diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index 53ac6bd262..3dd01700a4 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -282,7 +282,6 @@ Store for Business and Education is currently available in these markets.
Philippines
Poland
Portugal
- Puerto Rico
Qatar
Republic of Cabo Verde
Reunion
@@ -358,6 +357,10 @@ Customers in these markets can use Microsoft Store for Business and Education to
- Tajikistan
- Ukraine
+### Support to only manage products
+Customers in these markets can use Microsoft Store for Business and Education only to manage products that they've purchased from other channels. For example, they might have purchased products through Volume Licensing Service Center. However, they can't purhcase apps directly from Microsoft Store for Business and Education.
+- Puerto Rico
+
This table summarize what customers can purchase, depending on which Microsoft Store they are using.
| Store | Free apps | Minecraft: Education Edition |
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 1ec94b2451..b9bf7dd558 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1658,6 +1658,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
Connectivity/AllowPhonePCLinking
RestrictedGroups/ConfigureGroupMembership
+The following existing policies were updated:
+
+- InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
+- TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
+
+
+
+| [Policy CSP - Bluetooth](policy-csp-bluetooth.md) |
+Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).
|
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index fb08f30dc0..7c004110fe 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -282,7 +282,7 @@ If this policy is not set or it is deleted, the default local radio name is used
Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
-The default value is an empty string.
+The default value is an empty string. For more information, see [ServicesAllowedList usage guide](#servicesallowedlist-usage-guide)
@@ -297,6 +297,95 @@ Footnote:
+## ServicesAllowedList usage guide
+
+When the Bluetooth/ServicesAllowedList policy is provisioned, it will only allow pairing and connections of Windows PCs and phones to explicitly define Bluetooth profiles and services. It is an allowed list, enabling admins to still allow custom Bluetooth profiles that are not defined by the Bluetooth Special Interests Group (SIG).
+
+To define which profiles and services are allowed, enter the profile or service Universally Unique Identifiers (UUID) using semicolon delimiter. To get a profile UUID, refer to the [Service Discovery](https://www.bluetooth.com/specifications/assigned-numbers/service-discovery) page on the Bluetooth SIG website.
+
+These UUIDs all use the same base UUID with the profile identifiers added to the beginning of the base UUID.
+
+Here are some examples:
+
+**Bluetooth Headsets for Voice (HFP)**
+
+BASE_UUID = 0x00000000-0000-1000-8000-00805F9B34FB
+
+|UUID name |Protocol specification |UUID |
+|---------|---------|---------|
+|HFP(Hands Free Profile) |Hands-Free Profile (HFP) * |0x111E |
+
+Footnote: * Used as both Service Class Identifier and Profile Identifier.
+
+Hands Free Profile UUID = base UUID + 0x111E to the beginning = 0000111E-0000-1000-8000-00805F9B34FB
+
+**Allow Audio Headsets only (Voice)**
+
+|Profile |Reasoning |UUID |
+|---------|---------|---------|
+|HFP (Hands Free Profile) |For voice enabled headsets |0x111E |
+|GAP (Generic Access Profile)* |Generic service used by Bluetooth |0x1800 |
+|DID (Device ID)* |Generic service used by Bluetooth |0x180A |
+|Scan Parameters* |Generic service used by Bluetooth |0x1813 |
+
+Footnote: * *GAP, DID, and Scan Parameter are required, as these are underlying profiles and services used by all Bluetooth devices.
+
+This means that if you only want Bluetooth headsets, the UUIDs are:
+
+{0000111E-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Allow Audio Headsets and Speakers (Voice & Music)**
+
+|Profile |Reasoning |UUID |
+|---------|---------|---------|
+|HFP (Hands Free Profile) |For voice enabled headsets |0x111E |
+|A2DP Source (Advance Audio Distribution)|For streaming to Bluetooth speakers |0x110A |
+|GAP (Generic Access Profile) |Generic service used by Bluetooth |0x1800 |
+|Device ID (DID) |Generic service used by Bluetooth |0x180A |
+|Scan Parameters |Generic service used by Bluetooth |0x1813 |
+
+{0000111E-0000-1000-8000-00805F9B34FB};{0000110A-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Classic Keyboards and Mice**
+
+|Profile |Reasoning |UUID |
+|---------|---------|---------|
+|HID (Human Interface Device) |For classic BR/EDR keyboards and mice |0x1124 |
+|GAP (Generic Access Profile) |Generic service used by Bluetooth |0x1800 |
+|DID (Device ID) |Generic service used by Bluetooth |0x180A |
+|Scan Parameters |Generic service used by Bluetooth |0x1813 |
+
+{00001801-0000-1000-8000-00805F9B34FB};{00001812-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+> [!Note]
+> For both Classic and LE use a super set of the two formula’s UUIDs
+
+**LE Keyboards and Mice**
+
+|Profile |Reasoning |UUID |
+|---------|---------|---------|
+|Generic Access Atribute |For the LE Protocol |0x1801 |
+|HID Over GATT * |For LE keyboards and mice |0x1812 |
+|GAP (Generic Access Profile) |Generic service used by Bluetooth |0x1800 |
+|DID (Device ID) |Generic service used by Bluetooth |0x180A |
+|Scan Parameters |Generic service used by Bluetooth |0x1813 |
+
+Footnote: * The Surface pen uses the HID over GATT profile
+
+{00001801-0000-1000-8000-00805F9B34FB};{00001812-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Allow File Transfer**
+
+|Profile |Reasoning |UUID |
+|---------|---------|---------|
+|OBEX Object Push (OPP) |For file transfer |0x1105 |
+|Object Exchange (OBEX) |Protocol for file transfer |0x0008 |
+|Generic Access Profile (GAP) |Generic service used by Bluetooth |0x1800 |
+|Device ID (DID) |Generic service used by Bluetooth |0x180A |
+|Scan Parameters |Generic service used by Bluetooth |0x1813 |
+
+{00001105-0000-1000-8000-00805F9B34FB};{00000008-0000-1000-8000-00805F9B34FB};{0000111E-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
## Bluetooth policies supported by Windows Holographic for Business
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 304792e860..38156a6d35 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -2129,6 +2129,11 @@ Value - A number indicating the zone with which this site should be associated f
If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
+> [!Note]
+> This policy is a list that contains the site and index value.
