a-a24e-0b31ce830093
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@@ -90,7 +90,7 @@ To preserve the functionality of existing applications or scripts that require t
The space requirements report provides two elements, <**storeSize**> and <**temporarySpace**>. The <**temporarySpace**> value shows the disk space, in bytes, that USMT uses to operate during the migration—this does not include the minimum 250 MB needed to support USMT. The <**storeSize**> value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using **/p:***<path to a file>*.
-``` syntax
+```xml
diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
index 0cdacd74e9..4566d2d488 100644
--- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
@@ -3,12 +3,12 @@ title: Exclude Files and Settings (Windows 10)
description: Exclude Files and Settings
ms.assetid: df85baf1-6e29-4995-a4bb-ba3f8f7fed0b
ms.reviewer:
-manager: dansimp
-ms.author: lomayor
+manager: laurawi
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: lomayor
+author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md
index 6b9330d5ec..daad6f47ed 100644
--- a/windows/deployment/usmt/usmt-general-conventions.md
+++ b/windows/deployment/usmt/usmt-general-conventions.md
@@ -50,7 +50,7 @@ Before you modify the .xml files, become familiar with the following guidelines:
- **File names with brackets**
- If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named File.txt, you must specify `c:\documents\mydocs [file^].txt] `instead of `c:\documents\mydocs [file].txt]`.
+ If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named File.txt, you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
- **Using quotation marks**
diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md
index 100e1e1f04..bbcdb94333 100644
--- a/windows/deployment/usmt/usmt-hard-link-migration-store.md
+++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md
@@ -209,7 +209,7 @@ You must use the **/nocompress** option with the **/HardLink** option.
The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use<createhardlink>** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete.
-``` syntax
+```xml
diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md
index 89b7d8fa3a..8d0ba60945 100644
--- a/windows/deployment/usmt/usmt-include-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-include-files-and-settings.md
@@ -37,7 +37,7 @@ In this topic:
The following .xml file migrates a single registry key.
-``` syntax
+```xml
Component to migrate only registry value string
@@ -63,7 +63,7 @@ The following examples show how to migrate a folder from a specific drive, and f
- **Including subfolders.** The following .xml file migrates all files and subfolders from C:\\EngineeringDrafts to the destination computer.
- ``` syntax
+ ```xml
Component to migrate all Engineering Drafts Documents including subfolders
@@ -82,7 +82,7 @@ The following examples show how to migrate a folder from a specific drive, and f
- **Excluding subfolders.** The following .xml file migrates all files from C:\\EngineeringDrafts, but it does not migrate any subfolders within C:\\EngineeringDrafts.
- ``` syntax
+ ```xml
Component to migrate all Engineering Drafts Documents without subfolders
@@ -103,7 +103,7 @@ The following examples show how to migrate a folder from a specific drive, and f
The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated.
-``` syntax
+```xml
Component to migrate all Engineering Drafts Documents folder on any drive on the computer
@@ -123,7 +123,7 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf
The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any location on the C:\\ drive. If multiple folders exist with the same name, they are all migrated.
-``` syntax
+```xml
Component to migrate all Engineering Drafts Documents EngineeringDrafts folder from where ever it exists on the C: drive
@@ -146,7 +146,7 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf
The following .xml file migrates .mp3 files located in the specified drives on the source computer into the C:\\Music folder on the destination computer.
-``` syntax
+```xml
All .mp3 files to My Documents
@@ -176,7 +176,7 @@ The following examples show how to migrate a file from a specific folder, and ho
- **To migrate a file from a folder.** The following .xml file migrates only the Sample.doc file from C:\\EngineeringDrafts on the source computer to the destination computer.
- ``` syntax
+ ```xml
Component to migrate all Engineering Drafts Documents
@@ -195,13 +195,13 @@ The following examples show how to migrate a file from a specific folder, and ho
- **To migrate a file from any location.** To migrate the Sample.doc file from any location on the C:\\ drive, use the <pattern> element, as the following example shows. If multiple files exist with the same name on the C:\\ drive, all of files with this name are migrated.
- ``` syntax
+ ```xml
C:\* [Sample.doc]
```
To migrate the Sample.doc file from any drive on the computer, use <script> as the following example shows. If multiple files exist with the same name, all files with this name are migrated.
- ``` syntax
+ ```xml
```
diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md
index 34f4626318..daba5ef2e2 100644
--- a/windows/deployment/usmt/usmt-log-files.md
+++ b/windows/deployment/usmt/usmt-log-files.md
@@ -272,7 +272,7 @@ The directory of **C:\\data\\New Folder** contains:
To migrate these files you author the following migration XML:
-``` syntax
+```xml
@@ -294,7 +294,7 @@ To migrate these files you author the following migration XML:
However, upon testing the migration you notice that the “New Text Document.txt” file isn’t included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable MIG\_ENABLE\_DIAG set such that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered:
-``` syntax
+```xml
@@ -315,13 +315,13 @@ Analysis of this XML section reveals the migunit that was created when the migra
An analysis of the XML elements reference topic reveals that the <pattern> tag needs to be modified as follows:
-``` syntax
+```xml
c:\data\* [*]
```
When the migration is preformed again with the modified tag, the diagnostic log reveals the following:
-``` syntax
+```xml
@@ -368,7 +368,7 @@ The **C:\\Data\\New Folder\\** contains:
You author the following migration XML:
-``` syntax
+```xml
@@ -396,7 +396,7 @@ You author the following migration XML:
However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable MIG\_ENABLE\_DIAG set so that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered:
-``` syntax
+```xml
@@ -422,7 +422,7 @@ However, upon testing the migration you notice that all the text files are still
Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it is a problem with the authored migration XML rule. You author an update to the migration XML script as follows:
-``` syntax
+```xml
@@ -453,7 +453,7 @@ Upon reviewing the diagnostic log, you confirm that the files are still migratin
Your revised migration XML script excludes the files from migrating, as confirmed in the diagnostic log:
-``` syntax
+```xml
diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
index 4ea1caaac3..ea0c442a2a 100644
--- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
@@ -31,7 +31,7 @@ In this topic:
The following custom .xml file migrates the directories and files from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS.
-``` syntax
+```xml
Engineering Drafts Documents to Personal Folder
@@ -60,7 +60,7 @@ The following custom .xml file migrates the directories and files from C:\\Engin
The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the C:\\Music folder on the destination computer.
-``` syntax
+```xml
All .mp3 files to My Documents
@@ -88,7 +88,7 @@ The following custom .xml file reroutes .mp3 files located in the fixed drives o
The following custom .xml file migrates the Sample.doc file from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS.
-``` syntax
+```xml
Sample.doc into My Documents
diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md
index 84d7c89277..d64010f54e 100644
--- a/windows/deployment/usmt/usmt-xml-elements-library.md
+++ b/windows/deployment/usmt/usmt-xml-elements-library.md
@@ -138,7 +138,7 @@ Syntax:
The following example is from the MigApp.xml file:
-``` syntax
+```xml
+ 
+ 
+ 
+ 
+ 
+ 
+ ++
+ ++
+ ++
+
+ 
+
+ 
+
+ 
-