+
+The list is a set of pairs of strings. Each string is seperated by F000. Each pair of string are stored as a registry name and value. The registry name is the site and the value is an index. The index has to be sequential. See an example below.
+
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
@@ -2145,6 +2150,31 @@ ADMX Info:
- GP ADMX file name: *inetres.admx*
+
+```syntax
+
+
+ 2
+ -
+
+ chr
+ text/plain
+
+
+ ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSiteToZoneAssignmentList
+
+ <Enabled/><Data id="IZ_ZonemapPrompt" value="http://adfs.contoso.org1http://microsoft.com2"/>
+
+
+
+
+```
+
+Value and index pairs in the SyncML example:
+- http://adfs.contoso.org 1
+- http://microsoft.com 2
+
+
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 6b2f4389e8..07ba3d94de 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -54,6 +54,9 @@ ms.date: 03/12/2018
TextInput/AllowLanguageFeaturesUninstall
+
+ TextInput/AllowLinguisticDataCollection
+
TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
@@ -218,7 +221,7 @@ The following list shows the supported values:
 |
 |
- |
+ |
|
|
|
@@ -237,20 +240,18 @@ The following list shows the supported values:
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary.
Most restricted value is 0.
+In Windows 10, version 1803, we introduced new suggestion services in Japanese IME in addition to cloud suggestion. When AllowIMENetworkAccess is set to 1, all suggestion services are available as predictive input.
+
The following list shows the supported values:
- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 1 (default) – Allowed. In Windows 10, version 1803, suggestion services are also available in Japanese IME.
@@ -676,6 +677,65 @@ The following list shows the supported values:
+
+**TextInput/AllowLinguisticDataCollection**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+
+
+
+ADMX Info:
+- GP name: *AllowLinguisticDataCollection*
+- GP ADMX file name: *TextInput.admx*
+
+
+
+This setting supports a range of values between 0 and 1.
+
+
+
+
+
+
+
+
+
+
+
+
+
**TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode**
diff --git a/windows/deployment/update/images/WA-data-flow-v1.png b/windows/deployment/update/images/WA-data-flow-v1.png
new file mode 100644
index 0000000000..072502b2c7
Binary files /dev/null and b/windows/deployment/update/images/WA-data-flow-v1.png differ
diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index bfb7bc57df..6314e24f8e 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -176,9 +176,23 @@ Windows Analytics is fully committed to privacy, centering on these tenets:
- **Security:** Your data is protected with strong security and encryption
- **Trust:** Windows Analytics supports the Microsoft Online Service Terms
+The following illustration shows how diagnostic data flows from individual devices through the Diagnostic Data Service, Azure Log Analytics storage, and to your Log Analytics workspace:
+
+[](images/WA-data-flow-v1.png)
+
+The data flow sequence is as follows:
+
+1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
+2. An IT administrator creates an Azure Log Analytics workspace. The administrator chooses the location, copies the Commercial ID (which identifies that workspace), and then pushes Commercial ID to devices they want to monitor. This is the mechanism that specifies which devices appear in which workspaces.
+3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management service.
+4. These snapshots are copied to transient storage which is used only by Windows Analytics (also hosted in US data centers) where they are segregated by Commercial ID.
+5. The snapshots are then copied to the appropriate Azure Log Analytics workspace.
+6. If the IT administrator is using the Upgrade Readiness solution, user input from the IT administrator (specifically, the target operating system release and the importance and upgrade readiness per app) is stored in the Windows Analytics Azure Storage. (Upgrade Readiness is the only Windows Analytics solution that takes such user input.)
+
+
See these topics for additional background information about related privacy issues:
-- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windowsconfiguration/configure-windows-diagnostic-data-in-your-organization)
+- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
- [Windows 7, Windows 8, and Windows 8.1 Appraiser Telemetry Events, and Fields](https://go.microsoft.com/fwlink/?LinkID=822965) (link downloads a PDF file)
- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703)
- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields)