diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 9e9233eb13..efe7a5e648 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -476,7 +476,7 @@
     }
   ],
   "notification_subscribers": [
-    "brianlic@microsoft.com"
+    "elizapo@microsoft.com"
   ],
   "branches_to_filter": [
     ""
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index efe7260cf6..529ea30531 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -6225,6 +6225,11 @@
 "redirect_url": "/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions",
 "redirect_document_id": true
 },
+{
+    "source_path": "windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md",
+    "redirect_url": "/windows/configuration/setup-kiosk-digital-signage",
+    "redirect_document_id": true
+},
 {
 "source_path": "windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
 "redirect_url": "/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition",
@@ -13134,6 +13139,39 @@
 "source_path": "windows/deployment/windows-10-auto-pilot.md",
 "redirect_url": "/windows/deployment/windows-autopilot/windows-10-autopilot",
 "redirect_document_id": true
-}
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+
+
+
 ]
 }
diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 016f1295f1..fcdd64629c 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -1,1010 +1,579 @@
 ---
 description: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings.
 ms.assetid: 2e849894-255d-4f68-ae88-c2e4e31fa165
-author: eross-msft
+author: shortpatti
+ms.author: pashort
+manager: elizapo
 ms.prod: edge
 ms.mktglfcycl: explore
 ms.sitesec: library
 title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)
 ms.localizationpriority: high
-ms.date: 09/13/2017 #Previsou release date
+ms.date: 4/20/2018 #Previous release date 09/13/2017
 ---
 
-<!-- pashort 2/9/2018: as per Brian Altman, the documentation descrepancies must be addressed for RS5. Find out what those discrepancies are. Scenario 15403628 -->
-
 # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
 
 > Applies to: Windows 10, Windows 10 Mobile
 
-Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
+Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
 
-By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
+By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that is linked to a domain, and then apply all of those settings to every computer in the domain.
 
 > [!NOTE]
 > For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
 
-## Group Policy settings
+
 Microsoft Edge works with the following Group Policy settings to help you manage your company's web browser configurations. The Group Policy settings are found in the Group Policy Editor in the following location: 
 
-`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`
+Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\
 
-<!-- original text 
-Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations:
--->
+## Allow Address bar drop-down list suggestions
+>*Supporteded versions: Windows 10, version 1703 or later*
 
-### Allow Address bar drop-down list suggestions
->*Supporteded versions: Windows 10, version 1703*
+The Address bar drop-down list, when enabled, allows the Address bar drop-down functionality in Microsoft Edge. By default, this policy is enabled. If disabled, you do not see the address bar drop-down functionality and disables the user-defined policy "Show search and site suggestions as I type."  Therefore, because search suggestions are shown in the drop-down, this policy takes precedence over the [Configure search suggestions in Address bar](https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies?branch=pashort_edge-backlog_vsts15846461#configure-search-suggestions-in-address-bar) or [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) policy.
+
+If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend that you disable this policy. 
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |
+|Supported devices |Desktop  |
+|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Not Allowed. Address bar drop-down is disabled, which also disables the user-defined policy, "Show search and site suggestions as I type."</li><li>**1 (default)** - Allowed. Address bar drop-down is enabled.</li></ul> |
 
-This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
-| If you... | Then... |
-| --- | --- |
-| Enable (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | 
-| Disable | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
  
-### Allow Adobe Flash
+## Allow Adobe Flash
 >*Supporteded version: Windows 10*
 
-This policy setting lets you decide whether employees can run Adobe Flash on Microsoft Edge.
-| If you… | Then… |
-| --- | --- |
-| Enable or don’t configure (default) | Employees can use Adobe Flash. | 
-| Disable | Employees cannot use Adobe Flash. | 
+Adobe Flash is integrated with Microsoft Edge and is updated via Windows Update. By default, this policy is enabled or not configured allowing you to use Adobe Flash Player in Microsoft Edge. 
 
-### Allow clearing browsing data on exit
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |
+|Supported devices |Desktop  |
+|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Adobe Flash cannot be used Microsoft Edge.</li><li>**1 (default)** - Adobe Flash can be used in Microsoft Edge. </li></ul> |
+
+## Allow clearing browsing data on exit
 >*Supporteded versions: Windows 10, version 1703*
 
-This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
-| If you… | Then… |
-| --- | --- |
-| Enable | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
-| Disable or don’t configure (default) | Employees can turn on and configure the Clear browsing data option under Settings. |
+Your browsing data is the information that Microsoft Edge remembers and stores as you browse websites. Browsing data includes information you entered into forms, passwords, and the websites you visited. By default, this policy is disabled or not configured, the browsing data is not cleared when exiting. When this policy is disabled or not configured, you can turn on and configure the Clear browsing data option under Settings. 
 
-### Allow Developer Tools
+
+**Microsoft Intune to manage your MDM settings**
+|   |   |
+|---|---|
+|MDM name |[ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |
+|Supported devices |Desktop  |
+|URI full path | ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.</li><li>**1** - Browsing data is cleared on exit.</li></ul> |
+
+
+## Allow Cortana
+>*Supported versions: Windows 10, version 1607 or later*
+
+Cortana is integrated with Microsoft Edge, and when enabled, Cortana allows you use the voice assistant on your device. If disabled, Cortana is not available for use, but you can search to find items on your device. 
+
+**Microsoft Intune to manage your MDM settings**
+|   |   |
+|---|---|
+|MDM name |[AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) |
+|Supported devices |Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCortana  |
+|Location |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortana |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Not allowed.</li><li>**1 (default)** - Allowed.</li></ul> |
+
+## Allow Developer Tools
 >*Supporteded versions: Windows 10, version 1511 or later*
 
-This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
-| If you… | Then… | 
-| --- | --- |
-| Enable (default) | F12 Developer Tools are available. |
-| Disable | F12 Developer Tools are not available. |
+F12 developer tools is a suite of tools to help you build and debug your webpage. By default, this policy is enabled making the F12 Developer Tools availabe to use.  
 
-### Allow Extensions
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - The F12 Developer Tools are disabled.</li><li>**1 (default)** - The F12 Developer Tools are enabled.</li></ul> |
+
+
+## Allow Extensions
 >*Supporteded versions: Windows 10, version 1607 or later*
 
-This policy setting lets you decide whether employees can use Microsft Edge Extensions.
-| If you… | Then… |
-| --- | --- |
-| Enable | Employees can use Microsoft Edge Extensions. |
-| Disable | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company Disable setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Microsoft Edge Extensions. |
+If you enable this policy, you can personalize and add new features to Microsoft Edge with extensions. By default, this policy is enabled. If you want to prevent others from installing unwanted extensions, disable this policy.
 
-### Allow InPrivate browsing
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowExtensions  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Microsoft Edge extensions are disabled.</li><li>**1 (default)** - Microsoft Edge Extensions are enabled. </li></ul> |
+
+## Allow InPrivate browsing
 >*Supporteded versions: Windows 10, version 1511 or later*
 
-This policy setting lets you decide whether employees can browse using InPrivate website browsing.
-| If you… | Then… |
-| --- | --- |
-| Enable (default) | Employees can use InPrivate website browsing. |
-| Disable | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
+InPrivate browsing, when enabled, prevents your browsing data is not saved on your device. Microsoft Edge deletes temporary data from your device after all your InPrivate tabs are closed. 
 
-### Allow Microsoft Compatibility List
->*Supporteded versions: Windows 10, version 1607 or later*
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - InPrivate browsing is disabled.</li><li>**1 (default)** - InPrivate browsing is enabled.</li></ul> |
 
-This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. <!-- <span style="background: #ffff99;">[@Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?]</span> -->
-| If you… | Then… |
-| --- | --- |
-| Enable (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. |
-| Disable | Browser navigation does not use the Microsoft Compatibility List. |
+## Allow Microsoft Compatibility List
+>*Supporteded versions: Windows 10, version 1703 or later*
 
-### Allow search engine customization
->*Supported versions: Windows 10, version 1703*
+Microsoft Edge uses the compatibility list that helps websites with known compatibility issues display properly. When enabled, Microsoft Edge checks the list to determine if the website has compatibility issues during browser navigation. By default, this policy is enabled allowing periodic downloads and installation of updates. Visiting any site on the Microsoft compatibility list prompts the employee to use Internet Explorer 11, where the site renders as though it is in whatever version of IE is necessary for it to appear properly. If disabled, the compatibility list is not used.
 
-This policy setting lets you decide whether users can change their search engine. Important. You can only use this setting with domain-joined or MDM-enrolled devices. 
 
-For more info, see the [Microsoft browser extension policy](http://aka.ms/browserpolicy).
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Disabled. The Microsoft compatibility list is ignored.</li><li>**1 (default)** - Enabled. The Microsoft compatibility list is periodically update and used during browser navigation.</li></ul> |
 
-| If you… | Then… |
-| --- | --- |
-| Enable or don’t configure (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. | 
-| Disable | Employees cannot add search engines or change the default used in the Address bar. |
+## Allow search engine customization
+>*Supported versions: Windows 10, version 1703 or later*
 
-### Allow web content on New Tab page
+This policy setting allows search engine customization for domain-joined or MDM-enrolled devices only. For example, you can change the default search engine or add a new search engine. By default, this setting is enabled allowing you to add new search engines and change the default under Settings. If disabled, you cannot add search enginess or change the default.
+
+For more information, see [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy).
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Additional search engines are not allowed and the default cannot be changed in the Address bar.</li><li>**1 (default)** - Additional search engines are allowed and the default can be changed in the Address bar.</li></ul> |
+
+## Allow web content on New Tab page
 >*Supported versions: Windows 10*
 
-This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees cannot change it.
-| If you… | Then… |
-| --- | --- |
-| Enable | Microsoft Edge opens a new tab with the New Tab page. |
-| Disable | Microsoft Edge opens a new tab with a blank page. | 
-| Do not configure (default) | Employees can choose how new tabs appear. |
+This policy setting lets you configure what appears when a New Tab page is opened in Microsoft Edge. By default, this setting is disabled or not configured, which means you cannot customize their New Tab page. If enabled, you can customize their New Tab page. 
 
-### Configure additional search engines
->*Supported versions: Windows 10, version 1703*
 
-This policy setting lets you add up to 5 additional search engines, which cannot be removed by your employees but can make a personal default engine. This setting does not set the default search engine. For that, you must use the "Set default search engine" setting.
-| If you… | Then… |
-| --- | --- |
-| Enable | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable setting (default) | Any added search engines are removed from the employee’s device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employee’s device?]</span> --> |
-| Do not configure | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: what’s the difference between “don’t configure this setting”, “Enable setting”, and “Disable this setting”?]</span> --> |
+## Always Enable book library
+>*Supporteded versions: Windows 10, version 1709 or later*
 
-### Configure Autofill
+This policy settings specifies whether to always show the Books Library in Microsoft Edge. By default, this setting is disabled, which means the library is only visible in countries or regions where available. if enabled, the Books Library is always shown regardless of countries or region of activation.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AlwaysEnableBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Disable. Use default visibility of the Books Library. The Library will be only visible in countries or regions where it’s available.</li><li>**1** - Enable. Always show the Books Library, regardless of countries or region of activation.</li></ul> |
+
+## Configure additional search engines
+>*Supported versions: Windows 10, version 1703 or later*
+
+This policy setting, when enabled, lets you add up to five additional search engines. Employees cannot remove these search engines, but they can set any one as the default. By default, this setting is not configured and does not allow additional search engines to be added. If disabled, the search engines added are deleted.
+
+For each additional search engine you add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/).
+
+This setting does not set the default search engine. For that, you must use the "Set default search engine" setting.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Additional search engines are not allowed.</li><li>**1** - Additional search engines are allowed.</li></ul> |
+
+## Configure Autofill
 >*Supported versions: Windows 10*
 
-This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill.
-| If you… | Then… |
-| --- | --- |
-| Enable  | Employees can use Autofill to populate form fields automatically. |
-| Disable  | Employees cannot use Autofill to populate form fields automatically. |
-| Do not configure (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
+This policy setting specifies whether AutoFill on websites is allowed. By default, this setting is not configured allowing you to choose whether or not to use AutoFill. If enabled, AutoFill is used. If disabled, AutoFill is not used. 
 
-### Configure cookies
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowAutofill  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Employees cannot use Autofill to complete form fields.</li><li>**1 (default)** - Employees can use Autofill to complete form fields.</li></ul> |
+
+## Configure cookies
 >*Supported versions: Windows 10*
 
-This setting lets you configure how to work with cookies.
-| If you… | Then… |
-| --- | --- |
-| Enable (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
-| Disable or do not configure | All cookies are allowed from all sites. |
+This policy setting specifies whether cookies are allowed. By default, this setting is enabled with the Block all cookies and Block only 3rd-party cookies options available.  If disabled or not configured, all cookies are allowed from all sites. 
 
-### Configure Do Not Track
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCookies  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Allows all cookies from all sites.</li><li>**1** - Blocks only cookies from 3rd party websites.</li><li>**2** - Blocks all cookies from all sites.</li></ul> |
+
+## Configure Do Not Track
 >*Supported versions: Windows 10*
 
-This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests.
-| If you… | Then… |
-| --- | --- |
-| Enable | Do Not Track requests are always sent to websites asking for tracking information. |
-| Disable | Do Not Track requests are never sent to websites asking for tracking information. | 
-| Do not configure (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
+This policy setting specifies whether Do Not Track requests to websites is allowed. By default, this setting is not configured allowing you to choose whether or not to send tracking information. If enabled, Do Not Track requests are always sent to websites asking for tracking information. If disabled, Do Not Track requests are never sent. 
 
-### Configure Favorites
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Stops you from sending Do Not Track headers to websites requesting tracking info.</li><li>**1** - Employees can send Do Not Track headers to websites requesting tracking info. </li></ul> |
+
+
+## Configure Favorites
+>*Supported versions: Windows 10, version 1709*
+
+This policy setting allows you to configure a default list of Favorites that appear for your employee, which they cannot modify, sort, move, export or delete. By default, this setting is disabled or not configured allowing you to customize the Favorites list, such as adding folders to organize their favorites.  If enabled, you are not allowed to add, import, or change anything in the Favorites list. As part of this, the Save a Favorite, Import settings, and context menu items (such as Create a new folder) are turned off.
+
+Specify the URL which points to the file that has all the data for provisioning favorites (in html format). 
+
+URL can be specified as:
+- HTTP location: "SiteList"="http://localhost:8080/URLs.html"
+- Local network: "SiteList"="\network\shares\URLs.html"
+- Local file: "SiteList"="file:///c:\Users\\Documents\URLs.html"
+
+You can export a set of favorites from Edge and use that html file for provisioning user machines. 
+
+>[!Important]
+>Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops you from syncing their favorites between Internet Explorer and Microsoft Edge. 
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites  |
+|Data type | String |
+
+
+## Configure Password Manager
+>*Supported versions: Windows 10*
+
+This policy setting specifies whether saving and managing passwords locally on the device is allowed. By default, this setting is enabled allowing you to save their passwords locally. If not configured, you can choose whether or not to save and manage passwords locally. If disabled, saving and managing passwords locally is turned off. 
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Employees cannot use Password Manager to save passwords locally.</li><li>**1** - Employees can use Password Manager to save passwords locally.</li></ul> |
+
+## Configure Pop-up Blocker
+>*Supported versions: Windows 10*
+
+This policy setting specifies whether pop-up blocker is allowed or enabled. By default, pop-up blocker is turned on. If not configured, you can choose whether to turn on or turn off pop-up blocker. If disabled, pop-up blocker is turned off.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPopups  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Turns off Pop-up Blocker, allowing pop-up windows.</li><li>**1** - Turns on Pop-up Blocker, stopping pop-up windows. </li></ul> |
+
+## Configure search suggestions in Address bar
+>*Supported versions: Windows 10*
+
+This policy setting specifies whether search suggestions are allowed in the address bar. By default, this setting is not configured allowing you to choose whether search suggestions appear in the address bar.  If enabled, search suggestions appear.  If disabled, search suggestions do not appear.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Employees cannot see search suggestions in the Address bar of Microsoft Edge.</li><li>**1** - Employees can see search suggestions in the Address bar of Microsoft Edge.</li></ul> |
+
+## Configure Start pages
 >*Supported versions: Windows 10, version 1511 or later*
 
-This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.]</span> -->
-| If you… | Then… |
-| --- | --- |
-| Enable | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
-| Disable or do not configure | Employees will see the Favorites that they set in the Favorites hub. |
+This policy setting specifies your Start pages for domain-joined or MDM-enrolled devices. By default, this setting is disabled or not configured. Therefore, the Start page is the webpages specified in App settings. If enabled, you can configure one or more corporate Start pages. If enabling this setting, you must include URLs separating multiple pages by using XML-escaped characters < and >, for example, **<\support.contoso.com><\support.microsoft.com>**. 
 
-### Configure Password Manager
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/HomePages  |
+|Data type |String |
+|Allowed values |Configure the Start page (previously known as Home page) URLs for your you. |
+
+## Configure the Adobe Flash Click-to-Run setting
+>*Supported versions: Windows 10, version 1703 or later*
+
+This policy setting specifies whether you must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. By default, this setting is enabled. when the setting is enabled, you must click the content, Click-to-Run button, or have the site appear on an auto-allow list before before the Adobe Flash content loads. If disabled, Adobe Flash loads and runs automatically.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Adobe Flash content is automatically loaded and run by Microsoft Edge.</li><li>**1 (default)** - An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.</li></ul> |
+
+## Configure the Enterprise Mode Site List
 >*Supported versions: Windows 10*
 
-This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.
-| If you… | Then… |
-| --- | --- |
-| Enable (default) | Employees can use Password Manager to save their passwords locally. |
-| Disable | Employees cannot use Password Manager to save their passwords locally. | 
-| Do not configure | Employees can choose whether to use Password Manager to save their passwords locally. |
-
-### Configure Pop-up Blocker
->*Supported versions: Windows 10*
-
-This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
-| If you… | Then… |
-| --- | --- |
-| Enable (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
-| Disable | Pop-up Blocker is turned off, letting pop-up windows appear. |
-| Do not configure | Employees can choose whether to use Pop-up Blocker. |
-
-### Configure search suggestions in Address bar
->*Supported versions: Windows 10*
-
-This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
-| If you… | Then… |
-| --- | --- |
-| Enable | Employees can see search suggestions in the Address bar. |
-| Disable | Employees cannot see search suggestions in the Address bar. |
-| Do not configure (default) | Employees can choose whether search suggestions appear in the Address bar. |
-
-### Configure Start pages
->*Supported versions: Windows 10, version 1511 or later*
-
-This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees will not be able to change this after you set it.
-| If you… | Then… |
-| --- | --- |
-| Enable | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |  
-| Disable or do not configure (default) | The default Start page is the webpage specified in App settings. |
-
-### Configure the Adobe Flash Click-to-Run setting
->*Supported versions: Windows 10, version 1703*
-
-This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default, enabled or disabled?]</span> -->
-| If you… | Then… |
-| --- | --- |
-| Enable or don’t configure | Employees must click the content, click the Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. |
-| Disable | Adobe Flash loads automatically and runs in Microsoft Edge. |
-
-### Configure the Enterprise Mode Site List
->*Supported versions: Windows 10*
-
-This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.
-| If you… | Then… |
-| --- | --- |
-| Enable | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
-Disable or do not configure (default) | Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
+This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. By default, this setting is disabled or not configured, which means the Enterprise Mode Site List is not used. In this case, you might experience compatibility problems while using legacy apps. If enabled, you must add the location to your site list in the **{URI}** box. when enabled, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.
 
 >[!Note] 
 >If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.<br><br>
 >If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one.  
 
-### Configure Windows Defender SmartScreen
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList  |
+|Data type | String |
+|Allowed values |<ul><li>Not configured.</li><li>**1 (default)** - Use the Enterprise Mode Site List, if configured.</li><li>**2** - Specify the location to the site list.</li></ul> |
+
+## Configure Windows Defender SmartScreen
 >*Supported versions: Windows 10*
 
-This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
-| If you… | Then… |
-| --- | --- |
-| Enable | Windows Defender SmartScreen is turned on, and employees cannot turn it off. | 
-| Disable | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
-| Do not configure | Employees can choose whether to use Windows Defender SmartScreen. |
+This policy setting specifies whether Windows Defender SmartScreen is allowed. By default, this setting is enabled or turned on and you cannot turn it off. If disabled, Windows Defender SmartScreen is turned off and you cannot turn it on. If not configured, you can choose whether to use Windows Defender SmartScreen.
 
-### Disable lockdown of Start pages
->*Supported versions: Windows 10, version 1703*
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Turns off Windows Defender SmartScreen.</li><li>**1** - Turns on Windows Defender SmartScreen, providing warning messages to your you about potential phishing scams and malicious software.</li></ul> |
 
-This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect <!-- <span style="background: #ffff99;">[@Reviewer: shouldn't this be “…is enabled” instead of "...is in effect"?]</span> -->. This setting only applies to domain-joined or MDM-enrolled devices. 
+## Disable lockdown of Start pages
+>*Supported versions: Windows 10, version 1703 or later*
 
-For more info, see the [Microsoft browser extension policy](http://aka.ms/browserpolicy).
+This policy setting specifies whether the lockdown on the Start pages is disabled on domain-joined or MDM-enrolled devices. By default, this policy is enabled locking down the Start pages according to the settings specified in the Browser/HomePages policy. When enabled, users cannot change the Start pages. If disabled, users can modify the Start pages.
 
-| If you… | Then… |
-| --- | --- |
-| Enable | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
-| Disable or do not configure (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. |                                                                 
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.</li><li>**1** - Disable lockdown of the Start pages and allow users to modify them.</li></ul> |
 
-### Keep favorites in sync between Internet Explorer and Microsoft Edge
->*Supported versions: Windows 10, version 1703*
+ 
+## Do not sync
+>*Supported versions: Windows 10*
 
-This policy setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge, including additions, deletions, changes, and position.
+This policy setting specifies whether you can use the Sync your Settings option to sync their settings to and from their device. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting you pick what can sync on their device. If enabled, the Sync your Settings options are turned off and none of the Sync your Setting groups are synced on the device. You can use the Allow users to turn syncing on option to turn the feature off by default, but to let the employee change this setting. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices).
 
-<!-- 
-<span style="background: #ffff99;">[@Reviewer: what is the default: enable or disable?]</span> -->
-| If you… | Then… |
-| --- | --- |
-| Enable | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
-| Disable or do not configure | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
+**Microsoft Intune to manage your MDM settings**
+|   |   |
+|---|---|
+|MDM name |[AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings  |
+|Location |Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync |
+|Data type | Integer |
+|Allowed values |<ul><li>**0** - Employees cannot sync settings between PCs.</li><li>**1 (default)** - Employees can sync between PCs.</li></ul> |
 
-### Prevent access to the about:flags page
+## Do not sync browser settings
+>*Supported versions: Windows 10*
+
+This policy setting specifies whether a browser group can use the Sync your Settings options to sync their information to and from their device. Settings include information like History and Favorites. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting browser groups pick what can sync on their device. If enabled, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting.
+
+## Keep favorites in sync between Internet Explorer and Microsoft Edge
+>*Supported versions: Windows 10, version 1703 or later*
+
+This policy setting specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including additions, deletions, modifications, and ordering. By default, this setting is disabled or not configured. When disabled or not configured, you cannot sync their favorites. If enabled, you can sync their favorites and stops Microsoft Edge favorites from syncing between connected Windows 10 devices. This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. 
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Synchronization is turned off.</li><li>**1** - Synchronization is turned on.</li></ul> |
+
+## Prevent access to the about:flags page
 >*Supported versions: Windows 10, version 1607 or later*
 
-This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
-| If you… | Then… |
-| --- | --- |
-| Enable | Employees cannot access the about:flags page. |
-| Disable or do not configure (default) | Employees can access the about:flags page. |                                                                 
+This policy setting specifies whether you can access the about:flags page, which is used to change developer settings and to enable experimental features. By default, this setting is disabled or not configured, which means you can access the about:flags page. If enabled, you cannot access the about:flags page.
 
-### Prevent bypassing Windows Defender SmartScreen prompts for files
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Employees can access the about:flags page in Microsoft Edge.</li><li>**1** - Employees cannot access the about:flags page in Microsoft Edge.</li></ul> |
+
+## Prevent bypassing Windows Defender SmartScreen prompts for files
 >*Supported versions: Windows 10, version 1511 or later*
 
-This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
-| If you… | Then… |
-| --- | --- |
-| Enable | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
-| Disable or do not configure (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |                                                                                                                                                  
-### Prevent bypassing Windows Defender SmartScreen prompts for sites
+This policy setting specifies whether you can override the Windows Defender SmartScreen warnings about downloading unverified files. By default, this setting is disabled or not configured (turned off), which means you can ignore the warnings and can continue the download process. If enabled (turned on), you cannot ignore the warnings and blocks them from downloading unverified files.  
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Lets you ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.</li><li>**1** - Stops you from ignoring the Windows Defender SmartScreen warnings about unverified files.</li></ul> |
+
+## Prevent bypassing Windows Defender SmartScreen prompts for sites
 >*Supported versions: Windows 10, version 1511 or later*
 
-This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
-| If you… | Then… |
-| --- | --- |
-| Enable | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
-| Disable or do not configure (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
+This policy setting specifies whether you can override the Windows Defender SmartScreen warnings about potentially malicious websites. By default, this setting is disabled or not configured (turned off), which means you can ignore the warnings and allows them to continue to the site. If enabled (turned on), you cannot ignore the warnings and blocks them from continuing to the site.
 
-### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
->*Supported versions: Windows 10, version 1703*
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Turns off Windows Defender SmartScreen.</li><li>**1** - Turns on Windows Defender SmartScreen.</li></ul> |
 
-This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
-| If you… | Then… |
-| --- | --- |
-| Enable | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. | 
-| Disable or do not configure (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
+## Prevent changes to Favorites on Microsoft Edge
+>*Supported versions: Windows 10, version 1709*
 
-
-### Prevent the First Run webpage from opening on Microsoft Edge
->*Supported versions: Windows 10, version 1703*
-
-This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.
-| If you… | Then… |
-| --- | --- |
-| Enable | Employees do not see the First Run page. |
-| Disable or do not configure (default) | Employees see the First Run page. |
-
-### Prevent using Localhost IP address for WebRTC
->*Supported versions: Windows 10, version 1511 or later*
-
-This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol.
-| If you… | Then… |
-| --- | --- |
-| Enable | Localhost IP addresses are hidden. |
-| Disable or do not configure (default) | Localhost IP addresses are visible. |
-
-### Send all intranet sites to Internet Explorer 11
->*Supported versions: Windows 10*
-
-This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
-| If you… | Then… |
-| --- | --- |
-| Enable | All intranet sites are opened in Internet Explorer 11 automatically. |
-| Disable or do not configure (default) | All websites, including intranet sites, open in Microsoft Edge. |
-
-### Set default search engine
->*Supported versions: Windows 10, version 1703*
-
-This policy setting applies only to domain-joined or MDM-enrolled devices and lets you configure the default search engine for Microsoft Edge. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. 
-
-For more info, see the [Microsoft browser extension policy](http://aka.ms/browserpolicy).
-
-| If you… | Then… |
-| --- | --- |
-| Enable | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
-| Disable | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
-| Do not configure | The default search engine is set to the one specified in App settings. |
+This policy setting specifies whether you can add, import, sort, or edit the Favorites list in Microsoft Edge. By default, this setting is disabled or not configured (turned on), which means the Favorites list is not locked down and you can make changes to the Favorites list. If enabled, you cannot make changes to the Favorites list. Also, the Save a Favorite, Import settings, and the context menu items, such as Create a new folder, are turned off. 
 
 >[!Important]
->If you'd like your employees to use the default Microsoft Edge settings for each market <!-- <span style="background: #ffff99;">[@Reviewer: what does “each market” refer to in this context?]</span> -->, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
+>Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops you from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-### Show message when opening sites in Internet Explorer
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Disabled. Do not lockdown Favorites.</li><li>**1** - Enabled. Lockdown Favorites.</li></ul> |
+
+## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
+>*Supported versions: Windows 10, version 1703 or later*
+
+This policy setting specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. By default, this setting is disabled or not configured (turned off), which means Microsoft servers are contacted if a site is pinned. If enabled (turned on), Microsoft servers are not contacted if a site is pinned.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.</li><li>**1** - Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.</li></ul> |
+
+## Prevent the First Run webpage from opening on Microsoft Edge
+>*Supported versions: Windows 10, version 1703 or later*
+
+This policy setting specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, the First Run webpage hosted on microsoft.com opens automatically. This policy allows enterprises, such as those enrolled in a zero-emissions configuration, to prevent this page from opening. By default, this setting is disabled or not configured (turned off), which means you see the First Run page. If enabled (turned on), the you do not see the First Run page.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Employees see the First Run webpage.</li><li>**1** - Employees do not see the First Run webpage.</li></ul> |
+
+## Prevent using Localhost IP address for WebRTC
+>*Supported versions: Windows 10, version 1511 or later*
+
+
+This policy setting specifies whether localhost IP address are visible or hiddle while making phone calls to the WebRTC protocol. By default, this setting is disabled or not configured (turned off), which means the localhost IP address are visible. If enabled (turned on), localhost IP addresses are hidden. 
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Shows an employee's LocalHost IP address while using the WebRTC protocol.</li><li>**1** - Does not show an employee's LocalHost IP address while using the WebRTC protocol.</li></ul> |
+
+
+## Send all intranet sites to Internet Explorer 11
+>*Supported versions: Windows 10*
+
+
+This policy setting specifies whether to send intranet traffic to Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge. By default, this setting is disabled or not configured (turned off), which means all websites, including intranet sites, open in Microsoft Edge. If enabled, all intranet sites are opened in Internet Explorer 11 automatically.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Automatically opens all websites, including intranet sites, using Microsoft Edge.</li><li>**1** - Automatically opens all intranet sites using Internet Explorer 11.</li></ul> |
+
+## Set default search engine
+>*Supported versions: Windows 10, version 1703 or later*
+
+
+This policy setting allows you to configure the default search engine for domain-joined or MDM-enrolled devices. By default, this setting is not configured, which means the default search engine is specified in App settings. In this case, you can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. If enabled, you can configure a default search engine for you. When enabled, you cannot change the default search engine. If disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. 
+
+To set the default search engine, you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see Search provider discovery. If you'd like your you to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your you to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
+
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |
+|Supported devices |Desktop<br>Mobile  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - The default search engine is set to the one specified in App settings.</li><li>**1** - Allows you to configure the default search engine for your you.</li></ul> |
+
+## Show message when opening sites in Internet Explorer
 >*Supported versions: Windows 10, version 1607 and later*
 
-This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
-| If you… | Then… |
-| --- | --- |
-| Enable | Employees see an additional page. |
-| Disable or do not configure (default) | No additional pages display. |
 
-## Using Microsoft Intune to manage your Mobile Device Management (MDM) settings for Microsoft Edge
-If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
+This policy setting specifies whether you see an additional page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List. By default, this policy is disabled, which means no additional pages display. If enabled, you see an additional page.
 
-> [!NOTE]
-> **Supported Devices** uses these options:
-> - **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
-> - **Mobile.** Supports Windows 10 Mobile devices only.
-> - **Both.** Supports both desktop and mobile devices.
+**Microsoft Intune to manage your MDM settings** 
+|   |   |
+|---|---|
+|MDM name |[ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |
+|Supported devices |Desktop  |
+|URI full path |./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInteretExplorer  |
+|Data type | Integer |
+|Allowed values |<ul><li>**0 (default)** - Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li><li>**1** - Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li></ul> |
 
-All devices must be enrolled with Intune if you want to use the Windows Custom URI Policy.
 
-### AllowAddressBarDropdown
-- **Supported versions:** Windows 10, version 1703
 
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type."
-        
-        - **1 (default).** Allowed. Address bar drop-down is enabled.
-
-### AllowAutofill
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Employees cannot use Autofill to complete form fields.
-        
-        - **1 (default).** Employees can use Autofill to complete form fields.
-
-### AllowBrowser
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Mobile
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowBrowser
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Employees cannot use Microsoft Edge.
-
-        - **1 (default).** Employees can use Microsoft Edge. 
-
-### AllowCookies
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Allows all cookies from all sites.
-        
-        - **1.** Blocks only cookies from 3rd party websites.
-
-        - **2.** Blocks all cookies from all sites.
-
-### AllowDeveloperTools
-- **Supported versions:** Windows 10, version 1511 or later
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Employees cannot use the F12 Developer Tools.
-        
-        - **1 (default).** Employees can use the F12 Developer Tools.
-
-### AllowDoNotTrack
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Stops employees from sending Do Not Track headers to websites requesting tracking info.
-        
-        - **1.** Employees can send Do Not Track headers to websites requesting tracking info.    
-
-### AllowExtensions
-- **Supported versions:** Windows 10, version 1607 and later
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Employees cannot use Edge Extensions.
-        
-        - **1 (default).** Employees can use Edge Extensions.    
-
-### AllowFlash
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Not allowed. Employees cannot use Adobe Flash.
-        
-        - **1 (default).** Allowed. Employees can use Adobe Flash.    
-
-### AllowFlashClickToRun
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Desktop|
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.**  Adobe Flash content is automatically loaded and run by Microsoft Edge
-        
-        - **1 (default).** An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
-
-### AllowInPrivate
-- **Supported versions:** Windows 10, version 1511 or later
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Employees cannot use InPrivate browsing.
-        
-        - **1 (default).** Employees can use InPrivate browsing.
-
-### AllowMicrosoftCompatibilityList
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList
-
-    - **Data type:** Integer
-
-    - **Allowed values:** 
-
-        - **0.** Additional search engines are not allowed and the default cannot be changed in the Address bar.
-        
-        - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
-
-### AllowPasswordManager
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Employees cannot use Password Manager to save passwords locally.
-        
-        - **1.** Employees can use Password Manager to save passwords locally.
-
-### AllowPopups
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Turns off Pop-up Blocker, allowing pop-up windows.
-        
-        - **1.** Turns on Pop-up Blocker, stopping pop-up windows. 
-
-### AllowSearchEngineCustomization
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Additional search engines are not allowed and the default cannot be changed in the Address bar.
-        
-        - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
-
-
-### AllowSearchSuggestionsinAddressBar
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Employees cannot see search suggestions in the Address bar of Microsoft Edge.
-        
-        - **1.** Employees can see search suggestions in the Address bar of Microsoft Edge.
-
-### AllowSmartScreen
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Turns off Windows Defender SmartScreen.
-        
-        - **1.** Turns on Windows Defender SmartScreen, providing warning messages to your employees about potential phishing scams and malicious software.
-
-### ClearBrowsingDataOnExit
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.
-        
-        - **1.** Browsing data is cleared on exit.
-
-### ConfigureAdditionalSearchEngines
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Additional search engines are not allowed.
-        
-        - **1.**  Additional search engines are allowed.
-
-### DisableLockdownOfStartPages
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.
-        
-        - **1.** Disable lockdown of the Start pages and allow users to modify them.
-
-### EnterpriseModeSiteList
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList
-
-    - **Data type:** String
-
-    - **Allowed values:**
-
-        - Not configured.
-
-        - **1 (default).** Use the Enterprise Mode Site List, if configured.
-        
-        - **2.** Specify the location to the site list.
-
-            >[!NOTE]
-            >If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
-
-### Favorites
-- **Supported versions:** Windows 10, version 1511 or later
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/Favorites
-
-    - **Data type:** String
-
-    - **Allowed values:**
-
-        - Configure the **Favorite** URLs for your employees.
-        
-            **Example:**
-            
-                <contoso.com>
-                <fabrikam.com>
-            
-            URLs must be on separate lines and are not shared between Microsoft Edge and Internet Explorer 11.
-
-### FirstRunURL
-- **Supported versions:** Windows 10, version 1511 or later
-
-- **Supported devices:** Mobile
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/FirstRunURL
-
-    - **Data type:** String
-
-    - **Allowed values:**
-
-        - Configure the first run URL for your employees.
-        
-            **Example:**
-            
-                <contoso.one>
-
-### HomePages
-- **Supported versions:** Windows 10, version 1511 or later
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
-
-    - **Data type:** String
-
-    - **Allowed values:**
-
-        - Configure the Start page (previously known as Home page) URLs for your employees.
-        
-            **Example:**
-            
-                <contoso.com/support><fabrikam.com/support>
-
-### PreventAccessToAboutFlagsInMicrosoftEdge
-- **Supported versions:** Windows 10, version 1607 and later
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Employees can access the about:flags page in Microsoft Edge.
-        
-        - **1.** Employees cannot access the about:flags page in Microsoft Edge.
-
-### PreventFirstRunPage
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Employees see the First Run webpage.
-        
-        - **1.** Employees do not see the First Run webpage.
-
-### PreventLiveTileDataCollection
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.
-        
-        - **1.** Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.
-
-### PreventSmartScreenPromptOverride
-- **Supported versions:** Windows 10, version 1511 or later
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Turns off Windows Defender SmartScreen.
-        
-        - **1.** Turns on Windows Defender SmartScreen.
-
-### PreventSmartScreenPromptOverrideForFiles
-- **Supported versions:** Windows 10, version 1511 or later
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Lets employees ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.
-        
-        - **1.** Stops employees from ignoring the Windows Defender SmartScreen warnings about unverified files.
-
-### PreventUsingLocalHostIPAddressForWebRTC
-- **Supported versions:** Windows 10, version 1511 or later
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Shows an employee's LocalHost IP address while using the WebRTC protocol.
-        
-        - **1.** Does not show an employee's LocalHost IP address while using the WebRTC protocol.
-
-### SendIntranetTraffictoInternetExplorer
-- **Supported versions:** Windows 10
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Automatically opens all websites, including intranet sites, using Microsoft Edge.
-        
-        - **1.** Automatically opens all intranet sites using Internet Explorer 11.
-
-### SetDefaultSearchEngine
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** The default search engine is set to the one specified in App settings.
-        
-        - **1.** Allows you to configure the default search engine for your employees.
-
-### ShowMessageWhenOpeningInteretExplorerSites
-- **Supported versions:** Windows 10, version 1607 and later
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInteretExplorer
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
-        
-        - **1.** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
-
-### SyncFavoritesBetweenIEAndMicrosoftEdge
-- **Supported versions:** Windows 10, version 1703
-
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0 (default).** Synchronization is turned off.
-        
-        - **1.** Synchronization is turned on.
-
-        >[!Note]
-        >Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices.
-
-## Microsoft Edge and Windows 10-specific Group Policy settings
-These are additional Windows 10-specific Group Policy settings that work with Microsoft Edge.
-
-### Allow Cortana
-- **Location:** Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana
-
-- **Description:** This policy settings lets you decide whether employees can use Cortana.
-
-    - If you enable or do not configure this setting, employees can use Cortana on their devices.
-    
-    - If you disable this setting, employees will not be able to use Cortana on their devices.
-    
-        >[!Note]
-        >Employees can still perform searches even with Cortana turned off.
-
-### Do not sync
-- **Location:** Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync
-
-- **Description:** This policy settings lets you decide whether employees can use the Sync your Settings options to sync their settings to and from their device.
-
-    - If you enable this setting, the Sync your Settings options are turned off and none of the Sync your Setting groups are synced on the device. You can use the Allow users to turn syncing on option to turn the feature off by default, but to let the employee change this setting.
-    
-    - If you disable or do not configure this setting (default), the Sync your Settings options are turned on, letting employees pick what can sync on their device.
-    
-### Do not sync browser settings
-- **Location:** Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync browser settings
-
-- **Description:** This policy settings lets you decide whether a browser group can use the Sync your Settings options to sync their info to and from their device. This includes settings and info like History and Favorites.
-
-    - If you enable this setting, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting.
-    
-    - If you disable or do not configure this setting (default), the Sync your Settings options are turned on, letting browser groups pick what can sync on their device.
-
-
-## Microsoft Edge and Windows 10-specific MDM policy settings
-These are additional Windows 10-specific MDM policy settings that work with Microsoft Edge.
-
-### AllowCortana
-- **Supported devices:** Both
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Employees cannot use Cortana on their devices.
-        
-        - **1 (default).** Employees can use Cortana on their devices.
-
-### AllowSyncMySettings
-- **Supported devices:** Desktop
-
-- **Details:**
-
-    - **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings
-
-    - **Data type:** Integer
-
-    - **Allowed values:**
-
-        - **0.** Employees cannot sync settings between PCs.
-        
-        - **1 (default).** Employees can sync between PCs.
 
 ## Related topics
 * [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index cffe549908..fc8a612b80 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -1,14 +1,15 @@
 ---
 description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11.
 ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4
-author: eross-msft
+author: shortpatti
+ms.author: pashort
 ms.prod: edge
 ms.mktglfcycl: support
 ms.sitesec: library
 ms.pagetype: appcompat
 title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
 ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/15/2018
 ---
 
 # Use Enterprise Mode to improve compatibility
@@ -19,8 +20,6 @@ If you have specific web sites and apps that you know have compatibility problem
 
 Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
 
-<!-- Will RS5 have the need for the following note? -->
-[@Reviewer: will RS5 have the need for the following note?]
 >[!NOTE]
 >If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index 8650b4702c..a607034785 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -3,19 +3,20 @@ ms.localizationpriority: low
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Enable and disable add-ons using administrative templates and group policy
-author: eross-msft
+ms.author: pashort
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
 title: Enable and disable add-ons using administrative templates and group policy (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
-ms.date: 07/27/2017
+ms.date: 4/12/2018
 ---
 
 
 # Enable and disable add-ons using administrative templates and group policy
 Add-ons let your employees personalize Internet Explorer. You can manage IE add-ons using Group Policy and Group Policy templates.
 
-There are 4 types of add-ons:
+There are four types of add-ons:
 
 -   **Search Providers.** Type a term and see suggestions provided by your search provider.
 
@@ -57,7 +58,7 @@ You can use the Local Group Policy Editor to change how add-ons work in your org
 5.  Close the Local Group Policy Editor when you’re done.
 
 ## Using the CLSID and Administrative Templates to manage group policy objects
-Because every add-on has a Class ID (CLSID), you can use it to enable and disable specific add-ons, using Group Policy and Administrative Templates.
+Every add-on has a Class ID (CLSID) that you use to enable and disable specific add-ons, using Group Policy and Administrative Templates.
 
  **To manage add-ons**
 
@@ -65,22 +66,30 @@ Because every add-on has a Class ID (CLSID), you can use it to enable and disabl
 
     1.  Open IE, click **Tools**, and then click **Manage Add-ons**.
 
-    2.  Pick the add-on you want to change, and then right-click **More Information**.
-
-    3.  Click **Copy** and then close **Manage Add-ons** and IE.
+    2.  Double-click the add-on you want to change. 
 
+    3.  In the More Information dialog, click **Copy** and then click **Close**. 
+    
+    4. Open Notepad and paste the information for the add-on. 
+    
+    5. On the Manage Add-ons windows, click **Close**.
+    
+    6. On the Internet Options dialog, click **Close** and then close IE.
+    
 2.  From the copied information, select and copy just the **Class ID** value.
 
-3.  Open the Group Policy Management Editor and go to `Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`.
+    >[!NOTE]
+    >You want to copy the curly brackets as well as the CLSID: **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
+
+3.  Open the Group Policy Management Editor and go to: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
 <br>**-OR-**<br>
-Open the Local Group Policy Editor and go to `Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`.
+Open the Local Group Policy Editor and go to: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
 
-4.  Open the **Add-on List** Group Policy Object, pick **Enabled**, and then click **Show**.<br>
-**Show Contents** box appears.
+4.  Open the **Add-on List** Group Policy Object, select **Enabled**, and then click **Show**.<br>The Show Contents dialog appears.
 
-5.  In **Value Name**, put your copied Class ID.
+6.  In **Value Name**, paste the Class ID for your add-on, for example, **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
 
-6.  In **Value**, put:
+6.  In **Value**, enter one of the following:
 
     -   **0**. The add-on is disabled and your employees can’t change it.
 
@@ -88,11 +97,12 @@ Open the Local Group Policy Editor and go to `Computer Configuration\Administrat
 
     -   **2**. The add-on is enabled and your employees can change it.
 
-7.  Click **OK** and close the Group Policy editor.
-
- 
-
- 
+7.  Close the Show Contents dialog.
 
+7.  In the Group Policy editor, go to: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer.
 
+8.  Double-click **Automatically activate/enable newly installed add-ons** and select **Enabled**.<br><br>Enabling turns off the message prompting you to Enable or Don't enable the add-on.
 
+7.  Click **OK** twice to close the Group Policy editor.
+ 
+<!-- do they need to run the gpudate /force command? -->
\ No newline at end of file
diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md
index 2c07c79718..eae5a880c2 100644
--- a/devices/hololens/hololens-provisioning.md
+++ b/devices/hololens/hololens-provisioning.md
@@ -36,7 +36,6 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
 >Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
 
 1. On the Windows Configuration Designer start page, select **Advanced provisioning**.
-
 2. In the **Enter project details** window, specify a name for your project and the location for your project. Optionally, enter a brief description to describe your project.
 
 3. Click **Next**.
@@ -68,7 +67,7 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
 
 6. On the **Select security details for the provisioning package**, click **Next**.
 
-    >[WARNING!]
+    >[!WARNING]
     >If you encrypt the provisioning package, provisioning the HoloLens device will fail.  
 
 7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location.
diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md
index cc97f37aba..1ac6bbeed2 100644
--- a/devices/hololens/hololens-upgrade-enterprise.md
+++ b/devices/hololens/hololens-upgrade-enterprise.md
@@ -12,7 +12,7 @@ ms.date: 02/02/2018
 
 # Unlock Windows Holographic for Business features
 
-Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the [Commercial Suite](https://developer.microsoft.com/windows/mixed-reality/release_notes_-_august_2016#introducing_microsoft_hololens_commercial_suite), which provides extra features designed for business. 
+Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the [Commercial Suite](https://docs.microsoft.com/windows/mixed-reality/commercial-features), which provides extra features designed for business. 
 
 When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
 
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index d0cb5eb932..c3ab437724 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -16,6 +16,12 @@ ms.localizationpriority: medium
 
 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
 
+## April 2018
+
+New or changed topic | Description
+--- | ---
+[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions for Skype for Business Hybrid.
+
 ## March 2018
 
 New or changed topic | Description
diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index 44cc9145f9..dd8d127472 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -17,6 +17,9 @@ ms.localizationpriority: medium
 
 You can connect other devices to your Microsoft Surface Hub to display content. This topic describes the Guest Mode, Replacement PC Mode, and Video Out functionality available through wired connections, and also lists accessories that you can connect to Surface Hub using [Bluetooth](#bluetooth-accessories).
 
+>[!NOTE]
+>Surface Hub will use the video input that you select until a new connection is made, the existing connection is disrupted, or the Connect App is closed.
+
 ## Which method should I choose?
 
 When connecting external devices and displays to a Surface Hub, there are several available options. The method you use will depend upon your scenario and needs. 
diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md
index d5d8bbf104..a595ea198c 100644
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@@ -60,6 +60,9 @@ If you see a blank screen for long periods of time during the **Reset device** p
  
 In the Windows Recovery Environment (Windows RE), you can recover your device by downloading a factory build from the cloud and installing it on the Surface Hub. This allows devices in an unusable state to recover without requiring assistance from Microsoft Support.
 
+>[!NOTE]
+>The **Recover from the cloud** process requires an open internet connection (no proxy, or other authentications). An ethernet connection is recommended.
+
 ### Recover a Surface Hub in a bad state
 
 If the device account gets into an unstable state or the Admin account is running into issues, you can use cloud recovery in **Settings**. You should only use cloud recovery when [reset](#reset-a-surface-hub-from-settings) doesn't fix the problem.  
@@ -77,8 +80,6 @@ On rare occasions, a Surface Hub may encounter an error while cleaning up user a
 1.  From the welcome screen, toggle the Surface Hub's power switch 3 times. Wait a few seconds between each toggle. See the [Surface Hub Site Readiness Guide](https://www.microsoft.com/surface/support/surface-hub/surface-hub-site-readiness-guide) for help with locating the power switch. 
 2. The device should automatically boot into Windows RE. 
 3. After the Surface Hub enters Windows RE, select **Recover from the cloud**. (Optionally, you can choose **Reset**, however **Recover from the cloud** is the recommended approach.)
-    >[!NOTE]
-    >When using **Recover from the cloud**, an ethernet connection is recommended.
     
     ![Recover from the cloud](images/recover-from-cloud.png)
     
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index de3ffd59ee..b464e456dc 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -9,13 +9,17 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 02/21/2018
+ms.date: 04/12/2018
 ms.localizationpriority: medium
 ---
 
 # Hybrid deployment (Surface Hub)
 A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-prem), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
 
+>[!NOTE]
+>In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-prem). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
+
+<span id="exchange-on-prem" />
 ## Exchange on-premises
 Use this procedure if you use Exchange on-premises.
 
@@ -210,15 +214,10 @@ If your organization has set up [hybrid connectivity between Skype for Business
 
 The Surface Hub requires a Skype account of the type `meetingroom`, while a normal user would use a user type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account.
 
-In a hybrid Skype environment, you have to create the user on-premises first, then move the user to the cloud. This means that your user is present in both environments (which makes SIP routing possible). The move from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet which can only be used against user type accounts, not meetingroom type accounts. Because of this, you will not be able to move a Surface Hub account that has a meetingroom type of account. You might think of using the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet, unfortunately this will not work between the on-preisesm Skype server and Office 365 - it only works across on-premises Skype pools.
+In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
 
-To have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. Enable the account on the on-premises Skype server first:
-
-```
-Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName
-```
-
-After the Surface Hub account is enabled for Skype for Business on-premises, you can keep the account on-premises or you can move the Surface Hub account to Office 365, using the Move-CsUser cmdlet. [Learn more about moving a Skype user to Office 365.](https://technet.microsoft.com/library/jj204969.aspx)
+>[!NOTE]
+>To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
 
 
 ## Exchange online
@@ -406,13 +405,8 @@ If your organization has set up [hybrid connectivity between Skype for Business
 
 The Surface Hub requires a Skype account of the type *meetingroom*, while a normal user would use a *user* type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account.
  
-In a hybrid Skype environment, you have to create the user on-premises first, then move the user to the cloud. This means that your user is present in both environments (which makes SIP routing possible). The move from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet which can only be used against user type accounts, not meetingroom type accounts. Because of this, you will not be able to move a Surface Hub account that has a meetingroom type of account. You might think of using the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&MSPPError=-2147217396) cmdlet, unfortunately this will not work between the on-premises Skype server and Office 365 - it only works across on-premises Skype pools.
- 
-In order to have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. First follow the Exchange steps - either [online](#exchange-online) or [on-premises](#exchange-on-premises) - and, instead of enabling the user for Skype for Business Online as described, [enable the account](https://technet.microsoft.com/library/gg398711.aspx) on the on-premises Skype server:
+In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
 
-```PowerShell 
-Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName
-```
- 
-After the Surface Hub account is enabled for Skype for Business on-premises, you can keep the account on-premises or you can move the Surface Hub account to Office 365, using the Move-CsUser cmdlet. [Learn more about moving a Skype user to Office 365](https://technet.microsoft.com/library/jj204969.aspx).
+>[!NOTE]
+>To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
 
diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index 238158def7..dfed286bc9 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -25,17 +25,7 @@ Surface Hub has been validated with Microsoft’s first-party MDM providers:
 You can also manage Surface Hubs using any third-party MDM provider that can communicate with Windows 10 using the MDM protocol.
 
 ## <a href="" id="enroll-into-mdm"></a>Enroll a Surface Hub into MDM
-You can enroll your Surface Hubs using bulk or manual enrollment.
-
-> [!NOTE]
-> You can join your Surface Hub to Azure Active Directory (Azure AD) to manage admin groups on the device. However, Surface Hub does not currently support automatic enrollment to Microsoft Intune through Azure AD join. If your organization automatically enrolls Azure AD-joined devices into Intune, you must disable this policy for Surface Hub before joining the device to Azure AD.
->
-> **To enable automatic enrollment for Microsoft Intune**
-> 1. In the [Azure classic portal](https://manage.windowsazure.com/), navigate to the **Active Directory** node and select your directory. 
-> 2. Click the **Applications** tab, then click **Microsoft Intune**.
-> 3. Under **Manage devices for these users**, click **Groups**. 
-> 4. Click **Select Groups**, then select the groups of users you want to automatically enroll into Intune. **Do not include accounts that are used to enroll Surface Hubs into Intune.**
-> 5. Click the checkmark button, then click **Save**.
+You can enroll your Surface Hubs using bulk, manual, or automatic enrollment.
 
 ### Bulk enrollment
 **To configure bulk enrollment**
@@ -51,6 +41,20 @@ You can enroll your Surface Hubs using bulk or manual enrollment.
 4. Under **Device management**, select **+ Device management**.
 5. Follow the instructions in the dialog to connect to your MDM provider.
 
+### Automatic enrollment via Azure Active Directory join
+
+Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory. 
+
+**To enable automatic enrollment for Microsoft Intune**
+1. In the [Azure classic portal](https://manage.windowsazure.com/), navigate to the **Active Directory** node and select your directory. 
+2. Click the **Applications** tab, then click **Microsoft Intune**.
+3. Under **Manage devices for these users**, click **Groups**. 
+4. Click **Select Groups**, then select the groups of users you want to automatically enroll into Intune. 
+5. Click the checkmark button, then click **Save**.
+
+For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).
+
+
 ## Manage Surface Hub settings with MDM
 
 You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index 7ef2ae24a6..7c6a90015d 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 07/27/2017
+ms.date: 04/13/2018
 ms.localizationpriority: medium
 ---
 
@@ -100,13 +100,12 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
 
 8.  OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
 
-    ```PowerShell
-    Set-CsMeetingRoom HUB01 -DomainController DC-ND-001.contoso.com
-     -LineURItel: +14255550555;ext=50555" Set-CsMeetingRoom -DomainController DC-ND-001.contoso.com
-     -Identity HUB01 -EnterpriseVoiceEnabled $true
+   ```PowerShell
+    Set-CsMeetingRoom  -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI “tel:+14255550555;ext=50555"  -EnterpriseVoiceEnabled $true
     ```
 
     Again, you'll need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
+    
 
  
 
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index 077e16a6a5..cef7042de1 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -36,9 +36,10 @@ Additionally, note that Surface Hub requires the following open ports:
 - HTTP: 80
 - NTP: 123
 
-Depending on your environment, access to additional ports may be needed:
-- For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
-- For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). 
+If you are using Surface Hub with Skype for Business, you will need to open additional ports. Please follow the guidance below:
+- If you use Skype for Business Online, see [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
+- If you use Skype for Business Server, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). 
+- If you use a hybrid of Skype for Business Online and Skype for Business Server, you need to open all documented ports from [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) and [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx).
 
 Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list:
 - Diagnostic data client endpoint: `https://vortex.data.microsoft.com/`
diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md
index 33ef0f983f..71706b04fe 100644
--- a/devices/surface-hub/surface-hub-downloads.md
+++ b/devices/surface-hub/surface-hub-downloads.md
@@ -31,7 +31,7 @@ This topic provides links to useful Surface Hub documents, such as product datas
 | [Rolling Stand Mounting and Assembly Guide (PDF)](http://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Rolling_Stands_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the rolling stand, and how to mount your Surface Hub onto it. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/1f/94/1f949613-3e4a-41e3-ad60-fe8aa7134115.mov?n=04.07.16_installation_video_04_rolling_stand_mount.mov) |
 | [Mounts and Stands Datasheet (PDF)](http://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf) | Specifications and prices for all Surface Hub add-on stands and mounts that turn your workspace into a Surface Hub workspace. |
 | [Surface Hub Stand and Wall Mount Specifications (PDF)](http://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf) | Illustrated specifications for the 55” and 84” Surface Hub rolling stands, wall mounts, and floor-supported wall mounts. |
-| [Surface Hub Onsite Installation and Onsite Repair/Exchange Services FAQ (PDF)](http://download.microsoft.com/download/B/D/1/BD16D7C5-2662-4B7D-9C98-272CEB11A6F3/20160816%20SurfaceHub_Onsite%20Services%20FAQs%20FINAL.PDF) | Get answers to the most common questions about Surface Hub onsite service offerings and delivery. |
+
 
 
 
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index e7013de28c..7ad560c77e 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -15,7 +15,7 @@ ms.localizationpriority: medium
 
 Microsoft Whiteboard’s latest update (17.8302.5275X or greater) includes the capability for two Surface Hubs to collaborate in real time on the same board. 
 
-By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together. Mobile device management (MDM) allows you to control default settings and provides access to these capabilities. For more information about mobile device management for Surface Hub, see [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md).
+By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together. 
 
 ![example of a whiteboard with collaborative inking](images/wb-collab-example.png)
 
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index d535905d0d..0759f97b9a 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -45,26 +45,26 @@ Recent additions to the downloads for Surface devices provide you with options t
 ## Surface Book 2
 
 
-Download the following updates for Surface Book 2 from the Microsoft Download Center.
+Download the following updates for [Surface Book 2 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56261).
 * SurfaceBook2_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Laptop
 
 
-Download the following updates for Surface Laptop from the Microsoft Download Center.
+Download the following updates for [Surface Laptop from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55489).
 * SurfaceLaptop_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Pro
 
 
-Download the following updates for Surface Pro (Model 1796) from the Microsoft Download Center.
+Download the following updates for [Surface Pro (Model 1796) from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55484).
 
 * SurfacePro_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Pro with LTE Advanced
 
 
-Download the following updates for Surface Pro with LTE Advanced from the Microsoft Download Center.
+Download the following updates for [Surface Pro with LTE Advanced from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56278).
 * SurfacePro_LTE_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Studio
diff --git a/education/index.md b/education/index.md
index 1f982844d6..4a5f5a36ba 100644
--- a/education/index.md
+++ b/education/index.md
@@ -18,7 +18,7 @@ ms.date: 10/30/2017
                             <div class="card">
                                 <div class="cardImageOuter">
                                     <div class="cardImage">
-                                        <img data-hoverimage="/media/common/i_advanced.svg" src="/media/common/i_advanced.svg" alt="Learn more about Microsoft Education products." />
+                                        <img data-hoverimage="/media/common/i_advanced.svg" src="/media/common/i_advanced.svg" alt="" />
                                     </div>
                                 </div>
                                 <div class="cardText">
@@ -36,7 +36,7 @@ ms.date: 10/30/2017
                             <div class="card">
                                 <div class="cardImageOuter">
                                     <div class="cardImage">
-                                        <img data-hoverimage="/media/common/i_get-started.svg" src="/media/common/i_get-started.svg" alt="For IT Pros: Get started with Microsoft Education" />
+                                        <img data-hoverimage="/media/common/i_get-started.svg" src="/media/common/i_get-started.svg" alt="" />
                                     </div>
                                 </div>
                                 <div class="cardText">
@@ -54,7 +54,7 @@ ms.date: 10/30/2017
                             <div class="card">
                                 <div class="cardImageOuter">
                                     <div class="cardImage">
-                                        <img data-hoverimage="/media/common/i_download-install.svg" src="/media/common/i_download-install.svg" alt="Test Windows 10 S for education" />
+                                        <img data-hoverimage="/media/common/i_download-install.svg" src="/media/common/i_download-install.svg" alt="" />
                                     </div>
                                 </div>
                                 <div class="cardText">
@@ -88,7 +88,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/M365-education.svg" alt="Learn about Microsoft 365 Education" />
+                                                        <img src="images/M365-education.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -107,7 +107,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-get-started.svg" alt="For IT Pros: Get started with Microsoft Education" />
+                                                        <img src="/media/hubs/education/education-pro-get-started.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -126,7 +126,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-office365.svg" alt="Office 365 for Education" />
+                                                        <img src="/media/hubs/education/education-pro-office365.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -145,7 +145,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-intune.svg" alt="Microsoft Intune for Education" />
+                                                        <img src="/media/hubs/education/education-pro-intune.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -164,7 +164,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-windows10.svg" alt="Windows 10 for Education" />
+                                                        <img src="/media/hubs/education/education-pro-windows10.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -183,7 +183,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-school-data.svg" alt="School Data Sync" />
+                                                        <img src="/media/hubs/education/education-pro-school-data.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -202,7 +202,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-azure-directory.svg" alt="Azure Active Directory" />
+                                                        <img src="/media/hubs/education/education-pro-azure-directory.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -221,7 +221,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-store.svg" alt="Microsoft Store for Education" />
+                                                        <img src="/media/hubs/education/education-pro-store.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -240,7 +240,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-minecraft.svg" alt="Minecraft: Educaton Edition" />
+                                                        <img src="/media/hubs/education/education-pro-minecraft.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -259,7 +259,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/education-pro-usb.svg" alt="Set up School PCs" />
+                                                        <img src="images/education-pro-usb.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -278,7 +278,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/education-ms-teams.svg" alt="Meet Microsoft Teams" />
+                                                        <img src="images/education-ms-teams.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -312,7 +312,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-teachers-office-help.svg" alt="Office help and training" />
+                                                        <img src="/media/hubs/education/education-teachers-office-help.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -331,7 +331,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-teachers-windows-help.svg" alt="Windows help" />
+                                                        <img src="/media/hubs/education/education-teachers-windows-help.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -350,7 +350,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-store.svg" alt="Microsoft Store for Education" />
+                                                        <img src="/media/hubs/education/education-pro-store.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -369,7 +369,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-minecraft.svg" alt="Minecraft: Education Edition" />
+                                                        <img src="/media/hubs/education/education-pro-minecraft.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -388,7 +388,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-teachers-educator-community.svg" alt="Microsoft Educator Community" />
+                                                        <img src="/media/hubs/education/education-teachers-educator-community.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -407,7 +407,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/education-ms-teams.svg" alt="Meet Microsoft Teams" />
+                                                        <img src="images/education-ms-teams.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -426,7 +426,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/education-pro-usb.svg" alt="Set up School PCs" />
+                                                        <img src="images/education-pro-usb.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -460,7 +460,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-students-help.svg" alt="Get started for students" />
+                                                        <img src="/media/hubs/education/education-students-help.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -479,7 +479,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-students-office-help.svg" alt="Office help and training" />
+                                                        <img src="/media/hubs/education/education-students-office-help.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -498,7 +498,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-students-windows-help.svg" alt="Windows help" />
+                                                        <img src="/media/hubs/education/education-students-windows-help.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -517,7 +517,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-students-imagine.svg" alt="Microsoft Imagine" />
+                                                        <img src="/media/hubs/education/education-students-imagine.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -551,7 +551,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-developers-uwp-apps.svg" alt="UWP apps for education" />
+                                                        <img src="/media/hubs/education/education-developers-uwp-apps.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -570,7 +570,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-developers-api-test.svg" alt="Take a Test API" />
+                                                        <img src="/media/hubs/education/education-developers-api-test.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -589,7 +589,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-developers-office-education.svg" alt="Office Education Dev Center" />
+                                                        <img src="/media/hubs/education/education-developers-office-education.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -623,7 +623,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/education-partner-mepn-1.svg" alt="Microsoft Education Partner Network" />
+                                                        <img src="images/education-partner-mepn-1.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -642,7 +642,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/education-partner-aep-2.svg" alt="Authorized Education Partner home page" />
+                                                        <img src="images/education-partner-aep-2.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -661,7 +661,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/education-partner-directory-3.svg" alt="Authorized Education Partner directory" />
+                                                        <img src="images/education-partner-directory-3.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -680,7 +680,7 @@ ms.date: 10/30/2017
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="images/education-partner-yammer.svg" alt="Education Partner community Yammer group" />
+                                                        <img src="images/education-partner-yammer.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md
index c827683002..de19d69ecb 100644
--- a/education/trial-in-a-box/educator-tib-get-started.md
+++ b/education/trial-in-a-box/educator-tib-get-started.md
@@ -26,7 +26,8 @@ ms.date: 03/18/2018
 | [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?<sup>[1](#footnote1)</sup>** </br>Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
 | [![Launch Microsoft Teams](images/edu-TIB-setp-3-v3.png)](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** </br>Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
 | [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** </br>Open [OneNote](#edu-task4) and create an example group project for your class. |
-| [![Play with Minecraft: Education Edition](images/edu-TIB-setp-5-v3.png)](#edu-task5) | **Want to teach kids to further collaborate and problem solve?** </br>Play with [Minecraft: Education Edition](#edu-task5) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
+| [![Try Photos app](images/edu-tib-setp-5-v4.png)](#edu-task5) | **Curious about telling stories through video?** </br>Try the [Photos app](#edu-task5) to make your own example video. |
+| [![Play with Minecraft: Education Edition](images/edu-tib-setp-6-v4.png)](#edu-task6) | **Want to teach kids to further collaborate and problem solve?** </br>Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
 |  |  |
 
 </br>
@@ -34,6 +35,7 @@ ms.date: 03/18/2018
 > [!VIDEO https://www.youtube.com/embed/3nqooY9Iqq4]
 
 </br>
+</br>
 
 
 ![Log in to Device A and connect to the school network](images/edu-TIB-setp-1-jump.png) 
@@ -44,6 +46,7 @@ To try out the educator tasks, start by logging in as a teacher.
 2. Log in to **Device A** using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit.
 3. Connect to your school's Wi-Fi network or connect with a local Ethernet connection.
 
+</br>
 </br>
 
 ![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png) 
@@ -76,6 +79,7 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse
   | ![Word Online Text to Speech](images/wordonline_tts.png) | ![Word Online Text Preferences](images/wordonline_text_preferences.png) | ![Word Online Grammar Options](images/wordonline_grammar_options.png) | ![Word Online Line Focus](images/wordonline_line_focus.png) |
 
 </br>
+</br>
 
 ![Spark communication, critical thinking, and creativity with Microsoft Teams](images/edu-TIB-setp-3-jump.png) 
 ## <a name="edu-task3"></a>3. Spark communication, critical thinking, and creativity in the classroom
@@ -94,6 +98,7 @@ Take a guided tour of Microsoft Teams and test drive this digital hub.
 1. Take a guided tour of Microsoft Teams and test drive some teaching tasks. Open the Microsoft Edge browser and navigate to <a href="https://msteamsdemo.azurewebsites.net/" target="_blank">https://msteamsdemo.azurewebsites.net</a>.
 2. Use your school credentials provided in the **Credentials Sheet**.
 
+</br>
 </br>
 
 ![Expand classroom collaboration and interaction with OneNote](images/edu-TIB-setp-4-jump.png) 
@@ -127,9 +132,56 @@ When you're not using the pen, just use the magnet to stick it to the left side
     ![OneNote Researcher](images/onenote_researcher.png)
 
 </br>
+</br>
+
+![Inspire your students to tell their stories through video!](images/edu-tib-setp-5-jump2.png)
+## <a name="edu-task5"></a>5. Engage with students by creating videos
+
+PHOTOS APP VIDEO COMING SOON!
+</br>
+
+The Photos app now has a built-in video editor, making it easy for you and your students to create movies using photos, video clips, music, 3D models, and special effects.  Improve comprehension, unleash creativity, and capture your student’s imagination through video.
+
+**Try this!**
+Use video to create a project summary.
+
+1. Check you have the latest version of Microsoft Photos. Open the **Start** menu and search for **Store**. Select the **See more** button (**…**) and select **Downloads and updates**. Select **Get updates**.   
+2. Open Microsoft Edge and visit <a href="http://aka.ms/PhotosTIB" target="_blank">http://aka.ms/PhotosTIB</a> to download a zip file of the project media.   
+3. Once the download has completed, open the zip file and select **Extract** > **Extract all**.  Select **Browse** and choose the **Pictures** folder as the destination, and then select **Extract**.  
+4. In the **Start** menu, search for **Photos** or select the Photos tile to launch the app.  
+5. Select the first video to preview it full screen. Select **Edit & Create**, then select **Create a video with text**.
+  1. If you don't see the **Edit & Create** menu, select the video and the menu will appear at the top of the screen. 
+6. Name your project “Laser Maze Project.” Hit Enter to continue.   
+7. Select **Add photos and videos** and then **From my collection**. Scroll to select the 6 additional videos and select **Add**.
+8. Drag the videos to the Storyboard, one by one. Your project should look roughly like this:
+
+  ![Photos app layout showing videos added in previous steps](images/photo_app_1.png)
+
+9. Select the first card in the Storyboard (the video of the project materials) and select **Text**, type a title in, a text style, a layout, and select **Done**. 
+10.	Select the third card in the Storyboard (the video of the children assembling the maze) and select **Trim**.  Drag the trim handle on the left to shorten the duration of the clip and select **Done**. 
+11.	Select the last card on the Storyboard and select **3D effects**.
+  1. Position the playback indicator to be roughly 1 second into the video clip, or when the boy moves down to examine the laser.  
+  2. Find the **lightning bolt** effect and click or drag to add it to the scene.  Rotate, scale, and position the effect so it looks like the lightning is coming out of the laser beam and hitting the black back of the mirror.
+  3. Position the blue anchor over the end of the laser pointer in the video and toggle on **Attach to a point** for the lightning bolt effect to anchor the effect in the scene.
+  4. Play back your effect.
+  5. Select **Done** when you have it where you want it.
+
+  ![Lighting bolt effect being added to a video clip](images/photo_app_2.png)
+
+12. Select **Music** and select a track from the **Recommended** music collection.
+  1. The music will update automatically to match the length of your video project, even as you make changes.
+  2. If you don’t see more than a few music options, confirm that you’re connected to Wi-Fi and then close and re-open Microsoft Photos (returning to your project via the **Albums** tab). Additional music files should download in the background.
+13. You can adjust the volume for the background music using the **Music volume** button.  
+14. Preview your video to see how it all came together.
+15. Select **Export or share** and select either the **Small** or **Medium** file size. You can share your video to social media, email, or another apps.  
+
+Check out this use case video of the Photos team partnering with the Bureau Of Fearless Ideas in Seattle to bring the Photos app to local middle school students: <a href="https://www.youtube.com/watch?v=0dFFAu6XwPg" target="_blank">https://www.youtube.com/watch?v=0dFFAu6XwPg</a>
+</br>
+</br>
+</br>
 
 ![Further collaborate and problem solve with Minecraft: Education Edition](images/edu-TIB-setp-5-jump.png) 
-## <a name="edu-task5"></a>5. Get kids to further collaborate and problem solve
+## <a name="edu-task6"></a>6. Get kids to further collaborate and problem solve
 
 > [!VIDEO https://www.youtube.com/embed/QI_bRNUugog]
 
diff --git a/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png b/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png
new file mode 100644
index 0000000000..684bc59a50
Binary files /dev/null and b/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-5-v4.png b/education/trial-in-a-box/images/edu-tib-setp-5-v4.png
new file mode 100644
index 0000000000..d1d3f51fb8
Binary files /dev/null and b/education/trial-in-a-box/images/edu-tib-setp-5-v4.png differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-6-v4.png b/education/trial-in-a-box/images/edu-tib-setp-6-v4.png
new file mode 100644
index 0000000000..c46d7861af
Binary files /dev/null and b/education/trial-in-a-box/images/edu-tib-setp-6-v4.png differ
diff --git a/education/trial-in-a-box/images/photo_app_1.png b/education/trial-in-a-box/images/photo_app_1.png
new file mode 100644
index 0000000000..b5e6a59f63
Binary files /dev/null and b/education/trial-in-a-box/images/photo_app_1.png differ
diff --git a/education/trial-in-a-box/images/photo_app_2.png b/education/trial-in-a-box/images/photo_app_2.png
new file mode 100644
index 0000000000..69ec9b01dd
Binary files /dev/null and b/education/trial-in-a-box/images/photo_app_2.png differ
diff --git a/education/trial-in-a-box/index.md b/education/trial-in-a-box/index.md
index 62510022e6..486c9358c7 100644
--- a/education/trial-in-a-box/index.md
+++ b/education/trial-in-a-box/index.md
@@ -28,7 +28,7 @@ Welcome to Microsoft Education Trial in a Box. We built this trial to make it ea
 
 </br>
 
-| ![Get started for Educators](images/teacher_rotated_resized.png) | ![Get started for IT Admins](images/itadmin_rotated_resized.png) |
+| [![Get started for Educators](images/teacher_rotated_resized.png)](educator-tib-get-started.md) | [![Get started for IT Admins](images/itadmin_rotated_resized.png)](itadmin-tib-get-started.md) |
 | :---: | :---: | 
 | <span style="font-size: 1.5em">**Educator**</span></br>Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. </br>[Get started](educator-tib-get-started.md) | <span style="font-size: 1.5em">**IT Admin**</span></br>Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. </br> [Get started](itadmin-tib-get-started.md) |
 
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index 5659364a47..fad685b3d2 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -10,7 +10,7 @@ searchScope:
   - Store
 author: trudyha
 ms.author: trudyha
-ms.date: 11/01/2017
+ms.date: 3/30/2018
 ---
 
 # Working with Microsoft Store for Education
diff --git a/education/windows/images/sfe-roles.png b/education/windows/images/sfe-roles.png
index d208fb29b7..63a9290371 100644
Binary files a/education/windows/images/sfe-roles.png and b/education/windows/images/sfe-roles.png differ
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index c4c3cbd233..8164b32aca 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -9,7 +9,7 @@ ms.pagetype: edu
 ms.localizationpriority: high
 author: CelesteDG
 ms.author: celested
-ms.date: 03/12/2018
+ms.date: 04/04/2018
 ---
 
 # Technical reference for the Set up School PCs app 
@@ -290,7 +290,8 @@ The Set up School PCs app produces a specialized provisioning package that makes
 <tr><td><p>Accounts: Block Microsoft accounts</p><p>**Note** Microsoft accounts can still be used in apps.</p></td><td><p>Enabled</p></td></tr>
 <tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled</p> </td>
 </tr> 
-<tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart</p> </td> <td> <p> Disabled</p> </td> 
+<tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart</p> </td> <td> <p> Disabled</p> </td>
+</tr> 
 <tr> <td> <p> User Account Control: Behavior of the elevation prompt for standard users </p> </td> <td> <p> Auto deny</p> </td>
 </tr> 
 </tbody>
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index 17e228afb1..6f39869fb3 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -88,7 +88,7 @@ Check with your device manufacturer before trying Windows 10 S on your device to
 | <a href="https://support.hp.com/us-en/document/c05588871" target="_blank">HP</a> | <a href="http://consumer.huawei.com/cn/support/notice/detail/index.htm?id=1541" target="_blank">Huawei</a> | <a href="https://www.i-life.us/not-available/" target="_blank">I Life</a> |
 | <a href="http://www.inet-tek.com/en/product-qadetail-86.html" target="_blank">iNET</a> | <a href="https://www.intel.com/content/www/us/en/support/boards-and-kits/000025096.html" target="_blank">Intel</a> | <a href="http://irbis-digital.ru/support/podderzhka-windows-10-s/" target="_blank">LANIT Trading</a> |
 | <a href="https://support.lenovo.com/us/en/solutions/ht504589" target="_blank">Lenovo</a> | <a href="http://www.lg.com/us/content/html/hq/windows10update/Win10S_UpdateInfo.html" target="_blank">LG</a> | <a href="https://www2.mouse-jp.co.jp/ssl/user_support2/info.asp?N_ID=361" target="_blank">MCJ</a> | 
-| <a href="http://support.linxtablets.com/WindowsSupport/Articles/Windows_10_S_Supported_Devices.aspx" target="_blank">Micro P/Exertis</a> | <a href="https://www.microsoft.com/surface/en-us/support/windows-and-office/surface-devices-that-work-with-windows-10-s" target="_blank">Microsoft</a> | <a href="https://www.msi.com/Landing/Win10S" target="_blank">MSI</a> | 
+| <a href="http://support.linxtablets.com/WindowsSupport/Articles/Windows_10_S_Supported_Devices.aspx" target="_blank">Micro P/Exertis</a> | <a href="https://support.microsoft.com/en-us/help/4094045/surface-devices-that-work-with-windows-10-s" target="_blank">Microsoft</a> | <a href="https://www.msi.com/Landing/Win10S" target="_blank">MSI</a> | 
 | <a href="https://panasonic.net/cns/pc/Windows10S/" target="_blank">Panasonic</a> | <a href="http://www.bangho.com.ar/windows10s" target="_blank">PC Arts</a> | <a href="http://www.positivoinformatica.com.br/atualizacao-windows-10" target="_blank">Positivo SA</a> | 
 | <a href="http://www.br.vaio.com/atualizacao-windows-10/" target="_blank">Positivo da Bahia</a> | <a href="http://www.samsung.com/us/support/windows10s/" target="_blank">Samsung</a> | <a href="http://www.teclast.com/zt/aboutwin10s/" target="_blank">Teclast</a> | 
 | <a href="http://www.dospara.co.jp/support/share.php?contents=about_windows10s" target="_blank">Thirdwave</a> | <a href="http://www.tongfangpc.com/service/win10.aspx" target="_blank">Tongfang</a> | <a href="http://win10upgrade.toshiba.com/win10s/information?region=TAIS&country=US&lang=en" target="_blank">Toshiba</a> | 
diff --git a/education/windows/windows-automatic-redeployment.md b/education/windows/windows-automatic-redeployment.md
index f65d87c10f..5d64b44037 100644
--- a/education/windows/windows-automatic-redeployment.md
+++ b/education/windows/windows-automatic-redeployment.md
@@ -92,16 +92,10 @@ Windows Automatic Redeployment is a two-step process: trigger it and then authen
 
 Windows Automatic Redeployment will fail when the [Windows Recovery Environment (WinRE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is not enabled on the device. You will see `Error code: ERROR_NOT_SUPPORTED (0x80070032)`.
 
-To check if WinRE is enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
+To make sure WinRE is enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
 
 ```
-reagent /info
-```
-
-If WinRE is not enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
-
-```
-reagent /enable
+reagentc /enable
 ```
 
 If Windows Automatic Reployment fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.
diff --git a/mdop/mbam-v25/about-mbam-25-sp1.md b/mdop/mbam-v25/about-mbam-25-sp1.md
index 8cd8dc5a1b..dacedac502 100644
--- a/mdop/mbam-v25/about-mbam-25-sp1.md
+++ b/mdop/mbam-v25/about-mbam-25-sp1.md
@@ -230,9 +230,8 @@ MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part o
 For more information and late-breaking news that is not included in this documentation, see [Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md).
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
diff --git a/mdop/mbam-v25/about-mbam-25.md b/mdop/mbam-v25/about-mbam-25.md
index fa12092dab..cbde231c72 100644
--- a/mdop/mbam-v25/about-mbam-25.md
+++ b/mdop/mbam-v25/about-mbam-25.md
@@ -355,9 +355,8 @@ MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part o
 For more information and late-breaking news that is not included in this documentation, see [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md).
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
diff --git a/mdop/mbam-v25/accessibility-for-mbam-25.md b/mdop/mbam-v25/accessibility-for-mbam-25.md
index c4b1726472..006f3acba5 100644
--- a/mdop/mbam-v25/accessibility-for-mbam-25.md
+++ b/mdop/mbam-v25/accessibility-for-mbam-25.md
@@ -89,9 +89,8 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
diff --git a/mdop/mbam-v25/administering-mbam-25-features.md b/mdop/mbam-v25/administering-mbam-25-features.md
index dbefcf71c0..4b0fad8bfc 100644
--- a/mdop/mbam-v25/administering-mbam-25-features.md
+++ b/mdop/mbam-v25/administering-mbam-25-features.md
@@ -41,9 +41,8 @@ This customized control panel does not replace the default Windows BitLocker con
 [Operations for MBAM 2.5](operations-for-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/client-event-logs.md b/mdop/mbam-v25/client-event-logs.md
index aa4aae881c..f8d2dc07c4 100644
--- a/mdop/mbam-v25/client-event-logs.md
+++ b/mdop/mbam-v25/client-event-logs.md
@@ -253,21 +253,18 @@ The following table contains event IDs that can occur on the MBAM Client.
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
-
-
 [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
 
 [Server Event Logs](server-event-logs.md)
 
  
 
- 
+
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
index 13c370473a..330377d65b 100644
--- a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
+++ b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
@@ -349,10 +349,8 @@ To view the local security setting, open the **Local Security Policy editor**, e
 
  
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -364,7 +362,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/configuring-the-mbam-25-server-features.md b/mdop/mbam-v25/configuring-the-mbam-25-server-features.md
index 2d2948f50c..49b94f770e 100644
--- a/mdop/mbam-v25/configuring-the-mbam-25-server-features.md
+++ b/mdop/mbam-v25/configuring-the-mbam-25-server-features.md
@@ -105,11 +105,8 @@ Each row in the following table describes the features that you will configure o
 
 For a list of events about MBAM Server feature configuration, see [Server Event Logs](server-event-logs.md).
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -117,7 +114,9 @@ Configuring the MBAM 2.5 Server Features
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
index 743572b6fb..79e1582f84 100644
--- a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
+++ b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
@@ -98,7 +98,6 @@ MDOP Group Policy templates are available for download in a self-extracting, com
 
     For descriptions of the Group Policy settings, see [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md).
 
-**Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -106,7 +105,9 @@ MDOP Group Policy templates are available for download in a self-extracting, com
 [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
index d71455a3ba..75f0c5dd3c 100644
--- a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
+++ b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
@@ -383,7 +383,9 @@ In the following sections, complete the instructions that correspond to the vers
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md b/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md
index 638453ed01..87f74c21ad 100644
--- a/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md
+++ b/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md
@@ -58,11 +58,8 @@ You can customize the Self-Service Portal in the following ways:
 
  
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -70,7 +67,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md b/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md
index 606ca70207..160b9ab0b2 100644
--- a/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md
+++ b/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md
@@ -48,9 +48,8 @@ Since MBAM offers a customized MBAM control panel that can replace the default W
 [Deploying MBAM 2.5](deploying-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/deploying-mbam-25.md b/mdop/mbam-v25/deploying-mbam-25.md
index bea9f05d66..f1c1cff37e 100644
--- a/mdop/mbam-v25/deploying-mbam-25.md
+++ b/mdop/mbam-v25/deploying-mbam-25.md
@@ -82,9 +82,8 @@ Use this information to identify the procedures you can follow to deploy and con
 [Deploying MBAM 2.5 in a stand-alone configuration](https://support.microsoft.com/kb/3046555)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/deploying-the-mbam-25-client.md b/mdop/mbam-v25/deploying-the-mbam-25-client.md
index 8eef257b98..5c05697ce7 100644
--- a/mdop/mbam-v25/deploying-the-mbam-25-client.md
+++ b/mdop/mbam-v25/deploying-the-mbam-25-client.md
@@ -49,11 +49,8 @@ This section explains how to install the MBAM Client by using a command line.
 
 [Deploying MBAM 2.5](deploying-mbam-25.md)
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -62,7 +59,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 [Planning for MBAM 2.5](planning-for-mbam-25.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md b/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md
index 781cc1966b..47c09e74df 100644
--- a/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md
+++ b/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md
@@ -46,18 +46,15 @@ To deploy the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Serve
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
 [Deploying MBAM 2.5](deploying-mbam-25.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md b/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md
index 6167e37171..e1dbf01ed9 100644
--- a/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md
+++ b/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md
@@ -103,11 +103,6 @@ You can use your preferred method to view WMI. If you use PowerShell, run `gwmi
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -116,7 +111,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
index 33cea5faa3..f4616b4724 100644
--- a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
+++ b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
@@ -364,7 +364,6 @@ To enable the client computers to report BitLocker compliance details through th
     //=======================================================
     ```
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -378,7 +377,9 @@ To enable the client computers to report BitLocker compliance details through th
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md b/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md
index 6be3a9fd6e..543f7e2ff6 100644
--- a/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md
+++ b/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md
@@ -91,8 +91,6 @@ Do not change the Group Policy settings in the **BitLocker Drive Encryption** no
 
      
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -101,7 +99,9 @@ Do not change the Group Policy settings in the **BitLocker Drive Encryption** no
 [Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md b/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md
index 43d0bb217f..cd19e01e59 100644
--- a/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md
+++ b/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md
@@ -393,7 +393,6 @@ To evaluate MBAM by using the Configuration Manager Integration topology, follow
 
     2.  Within the **MBAM** node, select the folder that represents the language in which you want to view reports, and then select the report from the results pane.
 
-**Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -401,8 +400,9 @@ To evaluate MBAM by using the Configuration Manager Integration topology, follow
 [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
 
  
-
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md b/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md
index fa5b3d6352..311409761a 100644
--- a/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md
+++ b/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md
@@ -93,7 +93,7 @@ To run the reports, you must be a member of the **MBAM Report Users** group, whi
 
 2.  Click **View Report** to view the report.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -104,7 +104,9 @@ To run the reports, you must be a member of the **MBAM Report Users** group, whi
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/getting-started-with-mbam-25.md b/mdop/mbam-v25/getting-started-with-mbam-25.md
index 095e8a955b..3513df82f6 100644
--- a/mdop/mbam-v25/getting-started-with-mbam-25.md
+++ b/mdop/mbam-v25/getting-started-with-mbam-25.md
@@ -91,9 +91,8 @@ MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is pa
 [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md b/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md
index 0c6a56e80a..e91ed7e0c7 100644
--- a/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md
+++ b/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md
@@ -40,7 +40,7 @@ Do not change the Group Policy settings in the **BitLocker Drive Encryption** no
 
 3.  Click **Show**, click **Add**, and then type **Microsoft.BitLockerDriveEncryption**.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -51,7 +51,9 @@ Do not change the Group Policy settings in the **BitLocker Drive Encryption** no
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/high-level-architecture-for-mbam-25.md b/mdop/mbam-v25/high-level-architecture-for-mbam-25.md
index bf090ec2c0..4b67d0891b 100644
--- a/mdop/mbam-v25/high-level-architecture-for-mbam-25.md
+++ b/mdop/mbam-v25/high-level-architecture-for-mbam-25.md
@@ -33,9 +33,8 @@ Microsoft BitLocker Administration and Monitoring can be deployed in a Stand-alo
 [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
index 383814410b..41afc5d8a5 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
@@ -275,10 +275,6 @@ The integration of MBAM with Configuration Manager is based on a configuration p
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -292,7 +288,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
index a9f2aeb37c..c494392cfe 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
@@ -135,12 +135,7 @@ The MBAM Client:
 
 -   Collects recovery information and computer information about the client computers.
 
- 
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -153,7 +148,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md
index 14ef61134c..af16424434 100644
--- a/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md
+++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md
@@ -212,7 +212,7 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 5.  Click **Add** to add the MBAM databases on the server, and then click **Close**.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -229,7 +229,9 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md
index c6ef960a9b..10ac435c9b 100644
--- a/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md
+++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md
@@ -153,7 +153,7 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 8.  Click **Add** to add the Reports on the server, and then click **Close**.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -167,7 +167,9 @@ The instructions are based on the recommended architecture in [High-Level Archit
 [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md
index c9710d5a86..596b57c08d 100644
--- a/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md
+++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md
@@ -127,7 +127,7 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 6.  Click **Add** to add the Configuration Manager Integration feature to the server, and then click **Close**.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -137,7 +137,9 @@ The instructions are based on the recommended architecture in [High-Level Archit
 [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md
index ff0808091b..144484a16f 100644
--- a/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md
+++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md
@@ -405,7 +405,6 @@ The web applications comprise the following websites and their corresponding web
 
     -   If your client computers do not have access to the CDN, complete the steps in [How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network](how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md).
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -422,7 +421,9 @@ The web applications comprise the following websites and their corresponding web
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
index bd79f78e48..95f7fcdc46 100644
--- a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
+++ b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
@@ -56,9 +56,7 @@ In MBAM 2.5 SP1, the JavaScript files are included in the product, and you do no
 
     -   jQueryValidateUnobtrusivePath: /&lt;*virtual directory*&gt;/Scripts/jQuery.validate.unobtrusive.min.js
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
 
-    **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -67,7 +65,9 @@ In MBAM 2.5 SP1, the JavaScript files are included in the product, and you do no
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md b/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md
index 8bf86c7ee8..7cea28e8c8 100644
--- a/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md
+++ b/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md
@@ -73,7 +73,6 @@ You can use this command-line option with either of the following installation m
 
  
 
-**Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -83,7 +82,9 @@ You can use this command-line option with either of the following installation m
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md b/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md
index 988dabca29..9e9d2160e5 100644
--- a/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md
+++ b/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md
@@ -35,18 +35,17 @@ Before you start the MBAM Client deployment, review the [MBAM 2.5 Supported Conf
 
      
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
-
-
 [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)
 
 [Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md)
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md b/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md
index f618e1c78e..b7434dc064 100644
--- a/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md
+++ b/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md
@@ -39,7 +39,7 @@ Device compliance is determined by the BitLocker policies that your enterprise h
 
 5.  Take the appropriate action, as determined by your policy for lost devices.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -47,7 +47,9 @@ Device compliance is determined by the BitLocker policies that your enterprise h
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
index 7234d14a83..79cc189aaa 100644
--- a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
+++ b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
@@ -14,7 +14,7 @@ ms.date: 04/23/2017
 # How to Enable BitLocker by Using MBAM as Part of a Windows Deployment
 
 
-This topic explains how to enable BitLocker on an end user's computer by using MBAM as part of your Windows imaging and deployment process.
+This topic explains how to enable BitLocker on an end user's computer by using MBAM as part of your Windows imaging and deployment process. If you see a black screen at restart (after Install phase concludes) indicating that the drive cannot be unlocked, see [Windows versions prior Windows 10 build 1511 fail to start after "Setup Windows and Configuration Manager" step when Pre-Provision BitLocker is used with Windows PE 10.0.586.0 (1511)](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2016/03/30/windows-versions-prior-windows-10-build-1511-fail-to-start-after-setup-windows-and-configuration-manager-step-when-pre-provision-bitlocker-is-used-with-windows-pe-10-0-586-0-1511/).
 
 **Prerequisites:**
 
@@ -59,7 +59,7 @@ This topic explains how to enable BitLocker on an end user's computer by using M
 
     -   Robust error handling
 
-   You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=48698). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server.
+   You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=54439). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server.
 
    **WMI deployment methods for MBAM:** The following WMI methods have been added in MBAM 2.5 SP1 to support enabling BitLocker by using the `Invoke-MbamClientDeployment.ps1` PowerShell script.
 
@@ -328,3 +328,6 @@ Here are a list of common error messages:
 
 [Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md)
 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
\ No newline at end of file
diff --git a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
index 6f899ad463..74cb3987aa 100644
--- a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
+++ b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
@@ -37,7 +37,7 @@ In the following instructions, *SelfService* is the default virtual directory na
 
 4.  In the **Value** field, type the localized text that you want to display to end users.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -48,7 +48,9 @@ In the following instructions, *SelfService* is the default virtual directory na
 
  
 
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
index b7d2e10ad7..03920986d6 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
@@ -39,7 +39,7 @@ In the following instructions, *SelfService* is the default virtual directory na
 
 4.  In the **Value** field, type the localized version of the `HelpdeskURL` value that you want to display to end users.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -49,7 +49,9 @@ In the following instructions, *SelfService* is the default virtual directory na
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
index 1a82463029..a4cfaa869c 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
@@ -61,7 +61,7 @@ If an end user’s browser is set to a language that does not have a correspondi
 
     The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to &lt;MBAM Self-Service Install Directory&gt;\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -70,7 +70,9 @@ If an end user’s browser is set to a language that does not have a correspondi
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md b/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md
index 13f9dbdcdd..3337c2bd83 100644
--- a/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md
+++ b/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md
@@ -145,7 +145,6 @@ The following steps describe what occurs when end users request an exemption fro
 
      
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -157,7 +156,9 @@ The following steps describe what occurs when end users request an exemption fro
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md
index f9250586ad..ddeb99133d 100644
--- a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md
+++ b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md
@@ -495,7 +495,7 @@ The high-level steps for moving the Compliance and Audit Database are:
 
          
 
-**Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -509,7 +509,9 @@ The high-level steps for moving the Compliance and Audit Database are:
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md
index 3a188b39c7..bc5fa5a455 100644
--- a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md
+++ b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md
@@ -117,7 +117,7 @@ To run the example Windows PowerShell scripts in this topic, you must update the
 
      
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -129,7 +129,9 @@ To run the example Windows PowerShell scripts in this topic, you must update the
 [Moving MBAM 2.5 Features to Another Server](moving-mbam-25-features-to-another-server.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md b/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md
index 8013c027ac..a95d698126 100644
--- a/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md
+++ b/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md
@@ -49,7 +49,7 @@ During the configuration of both websites, you must provide the same connection
 
 4.  Customize the Self-Service Portal for your organization. Use the instructions in [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) to review your current customizations and to configure custom settings on the Self-Server Portal on Server B.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -62,7 +62,9 @@ During the configuration of both websites, you must provide the same connection
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
index d5cd38afb0..dc18c38f3d 100644
--- a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
@@ -75,7 +75,6 @@ You can use this procedure with the Administration and Monitoring Website (also
 
      
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -83,7 +82,9 @@ You can use this procedure with the Administration and Monitoring Website (also
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md
index f623853f20..c6565a7304 100644
--- a/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md
@@ -64,7 +64,7 @@ Recovery passwords expire after a single use. On operating system drives and fix
 
     When the user types the recovery password into the system or uses the recovery package, the drive is unlocked.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -73,7 +73,9 @@ Recovery passwords expire after a single use. On operating system drives and fix
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
index 455fc25647..fe98ceee20 100644
--- a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
@@ -34,7 +34,7 @@ To recover a moved drive, you must use the **Drive Recovery** area of the Admini
 
 5.  When the removal is completed, start the computer normally. The MBAM agent will now enforce the policy to encrypt the drive with the new computer’s TPM plus the PIN.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -43,7 +43,9 @@ To recover a moved drive, you must use the **Drive Recovery** area of the Admini
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md b/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md
index 4640df20d9..9303a8e597 100644
--- a/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md
+++ b/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md
@@ -58,7 +58,7 @@ For information about MBAM and TPM ownership, see [MBAM 2.5 Security Considerati
 
      
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -67,7 +67,9 @@ For information about MBAM and TPM ownership, see [MBAM 2.5 Security Considerati
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md b/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md
index 90423cdd28..4a5e23195c 100644
--- a/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md
+++ b/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md
@@ -135,7 +135,7 @@ In the following instructions, *SelfService* is the default virtual directory na
 
      
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -144,7 +144,9 @@ In the following instructions, *SelfService* is the default virtual directory na
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md b/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md
index d80d1faa45..c2e1679a7c 100644
--- a/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md
+++ b/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md
@@ -27,7 +27,7 @@ In the following instructions, *SelfService* is the default virtual directory na
 
 2.  In the **Name** column, select **DisplayNotice**, and set the value to **false**.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -38,7 +38,9 @@ In the following instructions, *SelfService* is the default virtual directory na
 
  
 
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md b/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md
index 149f9a7984..e5107a9650 100644
--- a/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md
+++ b/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md
@@ -116,10 +116,6 @@ The following table summarizes the tasks you can perform on the Administration a
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -128,7 +124,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md b/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md
index c0c48e4539..188b547452 100644
--- a/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md
+++ b/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md
@@ -44,7 +44,7 @@ If the IT administrator configured an IIS Session State time-out, a message is d
 
 4.  Enter the 48-digit code into the BitLocker recovery screen on your computer to regain access to the computer.
 
-    **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+
 
 ## Related topics
 
@@ -52,7 +52,9 @@ If the IT administrator configured an IIS Session State time-out, a message is d
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md b/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md
index cbc2ea71a9..cc36387362 100644
--- a/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md
+++ b/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md
@@ -195,10 +195,6 @@ SSRS is installed on a server running Windows Server. A reporting services point
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -210,7 +206,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md
index 9dd12bcbd5..2a9e37642f 100644
--- a/mdop/mbam-v25/index.md
+++ b/mdop/mbam-v25/index.md
@@ -59,9 +59,8 @@ To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlin
     Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method.
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/installing-the-mbam-25-server-software.md b/mdop/mbam-v25/installing-the-mbam-25-server-software.md
index 2ad71a7cc6..341600418b 100644
--- a/mdop/mbam-v25/installing-the-mbam-25-server-software.md
+++ b/mdop/mbam-v25/installing-the-mbam-25-server-software.md
@@ -126,11 +126,8 @@ The following table describes the command-line parameters for installing the MBA
 
  
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -140,7 +137,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/maintaining-mbam-25.md b/mdop/mbam-v25/maintaining-mbam-25.md
index dfe1999d5a..6b07d362cf 100644
--- a/mdop/mbam-v25/maintaining-mbam-25.md
+++ b/mdop/mbam-v25/maintaining-mbam-25.md
@@ -36,9 +36,8 @@ Use the steps in this topic to monitor the performance counters that record the
 [Operations for MBAM 2.5](operations-for-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/mbam-25-deployment-checklist.md b/mdop/mbam-v25/mbam-25-deployment-checklist.md
index 23c0ca3666..8169a4c870 100644
--- a/mdop/mbam-v25/mbam-25-deployment-checklist.md
+++ b/mdop/mbam-v25/mbam-25-deployment-checklist.md
@@ -97,10 +97,6 @@ This checklist outlines the recommended steps and a high-level list of items to
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -110,7 +106,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/mbam-25-deployment-prerequisites.md b/mdop/mbam-v25/mbam-25-deployment-prerequisites.md
index 81ae918046..fd80f252ae 100644
--- a/mdop/mbam-v25/mbam-25-deployment-prerequisites.md
+++ b/mdop/mbam-v25/mbam-25-deployment-prerequisites.md
@@ -53,9 +53,8 @@ This section contains the software that you must install before starting the Mic
 -   [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/mbam-25-planning-checklist.md b/mdop/mbam-v25/mbam-25-planning-checklist.md
index c4ab206f5a..a62ddee30b 100644
--- a/mdop/mbam-v25/mbam-25-planning-checklist.md
+++ b/mdop/mbam-v25/mbam-25-planning-checklist.md
@@ -124,10 +124,6 @@ You can use the following checklists to help you prepare your computing environm
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -137,7 +133,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/mbam-25-security-considerations.md b/mdop/mbam-v25/mbam-25-security-considerations.md
index 1ab4144ac1..3f10ae0da3 100644
--- a/mdop/mbam-v25/mbam-25-security-considerations.md
+++ b/mdop/mbam-v25/mbam-25-security-considerations.md
@@ -295,18 +295,17 @@ For an example of how to enable TDE for MBAM database instances, see [Understand
 
 **Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](http://technet.microsoft.com/library/hh994572.aspx).
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
 [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
index 79fac92aba..5d73f5edf1 100644
--- a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
+++ b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
@@ -286,6 +286,10 @@ The following table lists the installation prerequisites for the MBAM Administra
 </ul></td>
 </tr>
 <tr class="even">
+<td align="left"><p>ASP.NET MVC 4.0</p></td>
+<td align="left"><p>[ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271)</p></td>
+</tr>
+<tr class="odd">
 <td align="left"><p>Service Principal Name (SPN)</p></td>
 <td align="left"><p>The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.</p>
 <p>If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](http://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.</p>
@@ -403,11 +407,8 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser</code></pre>
 
  
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -420,7 +421,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md b/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md
index b29f39406b..93707f9f9d 100644
--- a/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md
@@ -37,10 +37,6 @@ To enable the client computers to report BitLocker compliance details in the MBA
 
 [Create or Edit the Sms\_def.mof File](create-or-edit-the-sms-defmof-file-mbam-25.md)
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -54,7 +50,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md
index 195d6fcf64..1c9cdc239c 100644
--- a/mdop/mbam-v25/mbam-25-supported-configurations.md
+++ b/mdop/mbam-v25/mbam-25-supported-configurations.md
@@ -561,11 +561,8 @@ The MBAM server can be deployed in Azure Infrastructure as a Service (IaaS) on a
 
 The MBAM client is not supported on virtual machines and is also not supported on Azure IaaS.
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -576,7 +573,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md b/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md
index 86650a1bfd..e7f1395a8b 100644
--- a/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md
+++ b/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md
@@ -44,9 +44,8 @@ The topic in this section describes the reports for the Configuration Manager In
 [Operations for MBAM 2.5](operations-for-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
index 113fa272b8..6376939620 100644
--- a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
+++ b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
@@ -81,11 +81,8 @@ The recommended tool for viewing MBAM performance counters is Windows Performanc
 
 For detailed instructions on how to view performance counters, see [How to View MBAM Performance Counters](https://go.microsoft.com/fwlink/?LinkId=393457).
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -96,6 +93,8 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
 
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
diff --git a/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md b/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md
index 557110bbd6..00fdddca93 100644
--- a/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md
+++ b/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md
@@ -41,9 +41,8 @@ Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 enables you to move
 -   [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/operations-for-mbam-25.md b/mdop/mbam-v25/operations-for-mbam-25.md
index 0be326e434..5a895028c3 100644
--- a/mdop/mbam-v25/operations-for-mbam-25.md
+++ b/mdop/mbam-v25/operations-for-mbam-25.md
@@ -55,9 +55,8 @@ This topic describes the types of administrative tasks that you can perform with
 [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md b/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md
index a6765849f0..37802d9fc1 100644
--- a/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md
+++ b/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md
@@ -52,11 +52,8 @@ If end users get locked out of Windows by BitLocker, they can use the instructio
 
 [How to Use the Self-Service Portal to Regain Access to a Computer](how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md)
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -64,7 +61,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md b/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md
index 105ec5910e..54bddfa55e 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md
@@ -59,10 +59,6 @@ The TPM protector option requires the administrator to accept the BIOS prompt to
 
 MBAM supports BitLocker on Encrypted Hard Drives that meet TCG specification requirements for Opal as well as IEEE 1667 standards. When BitLocker is enabled on these devices, it will generate keys and perform management functions on the encrypted drive. See [Encrypted Hard Drive](https://technet.microsoft.com/library/hh831627.aspx) for more information.
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -74,7 +70,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
index 96c6732f3b..c016d3779d 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
@@ -512,10 +512,6 @@ This section describes Removable Drive Group Policy definitions for Microsoft Bi
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -525,7 +521,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md b/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md
index 3271b950b3..541ece0a38 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md
@@ -172,10 +172,6 @@ Create the following accounts for the Administration and Monitoring Website.
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -186,7 +182,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
index 29829ab49e..fcf168b878 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
@@ -123,11 +123,8 @@ MBAM provides a Volume Shadow Copy Service (VSS) writer, called the Microsoft Bi
 
 The VSS writer is registered on every server where you enable an MBAM web application. The MBAM VSS writer depends on the SQL Server VSS Writer, which is registered as part of the Microsoft SQL Server installation. Any backup technology that uses VSS writers to perform backup can discover the MBAM VSS writer.
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -136,7 +133,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
  
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md b/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md
index cb91068cf3..6fc0c1b5d5 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md
@@ -96,11 +96,8 @@ The Server infrastructure for the MBAM Configuration Manager topology contains t
 
 For a description of these features, see [High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md).
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -110,7 +107,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25.md b/mdop/mbam-v25/planning-for-mbam-25.md
index d6dbd8c240..bbf4e631bb 100644
--- a/mdop/mbam-v25/planning-for-mbam-25.md
+++ b/mdop/mbam-v25/planning-for-mbam-25.md
@@ -46,15 +46,14 @@ This topic lists the tasks, prerequisites, and requirements that you need to com
 
 [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
 
+
+
+ 
+
+ 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
- 
-
- 
-
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
index f6b5891298..b59cdf6226 100644
--- a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
+++ b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
@@ -313,10 +313,6 @@ If you already registered SPNs on the machine account rather than in an applicat
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -329,7 +325,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/planning-to-deploy-mbam-25.md b/mdop/mbam-v25/planning-to-deploy-mbam-25.md
index d40d55d6cb..4d0379428b 100644
--- a/mdop/mbam-v25/planning-to-deploy-mbam-25.md
+++ b/mdop/mbam-v25/planning-to-deploy-mbam-25.md
@@ -47,9 +47,8 @@ With MBAM, you can encrypt a computer in your organization either before the end
 [Planning for MBAM 2.5](planning-for-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md b/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md
index 3bff735f43..cccc386d97 100644
--- a/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md
+++ b/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md
@@ -47,9 +47,8 @@ As part of the prerequisites, you must define certain roles and accounts, which
 [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md b/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md
index f4920073c1..f151a12f21 100644
--- a/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md
+++ b/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md
@@ -83,11 +83,8 @@ Before you install the MBAM Client software on end users' computers, ensure that
 If BitLocker was used without MBAM, MBAM can be installed and utilize the existing TPM information.
  
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -96,7 +93,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
index 248bb620bf..f00c62f502 100644
--- a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
+++ b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
@@ -176,11 +176,8 @@ To install MBAM with Configuration Manager, you must have an administrative user
 
 To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the Configuration.mof file and Sms\_def.mof file for System Center 2012 Configuration Manager and Microsoft System Center Configuration Manager 2007. For instructions, see [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md).
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -190,7 +187,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
index ed0dcd0fb5..6fb8a41a78 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
@@ -143,11 +143,8 @@ Original setting is:
 
 This is the reason why the issue was not seen with other browsers like Chrome, Firefox etc.
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -155,7 +152,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25.md b/mdop/mbam-v25/release-notes-for-mbam-25.md
index bf6d611a02..91c710e6ee 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25.md
@@ -165,10 +165,6 @@ This table lists the hotfixes and KB articles for MBAM 2.5.
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -177,7 +173,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/removing-mbam-server-features-or-software.md b/mdop/mbam-v25/removing-mbam-server-features-or-software.md
index 142c6e121f..bf66d191ab 100644
--- a/mdop/mbam-v25/removing-mbam-server-features-or-software.md
+++ b/mdop/mbam-v25/removing-mbam-server-features-or-software.md
@@ -71,11 +71,8 @@ Use the following steps to remove the MBAM Server software and any MBAM Server f
 
 2.  Select **Uninstall**, and follow the remaining prompts to complete the process of uninstalling the MBAM Server software.
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -85,7 +82,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/mbam-v25/server-event-logs.md b/mdop/mbam-v25/server-event-logs.md
index 4b8067be48..637ae371f3 100644
--- a/mdop/mbam-v25/server-event-logs.md
+++ b/mdop/mbam-v25/server-event-logs.md
@@ -660,10 +660,6 @@ The following table contains messages and troubleshooting information for event
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -673,7 +669,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 [Client Event Logs](client-event-logs.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/technical-reference-for-mbam-25.md b/mdop/mbam-v25/technical-reference-for-mbam-25.md
index f0411f3292..d09d2963c8 100644
--- a/mdop/mbam-v25/technical-reference-for-mbam-25.md
+++ b/mdop/mbam-v25/technical-reference-for-mbam-25.md
@@ -43,9 +43,8 @@ This section includes technical information about features in Microsoft BitLocke
 [Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/troubleshooting-mbam-25.md b/mdop/mbam-v25/troubleshooting-mbam-25.md
index bc2671930f..cb05acd2bf 100644
--- a/mdop/mbam-v25/troubleshooting-mbam-25.md
+++ b/mdop/mbam-v25/troubleshooting-mbam-25.md
@@ -84,9 +84,8 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 [Troubleshooting MBAM 2.5 installation problems](https://support.microsoft.com/kb/3049652)
 
 ## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
  
 
diff --git a/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md b/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md
index 6d37f02d47..508b82dd72 100644
--- a/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md
+++ b/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md
@@ -366,10 +366,6 @@ Report results can be saved to a file by clicking the **Export** button on the *
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -380,7 +376,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md b/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md
index 9acb5a40e8..6a9f2918f6 100644
--- a/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md
+++ b/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md
@@ -113,10 +113,6 @@ The following table describes how the **Manage BitLocker** shortcut menu differs
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -125,7 +121,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
index 7bb09bf7a9..3d7c288953 100644
--- a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
@@ -130,7 +130,7 @@ Use the steps in the following sections to upgrade MBAM for the Stand-alone topo
 
 6.  Install and configure the MBAM 2.5 or 2.5 SP1 databases, reports, web applications, and Configuration Manager integration, in that order. The databases and Configuration Manager objects are upgraded in place.
 
-7.  Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](http://www.microsoft.com/download/details.aspx?id=41183) to download the latest ADMX templates.
+7.  Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates) to download the latest ADMX templates.
 
     After you upgrade the MBAM Server infrastructure, the existing client computers continue to successfully report to the MBAM 2.5 or 2.5 SP1 Server, and recovery data continues to be stored.
 
@@ -147,11 +147,8 @@ MBAM supports upgrades to the MBAM 2.5 Client from any earlier version of the M
 
 -   Install the MBAM Client through an electronic software distribution system or through tools such as Active Directory Domain Services or System Center Configuration Manager.
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -163,7 +160,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
index b7ac31ef9d..56da96c821 100644
--- a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
+++ b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
@@ -86,11 +86,8 @@ Windows PowerShell Help for MBAM cmdlets is available in the following formats:
 
  
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -100,7 +97,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md b/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md
index d0e3b1685a..c7b9098597 100644
--- a/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md
+++ b/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md
@@ -168,18 +168,17 @@ Use these steps to validate your MBAM Server deployment when you are using MBAM
 
     -   BitLocker Operating System Drive Protection
 
-## Got a suggestion for MBAM?
 
 
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
 [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md)
 
  
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  
 
 
diff --git a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md
index db55e575ba..b8c9ce465b 100644
--- a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md
@@ -473,11 +473,6 @@ The Removable Data Volume encryption status is not shown in this report.
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
-
 ## Related topics
 
 
@@ -485,7 +480,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
- 
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md
index e1a671b6e8..98fca5e3d3 100644
--- a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md
+++ b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md
@@ -48,10 +48,6 @@ If you are using the Configuration Manager Integration topology, most reports ar
 
  
 
-## Got a suggestion for MBAM?
-
-
-Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 ## Related topics
 
@@ -62,7 +58,9 @@ Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-micros
 
  
 
-
+## Got a suggestion for MBAM?
+- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 
 
diff --git a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
index 18be63b57f..b0d0ef4e43 100644
--- a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
+++ b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
@@ -94,7 +94,7 @@ Restoring a user’s device restores the currently registered Template’s setti
 
 -   **Manual Restore**
 
-    If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command ensures that the user’s current settings become the current state on the Settings Storage Location.
+    If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command causes the user’s settings to be downloaded from the Settings Storage Location.
 
 ## Restore Application and Windows Settings to Original State
 
diff --git a/store-for-business/TOC.md b/store-for-business/TOC.md
index ed89a40966..5bd846269f 100644
--- a/store-for-business/TOC.md
+++ b/store-for-business/TOC.md
@@ -15,7 +15,7 @@
 ### [Assign apps to employees](assign-apps-to-employees.md)
 ### [Distribute apps with a management tool](distribute-apps-with-management-tool.md)
 ### [Distribute offline apps](distribute-offline-apps.md)
-## [Manage apps and devices](manage-apps-microsoft-store-for-business-overview.md)
+## [Manage products and services](manage-apps-microsoft-store-for-business-overview.md)
 ### [App inventory managemement for Microsoft Store for Business and Education](app-inventory-management-microsoft-store-for-business.md)
 ### [Manage app orders in Microsoft Store for Business and Education](manage-orders-microsoft-store-for-business.md)
 ### [Manage access to private store](manage-access-to-private-store.md)
@@ -23,6 +23,7 @@
 ### [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md)
 ### [Manage Windows device deployment with Windows AutoPilot Deployment](add-profile-to-devices.md)
 ### [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md)
+### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md)
 ## [Device Guard signing portal](device-guard-signing-portal.md)
 ### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md)
 ### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md)
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 20536b0115..ceac52581f 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -16,13 +16,13 @@ ms.localizationpriority: high
 **Applies to**
 -   Windows 10
 
-Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot).
+Windows AutoPilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot).
 
 Watch this video to learn more about Windows AutoPilot in Micrsoft Store for Business. </br>
 
 > [!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
 
-## What is Windows AutoPilot Deployment Program?
+## What is Windows AutoPilot?
 In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. 
 
 You can create and apply AutoPilot deployment profiles to these devices. The overall process looks like this. 
@@ -65,7 +65,7 @@ To manage devices through Microsoft Store for Business and Education, you'll nee
 ### Device information file format
 Columns in the device information file need to use this naming and be in this order:
 - Column A: Device Serial Number
-- Column B: Windows Product ID 
+- Column B: Windows Product ID (optional, typically blank)
 - Column C: Hardware Hash
 
 Here's a sample device information file:
diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md
index 3ce46baf61..2228ac8f3e 100644
--- a/store-for-business/distribute-apps-from-your-private-store.md
+++ b/store-for-business/distribute-apps-from-your-private-store.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
 ms.localizationpriority: high
-ms.date: 10/17/2017
+ms.date: 3/19/2018
 ---
 
 # Distribute apps using your private store
@@ -47,6 +47,9 @@ Microsoft Store adds the app to **Apps & software**. Click **Manage**, **Apps &
 
 The value under **Private store** for the app will change to pending. It will take approximately thirty-six hours before the app is available in the private store.
 
+>[!Note]
+ > If you are working with a new Line-of-Business (LOB) app, you have to wait for the app to be avilable in **Products & services** before adding it to your private store. For more information, see [Working with line of business apps](working-with-line-of-business-apps.md). 
+
 Employees can claim apps that admins added to the private store by doing the following.
 
 **To claim an app from the private store**
@@ -57,6 +60,7 @@ Employees can claim apps that admins added to the private store by doing the fol
 
 ## Related topics
 - [Manage access to private store](manage-access-to-private-store.md)
+- [Manage private store settings](manage-private-store-settings.md)
 - [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
 
  
diff --git a/store-for-business/education/TOC.md b/store-for-business/education/TOC.md
index f5ff057e17..4de95964bc 100644
--- a/store-for-business/education/TOC.md
+++ b/store-for-business/education/TOC.md
@@ -20,7 +20,7 @@
 ### [Assign apps to employees](/microsoft-store/assign-apps-to-employees?toc=/microsoft-store/education/toc.json)
 ### [Distribute apps with a management tool](/microsoft-store/distribute-apps-with-management-tool?toc=/microsoft-store/education/toc.json)
 ### [Distribute offline apps](/microsoft-store/distribute-offline-apps?toc=/microsoft-store/education/toc.json)
-## [Manage apps](/microsoft-store/manage-apps-microsoft-store-for-business-overview?toc=/microsoft-store/education/toc.json)
+## [Manage products and services](/microsoft-store/manage-apps-microsoft-store-for-business-overview?toc=/microsoft-store/education/toc.json)
 ### [App inventory managemement for Microsoft Store for Business](/microsoft-store/app-inventory-management-microsoft-store-for-business?toc=/microsoft-store/education/toc.json)
 ### [Manage app orders in Microsoft Store for Business and Education](/microsoft-store/manage-orders-microsoft-store-for-business?toc=/microsoft-store/education/toc.json)
 ### [Manage access to private store](/microsoft-store/manage-access-to-private-store?toc=/microsoft-store/education/toc.json)
@@ -28,6 +28,7 @@
 ### [Configure MDM provider](/microsoft-store/configure-mdm-provider-microsoft-store-for-business?toc=/microsoft-store/education/toc.json)
 ### [Manage Windows device deployment with Windows AutoPilot Deployment](/microsoft-store/add-profile-to-devices?toc=/microsoft-store/education/toc.json)
 ### [Microsoft Store for Business and Education PowerShell module - preview](/microsoft-store/microsoft-store-for-business-education-powershell-module?toc=/microsoft-store/education/toc.json)
+### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](/microsoft-store/manage-mpsa-software-microsoft-store-for-business?toc=/microsoft-store/education/toc.json)
 ## [Device Guard signing portal](/microsoft-store/device-guard-signing-portal?toc=/microsoft-store/education/toc.json)
 ### [Add unsigned app to code integrity policy](/microsoft-store/add-unsigned-app-to-code-integrity-policy?toc=/microsoft-store/education/toc.json)
 ### [Sign code integrity policy with Device Guard signing](/microsoft-store/sign-code-integrity-policy-with-device-guard-signing?toc=/microsoft-store/education/toc.json)
diff --git a/store-for-business/images/bank-account-icon.png b/store-for-business/images/bank-account-icon.png
new file mode 100644
index 0000000000..664f8c7a6f
Binary files /dev/null and b/store-for-business/images/bank-account-icon.png differ
diff --git a/store-for-business/images/lob-workflow.png b/store-for-business/images/lob-workflow.png
new file mode 100644
index 0000000000..954b787e6d
Binary files /dev/null and b/store-for-business/images/lob-workflow.png differ
diff --git a/store-for-business/images/skype-icon-wn.png b/store-for-business/images/skype-icon-wn.png
new file mode 100644
index 0000000000..d9819ae0ae
Binary files /dev/null and b/store-for-business/images/skype-icon-wn.png differ
diff --git a/store-for-business/manage-apps-microsoft-store-for-business-overview.md b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
index b46f2b5e80..5f765d2f3c 100644
--- a/store-for-business/manage-apps-microsoft-store-for-business-overview.md
+++ b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
@@ -1,6 +1,6 @@
 ---
-title: Manage apps and devices in Microsoft Store for Business (Windows 10)
-description: Manage settings and access to apps in Microsoft Store for Business.
+title: Manage products and services in Microsoft Store for Business (Windows 10)
+description: Manage apps, software, devices, products and services in Microsoft Store for Business.
 ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -18,7 +18,7 @@ ms.date: 10/17/2017
 -   Windows 10
 -   Windows 10 Mobile
 
-Manage settings and access to apps in Microsoft Store for Business and Microsoft Store for Education.
+Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**. 
 
 ## In this section
 
@@ -28,4 +28,6 @@ Manage settings and access to apps in Microsoft Store for Business and Microsoft
 | [App inventory managemement for Microsoft Store for Business and Education](app-inventory-management-microsoft-store-for-business.md) | You can manage all apps that you've acquired on your **Apps & software** page. |
 | [Manage private store settings](manage-private-store-settings.md) | The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all employees in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store. |
 | [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) | For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Microsoft Store management tool services work with your third-party management tool to manage content. |
-| [Manage Windows device deployment with Windows AutoPilot Deployment](add-profile-to-devices.md) | In Microsoft Store for Business, you can manage devices for your organization and apply an AutoPilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. |
\ No newline at end of file
+| [Manage Windows device deployment with Windows AutoPilot Deployment](add-profile-to-devices.md) | In Microsoft Store for Business, you can manage devices for your organization and apply an AutoPilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. |
+| [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | Use PowerShell cmdlets to automate basic app license assignment.  |
+| [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) | Software purchased with the Microsoft Products and Services Agreement (MPSA) can be managed in Microsoft Store for Business and Education. This allows customers to manage online software purchases in one location. |
\ No newline at end of file
diff --git a/store-for-business/manage-mpsa-software-microsoft-store-for-business.md b/store-for-business/manage-mpsa-software-microsoft-store-for-business.md
new file mode 100644
index 0000000000..970b3c783f
--- /dev/null
+++ b/store-for-business/manage-mpsa-software-microsoft-store-for-business.md
@@ -0,0 +1,59 @@
+---
+title: Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business
+description: Software purchased under Microsoft Products and Services Agreement (MPSA) can be managed in Microsoft Store for Business
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
+ms.localizationpriority: high
+ms.date: 3/20/2018
+---
+
+# Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+Software purchased with the Microsoft Products and Services Agreement (MPSA) can now be managed in Microsoft Store for Business. This allows customers to manage online software purchases in one location. 
+
+There are a couple of things you might need to set up to manage MPSA software purchases in Store for Business. 
+
+**To manage MPSA software in Microsoft Store for Business** 
+1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com).
+2. Click **Manage**, and then click **My Organization**.
+3. Click **Connected tenants** to see purchasing accounts and the tenants that they are connected to. 
+
+## Add tenant
+The tenant or tenants that are added to your purchasing account control how you can distribute software to people in your organization. If there isn't a tenant listed for your purchasing account, you'll need to add one before you can use or manage the software you've purchased. When we give you a list to choose from, tenants are grouped by domain. 
+
+**To add a tenant to a purchasing account**  
+1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com).
+2. Click **Manage**, and then click **My Organization**.
+3. Click **Connected tenants**, and then click the ellipses for a purchasing account without a tenant listed.
+4. Click **Choose a tenant**, and then click **Submit**. 
+
+If you don't see your tenant in the list, you can add the name of your tenant
+
+**To add the name of your tenant**
+1. On **Add a tenant**, click **Don't see your tenant?**.
+2. Enter a domain name, and then click **Next**, and then click **Done**.
+
+You'll need to get permissions for the admin that manages the domain you want to add. We'll take you to Business Center Portal where you can manage permissions and roles. The admin will need to be the **Account Manager**.  
+
+## Add global admin
+In some cases, we might not have info on who the global admin is for the tenant that you select. It might be that the tenant is unmanaged, and you'll need to identify a global admin. Or, you might only need to share account info for the global admin.
+
+If you need to nominate someone to be the global admin, they need sufficient permissions:
+- someone who can distribute sofware
+- in Business Center Portal (BCP), it should be someone with **Agreement Admin** role  
+
+**To add a global admin to a tenant**
+
+We'll ask for a global admin if we need that info when you add a tenant to a purchasing account. You'd see the request for a global admin before returning to **Store for Business**. 
+
+-  On **Add a Global Admin**, click **Make me the Global Admin**, and then click **Submit**.
+-or-
+-  On **Add a Global Admin**, type a name in **Invite someone else**, and then click **Submit**.    
\ No newline at end of file
diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md
index 93d1f09234..e851331cdb 100644
--- a/store-for-business/manage-private-store-settings.md
+++ b/store-for-business/manage-private-store-settings.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
-ms.date: 2/15/2018
+ms.date: 3/29/2018
 ms.localizationpriority: high
 ---
 
@@ -30,8 +30,8 @@ You can change the name of your private store in Microsoft Store.
 **To change the name of your private store**
 
 1.  Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2.  Click **Manage**, click **Permissions**.
-3.  On the **Private store** tab, click **Change**.
+2.  Click **Settings**, click **Distribute**.
+3.  In the **Private store** section, click **Change**.
 4.  Type a new display name for your private store, and click **Save**.
 
     ![Image showing Private store dialog used to change private store display name.](images/wsfb-renameprivatestore.png)
@@ -53,7 +53,7 @@ You can add a collection to your private store from the private store, or from t
     ![Image showing Add a Collection.](images/msfb-add-collection.png)
 
 4. Type a name for your collection, and then click **Next**.
-5. Add at least one product to your collection, and then click **Done**. 
+5. Add at least one product to your collection, and then click **Done**. You can search for apps and refine results based on the source of the app, or the supported devices.  
 
 > [!NOTE] 
 > New collections require at least one app, or they will not be created. 
@@ -64,7 +64,7 @@ You can add a collection to your private store from the private store, or from t
 3. Under **Apps & software**, choose an app you want to include in a new collection. 
 4. Under **Private Store Collections**, click **Add a collection**. 
 
-![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png)
+    ![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png)
 
 5. Type a name for your collection, and then click **Next**.
 6. Add at least one product to your collection, and then click **Done**.
@@ -78,7 +78,7 @@ If you've already added a Collection to your private store, you can easily add a
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click your private store.</br>
 
-![Image showing private store name on MSfB store UI.](images/msfb-click-private-store.png)
+    ![Image showing private store name on MSfB store UI.](images/msfb-click-private-store.png)
 
 3. Click the ellipses next to the collection name, and click **Edit collection**. 
 4. Add or remove products from the collection, and then click **Done**. 
@@ -89,9 +89,8 @@ You can also add an app to a collection from the app details page.
 3. Under **Apps & software**, choose an app you want to include in a new collection. 
 4. Under **Private Store Collections**, turn on the collection you want to add the app to.
 
-![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png) 
+    ![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png) 
 
-<!---
 ## Private store performance
 We've recently made performance improvements for changes in the private store. This table includes common actions, and the current estimate for amount of time required for the change. 
 
@@ -103,5 +102,4 @@ We've recently made performance improvements for changes in the private store. T
 | Create a new collection | 15 minutes|
 | Edit or remove a collection | 15 minutes |
 | Create private store tab | 4-6 hours |
-| Rename private store tab | 4-6 hours |
---> 
\ No newline at end of file
+| Rename private store tab | 4-6 hours | 
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
index 0f9242807a..acc4768d86 100644
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md
@@ -22,7 +22,7 @@ Microsoft Store for Business and Education PowerShell module (preview) is now av
 > This is a preview and not intended for production environments. For production environments, continue to use **Microsoft Store for Business and Education** or your MDM tool to manage licenses. The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
 
 You can use the PowerShell module to:
-- View items you've purchased - shown in **Apps & software**
+- View items you've purchased - shown in **Products & services**
 - Manage licenses - assigning and removing
 - Perform bulk operations with .csv files - automates license management for customers with larger numbers of licenses
 
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index 705b6a6199..bbad8985d5 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
-ms.date: 2/8/2018
+ms.date: 3/29/2018
 ---
 
 # Microsoft Store for Business and Education release history
@@ -15,6 +15,13 @@ Microsoft Store for Business and Education regularly releases new and improved f
 
 Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) 
 
+## January and February 2018
+- **One place for apps, software, and subscriptions** - The new **Products &amp; services** page in Microsoft Store for Business and Education gives customers a single place to manage all products and services.
+- **Create collections of apps in your private store** - Use **collections** to customize your private store. Collections allow you to create groups of apps that are commonly used in your organization or school -- you might create a collection for a Finance department, or a 6th-grade class. [Get more info](https://docs.microsoft.com/en-us/microsoft-store/manage-private-store-settings#private-store-collections)
+- **Upgrade Office 365 trial subscription** - Customers with Office 365 trials can now transition their trial to a paid subscription in Microsoft Store for Business. This works for trials you acquired from Microsoft Store for Business, or Office Admin Portal.
+- **Supporting Microsoft Product and Services Agreement customers** - If you are purchasing under the Microsoft Products and Services Agreement (MPSA), you can use Microsoft Store for Business. Here you will find access to Products & Services purchased, Downloads & Keys, Software Assurance benefits, Order history, and Agreement details.
+- **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role. 
+
 ## December 2017
 
 - Bug fixes and permformance improvements.
diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
index 1d42371897..e5c032895c 100644
--- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md
+++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
 ms.localizationpriority: high
-ms.date: 10/17/2017
+ms.date: 3/30/2018
 ---
 
 # Roles and permissions in Microsoft Store for Business and Education
@@ -48,7 +48,7 @@ This table lists the roles and their permissions.
 |                                |  Admin | Purchaser | Device Guard signer |
 | ------------------------------ | ------ | --------  | ------------------- |
 | Assign roles                   | X      |           |                     |
-| Manage Microsoft Store for business and education settings |  X |           |                     |
+| Manage Microsoft Store for Business and Education settings |  X |           |                     |
 | Acquire apps                   | X      | X         |                     |
 | Distribute apps                | X      | X         |                     |
 | Sign policies and catalogs     | X      |           |                     |
@@ -69,7 +69,9 @@ These permissions allow people to:
 
 -   **Acquire apps** - Acquire apps from Microsoft Store and add them to your inventory.
 
--   **Distribute apps** - Distribute apps that are in your inventory. You can distribute from inventory, private store, or use a management tool.
+-   **Distribute apps** - Distribute apps that are in your inventory. 
+    - Admins can assign apps to people, add apps to the private store, or use a management tool.
+    - Purchasers can assign apps to people. 
 
 **To assign roles to people**
 
diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md
index 457f36b96b..75ec8368a3 100644
--- a/store-for-business/sfb-change-history.md
+++ b/store-for-business/sfb-change-history.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
-ms.date: 10/31/2017
+ms.date: 3/29/2018
 ms.localizationpriority: high
 ---
 
@@ -18,12 +18,33 @@ ms.localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
+## March 2018
+| New or changed topic | Description |
+| --- | --- |
+| [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) | New |
+| [Manage private store settings](manage-private-store-settings.md) | Update for adding private store performance improvements. |
+| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
+ [Roles and permissions in Microsoft Store for Business](roles-and-permissions-microsoft-store-for-business.md) | Update |
+
+## February 2018
+
+| New or changed topic | Description |
+| --- | --- |
+| [Manage private store settings](manage-private-store-settings.md) | Update for adding private store collections. |
+| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
+
+## November 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
+
 ## October 2017
 
 | New or changed topic | Description |
 | --- | --- |
 | [Manage Windows device deployment with Windows AutoPilot Deployment](add-profile-to-devices.md) | Update. Add profile settings with supported build info.  |
-| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update. |
+| [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
 
 ## September 2017
 
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
index fd595f2771..0c4e59c682 100644
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
-ms.date: 2/16/2018
+ms.date: 3/29/2018
 ---
 
 # What's new in Microsoft Store for Business and Education
@@ -15,17 +15,14 @@ Microsoft Store for Business and Education regularly releases new and improved f
 
 ## Latest updates for Store for Business and Education
 
-**January &amp; February, 2018**
+**March 2018**
 
 |  |  |
 |--------------------------------------|---------------------------------|
-| ![Microsoft Store for Business Products &amp; services page.](images/product-and-service-icon.png) |**One place for apps, software, and subscriptions**<br /><br /> The new **Products &amp; services** page in Microsoft Store for Business and Education gives customers a single place to manage all products and services. This includes Apps, Software, and Subscriptions that your organization acquired or manages through Microsoft Store for Business. This change centralizes these products, but the platform changes also improve overall performance. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
-| ![Private store collections](images/private-store-icon.png) |**Create collections of apps in your private store**<br /><br /> Use **collections** to customize your private store. Collections allow you to create groups of apps that are commonly used in your organization or school -- you might create a collection for a Finance department, or a 6th-grade class.<br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-collections)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
-|  ![Upgrade Office 365 trial subscription.](images/office-logo.png) |**Upgrade Office 365 trial subscription**<br /><br> Customers with Office 365 trials can now transition their trial to a paid subscription in Microsoft Store for Business. This works for trials you acquired from Microsoft Store for Business, or Office Admin Portal. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
-|  ![Image showing Settings icon.](images/mpsa-link.png) |**Supporting Microsoft Product and Services Agreement customers**<br /><br>If you are purchasing under the Microsoft Products and Services Agreement (MPSA), you can use Microsoft Store for Business. Here you will find access to Products & Services purchased, Downloads & Keys, Software Assurance benefits, Order history, and Agreement details. Also, we added the ability to associate your purchasing account to your tenant. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
-|  ![Image showing Settings icon.](images/invite-people.png) |**Microsoft Product and Services Agreement customers can invite people to take roles**<br /><br> MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
-
-
+| ![Private store performance icon](images/perf-improvement-icon.png) |**Performance improvements in private store**<br /><br /> We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+| ![Private store library icon](images/private-store-icon.png) |**Private store collection updates**<br /><br /> We’ve made it easier to find apps when creating private store collections – now you can search and filter results. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-collections)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+|  ![Skype icon.](images/skype-icon-wn.png) |**Manage Skype communication credits in Microsoft Store for Business and Education**<br /><br> Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+|  ![Upgrade Office 365 trial subscription.](images/office-logo.png) |**Upgrade Office 365 trial subscription**<br /><br> Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 Business to Office 365 Business Premium. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 
 <!---
 We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
@@ -39,6 +36,13 @@ We’ve been working on bug fixes and performance improvements to provide you a
 
 ## Previous releases and updates
 
+[January &amp; February, 2018](release-history-microsoft-store-business-education.md#january-and-february-2018)
+- One place for apps, software, and subscriptions
+- Create collections of apps in your private store
+- Upgrade Office 365 trial subscription
+- Supporting Microsoft Product and Services Agreement customers
+- Microsoft Product and Services Agreement customers can invite people to take roles
+
 [December 2017](release-history-microsoft-store-business-education.md#december-2017)
 - Bug fixes and permformance improvements
 
diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md
index d91d822b0f..0c12c3b9f9 100644
--- a/store-for-business/working-with-line-of-business-apps.md
+++ b/store-for-business/working-with-line-of-business-apps.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
 ms.localizationpriority: high
-ms.date: 10/17/2017
+ms.date: 3/19/2018
 ---
 
 # Working with line-of-business apps
@@ -38,8 +38,10 @@ You'll need to set up:
 -   LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](https://go.microsoft.com/fwlink/p/?LinkId=623432).
 -   LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
 
-## <a href="" id="add-lob-publisher"></a>Add an LOB publisher (Admin)
+The process and timing look like this:
+![Process showing LOB workflow in Microsoft Store for Business. Includes workflow for MSFB admin, LOB publisher, and Developer](images/lob-workflow.png)
 
+## <a href="" id="add-lob-publisher"></a>Add an LOB publisher (Admin)
 Admins need to invite developer or ISVs to become an LOB publisher.
 
 **To invite a developer to become an LOB publisher**
@@ -47,6 +49,7 @@ Admins need to invite developer or ISVs to become an LOB publisher.
 1.  Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
 2.  Click **Manage**, click **Permissions**, and then choose **Line-of-business publishers**.
 3.  On the Line-of business publishers page, click **Invite** to send an email invitation to a developer.
+ 
  >[!Note]
  > This needs to be the email address listed in contact info for the developer account.
   
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index c18bb989b4..c2421f0918 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -6,66 +6,64 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # What's new in App-V for Windows 10, version 1703 and earlier
 
-**Applies to**
--   Windows 10, version 1703 and earlier
+>Applies to: Windows 10, version 1703 and earlier
 
-Microsoft Application Virtualization (App-V) helps organizations to deliver Win32 applications to employees as virtual apps. Virtual apps are installed on centrally managed servers and delivered to employees as a service – in real time and on an as-needed basis. Employees start virtual apps from familiar access points and interact with them as if they were installed locally. 
+Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
 
 ## What's new in App-V Windows 10, version 1703
-The following are new features in App-V for Windows 10, version 1703.
 
-### Auto sequence and update your App-V packages singly or as a batch
-Previous versions of the App-V Sequencer have required you to manually sequence and update your app packages. This was time-consuming and required extensive interaction, causing many companies to deploy brand-new packages rather than update an existing one. Windows 10, version 1703 introduces the App-V Auto-Sequencer, which automatically sequences your app packages, improving your overall experience by streamlining the provisioning of the prerequisite environment, automating app installation, and expediting the package updating setup.
+### Auto-sequence and update your App-V packages singly or as a batch
 
-Using the automatic sequencer to package your apps provides:
--  Automatic virtual machine (VM) provisioning of the sequencing environment. For info about this, see [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md).
+Previous versions of the App-V Sequencer required manual sequencing and updating of app packages. This was time-consuming and required extensive interaction, causing many companies to deploy brand-new packages rather than update an existing one. Windows 10, version 1703 introduces the App-V Auto-Sequencer, which automatically sequences your app packages, improving your overall experience by streamlining prerequisite environment provisioning, automating app installation, and expediting package updating setup.
 
-- Batch-sequencing of packages. This means that multiple apps can be sequenced at the same time, in a single group. For info about this, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
+Using the automatic sequencer to package your apps gives you the following benefits:
 
-- Batch-updating of packages. This means that multiple apps can be updated at the same time, in a single group. For info about this, see [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
+* **Automatic virtual machine (VM) sequencing environment provisioning**. To learn more, see [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md).
+* **Package batch-sequencing**. This means that multiple apps can be sequenced at the same time, in a single group. To learn more, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
+* **Package batch-updating**. This means that multiple apps can be updated at the same time, in a single group. To learn more, see [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
 
 ### Updates to the App-V project template
-Starting with Windows 10, version 1703, you can save an App-V project template (.appvt) file as part of a sequenced App-V package, so it's automatically loaded every time the package opens for editing or updates. Your template can include general option settings, file exclusion list settings, and target operating system settings. For more info about this, see [Create and apply an App-V project template to a sequenced App-V package](appv-create-and-use-a-project-template.md)
 
-### Automatically cleanup unpublished App-V packages from the App-V client
-Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up additional storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart. For more info about this, see [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
+Starting with Windows 10, version 1703, you can now save an App-V project template (.appvt) file as part of a sequenced App-V package. This file will automatically load every time you open the package for edits or updates. Your template can include general option settings, file exclusion list settings, and target operating system settings. To learn more, see [Create and apply an App-V project template to a sequenced App-V package](../app-v/appv-create-and-use-a-project-template.md).
+
+### Automatically clean up unpublished App-V packages from the App-V client
+
+Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up additional storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart. To learn more, see [Automatically clean up unpublished packages on the App-V client](../app-v/appv-auto-clean-unpublished-packages.md).
 
 ## What's new in App-V in Windows 10, version 1607
-The following are new features in App-V for Windows 10, version 1607.
 
-## App-V is now a feature in Windows 10
-With Windows 10, version 1607 and later releases, Application Virtualization (App-V) is included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack. 
+### App-V is now a feature in Windows 10
 
-For information about earlier versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index).
+With Windows 10, version 1607 and later releases, App-V is now included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack.
 
-The changes in App-V for Windows 10, version 1607 impact already existing implementations of App-V in the following ways:
+To learn more about earlier versions of App-V, see [MDOP Information Experience](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/index).
 
--   The App-V client is installed on user devices automatically with Windows 10, version 1607, and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the App-V client.
+The changes in App-V for Windows 10, version 1607 impact existing implementations of App-V in the following ways:
 
--   The App-V application sequencer is available from the [Windows 10 Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). In previous releases of App-V, the application sequencer was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new application sequencer to create new virtualized applications, existing virtualized applications will continue to work.
+* The App-V client is installed on user devices automatically with Windows 10, version 1607, and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the App-V client.
+* In previous releases of App-V, the application sequencer was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new application sequencer to create new virtualized applications, existing virtualized applications will continue to work. The App-V application sequencer is available from the [Windows 10 Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
 
-    >[!NOTE]
-    >If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released. 
+ >[!NOTE]
+ >If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release.
 
-For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md) and [Migrating to App-V for Windows 10 from a previous version](appv-migrating-to-appv-from-a-previous-version.md).
+For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](../app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md) and [Migrating to App-V for Windows 10 from a previous version](../app-v/appv-migrating-to-appv-from-a-previous-version.md).
 
 >[!IMPORTANT]
->You can upgrade your existing App-V installation to Windows 10, version 1607 from App-V versions 5.0 SP2 and higher only. If you are using a previous version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade to Windows 10, version 1607.
- 
-## Support for System Center 
-App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager.
+>You can only upgrade your existing App-V installation to Windows 10, version 1607 if it's version 5.0 SP2 or higher. If you're using an older version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you can upgrade to Windows 10, version 1607.
 
-## Related topics
-- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows.md)
+## Support for System Center
 
-- [Release Notes for App-V for Windows 10, version 1703](appv-release-notes-for-appv-for-windows-1703.md)
+App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) to learn more about how to integrate your App-V environment with Configuration Manager.
 
 ## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
+## Related topics
+
+* [Release Notes for App-V for Windows 10, version 1607](../app-v/appv-release-notes-for-appv-for-windows.md)
+* [Release Notes for App-V for Windows 10, version 1703](../app-v/appv-release-notes-for-appv-for-windows-1703.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index 0bd1f363b2..7a031ea941 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -33,7 +33,7 @@ Use the following procedures to add or remove an administrator on the Microsoft
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index 89c7a533fb..19131f8521 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -27,7 +27,7 @@ You can the following procedure to add or upgrade a package to the App-V Managem
 
 2.  To specify the package you want to add, click **Add or Upgrade Packages**.
 
-3.  Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then click **Add**.
+3.  Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **https://server.1234/file.appv**, and then click **Add**.
 
     **Important**  
     You must select a package with the **.appv** file name extension.
@@ -42,7 +42,7 @@ You can the following procedure to add or upgrade a package to the App-V Managem
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index f234f60e45..a27ad2dd60 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -129,7 +129,7 @@ Use the following table for information about Windows PowerShell error handling
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
index f7ba1d2116..ff218061cc 100644
--- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
@@ -97,7 +97,7 @@ JavaScript must be enabled on the browser that opens the Web Management Console.
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## <a href="" id="other-resources-for-this-app-v-5-1-deployment-"></a>Other resources for this App-V deployment
 
diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
index 25c6cf10a9..f97ca1f36d 100644
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@@ -54,7 +54,7 @@ Use one of the following methods to allow only administrators to enable or disab
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index 2c094afa66..4674fddc02 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -1285,4 +1285,4 @@ There are three specific categories of events recorded described below.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
index d88487a0f0..ce1b3601b9 100644
--- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -35,7 +35,7 @@ The dynamic deployment configuration file is applied when a package is added or
      
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
index 206bc30bea..a59c999681 100644
--- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
@@ -34,7 +34,7 @@ Use the following procedure to specify a user-specific configuration file. The f
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index c8521bc7d2..508ae9f351 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -6,49 +6,40 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 06/26/2017
+ms.date: 04/18/2018
 ---
-
 # Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
-**Applies to**
--   Windows 10, version 1703
+>Applies to: Windows 10, version 1703
 
 Sequencing multiple apps at the same time requires you to install and start Microsoft Application Virtualization Sequencer (App-V Sequencer), and to install the necessary apps to collect any changes made to the operating system during the installation and building of the App-V package.
 
 In Windows 10, version 1703, running the App-V Sequencer automatically captures and stores your customizations as an App-V project template (.appvt) file. If you want to make changes to this package later, your customizations will be automatically loaded from this template file. This is applicable to all of the sequencing scenarios:
 
-- Using the New-BatchAppVSequencerPackages cmdlet
-
+- Using the **New-BatchAppVSequencerPackages** cmdlet
 - Using the App-V Sequencer interface
-
-- Using the new-AppVSequencerPackage cmdlet
+- Using the **New-AppVSequencerPackage** cmdlet
 
 >[!NOTE]
->If you're trying to update multiple apps at the same time, see the [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md) topic.
+>If you're trying to update multiple apps at the same time, see  [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
+
+### Sequence multiple apps with a PowerShell cmdlet
 
-### Sequence multiple apps by using a PowerShell cmdlet
 Sequencing multiple apps at the same time requires that you create a **ConfigFile** with info related to each round of sequencing. This file is then used by the cmdlet to start the VM at a "clean" checkpoint, to copy the installer from the Host device to the VM, and then to start the App-V Sequencer to monitor your specified app installations.
 
-**To create your ConfigFile for use by the PowerShell cmdlet**
+#### Create your ConfigFile for use by the PowerShell cmdlet
 
 1. Determine the apps that need to be included in your App-V sequencing package, and then open a text editor, such as Notepad.
 
 2. Add the following required XML info for each app:
 
-    - **&lt;AppName&gt;.** The name of the app you're adding to the package.
-    
-    - **&lt;InstallerFolder&gt;.** The file path to the folder with the app installer.
-
-    - **&lt;Installer&gt;.** The file name for the app executable. This will typically be an .exe or .msi file.
-
-    - **&lt;InstallerOptions&gt;.** The command-line options required for the app installation.
-
-    - **&lt;TimeoutInMinutes&gt;.** The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
-    - **&lt;Cmdlet&gt;.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-    
-    - **&lt;Enabled&gt;.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+    - ```<AppName>```. The name of the app you're adding to the package.
+    - ```<InstallerFolder>```. The file path to the folder with the app installer.
+    - ```<Installer>```. The file name for the app executable. This will typically be an .exe or .msi file.
+    - ```<InstallerOptions>```. The command-line options required for the app installation.
+    - ```<TimeoutInMinutes>```. The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
+    - ```<Cmdlet>```. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
+    - ```<Enabled>```. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
 
         **Example:**
 
@@ -75,40 +66,37 @@ Sequencing multiple apps at the same time requires that you create a **ConfigFil
                 </Application>
             </Applications>
         </xml>
-        ```     
+        ```
 3. Save your completed file, using the name **ConfigFile**.
 
+#### Start the App-V Sequencer interface and app installation process
 
-**To start the App-V Sequencer interface and app installation process**
-- Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
+Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
 
-    ```ps1
-    New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output> 
-    ```
-    Where _VMName_ is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and _OutputPath_ is the full path to where the sequenced packages should be copied.
+```PowerShell
+New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output>
+```
+
+Where ```<name_of_vm>``` is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and ```<path_to_your_output>``` is the full path to where the sequenced packages should be copied.
+
+The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the *OutputPath* parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
 
-    The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
- 
 ### Sequence multiple apps by using the App-V Sequencer interface
+
 Sequencing multipe apps at the same time requires that you create a **ConfigFIle** to collect all of the info related to each round of sequencing. This file is then used by the App-V Sequencer interface after creating a "clean" checkpoint on your VM.
 
-**To create your ConfigFile for use by the App-V Sequencer interface**
+#### Create your ConfigFile for use by the App-V Sequencer interface
 
 1. Determine the apps that need to be included in your App-V sequencing package, and then open a text editor, such as Notepad.
 
 2. Add the following required XML info for each app:
 
-    - **&lt;AppName&gt;.** The name of the app you're adding to the package.
-    
-    - **&lt;InstallerFolder&gt;.** The file path to the folder with the app installer.
-
-    - **&lt;Installer&gt;.** The file name for the app executable. This will typically be an .exe or .msi file.
-
-    - **&lt;TimeoutInMinutes&gt;.** The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
-    - **&lt;Cmdlet&gt;.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-    
-    - **&lt;Enabled&gt;.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+    - ```<AppName>```. The name of the app you're adding to the package.
+    - ```<InstallerFolder>```. The file path to the folder with the app installer.
+    - ```<Installer>```. The file name for the app executable. This will typically be an .exe or .msi file.
+    - ```<TimeoutInMinutes>```. The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
+    - ```<Cmdlet>```. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
+    - ```<Enabled>```. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
 
         **Example:**
 
@@ -135,41 +123,36 @@ Sequencing multipe apps at the same time requires that you create a **ConfigFIle
         </xml>
         ```
 
+#### How to start the App-V Sequencer interface and app installation process
 
-**To start the App-V Sequencer interface and app installation process**
-- Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
+Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
 
-    ```ps1
-    New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output> 
-    ```
-    Where _VMName_ is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and _OutputPath_ is the full path to where the sequenced packages should be copied.
+```PowerShell
+New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output>
+```
 
-    The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
+Where ```<name_of_vm>``` is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and ```<path_to_your_output>``` is the full path to where the sequenced packages should be copied.
+
+The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
 
 ### Review the log files
+
 There are 3 types of log files that occur when you sequence multiple apps at the same time:
 
-- **New-BatchAppVSequencerPackages-&lt;*time_stamp*&gt;.txt**. Located in the %temp%\AutoSequencer\Logs directory. This log contains info about the sequencing activities, such as "Copying installer to VM", "Scheduling sequencing task", and so on for each app. Additionally, if an app times out, this log contains the failure along with the checkpoint for troubleshooting the problem.
-
-- **New-BatchAppVSequencerPackages-report-&lt;*time_stamp*&gt;.txt**. Located in the **OutputPath** folder you specified earlier. This log contains info about the connections made to the VM, showing if there were any failures. Additionally, it briefly includes success or failure info for all of the apps.
-
+- **New-BatchAppVSequencerPackages-<*time_stamp*>.txt**. Located in the %temp%\AutoSequencer\Logs directory. This log contains info about the sequencing activities for each app, such as "Copying installer to VM," "Scheduling sequencing task," and so on. Additionally, if an app times out, this log contains the failure along with the checkpoint for troubleshooting the problem.
+- **New-BatchAppVSequencerPackages-report-<*time_stamp*>.txt**. Located in the **OutputPath** folder you specified earlier. This log contains info about the connections made to the VM, showing if there were any failures. Additionally, it briefly includes success or failure info for all of the apps.
 - **Log.txt file**. Located in the **Output Package** folder. This file contains all code included in the NewAppVSequencerPackage cmdlet, including the allowed parameters.
 
 ### Related topics
 
 - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
-
 - [How to install the App-V Sequencer](appv-install-the-sequencer.md)
-
 - [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
-
 - [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md)
-
 - [Manually sequence a single app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
-
 - [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md)
+- [Automatically clean up unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
 
-- [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
+## Have a suggestion for App-V?
 
-**Have a suggestion for App-V?**<p>
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index 09911137f3..1d96b18fb8 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -6,45 +6,37 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 06/26/2017
+ms.date: 04/18/2018
 ---
-
 # Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
-**Applies to**
--   Windows 10, version 1703
+>Applies to: Windows 10, version 1703
 
-Updating multiple apps at the same time follows the same process as [automatically sequencing multiple apps at the same time](appv-auto-batch-sequencing.md). However for updating, you'll pass your previously created app package files to the App-V Sequencer cmdlet for updating.
+Updating multiple apps at the same time follows a similar process to the one used for [automatically sequencing multiple apps at the same time](appv-auto-batch-sequencing.md). However, when updating, you'll also have to pass your previously created app package files to the App-V Sequencer cmdlet.
 
 Starting with Windows 10, version 1703, running the New-BatchAppVSequencerPackages cmdlet or the App-V Sequencer interface captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
 
 >[!NOTE]
->If you're trying to sequence multiple apps at the same time, see the [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md) topic.
+>If you're trying to sequence multiple apps at the same time, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
+
+## Update multiple apps with a PowerShell cmdlet
 
-### Update multiple apps by using a PowerShell cmdlet
 Updating multiple apps at the same time requires that you create a **ConfigFile** with info related to each round of updating. This file is then used by the cmdlet to start the VM at a "clean" checkpoint, to copy the installer from the Host device to the VM, and then to start the App-V Sequencer to monitor your specified app installations.
 
-**To create your ConfigFile for use by the PowerShell cmdlet**
+### Create your ConfigFile for use by the PowerShell cmdlet
 
 1. Determine the apps that need to be included in your app package, and then open a text editor, such as Notepad.
 
 2. Add the following XML info for each app:
 
-    - **&lt;AppName&gt;.** The name of the app you're adding to the package.
-    
-    - **&lt;InstallerFolder&gt;.** The file path to the folder with the app installer.
-
-    - **&lt;Installer&gt;.** The file name for the app executable. This will typically be an .exe or .msi file.
-
-    - **&lt;InstallerOptions&gt;.** The command-line options required for the app installation.
-
-    - **&lt;Package&gt;.** The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
-
-    - **&lt;TimeoutInMinutes&gt;.** The maximum amount of time, in minutes, that the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
-    - **&lt;Cmdlet&gt;.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-    
-    - **&lt;Enabled&gt;.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+    - ```<AppName>```. The name of the app you're adding to the package.
+    - ```<InstallerFolder>```. The file path to the folder with the app installer.
+    - ```<Installer>```. The file name for the app executable. This will typically be an .exe or .msi file.
+    - ```<InstallerOptions>```. The command-line options required for the app installation.
+    - ```<Package>```. The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
+    - ```<TimeoutInMinutes>```. The maximum amount of time, in minutes, that the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
+    - ```<Cmdlet>```. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
+    - ```<Enabled>```. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
 
         **Example:**
         ```XML
@@ -74,41 +66,36 @@ Updating multiple apps at the same time requires that you create a **ConfigFile*
         </xml>
         ```
 
-3. Save your completed file, using the name **ConfigFile**.
+3. Save your completed file under the name **ConfigFile**.
 
+### Start the App-V Sequencer interface and app installation process
 
-**To start the App-V Sequencer interface and app installation process**
 - Open PowerShell as an admin on the Host computer and run the following commands to start the batch updating:
 
-    ```ps1
-    New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output> 
+    ```PowerShell
+    New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output>
     ```
-    Where _VMName_ is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch updating, and _OutputPath_ is the full path to where the updated packages should be copied.
+    Where ```<name_of_vm>``` is the name of the virtual machine (VM) with the App-V Sequencer installed that you'll run the batch updating on, and ```<path_to_your_output>``` is the full path to where the updated packages should be copied.
+
+    The cmdlet creates a "clean" checkpoint on the VM. After making the checkpoint, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM. This opens a new session of the VM (through VMConnect), allowing app updates to begin from the command-line. After completing the update and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
+
+## Update multiple apps with the App-V Sequencer interface
 
-    The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and updating of the app begins from the command-line. After completing updating and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
- 
-### Update multiple apps by using the App-V Sequencer interface
 Updating multipe apps at the same time requires that you create a **ConfigFile** to collect all of the info related to each round of updating. This file is then used by the App-V Sequencer interface after creating a "clean" checkpoint on your VM.
 
-**To create your ConfigFile for use by the App-V Sequencer interface**
+### Create your ConfigFile for use by the App-V Sequencer interface
 
 1. Determine the apps that need to be updated and then open a text editor, such as Notepad.
 
 2. Add the following XML info for each app:
 
-    - **&lt;AppName&gt;.** The name of the app you're adding to the package.
-    
-    - **&lt;InstallerFolder&gt;.** The file path to the folder with the app installer.
-
-    - **&lt;Installer&gt;.** The file name for the app executable. This will typically be an .exe or .msi file.
-
-    - **&lt;Package&gt;.** The file path to the location of your App-V packages. These packages were created when you sequenced your apps.    
-
-    - **&lt;TimeoutInMinutes&gt;.** The maximum amount of time, in minutes, the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
-    - **&lt;Cmdlet&gt;.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-    
-    - **&lt;Enabled&gt;.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+    - ```<AppName>```. The name of the app you're adding to the package.
+    - ```<InstallerFolder>```. The file path to the folder with the app installer.
+    - ```<Installer>```. The file name for the app executable. This will typically be an .exe or .msi file.
+    - ```<Package>```. The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
+    - ```<TimeoutInMinutes>```. The maximum amount of time, in minutes, the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
+    - ```<Cmdlet>```. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
+    - ```<Enabled>```. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
 
         **Example:**
 
@@ -139,41 +126,35 @@ Updating multipe apps at the same time requires that you create a **ConfigFile**
         </xml>
         ```   
 
-**To start the App-V Sequencer interface and app installation process**
+### Start the App-V Sequencer interface and app installation process
+
 - Open PowerShell as an admin on the Host computer and run the following commands to start the batch updating:
 
-    ```ps1
-    New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output> 
+    ```PowerShell
+    New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output>
     ```
-    Where _VMName_ is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch updating, and _OutputPath_ is the full path to where the updated packages should be copied.
+    Where ```<name_of_vm>``` is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch updating, and ```<path_to_your_output>``` is the full path to where the updated packages should be copied.
 
-    The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and updating of the app begins from the command-line. After completing updating and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
+    This cmdlet creates a "clean" checkpoint on the VM. After making the checkpoint, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM. This opens a new session of the VM (through VMConnect) and app updating begins from the command-line. After completing updating and package creation for the first app on the VM, the package is copied from the VM to the Host computer specified in the *OutputPath* parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted to a "clean" checkpoint and turned off.
 
 ### Review the log files
-There are 3 types of log files that occur when you sequence multiple apps at the same time:
 
-- **New-BatchAppVSequencerPackages-&lt;*time_stamp*&gt;.txt**. Located in the %temp%\AutoSequencer\Logs directory. This log contains info about the updating activities, such as "Copying installer to VM", "Scheduling updating task", and so on for each app. Additionally, if an app times out, this log contains the failure along with the checkpoint for troubleshooting the problem.
+There are three types of log files that occur when you sequence multiple apps at the same time:
 
-- **New-BatchAppVSequencerPackages-report-&lt;*time_stamp*&gt;.txt**. Located in the **OutputPath** folder you specified earlier. This log contains info about the connections made to the VM, showing if there were any failures. Additionally, it briefly includes success or failure info for all of the apps.
-
-- **Log.txt file**. Located in the **Output Package** folder. This file contains all code included in the NewAppVSequencerPackage cmdlet, including the allowed parameters.
+- **New-BatchAppVSequencerPackages-<*time_stamp*>.txt**. Located in the %temp%\AutoSequencer\Logs directory. This log contains info about updating activities for each app, such as "Copying installer to VM," "Scheduling updating task," and so on. Additionally, if an app times out, this log contains the failure along with the checkpoint for troubleshooting the problem.
+- **New-BatchAppVSequencerPackages-report-<*time_stamp*>.txt**. Located in the **OutputPath** folder you specified earlier. This log contains info about the connections made to the VM, showing if there were any failures. Additionally, it briefly includes success or failure info for all of the apps.
+- **Log.txt file**. Located in the **Output Package** folder. This file contains all code included in the **NewAppVSequencerPackage** cmdlet, including the allowed parameters.
 
 ### Related topics
 
 - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
-
 - [How to install the App-V Sequencer](appv-install-the-sequencer.md)
-
 - [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
-
 - [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md)
-
 - [Manually sequence a single app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
-
 - [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
-
 - [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
 
+## Have a suggestion for App-V?
 
-**Have a suggestion for App-V?**<p>
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index 9632883b04..23a9fe37c6 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -74,4 +74,4 @@ Using Group Policy, you can turn on the **Enable automatic cleanup of unused app
 
 
 **Have a suggestion for App-V?**<p>
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 29943d7b0b..73c3fb6cdf 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -6,88 +6,89 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
-**Applies to**
--   Windows 10, version 1703
+>Applies to: Windows 10, version 1703
 
 Previous versions of the App-V Sequencer have required you to manually create your sequencing environment. Windows 10, version 1703 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine.
 
 ## Automatic VM provisioning of the sequencing environment
-You have 2 options for provisioning an VM for auto-sequencing:
-- Using a Virtual Hard Disk (VHD)
 
-    -OR-
+You have two options for provisioning an VM for auto-sequencing:
 
-- Updating an existing VM
+1. Using a Virtual Hard Disk (VHD)
+2. Updating an existing VM
 
-   >[!NOTE]
-   >We have reduced the number of environmental checks performed by the App-V Sequencer, narrowing down the list of apps that need to be disabled or turned off for a clean sequencing experience. We've also suppressed antivirus and other similar app warnings.
+You can only choose one option.
+
+>[!NOTE]
+>We have reduced the number of environmental checks performed by the App-V Sequencer, narrowing down the list of apps that need to be disabled or turned off for a clean sequencing experience. We've also suppressed antivirus and other similar app warnings.
+
+### Provision a new VM with a VHD file
 
-### Provision a new VM by using a VHD file
 Provisioning your new VM includes creating a VHD file, setting up a user account, turning on remote PowerShell scripting, and installing the App-V Sequencer.
 
 #### Create a VHD file
+
 For this process to work, you must have a base operating system available as a VHD image file, we recommend using the [Convert-WindowsImage.ps1](https://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f) command-line tool.
 
-**To create a VHD file by using the Convert-WindowsImage command-line tool**
-1. Open PowerShell as an admin and run the Convert-WindowsImage tool, using the following commands:
+#### Create a VHD file with the Convert-WindowsImage command-line tool
+
+1. Open PowerShell as an admin and run the **Convert-WindowsImage** tool, using the following commands:
 
     ```ps1
     Convert-WindowsImage -SourcePath "<path_to_iso_image>" -VHDFormat "VHD" -VHDPartitionStyle "MBR"
     ```
-    Where *&lt;path_to_iso_image&gt;* is the full path to your ISO image. 
-    
-    >[!IMPORTANT]
-    >You must specify the _VHDPartitionStyle_ as **MBR**. Using the default value, **GPT**, will cause a boot failure in your VHD image.
+    Where ```<path_to_iso_image>``` is the full path to your ISO image.
+
+>[!IMPORTANT]
+>You must specify the *VHDPartitionStyle* as **MBR**. If you use the default value, **GPT**, will cause a boot failure in your VHD image.
+
+#### Provision your VM with your VHD file
 
-#### Provision your VM using your VHD file
 After you have a VHD file, you must provision your VM for auto-sequencing.
 
-**To provision your VM using your VHD file**
 1. On the Host device, install Windows 10, version 1703 and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
-
 2. Make sure that Hyper-V is turned on. For more info about turning on and using Hyper-V, see [Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server).
-
 3. Open PowerShell as an admin and run the **New-AppVSequencerVM** cmdlet, using the following parameters:
 
-    ```ps1
-    New-AppVSequencerVM -VMName "<name_of_new_vm>" -ADKPath "<path_to_adk_install_folder>" -VHDPath "<path_to_vhd_file>" -VMMemory <vm_memory_size> -VMSwitch "<name_of_network_switch>"
+    ```PowerShell
+    New-AppVSequencerVM -VMName "<name_of_new_vm>" -ADKPath "<path_to_adk_install_folder>" -VHDPath "<path_to_vhd_file>" -VMMemory "<vm_memory_size>" -VMSwitch "<name_of_network_switch>"
     ```
-    
-This command creates a new Hyper-V VM file using the provided VHD file and also creates a "clean" checkpoint, from where all sequencing and updating will start.
 
+   This command creates a new Hyper-V VM file using the provided VHD file and also creates a "clean" checkpoint, from where all sequencing and updating will start.
 
 ### Provision an existing VM for auto-sequencing
+
 If your apps require custom prerequisites, such as Microsoft SQL Server, we recommend that you preinstall the prerequisites on your VM and then use that VM for auto-sequencing. Using these steps will establish a connection to your existing VM.
 
-**To connect to your existing VM**
+#### Connect to your existing VM
+
 - Open PowerShell as an admin and run the following commands on your existing VM:
 
     - **Set the network category of your connection profile on the VM to _Private_:** 
     
-        ```ps1
+        ```PowerShell
         Get-netconnectionprofile | set-netconnectionprofile -NetworkCategory Private
         ```
         
-    - **Enable firewall rules for _Remote Desktop_ and _Windows Remote Management_:** 
+    - **Enable firewall rules for _Remote Desktop_ and _Windows Remote Management_:**
     
-        ```ps1
-        Enable-NetFirewallRule -DisplayGroup “Remote Desktop” 
+        ```PowerShell
+        Enable-NetFirewallRule -DisplayGroup “Remote Desktop”
         Enable-NetFirewallRule -DisplayGroup “Windows Remote Management”
         ```
 
     - **Set the VM to receive remote commands without a confirmation prompt:**
     
-        ```ps1
+        ```PowerShell
         Enable-PSRemoting –Force
         ```
 
-**To provision an existing VM**
+#### Provision an existing VM
+
 1. On the Host device, install Windows 10, version 1703 and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
 
 2. Open PowerShell as an admin and run the **Connect-AppvSequencerVM** cmdlet, using the following parameters:
@@ -96,33 +97,34 @@ If your apps require custom prerequisites, such as Microsoft SQL Server, we reco
     Connect-AppvSequencerVM -VMName "<name_of_vm>" -ADKPath "<path_to_adk_install_folder>"
     ```
     
-    Where *&lt;name_of_vm&gt;* is the name of the VM granted during its creation and shown in the Hyper-V Manager tool.
+    Where ```<name_of_vm>``` is the name of the VM as shown in the Hyper-V Manager tool.
 
 This command creates a new Hyper-V VM file using the provided VHD file and also creates a "clean" checkpoint, from where all sequencing and updating will start.
 
-
 ### Review the provisioning log files
-The 2 types of provisioning log files, located at %temp%\AutoSequencer\Logs, are:
 
-- **New-AppVSequencerVM-&lt;*time_stamp*&gt;.txt**. Includes info about the provisioning activities, such as "Waiting for VM session", "Copying installer for Sequencer", and so on.
-
-- **Connect-AppvSequencerVM-report-&lt;*time_stamp*&gt;.txt**. Includes info about the connections made to the VM, showing whether there were any failures.
+The two types of provisioning log files, located at %temp%\AutoSequencer\Logs, are:
 
+- **New-AppVSequencerVM-<time_stamp>.txt**. Includes info about the provisioning activities, such as "Waiting for VM session", "Copying installer for Sequencer", and so on.
+- **Connect-AppvSequencerVM-report-<time_stamp>.txt**. Includes info about the connections made to the VM, showing whether there were any failures.
 
 ### Next steps
-After provisioning your sequencing environment, you must sequence your apps, either as a group or individually. For more info about sequencing your apps, see [Manually sequence a single new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md), [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md), and [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
 
-After you sequence your packages, you can automatically cleanup any unpublished packages on the App-V client. For more info, see [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md).
+After provisioning your sequencing environment, you must sequence your apps, either as a group or individually. For more info about sequencing your apps, see the following articles
+
+- [Manually sequence a single new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
+- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
+- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md)
+
+After you sequence your packages, you can automatically clean up any unpublished packages on the App-V client. To learn more, see [Automatically clean up unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md).
 
 ### Related topics
-- [Download the Convert-WindowsImage tool](https://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f)
 
+- [Download the **Convert-WindowsImage** tool](https://www.powershellgallery.com/packages/Convert-WindowsImage/10.0)
 - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
-
 - [How to install the App-V Sequencer](appv-install-the-sequencer.md)
-
 - [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
 
+## Have a suggestion for App-V?
 
-**Have a suggestion for App-V?**<p>
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index f37904bd63..4eb8944558 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -6,948 +6,190 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # App-V Capacity Planning
 
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
 The following recommendations can be used as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
 
->**Important**  
-Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
+>[!IMPORTANT]
+>Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
 
- 
+## Determine the project scope
 
-## Determine the Project Scope
+Before you design the App-V infrastructure, determining which applications will be available virtually, and also identify the target users and their locations. This information will determine what type of App-V infrastructure your project should implement. Your should base your decisions about your project's scope on your organization's specific needs.
 
+|Task|More information|
+|----|----------------|
+|Determine application scope|The App-V infrastructure can be set up in different ways depending on which applications you want to virtualize. This means your first task is to define which applications you want to virtualize.|
+|Determine location scope|"Location scope" refers to the physical locations where you plan to run the virtualized applications (for example, enterprise-wide or a specific geographic location). It can also refer to the user population that will run the virtual applications (for example, a single department). You should obtain a network map that includes the connection paths, the available bandwidth for each location, the number of users using virtualized applications, and the WAN link speed.|
 
-Before you design the App-V infrastructure, determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization.
+## Determine which App-V infrastructure is required
 
-<table>
-<colgroup>
-<col width="30%" />
-<col width="70%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Task</th>
-<th align="left">More Information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Determine Application Scope</p></td>
-<td align="left"><p>Depending on the applications to be virtualized, the App-V infrastructure can be set up in different ways. The first task is to define what applications you want to virtualize.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Determine Location Scope</p></td>
-<td align="left"><p>Location scope refers to the physical locations (for example, enterprise-wide or a specific geographic location) where you plan to run the virtualized applications. It can also refer to the user population (for example, a single department) who will run the virtual applications. You should obtain a network map that includes the connection paths as well as available bandwidth to each location and the number of users using virtualized applications and the WAN link speed.</p></td>
-</tr>
-</tbody>
-</table>
+You can also manage your App-V environment using an electronic software distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V packages using electronic software distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
 
-## Determine Which App-V Infrastructure is Required
+* **Standalone model**—The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone mode only needs the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information, see [Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md). The standalone model is recommended for the following scenarios:
 
-You can also manage your App-V environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
+    * When there are disconnected remote users who can't connect to the App-V infrastructure.
+    * When you're running a software management system, such as System Center 2012 Configuration Manager.
+    * When network bandwidth limitations inhibit electronic software distribution.
+* **Full infrastructure model**—The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V full infrastructure model consists of one or more App-V management servers that can be used to publish applications to all clients. Publishing places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about how to install the management server, see [Planning for App-V Server deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
 
--   **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios:
+    * When you want to use the Management Server to publish the application to target computers.
+    * For rapid provisioning of applications to target computers.
+    * When you want to use App-V reporting.
 
-    -   With disconnected remote users who cannot connect to the App-V infrastructure.
+>[!IMPORTANT]
+>The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information, see [App-V supported configurations](appv-supported-configurations.md).
 
-    -   When you are running a software management system, such as System Center 2012 Configuration Manager.
+## End-to-end server sizing guidance
 
-    -   When network bandwidth limitations inhibit electronic software distribution.
+The following section describes end-to-end App-V sizing and planning. For more specific information, refer to the subsequent sections.
 
--   **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V Full Infrastructure Model consists of one or more App-V management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for App-V Server Deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
+>[!NOTE]
+>Round trip response time on the client is the time taken by the computer running the App-V client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
 
-    >**Important**  
-    The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V Supported Configurations](appv-supported-configurations.md).
+* 20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time (<3 seconds).
+* A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time (<5 seconds).
 
-     
+## App-V Management Server capacity planning recommendations
 
-    -   When you want to use the Management Server to publish the application to target computers.
+The App-V publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V management server supported configurations, see [App-V supported configurations](appv-supported-configurations.md).
 
-    -   For rapid provisioning of applications to target computers.
+>[!NOTE]
+>The default refresh time on the App-V publishing server is ten minutes.
 
-    -   When you want to use App-V reporting.
+When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors will influence the publishing server's round-trip response time:
 
-## End-to-end Server Sizing Guidance
+1. The number of publishing servers making simultaneous requests.
+2. The number of connection groups configured on the management server.
+3. The number of access groups configured on the management server.
 
+The following table describes each factor that impacts round-trip time in more detail.
 
-The following section provides information about end-to-end App-V sizing and planning. For more specific information, refer to the subsequent sections.
+>[!NOTE]
+>Round trip response time is the time taken by the computer running the App-V publishing server to receive a successful package metadata update from the management server.
 
-**Note**  
-Round trip response time on the client is the time taken by the computer running the App-V client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
+|Factors impacting round-trip response time|Description|
+|------------------------------------------|-----------|
+|The number of publishing servers simultaneously requesting package metadata refreshes.|A single management server can respond to up to 320 publishing servers simultaneously requesting publishing metadata. For example, in a case with 30 publishing servers simultaneously requesting publishing metadata, the round-trip response time is about 40 seconds, while for less than 50 servers it's less than 5 seconds. From 50 to 320 publishing servers, response team increases linearly (approximately 2×).|
+|The number of connection groups configured on the management server.|For up to 100 connection groups, there is no significant change in the round-trip response time on the publishing server. For 100–400 connection groups, there is a minor linear increase in the round-trip response time.|
+|The number of access groups configured on the management server.|For up to 40 access groups, there is a linear (approximately 3×) increase in the round-trip response time on the publishing server.|
 
- 
+The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-V management server.
 
--   20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (&lt;3 seconds)
+|Scenario|Variation|Number of connection groups|Number of access groups|Number of publishing servers|Network connection type|Round-trip response time (seconds)|Management server CPU utilization|
+|---|---|---|---|---|---|---|---|
+|Publishing servers contact management server for publishing metadata at same time|Number of publishing servers.|0<br>0<br>0<br>0<br>0<br>0|1<br>1<br>1<br>1<br>1<br>1|50<br>100<br>200<br>300<br>315<br>320|LAN|5<br>10<br>19<br>32<br>30<br>37|17<br>17<br>17<br>15<br>17<br>15|
+|Publishing metadata contains connection groups|Number of connection groups|10<br>20<br>100<br>150<br>300<br>400|1<br>1<br>1<br>1<br>1<br>1|100<br>100<br>100<br>100<br>100<br>100|LAN|10<br>11<br>11<br>16<br>22<br>25|17<br>19<br>22<br>19<br>20<br>20|
+|Publishing metadata contains access groups|Number of access groups|0<br>0<br>0<br>0|1<br>10<br>20<br>40|100<br>100<br>100<br>100|LAN|10<br>43<br>153<br>535|17<br>26<br>24<br>24|
 
--   A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time. (&lt;5 seconds)
+The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example, transactions/sec is approximately 30, batch requests approximately 200, and user connects approximately six.
 
-## <a href="" id="---------app-v-5-1-management-server-capacity-planning-recommendations"></a> App-V Management Server Capacity Planning Recommendations
+Using a geographically distributed deployment, where the management server and publishing servers utilize a slow link network between them, the round-trip response time on the publishing servers is within acceptable time limits (<5 seconds), even for 100 simultaneous requests on a single management server.
 
-
-The App-V publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V management server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
-
-**Note**  
-The default refresh time on the App-V publishing server is ten minutes.
-
- 
-
-When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server:
-
-1.  Number of publishing servers making simultaneous requests.
-
-2.  Number of connection groups configured on the management server.
-
-3.  Number of access groups configured on the management server.
-
-The following table displays more information about each factor that impacts round trip time.
-
-**Note**  
-Round trip response time is the time taken by the computer running the App-V publishing server to receive a successful package metadata update from the management server.
-
- 
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Factors impacting round trip response time</th>
-<th align="left">More Information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>The number of publishing servers simultaneously requesting package metadata refreshes.</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>A single management server can respond to up to 320 publishing servers requesting publishing metadata simultaneously.</p></li>
-<li><p>Round trip response time for 320 pub servers is ~40 seconds.</p></li>
-<li><p>For &lt;50 publishing servers requesting metadata simultaneously, the round trip response time is &lt;5 seconds.</p></li>
-<li><p>From 50 to 320 publishing servers, the response time increases linearly (approximately 2x).</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>The number of connection groups configured on the management server.</p>
-<p></p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>For up to 100 connection groups, there is no significant change in the round trip response time on the publishing server.</p></li>
-<li><p>For 100 - 400 connection groups, there is a minor linear increase in the round trip response time.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>The number of access groups configured on the management server.</p>
-<p></p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>For up to 40 access groups, there is a linear (approximately 3x) increase in the round trip response time on the publishing server.</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-Vmanagement server.
-
-<table>
-<colgroup>
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Scenario</th>
-<th align="left">Variation</th>
-<th align="left">Number of connection groups</th>
-<th align="left">Number of access groups</th>
-<th align="left">Number of publishing servers</th>
-<th align="left">Network connection type publishing server / management server</th>
-<th align="left">Round trip response time on the publishing server (in seconds)</th>
-<th align="left">CPU utilization on management server</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Publishing servers simultaneously contacting management server for publishing metadata.</p></td>
-<td align="left"><p>Number of publishing servers</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>0</p></li>
-<li><p>0</p></li>
-<li><p>0</p></li>
-<li><p>0</p></li>
-<li><p>0</p></li>
-<li><p>0</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1</p></li>
-<li><p>1</p></li>
-<li><p>1</p></li>
-<li><p>1</p></li>
-<li><p>1</p></li>
-<li><p>1</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>50</p></li>
-<li><p>100</p></li>
-<li><p>200</p></li>
-<li><p>300</p></li>
-<li><p>315</p></li>
-<li><p>320</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>5</p></li>
-<li><p>10</p></li>
-<li><p>19</p></li>
-<li><p>32</p></li>
-<li><p>30</p></li>
-<li><p>37</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>17</p></li>
-<li><p>17</p></li>
-<li><p>17</p></li>
-<li><p>15</p></li>
-<li><p>17</p></li>
-<li><p>15</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Publishing metadata contains connection groups</p></td>
-<td align="left"><p>Number of connection groups</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>10</p></li>
-<li><p>50</p></li>
-<li><p>100</p></li>
-<li><p>150</p></li>
-<li><p>300</p></li>
-<li><p>400</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1</p></li>
-<li><p>1</p></li>
-<li><p>1</p></li>
-<li><p>1</p></li>
-<li><p>1</p></li>
-<li><p>1</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p>100</p></li>
-<li><p>100</p></li>
-<li><p>100</p></li>
-<li><p>100</p></li>
-<li><p>100</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>10</p></li>
-<li><p>11</p></li>
-<li><p>11</p></li>
-<li><p>16</p></li>
-<li><p>22</p></li>
-<li><p>25</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>17</p></li>
-<li><p>19</p></li>
-<li><p>22</p></li>
-<li><p>19</p></li>
-<li><p>20</p></li>
-<li><p>20</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Publishing metadata contains access groups</p></td>
-<td align="left"><p>Number of access groups</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>0</p></li>
-<li><p>0</p></li>
-<li><p>0</p></li>
-<li><p>0</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1</p></li>
-<li><p>10</p></li>
-<li><p>20</p></li>
-<li><p>40</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p>100</p></li>
-<li><p>100</p></li>
-<li><p>100</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>10</p></li>
-<li><p>43</p></li>
-<li><p>153</p></li>
-<li><p>535</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>17</p></li>
-<li><p>26</p></li>
-<li><p>24</p></li>
-<li><p>24</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6.
-
-Using a geographically distributed deployment, where the management server & publishing servers utilize a slow link network between them, the round trip response time on the publishing servers is within acceptable time limits (&lt;5 seconds), even for 100 simultaneous requests on a single management server.
-
-<table>
-<colgroup>
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Scenario</th>
-<th align="left">Variation</th>
-<th align="left">Number of connection groups</th>
-<th align="left">Number of access groups</th>
-<th align="left">Number of publishing servers</th>
-<th align="left">Network connection type publishing server / management server</th>
-<th align="left">Round trip response time on the publishing server (in seconds)</th>
-<th align="left">CPU utilization on management server</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Network connection between the publishing server and management server</p></td>
-<td align="left"><p>1.5 Mbps Slow link Network</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>0</p></li>
-<li><p>0</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1</p></li>
-<li><p>1</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>50</p></li>
-<li><p>100</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1.5Mbps Cable DSL</p></li>
-<li><p>1.5Mbps Cable DSL</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>4</p></li>
-<li><p>5</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1</p></li>
-<li><p>2</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Network connection between the publishing server and management server</p></td>
-<td align="left"><p>LAN / WIFI Network</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>0</p></li>
-<li><p>0</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1</p></li>
-<li><p>1</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p>200</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Wifi</p></li>
-<li><p>Wifi</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>11</p></li>
-<li><p>20</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>15</p></li>
-<li><p>17</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Scenario|Variation|Number of connection groups|Number of access groups|Number of publishing servers|Network connection type|Round-trip response time (seconds)|Management server CPU utilization (in %)|
+|---|---|---|---|---|---|---|---|
+|Network connection between the publishing server and management server|1.5 Mbps Slow link Network|0<br>0|1<br>1|50<br>100|1.5 Mbps Cable DSL|4<br>5|1<br>2|
+|Network connection between the publishing server and management server|LAN/WiFi Network|0<br>0|1<br>1|100<br>200|WiFi|11<br>20|15<br>17|
 
 Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes.
 
-## <a href="" id="---------app-v-5-1-reporting-server-capacity-planning-recommendations"></a> App-V Reporting Server Capacity Planning Recommendations
+## App-V Reporting Server capacity planning recommendations
 
+App-V clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V client. For more information about the App-V Reporting Server's supported configurations see [App-V supported configurations](appv-supported-configurations.md).
 
-App-V clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V client. For more information about App-V Reporting Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+>[!NOTE]
+>Round-trip response time is the time taken by the computer running the App-V client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
 
-**Note**  
-Round trip response time is the time taken by the computer running the App-V client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients send reporting information to the reporting server simultaneously.|Round-trip response time from the reporting server is 2.6 seconds for 500 clients. Round-trip response time from the reporting server is 5.65 seconds for 1000 clients. Round-trip response time increases linearly depending on number of clients.|
+|Requests per second processed by the reporting server.|A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second. Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second, like a single reporting server, is about 127, with a max of 278 requests/second. A single reporting server can process 500 concurrent/active connections. A single reporting server can process a maximum 1,500 concurrent connections.|
+|Reporting database.|Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second. Throughput and response time are independent of database size.|
 
- 
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Scenario</th>
-<th align="left">Summary</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Multiple App-V clients send reporting information to the reporting server simultaneously.</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Round trip response time from the reporting server is 2.6 seconds for 500 clients.</p></li>
-<li><p>Round trip response time from the reporting server is 5.65 seconds for 1000 clients.</p></li>
-<li><p>Round trip response time increases linearly depending on number of clients.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Requests per second processed by the reporting server.</p>
-<p></p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second.</p></li>
-<li><p>Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second is similar to a single reporting server = ~127, with a max of 278 requests/second.</p></li>
-<li><p>A single reporting server can process 500 concurrent/active connections.</p></li>
-<li><p>A single reporting server can process a maximum 1500 concurrent connections.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Reporting Database.</p>
-<p></p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second.</p></li>
-<li><p>Throughput and response time are independent of database size.</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-**Calculating random delay**:
+### Calculating random delay
 
 The random delay specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between **0** and **ReportingRandomDelay** and will wait the specified duration before sending data.
 
-Random delay = 4 \* number of clients / average requests per second.
+*Random delay = 4 × number of clients/average requests per second*.
 
-Example: For 500 clients, with 120 requests per second, the Random delay is, 4 \* 500 / 120 = ~17 minutes.
+Example: Random delay for 500 clients with 120 requests per second is *4 × 500/120 = about 17 minutes*.
 
-## <a href="" id="---------app-v-5-1-publishing-server-capacity-planning-recommendations"></a> App-V Publishing Server Capacity Planning Recommendations
+## App-V publishing server capacity planning recommendations
 
+Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and receive a response. Round trip response time is measured on the computer running the App-V client, while processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations, see [App-V supported configurations](appv-supported-configurations.md).
 
-Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and to receive a response. Round trip response time is measured on the computer running the App-V client. Processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+>[!IMPORTANT]
+>The following list displays the main factors to consider when setting up the App-V publishing server:
+  * The number of clients connecting simultaneously to a single publishing server.
+  * The number of packages in each refresh.
+  * The available network bandwidth in your environment between the client and the App-V publishing server.
 
-**Important**  
-The following list displays the main factors to consider when setting up the App-V publishing server:
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients connect to a single publishing server simultaneously.|A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously. For 5,000–10,000 clients, the publishing server requires a minimum quad core. For 10,000–20,000 clients, the publishing server should have dual quad cores for more efficient response times. A publishing server with a quad core can refresh up to 10,000 packages within three seconds. (Supports 10,000 simultaneous clients.)|
+|Number of packages in each refresh.|Increasing number of packages will increase response time by about 40% (up to 1,000 packages).|
+|Network between the App-V client and the publishing server.|Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1,000 users).|
 
--   The number of clients connecting simultaneously to a single publishing server.
+>[!NOTE]
+>The publishing server CPU usage is always high during the time interval when it must process simultaneous requests (>90% in most cases). The publishing server can handle about 1,500 client requests in one second.
 
--   The number of packages in each refresh.
-
--   The available network bandwidth in your environment between the client and the App-V publishing server.
-
- 
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Scenario</th>
-<th align="left">Summary</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Multiple App-V clients connect to a single publishing server simultaneously.</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously.</p></li>
-<li><p>For 5000-10000 clients, the publishing server requires a minimum quad core.</p></li>
-<li><p>For 10000-20000 clients, the publishing server should have dual quad cores for more efficient response times.</p></li>
-<li><p>A publishing server with a quad core can refresh up to 10000 packages within 3 seconds. (Supporting 10000 simultaneous clients)</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Number of packages in each refresh.</p>
-<p></p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Increasing number of packages will increase response time by ~40% (up to 1000 packages).</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Network between the App-V client and the publishing server.</p>
-<p></p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1000 users).</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-**Note**  
-The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (&gt;90% in most cases). The publishing server can handle ~1500 client requests in 1 second.
-
- 
-
-<table>
-<colgroup>
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Scenario</th>
-<th align="left">Variation</th>
-<th align="left">Number of App-V clients</th>
-<th align="left">Number of packages</th>
-<th align="left">Processor configuration on the publishing server</th>
-<th align="left">Network connection type publishing server / App-V client</th>
-<th align="left">Round trip time on the App-V client (in seconds)</th>
-<th align="left">CPU utilization on publishing server (in %)</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V client sends publishing refresh request &amp; receives response, each request containing 120 packages</p></td>
-<td align="left"><p>Number of clients</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p>1000</p></li>
-<li><p>5000</p></li>
-<li><p>10000</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>120</p></li>
-<li><p>120</p></li>
-<li><p>120</p></li>
-<li><p>120</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Dual Core</p></li>
-<li><p>Dual Core</p></li>
-<li><p>Quad Core</p></li>
-<li><p>Quad Core</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1</p></li>
-<li><p>2</p></li>
-<li><p>2</p></li>
-<li><p>3</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p>99</p></li>
-<li><p>89</p></li>
-<li><p>77</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Multiple packages in each refresh</p></td>
-<td align="left"><p>Number of packages</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1000</p></li>
-<li><p>1000</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>500</p></li>
-<li><p>1000</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Quad Core</p></li>
-<li><p>Quad Core</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>2</p></li>
-<li><p>3</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>92</p></li>
-<li><p>91</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Network between client and publishing server</p></td>
-<td align="left"><p>1.5 Mbps Slow link network</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p>500</p></li>
-<li><p>1000</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>120</p></li>
-<li><p>120</p></li>
-<li><p>120</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Quad Core</p></li>
-<li><p>Quad Core</p></li>
-<li><p>Quad Core</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1.5 Mbps Intra-Continental Network</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>3</p></li>
-<li><p>10 (with 0.2% failure rate)</p></li>
-<li><p>17 (with 1% failure rate)</p></li>
-</ul></td>
-<td align="left"><p></p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## <a href="" id="---------app-v-5-1-streaming-capacity-planning-recommendations"></a> App-V Streaming Capacity Planning Recommendations
+|Scenario|Variation|Number of App-V clients|Number of packages|Processor configuration on publishing server|Network connection type|App-V client round-trip time (in seconds)|Publishing server CPU utilization (in %)|
+|---|---|---|---|---|---|---|---|
+|App-V client sends publishing refresh request and receives response, each request containing 120 packages|Number of clients|100<br>1,000<br>5,000<br>10,000|120<br>120<br>120<br>120|Dual Core<br>Dual Core<br>Quad Core<br>Quad Core|LAN|1<br>2<br>2<br>3|100<br>99<br>89<br>77|
+|Multiple packages in each refresh.|Number of packages|1,000<br>1,000|500<br>1,000|Quad Core|LAN|2<br>3|92<br>91|
+|Network between client and publishing server.|1.5 Mbps Slow link network|100<br>500<br>1,000|120<br>120<br>120|Quad Core|1.5 Mbps intra-continental network|3<br>10 (0.2% failure rate)<br>7 (1% failure rate)||
 
+## App-V streaming capacity planning recommendations
 
 Computers running the App-V client stream the virtual application package from the streaming server. Round trip response time is measured on the computer running the App-V client, and is the time taken to stream the entire package.
 
-**Important**  
-The following list identifies the main factors to consider when setting up the App-V streaming server:
+>[!IMPORTANT]
+>The following list identifies the main factors to consider when setting up the App-V streaming server:
+  * The number of clients streaming application packages simultaneously from a single streaming server.
+  * The size of the package being streamed.
+  * The available network bandwidth in your environment between the client and the streaming server.
 
--   The number of clients streaming application packages simultaneously from a single streaming server.
-
--   The size of the package being streamed.
-
--   The available network bandwidth in your environment between the client and the streaming server.
-
- 
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Scenario</th>
-<th align="left">Summary</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Multiple App-V clients stream applications from a single streaming server simultaneously.</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Size of the package being streamed.</p>
-<p></p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>The package size has a significant impact on the streaming/download time only for larger packages with a size ~ 1GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Network between the App-V client and the streaming server.</p>
-<p></p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>Across a slow network (1.5 Mbps bandwidth), there is a 70-80% increase in response time compared to LAN (up to 100 users).</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients stream applications from a single streaming server simultaneously.|If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.|
+|Size of the package being streamed.|The package size has a significant impact on the streaming/download time only for larger packages with a size of about 1 GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.|
+|Network between the App-V client and the streaming server.|Across a slow network (1.5 Mbps bandwidth), there is a 70–80% increase in response time compared to LAN (up to 100 users).|
 
 The following table displays sample values for each of the factors in the previous list:
 
-<table style="width:100%;">
-<colgroup>
-<col width="16%" />
-<col width="16%" />
-<col width="16%" />
-<col width="16%" />
-<col width="16%" />
-<col width="16%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Scenario</th>
-<th align="left">Variation</th>
-<th align="left">Number of App-V clients</th>
-<th align="left">Size of each package</th>
-<th align="left">Network connection type streaming server / App-V client</th>
-<th align="left">Round trip time on the App-V client (in seconds)</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Multiple App-V clients streaming virtual application packages from a streaming server.</p></td>
-<td align="left"><p>Number of clients.</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p>200</p></li>
-<li><p>1000</p></li>
-<li><p></p></li>
-<li><p>100</p></li>
-<li><p>200</p></li>
-<li><p>1000</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>3.5 MB</p></li>
-<li><p>3.5 MB</p></li>
-<li><p>3.5 MB</p></li>
-<li><p></p></li>
-<li><p>5 MB</p></li>
-<li><p>5 MB</p></li>
-<li><p>5 MB</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p></p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>29</p></li>
-<li><p>39</p></li>
-<li><p>391</p></li>
-<li><p></p></li>
-<li><p>35</p></li>
-<li><p>68</p></li>
-<li><p>461</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Size of each package being streamed.</p></td>
-<td align="left"><p>Size of each package.</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p>200</p></li>
-<li><p></p></li>
-<li><p>100</p></li>
-<li><p>200</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>21 MB</p></li>
-<li><p>21 MB</p></li>
-<li><p></p></li>
-<li><p>109</p></li>
-<li><p>109</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-<li><p></p></li>
-<li><p>LAN</p></li>
-<li><p>LAN</p></li>
-</ul></td>
-<td align="left"><p></p>
-<p>33</p>
-<p>83</p>
-<p></p>
-<p>100</p>
-<p>160</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Network connection between client and App-V streaming server.</p></td>
-<td align="left"><p>1.5 Mbps Slow link network.</p></td>
-<td align="left"><p></p>
-<ul>
-<li><p>100</p></li>
-<li><p></p></li>
-<li><p>100</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>3.5 MB</p></li>
-<li><p></p></li>
-<li><p>5 MB</p></li>
-</ul></td>
-<td align="left"><p></p>
-<ul>
-<li><p>1.5 Mbps Intra-Continental Network</p></li>
-</ul></td>
-<td align="left"><p></p>
-<p>102</p>
-<p></p>
-<p>121</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Scenario|Variation|Number of App-V clients|Size of each package|Network connection type|Round-trip time on the App-V client (in seconds)|
+|---|---|---|---|---|---|
+|Multiple App-V clients streaming virtual application packages from a streaming server.|Number of clients.|100<br>200<br>1,000<br>100<br>200<br>1,000|3.5 MB<br>3.5 MB<br>3.5 MB<br>5 MB<br>5 MB<br>5 MB|LAN|29<br>39<br>391<br>35<br>68<br>461|
+|Size of each package being streamed.|Size of each package.|100<br>200<br>100<br>200|21 MB<br>21 MB<br>109 MB<br>109 MB|LAN|33<br>83<br>100<br>160|
+|Network connection between client and App-V streaming server.|1.5 Mbps Slow link network.|100<br>100|3.5 MB<br>5 MB|1.5 Mbps intra-continental network|102<br>121|
 
 Each App-V streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications.
 
-**Note**  
-The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
+>[!NOTE]
+>The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
 
- 
-
-For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers.
+For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real-world environments, streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment to properly size the number of required streaming servers.
 
 The number of clients a streaming server can support can be significantly increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages.
 
-## Combining App-V Server Roles
+## Combining App-V server roles
 
+Discounting scaling and fault-tolerance requirements, the minimum number of servers that a location with Active Directory connectivity needs to function is one. This server will host the management server, management server service, and Microsoft SQL Server roles. This means that you can arrange server roles in any combination you like, as they don't conflict with one another.
 
-Discounting scaling and fault-tolerance requirements, the minimum number of servers needed for a location with connectivity to Active Directory is one. This server will host the management server, management server service, and Microsoft SQL Server roles. Server roles, therefore, can be arranged in any desired combination since they do not conflict with one another.
+Ignoring scaling requirements, the minimum number of servers that a fault-tolerant implementation needs to function is four. The management server and Microsoft SQL Server roles support placement in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
 
-Ignoring scaling requirements, the minimum number of servers necessary to provide a fault-tolerant implementation is four. The management server, and Microsoft SQL Server roles support being placed in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
-
-Although there are a number of fault-tolerance strategies and technologies available, not all are applicable to a given service. Additionally, if App-V roles are combined, certain fault-tolerance options may no longer apply due to incompatibilities.
+Although there are many fault-tolerance strategies and technologies you can use, not all are applicable to a given service. Additionally, if App-V roles are combined, the resulting incompatabilities could cause certain fault-tolerance options to stop working.
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-
-[App-V Supported Configurations](appv-supported-configurations.md)
-
-[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
-
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-
- 
-
- 
-
-
-
-
-
+* [App-V supported configurations](appv-supported-configurations.md)
+* [Planning for high availability with App-V](appv-planning-for-high-availability-with-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index 5608dafd61..8ecf438180 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -6,99 +6,97 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # About Client Configuration Settings
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V Client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md).
+The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. Understanding how the register's format for data works can help you better understand the client, as you can configure many client actions by changing registry entries. This topic lists the App-V client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
 
-You can use Group Policy to configure App-V client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+You can use Group Policy to configure App-V client settings by navigating to the **Group Policy managment console** at **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
 
 ## App-V Client Configuration Settings: Windows PowerShell
 
 The following table provides information about App-V client configuration settings that can be configured through Windows PowerShell cmdlets:
 
-| Windows PowerShell cmdlet or cmdlets,<br>**Option**<br>Type  | Description  | Disabled Policy State Keys and Values |
+| Windows PowerShell cmdlet or cmdlets,<br>**Option**<br>Type  | Description  | Disabled policy state keys and values |
 |------------|------------|------------|------------|
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-PackageInstallationRoot**<br>String  | Specifies directory where all new applications and updates will be installed.  | Policy value not written (same as Not Configured) |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-PackageSourceRoot**<br>String  | Overrides source location for downloading package content.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G).  | 0 |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentRetries**<br>Integer (0-99)  | Specifies the number of times to retry a dropped session.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentInterval**<br>Integer (0-3600)  | Specifies the number of seconds between attempts to reestablish a dropped session.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | This setting controls whether virtualized applications are launched on Windows 10 machines connected by a metered network connection (for example, 4G).  | 0 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentRetries**<br>Integer (0–99)  | Specifies the number of times to retry a dropped session.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentInterval**<br>Integer (0–3600)  | Specifies the number of seconds between attempts to reestablish a dropped session.  | Policy value not written (same as Not Configured) |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-LocationProvider**<br>String  | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.  | Policy value not written (same as Not Configured) |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-CertFilterForClientSsl**<br>String  | Specifies the path to a valid certificate in the certificate store.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-VerifyCertificateRevocationList**<br>True(enabled); False(Disabled state)  | Verifies Server certificate revocation status before steaming using HTTPS.  | 0 |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-SharedContentStoreMode**<br>True(enabled); False(Disabled state)  | Specifies that streamed package contents will be not be saved to the local hard disk.  | 0 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-VerifyCertificateRevocationList**<br>True (enabled); False (Disabled state)  | Verifies Server certificate revocation status before streaming with HTTPS.  | 0 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-SharedContentStoreMode**<br>True (enabled); False (Disabled state)  | Specifies that streamed package contents will be not be saved to the local hard disk.  | 0 |
 | Set-AppvPublishingServer<br><br>**-Name**<br>String  | Displays the name of publishing server.  | Policy value not written (same as Not Configured) |
 | Set-AppvPublishingServer<br><br>**-URL**<br>String  | Displays the URL of publishing server.  | Policy value not written (same as Not Configured) |
-| Set-AppvPublishingServer<br><br>**-GlobalRefreshEnabled**<br>True(enabled); False(Disabled state)  | Enables global publishing refresh (Boolean)  | False |
-| Set-AppvPublishingServer<br><br>**-GlobalRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Triggers a global publishing refresh on logon. ( Boolean)  | False |
-| Set-AppvPublishingServer<br><br>**-GlobalRefreshInterval**<br>Integer (0-744)  | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.  | 0 |
-| Set-AppvPublishingServer<br><br>**-GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0-23, Day 0-31).  | 1 |
-| Set-AppvPublishingServer<br><br>**-UserRefreshEnabled**<br>True(enabled); False(Disabled state)  | Enables user publishing refresh (Boolean)  | False |
-| Set-AppvPublishingServer<br><br>**-UserRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Triggers a user publishing refresh onlogon. ( Boolean)Word count (with spaces): 60  | False |
-| Set-AppvPublishingServer<br><br>**-UserRefreshInterval**<br>Word count (with spaces): 85Integer (0-744 Hours)  | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.  | 0 |
-| Set-AppvPublishingServer<br><br>**-UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0-23, Day 0-31).  | 1 |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-MigrationMode**<br>True(enabled state); False (disabled state)  | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V.  | |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnablePackageScripts**<br>True(enabled); False(Disabled state)  | Enables scripts defined in the package manifest of configuration files that should run.  | |
-| Set-AppvClientConfiguration<br><br>**-RoamingFileExclusions**<br>String  | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures'  | |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-RoamingRegistryExclusions**<br>String  | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-IntegrationRootUser**<br>String  | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-IntegrationRootGlobal**<br>String  | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-VirtualizableExtensions**<br>String  | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md).  | Policy value not written |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingEnabled**<br>True (enabled); False (Disabled state)  | Enables the client to return information to a reporting server.  | False |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshEnabled**<br>True (enabled); False (Disabled state)  | Enables global publishing refresh (Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshOnLogon**<br>True (enabled); False (Disabled state)  | Triggers a global publishing refresh on sign in. (Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshInterval**<br>Integer (0–744)  | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, specify 0.  | 0 |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0–23, Day 0–31).  | 1 |
+| Set-AppvPublishingServer<br><br>**-UserRefreshEnabled**<br>True (enabled); False (Disabled state)  | Enables user publishing refresh (Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-UserRefreshOnLogon**<br>True (enabled); False (Disabled state)  | Triggers a user publishing refresh on sign in. (Boolean) Word count (with spaces): 60  | False |
+| Set-AppvPublishingServer<br><br>**-UserRefreshInterval**<br>Word count (with spaces): 85<br>Integer (0–744 Hours)  | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.  | 0 |
+| Set-AppvPublishingServer<br><br>**-UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0–23, Day 0–31).  | 1 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-MigrationMode**<br>True (enabled state); False (Disabled state)  | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created by a previous version of App-V.  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnablePackageScripts**<br>True (enabled); False (Disabled state)  | Enables scripts defined in the package manifest of configuration files that should run.  | |
+| Set-AppvClientConfiguration<br><br>**-RoamingFileExclusions**<br>String  | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. For example, ```/ROAMINGFILEEXCLUSIONS='desktop;my pictures'```  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-RoamingRegistryExclusions**<br>String  | Specifies the registry paths that do not roam with a user profile. For example, ```/ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients```  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-IntegrationRootUser**<br>String  | Specifies the location to create symbolic links associated with the current version of a per-user published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%localappdata%\\Microsoft\\AppV\\Client\\Integration```.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-IntegrationRootGlobal**<br>String  | Specifies the location to create symbolic links associated with the current version of a globally published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%allusersprofile%\\Microsoft\\AppV\\Client\\Integration```.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-VirtualizableExtensions**<br>String  | A comma-delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command-line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a locally installed application inside a virtual environment with virtualized applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md).  | Policy value not written |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingEnabled**<br>True (enabled); False (Disabled state)  | Returns information to a reporting server.  | False |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingServerURL**<br>String  | Specifies the location on the reporting server where client information is saved.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingDataCacheLimit**<br>Integer \[0-1024\]  | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingDataCacheLimit**<br>Integer \[0–1024\]  | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.  | Policy value not written (same as Not Configured) |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingDataBlockSize**<br>Integer \[1024 - Unlimited\]  | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingStartTime**<br>Integer (0 – 23)  | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.<br>**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingStartTime**<br>Integer (0–23)  | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0–23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.<br>**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline.  | Policy value not written (same as Not Configured) |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingInterval**<br>Integer  | Specifies the retry interval that the client will use to resend data to the reporting server.  | Policy value not written (same as Not Configured) |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingRandomDelay**<br>Integer \[0 - ReportingRandomDelay\]  | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server.  | Policy value not written (same as Not Configured) |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnableDynamicVirtualization<br>**1 (Enabled), 0 (Disabled)  | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.  | |
 | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnablePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Enables the publishing refresh progress bar for the computer running the App-V Client.  | |
 | Sync-AppvPublishingServer<br><br>**-HidePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Hides the publishing refresh progress bar.  | |
-| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ProcessesUsingVirtualComponents**<br>String  | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.  | Empty string. |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ProcessesUsingVirtualComponents**<br>String  | Specifies a list of process paths (that may contain wildcards) that are candidates for using dynamic virtualization (such as supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.  | Empty string. |
 
-## App-V Client Configuration Settings: Registry Keys
+## App-V client configuration settings: registry keys
 
 The following table provides information about App-V client configuration settings that can be configured through the registry:
 
-| **Setting name**<br>Type  | Registry Key Value  | Disabled Policy State Keys and Values |
+| **Setting name**<br>Type  | Registry key value  | Disabled policy state keys and values |
 |---------------------------|---------------------|---------------------------------------|
 | **PackageInstallationRoot**<br>String  | Streaming\\PackageInstallationRoot  | Policy value not written (same as Not Configured) |
 | **PackageSourceRoot**<br>String  | Streaming\\PackageSourceRoot  | Policy value not written (same as Not Configured) |
-| **AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | Streaming\\AllowHighCostLaunch  | 0 |
-| **ReestablishmentRetries**<br>Integer (0-99)  | Streaming\\ReestablishmentRetries  | Policy value not written (same as Not Configured) |
-| **ReestablishmentInterval**<br>Integer (0-3600)  | Streaming\\ReestablishmentInterval  | Policy value not written (same as Not Configured) |
+| **AllowHighCostLaunch**<br>True (Enabled); False (Disabled state)  | Streaming\\AllowHighCostLaunch  | 0 |
+| **ReestablishmentRetries**<br>Integer (0–99)  | Streaming\\ReestablishmentRetries  | Policy value not written (same as Not Configured) |
+| **ReestablishmentInterval**<br>Integer (0–3600)  | Streaming\\ReestablishmentInterval  | Policy value not written (same as Not Configured) |
 | **LocationProvider**<br>String  | Streaming\\LocationProvider  | Policy value not written (same as Not Configured) |
 | **CertFilterForClientSsl**<br>String  | Streaming\\CertFilterForClientSsl  | Policy value not written (same as Not Configured) |
-| **VerifyCertificateRevocationList**<br>True(enabled); False(Disabled state)  | Streaming\\VerifyCertificateRevocationList  | 0 |
-| **SharedContentStoreMode**<br>True(enabled); False(Disabled state)  | Streaming\\SharedContentStoreMode  | 0 |
+| **VerifyCertificateRevocationList**<br>True (Enabled); False (Disabled state)  | Streaming\\VerifyCertificateRevocationList  | 0 |
+| **SharedContentStoreMode**<br>True (Enabled); False (Disabled state)  | Streaming\\SharedContentStoreMode  | 0 |
 | **Name**<br>String  | Publishing\\Servers{serverId}\\FriendlyName  | Policy value not written (same as Not Configured) |
 | **URL**<br>String  | Publishing\\Servers{serverId}\\URL  | Policy value not written (same as Not Configured) |
-| **GlobalRefreshEnabled**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\GlobalEnabled  | False |
-| **GlobalRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\GlobalLogonRefresh  | False |
-| **GlobalRefreshInterval**<br>Integer (0-744)  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval  | 0 |
+| **GlobalRefreshEnabled**<br>True (Enabled); False (Disabled state)  | Publishing\\Servers{serverId}\\GlobalEnabled  | False |
+| **GlobalRefreshOnLogon**<br>True (Enabled); False (Disabled state)  | Publishing\\Servers{serverId}\\GlobalLogonRefresh  | False |
+| **GlobalRefreshInterval**<br>Integer (0–744)  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval  | 0 |
 | **GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit  | 1 |
-| **UserRefreshEnabled**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\UserEnabled  | False |
-| **UserRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\UserLogonRefresh  | False |
-| **UserRefreshInterval**<br>Word count (with spaces): 85Integer (0-744 Hours)  | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval  | 0 |
+| **UserRefreshEnabled**<br>True (Enabled); False (Disabled state)  | Publishing\\Servers{serverId}\\UserEnabled  | False |
+| **UserRefreshOnLogon**<br>True (Enabled); False (Disabled state)  | Publishing\\Servers{serverId}\\UserLogonRefresh  | False |
+| **UserRefreshInterval**<br>Word count (with spaces): 85; Integer (0–744 Hours)  | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval  | 0 |
 | **UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit  | 1 |
-| **MigrationMode**<br>True(enabled state); False (disabled state)  | Coexistence\\MigrationMode  | |
-| **EnablePackageScripts**<br>True(enabled); False(Disabled state)  | \\Scripting\\EnablePackageScripts  | |
+| **MigrationMode**<br>True(Enabled state); False (Disabled state)  | Coexistence\\MigrationMode  | |
+| **EnablePackageScripts**<br>True (Enabled); False (Disabled state)  | \\Scripting\\EnablePackageScripts  | |
 | **RoamingFileExclusions**<br>String  | | |
 | **RoamingRegistryExclusions**<br>String  | Integration\\RoamingReglstryExclusions  | Policy value not written (same as Not Configured) |
 | **IntegrationRootUser**<br>String  | Integration\\IntegrationRootUser  | Policy value not written (same as Not Configured) |
 | **IntegrationRootGlobal**<br>String  | Integration\\IntegrationRootGlobal  | Policy value not written (same as Not Configured) |
 | **VirtualizableExtensions**<br>String  | Integration\\VirtualizableExtensions  | Policy value not written |
-| **ReportingEnabled**<br>True (enabled); False (Disabled state)  | Reporting\\EnableReporting  | False |
+| **ReportingEnabled**<br>True (Enabled); False (Disabled state)  | Reporting\\EnableReporting  | False |
 | **ReportingServerURL**<br>String  | Reporting\\ReportingServer  | Policy value not written (same as Not Configured) |
-| **ReportingDataCacheLimit**<br>Integer \[0-1024\]  | Reporting\\DataCacheLimit  | Policy value not written (same as Not Configured) |
-| **ReportingDataBlockSize**<br>Integer \[1024 - Unlimited\]  | Reporting\\DataBlockSize  | Policy value not written (same as Not Configured) |
-| **ReportingStartTime**<br>Integer (0 – 23)  | Reporting\\ StartTime  | Policy value not written (same as Not Configured) |
+| **ReportingDataCacheLimit**<br>Integer \[0–1024\]  | Reporting\\DataCacheLimit  | Policy value not written (same as Not Configured) |
+| **ReportingDataBlockSize**<br>Integer \[1024–Unlimited\]  | Reporting\\DataBlockSize  | Policy value not written (same as Not Configured) |
+| **ReportingStartTime**<br>Integer (0–23)  | Reporting\\ StartTime  | Policy value not written (same as Not Configured) |
 | **ReportingInterval**<br>Integer  | Reporting\\RetryInterval  | Policy value not written (same as Not Configured) |
 | **ReportingRandomDelay**<br>Integer \[0 - ReportingRandomDelay\]  | Reporting\\RandomDelay  | Policy value not written (same as Not Configured) |
 | **EnableDynamicVirtualization<br>**1 (Enabled), 0 (Disabled)  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization  | |
@@ -108,9 +106,8 @@ The following table provides information about App-V client configuration settin
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
-
+* [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index a36a845027..58b23dd73f 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -60,7 +60,7 @@ Use the following procedure to configure access to virtualized packages.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index 8fca1c8678..06b310e729 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -57,7 +57,7 @@ For more information, see [How to Manage App-V Packages Running on a Stand-Alone
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index 8d682c7235..dca7131dbf 100644
--- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -59,7 +59,7 @@ For the following procedures the management server was installed on a computer n
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index b4c4203b8f..4da1633e90 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -18,13 +18,13 @@ Use the following procedure to connect to the App-V Management Console.
 
 **To connect to the App-V Management Console**
 
-1.  Open Internet Explorer browser and type the address for the App-V Management server. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**.
+1.  Open Internet Explorer browser and type the address for the App-V Management server. For example, **https://\<_management server name_\>:\<_management service port number_\>/console.html**.
 
 2.  To view different sections of the console, click the desired section in the navigation pane.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index 89b2c9530c..2c0d1e7208 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -83,7 +83,7 @@ The following table describes the parameters in the XML file that define the con
 <td align="left"><p>Schema name</p></td>
 <td align="left"><p>Name of the schema.</p>
 <p>If you want to use the “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:</p>
-<p><code>xmlns=&quot;http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup&quot;</code></p></td>
+<p><code>xmlns=&quot;https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup&quot;</code></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>AppConnectionGroupId</p></td>
@@ -261,7 +261,7 @@ The following application connection configurations are supported.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index 6bd7e8257a..6ba91b41f8 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -95,7 +95,7 @@ In the example above, when a virtualized application tries to find a specific fi
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index c7589228fa..83cff76b90 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -58,7 +58,7 @@ When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 418919b1b2..5a13170e82 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -79,7 +79,7 @@ You can create user-entitled connection groups that contain both user-published
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 321421cdcd..144900c14b 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -42,7 +42,7 @@ When you place packages in a connection group, their package root paths are merg
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index afc4033cc9..3aea6099e5 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -34,7 +34,7 @@ Use the following procedure to create a Dynamic User Configuration file by using
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 8c79e0bc1a..5d001bf498 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -43,7 +43,7 @@ App-V package accelerators automatically sequence large, complex applications. A
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index b6b8930c2d..b62f27281a 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -70,7 +70,7 @@ Use the following procedure to create a package accelerator.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index eb25257a00..d816a91315 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -72,7 +72,7 @@ Use the following procedure to create a virtual application package with the App
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 26367d8ffd..383572f210 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -62,4 +62,4 @@ After creating the template, you can apply it to all of your new virtual app pac
 - [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
 
 **Have a suggestion for App-V?**<p>
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index d076323495..92958f3b25 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -6,140 +6,87 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # Creating and Managing App-V Virtualized Applications
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
 
-**Note**  
-For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](<https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V_5.0_Sequencing_Guide.docx>).
 
-**Note**  
-The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.
+>[!NOTE]
+>The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.
 
 ## Sequencing an application
 
-
 You can use the App-V Sequencer to perform the following tasks:
 
--   Create virtual packages that can be deployed to computers running the App-V client.
+- Create virtual packages that can be deployed to computers running the App-V client.
+- Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version.
+- Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association.
 
--   Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version.
+    >[!NOTE]
+    >You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V client.
 
--   Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association.
-
-    **Note**  
-    You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V client.
- 
--   Convert existing virtual packages.
+- Convert existing virtual packages.
 
 The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing.
 
 When you use the sequencer to create a new virtual application, the following listed files are created. These files comprise the App-V package.
 
--   .msi file. This Windows Installer (.msi) file is created by the sequencer and is used to install the virtual package on target computers.
+- **.msi file**. This Windows Installer (.msi) file is created by the sequencer and is used to install the virtual package on target computers.
+- **Report.xml file**. In this file, the sequencer saves all issues, warnings, and errors that were discovered during sequencing. It displays the information after the package has been created. You can us this report for diagnosing and troubleshooting.
+- **.appv file**. This is the virtual application file.
+- **Deployment configuration file**. The deployment configuration file determines how the virtual application will be deployed to target computers.
+- **User configuration file**. The user configuration file determines how the virtual application will run on target computers.
 
--   Report.xml file. In this file, the sequencer saves all issues, warnings, and errors that were discovered during sequencing. It displays the information after the package has been created. You can us this report for diagnosing and troubleshooting.
-
--   .appv file. This is the virtual application file.
-
--   Deployment configuration file. The deployment configuration file determines how the virtual application will be deployed to target computers.
-
--   User configuration file. The user configuration file determines how the virtual application will run on target computers.
-
-**Important**  
-You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process. 
+>[!IMPORTANT]
+>You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package, you should either save the package to a secure location or make sure that no other user is allowed to log in during the conversion and monitoring process.
 
 The **Options** dialog box in the sequencer console contains the following tabs:
 
--   **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization.
+- **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization.
 
-    **Important**  
-    Package Accelerators created using App-V 4.6 are not supported by App-V.     
+    >[!IMPORTANT]
+    >Package Accelerators created using App-V 4.6 are not supported by App-V.
 
--   **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**.
+- **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**.
+- **Exclusion Items**. Use this tab to specify which folders and directories should not be monitored during sequencing. To add local application data that is saved in the Local App Data folder in the package, click **New** and specify the location and the associated **Mapping Type**. This option is required for some packages.
 
--   **Exclusion Items**. Use this tab to specify which folders and directories should not be monitored during sequencing. To add local application data that is saved in the Local App Data folder in the package, click **New** and specify the location and the associated **Mapping Type**. This option is required for some packages.
-
-App-V supports applications that include Microsoft Windows Services. If an application includes a Windows service, the Service will be included in the sequenced virtual package as long as it is installed while being monitored by the sequencer. If a virtual application creates a Windows service when it initially runs, then later, after installation, the application must be run while the sequencer is monitoring so that the Windows Service will be added to the package. Only Services that run under the Local System account are supported. Services that are configured for AutoStart or Delayed AutoStart are started before the first virtual application in a package runs inside the package’s Virtual Environment. Windows Services that are configured to be started on demand by an application are started when the virtual application inside the package starts the Service via API call.
+App-V supports applications that include Microsoft Windows Services. If an application includes a Windows service, the service will be included in the sequenced virtual package as long as it's installed while being monitored by the sequencer. If a virtual application creates a Windows service when it initially runs, then after installation, the application must be run while the sequencer is monitoring for the Windows Service to be included in the package. Only services running under the Local System account are supported. Services configured for AutoStart or Delayed AutoStart are started before the first virtual application in a package runs inside the package’s Virtual Environment. Windows Services that are configured to be started on demand by an application are started when the virtual application inside the package starts the Service via API call.
 
 - [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md)
 - [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md)
 - [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
 
-## <a href="" id="---------app-v-5-1-shell-extension-support"></a> App-V shell extension support
-
+## App-V shell extension support
 
 App-V supports shell extensions. Shell extensions will be detected and embedded in the package during sequencing.
 
-Shell extensions are embedded in the package automatically during the sequencing process. When the package is published, the shell extension gives users the same functionality as if the application were locally installed.
+Shell extensions are automatically embedded in the package during the sequencing process. When the package is published, the shell extension gives users the same functionality as if the application were locally installed.
 
-**Requirements for using shell extensions:**
+### Requirements for using shell extensions
 
--   Packages that contain embedded shell extensions must be published globally. The application requires no additional setup or configuration on the client to enable the shell extension functionality.
-
--   The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example:
-
-    -   The version of the application is 64-bit.
-
-    -   The Sequencer is running on a 64-bit computer.
-
-    -   The package is being delivered to a 64-bit App-V client computer.
+- Packages that contain embedded shell extensions must be published globally. The application requires no additional setup or configuration on the client to enable the shell extension functionality.
+- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example:
+    - The version of the application is 64-bit.
+    - The Sequencer is running on a 64-bit computer.
+    - The package is being delivered to a 64-bit App-V client computer.
 
 The following table lists the supported shell extensions:
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Handler</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Context menu handler</p></td>
-<td align="left"><p>Adds menu items to the context menu. It is called before the context menu is displayed.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Drag-and-drop handler</p></td>
-<td align="left"><p>Controls the action where right-click, drag and drop and modifies the context menu that appears.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Drop target handler</p></td>
-<td align="left"><p>Controls the action after a data object is dragged and dropped over a drop target such as a file.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Data object handler</p></td>
-<td align="left"><p>Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Property sheet handler</p></td>
-<td align="left"><p>Replaces or adds pages to the property sheet dialog box of an object.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Infotip handler</p></td>
-<td align="left"><p>Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Column handler</p></td>
-<td align="left"><p>Allows creating and displaying custom columns in <strong>Windows Explorer Details view</strong>. It can be used to extend sorting and grouping.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Preview handler</p></td>
-<td align="left"><p>Enables a preview of a file to be displayed in the Windows Explorer Preview pane.</p></td>
-</tr>
-</tbody>
-</table>
+|Handler|Description|
+|---|---|
+|Context menu handler|Adds menu items to the context menu. It's called before the context menu is displayed.|
+|Drag-and-drop handler|Controls the action where right-click, drag and drop, and modifies the context menu that appears.|
+|Drop target handler|Controls the action after a data object is dragged and dropped over a drop target such as a file.|
+|Data object handler|Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.|
+|Property sheet handler|Replaces or adds pages to the property sheet dialog box of an object.|
+|Infotip handler|Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.|
+|Column handler|Allows creating and displaying custom columns in **Windows Explorer Details view**. It can be used to extend sorting and grouping.|
+|Preview handler|Enables a preview of a file to be displayed in the Windows Explorer Preview pane.|
 
 ## Copy on Write (CoW) file extension support
 
@@ -147,50 +94,46 @@ Copy on write (CoW) file extensions allow App-V to dynamically write to specific
 
 The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V client. All other files and directories can be modified.
 
-| File Type  	|             	|             	|            	|            	|            	|
-|------------	|-------------	|-------------	|------------	|------------	|------------	|
-| .acm       	| .asa        	| .asp        	| .aspx      	| .ax        	| .bat       	|
-| .cer       	| .chm        	| .clb        	| .cmd       	| .cnt       	| .cnv       	|
-| .com       	| .cpl        	| .cpx        	| .crt       	| .dll       	| .drv       	|
-| .esc       	| .exe        	| .fon        	| .grp       	| .hlp       	| .hta       	|
-| .ime       	| .inf        	| .ins        	| .isp       	| .its       	| .js        	|
-| .jse       	| .lnk        	| .msc        	| .msi       	| .msp       	| .mst       	|
-| .mui       	| .nls        	| .ocx        	| .pal       	| .pcd       	| .pif       	|
-| .reg       	| .scf        	| .scr        	| .sct       	| .shb       	| .shs       	|
-| .sys       	| .tlb        	| .tsp        	| .url       	| .vb        	| .vbe       	|
-| .vbs       	| .vsmacros   	| .ws         	| .wsf       	| .wsh       	|            	|
-
+| File Type||||||
+|---|---|---|---|---|---|
+| .acm | .asa | .asp | .aspx | .ax | .bat |
+| .cer  | .chm  | .clb | .cmd  | .cnt  | .cnv  |
+| .com | .cpl | .cpx  | .crt | .dll | .drv |
+| .esc | .exe  | .fon  | .grp | .hlp | .hta |
+| .ime | .inf  | .ins  | .isp | .its | .js |
+| .jse | .lnk | .msc | .msi | .msp | .mst |
+| .mui | .nls | .ocx  | .pal | .pcd | .pif |
+| .reg  | .scf | .scr | .sct | .shb | .shs  |
+| .sys  | .tlb  | .tsp | .url | .vb | .vbe |
+| .vbs  | .vsmacros | .ws  | .wsf | .wsh  |  |
 
 ## Modifying an existing virtual application package
 
-
 You can use the sequencer to modify an existing package. The computer on which you do this should match the chip architecture of the computer you used to create the application. For example, if you initially sequenced a package using a computer running a 64-bit operating system, you should modify the package using a computer running a 64-bit operating system.
 
-[How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md)
+For more information, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md).
 
 ## Creating a project template
+
 An App-V project template (.appvt) file is a project template that can be used to save commonly applied, customized settings. You can then more easily use these settings for future sequencings. App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications. Additionally, you cannot use a project template when you use a Package Accelerator to create a virtual application package. The following general settings are saved with an App-V project template:
 
 A template can specify and store multiple settings as follows:
 
--   **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings
+- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings
+- **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**.
+- **Exclusion Items.** Contains the Exclusion pattern list.
 
--   **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**.
-
--   **Exclusion Items.** Contains the Exclusion pattern list.
-
-In Windows 10, version 1703, running the new-appvsequencerpackage or the update-appvsequencepackage cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file. 
+In Windows 10, version 1703, running the **new-appvsequencerpackage** or **update-appvsequencepackage** cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
 
 >[!IMPORTANT]
->If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template. 
-
-[How to Create and Use a Project Template](appv-create-and-use-a-project-template.md)
+>If you attempt to load another template through the *_TemplateFilePath_* parameter while already having an auto-saved template, the customization value from the parameter will override the auto-saved template.
 
+For more information, see [How to Create and Use a Project Template](appv-create-and-use-a-project-template.md).
 
 ## Creating a package accelerator
 
-**Note**  
-Package accelerators created using a previous version of App-V must be recreated using App-V.
+>[!NOTE]
+>Package accelerators created using a previous version of App-V must be recreated using App-V.
 
 You can use App-V package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator.
 
@@ -198,21 +141,21 @@ In some situations, to create the package accelerator, you might have to install
 
 After you have successfully created a Package Accelerator, you can reuse and share the Package Accelerator. Creating App-V Package Accelerators is an advanced task. Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
 
-[How to Create a Package Accelerator](appv-create-a-package-accelerator.md)
+For more information, see the following articles:
 
-[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
+- [How to Create a Package Accelerator](appv-create-a-package-accelerator.md)
+- [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
 
 ## Sequencer error reporting
 
-
 The App-V Sequencer can detect common sequencing issues during sequencing. The **Installation Report** page at the end of the sequencing wizard displays diagnostic messages categorized into **Errors**, **Warnings**, and **Info** depending on the severity of the issue.
 
 You can also find additional information about sequencing errors using the Windows Event Viewer.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
--   [Operations for App-V](appv-operations.md)
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index 77ec4edbc2..9a7fd827bf 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -33,7 +33,7 @@ Use the following procedure to customize the virtual application extensions for
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 176253c332..b6e27aece2 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -25,7 +25,7 @@ Use the following procedure to delete an existing App-V connection group.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index b96b43a1ad..0a3464836a 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -25,7 +25,7 @@ Use the following procedure to delete an App-V package.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index eb3c088281..e719ae1710 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -6,51 +6,49 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# How to deploy the App-V databases by using SQL scripts
 
-
-# How to Deploy the App-V Databases by Using SQL Scripts
-
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
 Use the following instructions to use SQL scripts, rather than the Windows Installer, to:
 
--   Install the App-V databases
+* Install the App-V databases
+* Upgrade the App-V databases to a later version
 
--   Upgrade the App-V databases to a later version
-
->**Note**  
-> If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V for Windows.
+>[!NOTE]
+>If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V for Windows.
 
 ## How to install the App-V databases by using SQL scripts
 
-1.  Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
+1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
 
-2.  Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
+2. Copy **appv\_server\_setup.exe** from the App-V release media to a temporary location.
 
-3.  From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
+3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
 
-    Example: appv\_server\_setup.exe /layout c:\\_<temporary location path>_
+    ```sql
+    appv\_server\_setup.exe /layout c:\\_<temporary location path>_
+    ```
 
-4.  Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate readme.txt file for instructions:
+4. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate **readme.txt** file for instructions:
 
-    | Database | Location of readme.txt file to use 
-    | - | - |
+    | Database | Location of readme.txt file to use|
+    |---|---|
     | Management database | ManagementDatabase subfolder |
     | Reporting database | ReportingDatabase subfolder |
 
-> [!CAUTION]  
-> The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
+>[!CAUTION]
+>The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
 
-> [!IMPORTANT]  
+>[!IMPORTANT]
 > The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
-> The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
+> The Permissions.sql script should be updated according to Step 2 in [KB article 3031340](https://support.microsoft.com/kb/3031340). Step 1 is not required for versions of App-V later than App-V 5.0 SP3.
 
 ### Updated management database README file content
 
-``` syntax
+```syntax
 ***********************************************************************************************************
 Before you install and use the Application Virtualization Database Scripts, you must:
 
@@ -109,7 +107,7 @@ Steps to install "AppVManagement" schema in SQL SERVER.
 
 ### Updated reporting database README file content
 
-``` syntax
+```syntax
 ***********************************************************************************************************
 Before you install and use the Application Virtualization Database Scripts, you must:
 
@@ -148,7 +146,7 @@ Steps to install "AppVReporting" schema in SQL SERVER.
     defaults are likely sufficient, it is suggested that the following
     settings be reviewed:
 
-    DATABASE - ensure name is satisfactory - default is "AppVReporting".   
+    DATABASE - ensure name is satisfactory - default is "AppVReporting".
 
  2. Review the Permissions.sql file and provide all the necessary account information
     for setting up read and write access on the database. Note: Default settings
@@ -179,9 +177,9 @@ Steps to install "AppVReporting" schema in SQL SERVER.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-- [Deploying the App-V Server](appv-deploying-the-appv-server.md)
-- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+* [Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [How to deploy the App-V Server](appv-deploy-the-appv-server.md)
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 0710d7ff57..439a1617b9 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -38,7 +38,7 @@ Use one of the following methods to publish packages to App-V client computers w
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 1c7db8783f..7dbb8d0e48 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -6,335 +6,413 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# How to deploy the App-V server using a script
 
+>Applies to: Windows Server 2016
 
-# How to Deploy the App-V Server Using a Script
+In order to complete the **appv_server_setup.exe** server setup successfully using the command line, you must specify and combine multiple parameters.
 
-**Applies to**
--   Windows Server 2016
-
-In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters.
-
-**To install the App-V server using a script**
+## To install the App-V server using a script
 
 Use the following lists and tables for more information about installing the App-V server using the command line.
 
-> **Note**&nbsp;&nbsp;The information in the following lists and tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**.
+The information in the following lists and tables can also be accessed through the command line by entering the following command: ```appv\_server\_setup.exe /?```.
 
-## How to use common parameters
+## How to use common parameters to install the Management server and Management database on a local machine
 
-## To install the Management server and Management database on a local machine
+The following examples will show you how to install the Management server and database on a local machine.
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+### Parameters for a default instance of Microsoft SQL Server for a new installation on a local machine
 
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use the following parameters:
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
 
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
+### Parameters for a custom instance of Microsoft SQL Server for a new installation on a local machine
 
-### Example for using a custom instance of Microsoft SQL Server: 
+To use a custom instance of Microsoft SQL Server, use the following parameters:
 
-/appv_server_setup.exe /QUIET<br>
-/MANAGEMENT_SERVER<br>
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
-/MANAGEMENT_WEBSITE_PORT="8080"<br>
-/DB_PREDEPLOY_MANAGEMENT<br>
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+
+### Example parameters for using a custom instance of Microsoft SQL Server for a new installation on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
 /MANAGEMENT_DB_NAME="AppVManagement"
+```
 
-## To install the Management server using an existing Management database on a local machine
+## How to use common parameters to install the Management server using an existing Management database on a local machine
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management server on a local machine with an existing Management database.
 
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_MANAGEMENT_DB_NAME
+### Default instance of Microsoft SQL Server for installation with an existing Management database on a local machine
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /EXISTING_MANAGEMENT_DB_NAME
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_MANAGEMENT_DB_NAME*
 
-### Example for using a custom instance of Microsoft SQL Server: 
+### Custom instance of Microsoft SQL Server for installation with an existing Management database on a local machine
 
-/appv_server_setup.exe /QUIET<br>
-/MANAGEMENT_SERVER<br>
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
-/MANAGEMENT_WEBSITE_PORT="8080"<br>
-/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL<br>
-/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"<br>
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_MANAGEMENT_DB_NAME*
+
+### Example parameters for using a custom instance of Microsoft SQL Server for installation with an existing Management database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
 /EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
+```
 
-## To install the Management server using an existing Management database on a remote machine
+## How to install the Management server with an existing Management database on a remote machine
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+### Default instance of Microsoft SQL Server with an existing Management database on a remote machine
 
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_MANAGEMENT_DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: 
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_MANAGEMENT_DB_NAME*
 
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /EXISTING_MANAGEMENT_DB_NAME
+### Custom instance of Microsoft SQL Server with an existing Management database on a remote machine
 
-### Example for using a custom instance of Microsoft SQL Server:
+To use a custom instance of Microsoft SQL Server, use these parameters:
 
-/appv_server_setup.exe /QUIET<br>
-/MANAGEMENT_SERVER<br>
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
-/MANAGEMENT_WEBSITE_PORT="8080"<br>
-/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"<br>
-/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"<br>
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_MANAGEMENT_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server with an existing Management database on a remote machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
 /EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
+```
 
-## To install the Management database and the Management Server on the same computer
+## Installing the Management database and the Management Server on the same computer
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management server and database on the same computer.
 
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installation on the same computer
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use these parameters:
 
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_SERVER_MACHINE_USE_LOCAL*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
 
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installation on the same computer
 
-/appv_server_setup.exe /QUIET<br>
-/DB_PREDEPLOY_MANAGEMENT<br>
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
-/MANAGEMENT_DB_NAME="AppVManagement"<br>
-/MANAGEMENT_SERVER_MACHINE_USE_LOCAL<br>
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_SERVER_MACHINE_USE_LOCAL*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installation on the same computer
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement"
+/MANAGEMENT_SERVER_MACHINE_USE_LOCAL
 /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
 
-## To install the Management database on a different computer than the Management server
+## Installing the Management database on a different computer than the Management server
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management database and server on different computers.
 
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
 
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
 
-/appv_server_setup.exe /QUIET<br>
-/DB_PREDEPLOY_MANAGEMENT<br>
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
-/MANAGEMENT_DB_NAME="AppVManagement"<br>
-/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"<br>
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement"
+/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
 /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
 
-## To install the Publishing server
+## Installing the Publishing server
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Publishing server.
 
-- /PUBLISHING_SERVER
-- /PUBLISHING_MGT_SERVER
-- /PUBLISHING_WEBSITE_NAME
-- /PUBLISHING_WEBSITE_PORT
+### Default instance of Microsoft SQL Server for installing the Publishing server
 
-### Example
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-/appv_server_setup.exe /QUIET<br>
-/PUBLISHING_SERVER<br>
-/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"<br>
-/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"<br>
+* */PUBLISHING_SERVER*
+* */PUBLISHING_MGT_SERVER*
+* */PUBLISHING_WEBSITE_NAME*
+* */PUBLISHING_WEBSITE_PORT*
+
+### Example for installing the Publishing server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/PUBLISHING_SERVER
+/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"
+/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"
 /PUBLISHING_WEBSITE_PORT="8081"
+```
 
-## To install the Reporting server and Reporting database on a local machine
+## Installing the Reporting server and Reporting database on a local machine
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting server and database on a local machine.
 
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING _DB_NAME
+### Default instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
 
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
 
-/appv_server_setup.exe /QUIET<br>
-/REPORTING_SERVER<br>
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
-/REPORTING_WEBSITE_PORT="8082"<br>
-/DB_PREDEPLOY_REPORTING<br>
-/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
 /REPORTING_DB_NAME="AppVReporting"
+```
 
-## To install the Reporting server using an existing Reporting database on a local machine
+## Installing the Reporting server using an existing Reporting database on a local machine
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the reporting machine on a local machine with an existing Reporting database.
 
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_REPORTING_DB_NAME
+### Default instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
-- /EXISTING_REPORTING _DB_NAME
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_REPORTING_DB_NAME*
 
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
 
-/appv_server_setup.exe /QUIET<br>
-/REPORTING_SERVER<br>
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
-/REPORTING_WEBSITE_PORT="8082"<br>
-/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL<br>
-/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_REPORTING_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
 /EXITING_REPORTING_DB_NAME="AppVReporting"
+```
 
-## To install the Reporting server using an existing Reporting database on a remote machine
+## Installing the Reporting server using an existing Reporting database on a remote machine
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting server and on a remote machine with an existing database.
 
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_REPORTING _DB_NAME
- 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+### Default instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
 
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
-- /EXISTING_REPORTING _DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-### Example for using a custom instance of Microsoft SQL Server:
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_REPORTING_DB_NAME*
 
-/appv_server_setup.exe /QUIET<br>
-/REPORTING_SERVER<br>
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
-/REPORTING_WEBSITE_PORT="8082"<br>
-/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"<br>
-/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+### Custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
+
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_REPORTING_DB_NAME*
+
+### Example using a custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
 /EXITING_REPORTING_DB_NAME="AppVReporting"
+```
 
-## To install the Reporting database on the same computer as the Reporting server
+## Installing the Reporting database on the same computer as the Reporting server
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting database and server on the same computer.
 
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING_DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING_DB_NAME
-- /REPORTING_SERVER_MACHINE_USE_LOCAL
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
-- /REPORTING_SERVER_MACHINE_USE_LOCAL
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
+* */REPORTING_SERVER_MACHINE_USE_LOCAL*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
 
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
 
-/appv_server_setup.exe /QUIET<br>
-/DB_PREDEPLOY_REPORTING<br>
-/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
-/REPORTING_DB_NAME="AppVReporting"<br>
-/REPORTING_SERVER_MACHINE_USE_LOCAL<br>
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+* */REPORTING_SERVER_MACHINE_USE_LOCAL*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/REPORTING_DB_NAME="AppVReporting"
+/REPORTING_SERVER_MACHINE_USE_LOCAL
 /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
 
-## To install the Reporting database on a different computer than the Reporting server
+## Installing the Reporting database on a different computer than the Reporting server
 
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting database and server on different computers.
 
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING _DB_NAME
-- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
 
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
 
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
-- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
+* */REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
 
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
 
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+* */REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
+
+```SQL
 Using a custom instance of Microsoft SQL Server example:<br>
 /appv_server_setup.exe /QUIET<br>
 /DB_PREDEPLOY_REPORTING<br>
@@ -342,105 +420,104 @@ Using a custom instance of Microsoft SQL Server example:<br>
 /REPORTING_DB_NAME="AppVReporting"<br>
 /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"<br>
 /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
 
 ## Parameter definitions
 
-- [General parameters](#parameter-definitions-for-general-parameters)
-- [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters)
-- [Management Server Database parameters](#parameter-definitions-for-the-management-server-database)
-- [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters)
-- [Reporting Server parameters](#parameter-definitions-for-reporting-server)
-- [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database)
-- [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation)
-- [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database)
+* [General parameters](#parameter-definitions-for-general-parameters)
+* [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters)
+* [Management Server Database parameters](#parameter-definitions-for-the-management-server-database)
+* [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters)
+* [Reporting Server parameters](#parameter-definitions-for-reporting-server)
+* [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database)
+* [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation)
+* [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database)
 
 ### Parameter definitions for general parameters
 
 | Parameter | Description |
 |-----------|-------------|
-| /QUIET | Specifies silent install. |
-| /UNINSTALL | Specifies an uninstall. |
-| /LAYOUT | Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected. |
-| /LAYOUTDIR | Specifies the layout directory. Takes a string. For example, /LAYOUTDIR="C:\Application Virtualization Server" |
-| /INSTALLDIR | Specifies the installation directory. Takes a string. E.g. /INSTALLDIR="C:\Program Files\Application Virtualization\Server" |
-| /MUOPTIN | Enables Microsoft Update. No value is expected |
-| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
+| */QUIET* | Specifies silent install. |
+| */UNINSTALL* | Specifies an uninstall. |
+| */LAYOUT* | Specifies layout action. This extracts the MSIs and script files to a folder without installing the actual product. No value is expected. |
+| */LAYOUTDIR* | Specifies the layout directory with a string. For example, ```/LAYOUTDIR="C:\Application Virtualization Server"```. |
+| */INSTALLDIR* | Specifies the installation directory with a string. For example, ```/INSTALLDIR="C:\Program Files\Application Virtualization\Server"```. |
+| */MUOPTIN* | Enables Microsoft Update. No value is expected. |
+| */ACCEPTEULA* | Accepts the license agreement. This is required for an unattended installation. For example, ```/ACCEPTEULA``` or ```/ACCEPTEULA=1```. |
 
 ### Parameter definitions for Management Server installation parameters
 
 | Parameter | Description |
 |-----------|-------------|
-| /MANAGEMENT_SERVER | Specifies that the management server will be installed. No value is expected |
-| /MANAGEMENT_ADMINACCOUNT | Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. If **/MANAGEMENT_SERVER** is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. |
-| /MANAGEMENT_WEBSITE_NAME | Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service" |
-| /MANAGEMENT_WEBSITE_PORT | Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82. |
+| */MANAGEMENT_SERVER* | Specifies that the management server will be installed. No value is expected. |
+| */MANAGEMENT_ADMINACCOUNT* | Specifies the account that will be allowed administrator access to the management server. This account can be an individual user account or a group. For example, ```/MANAGEMENT_ADMINACCOUNT="mydomain\admin"```. If **/MANAGEMENT_SERVER** isn't specified, this parameter will be ignored.|
+| */MANAGEMENT_WEBSITE_NAME* | Specifies name of the website that will be created for the management service. For example, ```/MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service"``` |
+| */MANAGEMENT_WEBSITE_PORT* | Specifies the port number that will be used by the management service will use. For example, ```/MANAGEMENT_WEBSITE_PORT=82```. |
 
 ### Parameter definitions for the Management Server Database
 
 | Parameter | Description |
 |-----------|-------------|
-| /DB\_PREDEPLOY\_MANAGEMENT | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected |
-| /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance should be used. No value is expected. |
-| /MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: **/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
-| /MANAGEMENT_DB_NAME | Specifies the name of the new management database that should be created. Example usage: **/MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
-| /MANAGEMENT_SERVER_MACHINE_USE_LOCAL | Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
-| /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the management server will be installed on. Example usage: **/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"** |
-| /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the management server. Example usage: **/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"** |
+| */DB\_PREDEPLOY\_MANAGEMENT* | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected. |
+| */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* | Indicates that the default SQL instance should be used. No value is expected. |
+| */MANAGEMENT_DB_CUSTOM_SQLINSTANCE* | Specifies the name of the custom SQL instance that should be used to create a new database. For example, ```/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this parameter will be ignored. |
+| */MANAGEMENT_DB_NAME* | Specifies the name of the new management database that should be created. For example, ```/MANAGEMENT_DB_NAME="AppVMgmtDB"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this will be ignored. |
+| */MANAGEMENT_SERVER_MACHINE_USE_LOCAL* | Indicates if the management server that will be accessing the database is installed on the local server. This is a switch parameter, so no value is expected. |
+| */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT* | Specifies the machine account of the remote machine that the management server will be installed on. For example, ```/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"```. |
+| */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT* | Indicates the Administrator account that will be used to install the management server. For example, ```/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"```. |
 
 ### Parameter definitions for Publishing Server installation parameters
 
 | Parameter | Description |
 |-----------|-------------|
-| /PUBLISHING_SERVER | Specifies that the Publishing Server will be installed. No value is expected |
-| /PUBLISHING_MGT_SERVER | Specifies the URL to Management Service the Publishing server will connect to. Example usage: **http://&lt;management server name&gt;:&lt;Management server port number&gt;**. If /PUBLISHING_SERVER is not used, this parameter will be ignored |
-| /PUBLISHING_WEBSITE_NAME | Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service" |
-| /PUBLISHING_WEBSITE_PORT | Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83 |
+| */PUBLISHING_SERVER* | Specifies that the publishing server will be installed. No value is expected. |
+| */PUBLISHING_MGT_SERVER* | Specifies the URL to Management Service the Publishing server will connect to. For example, ```http://<management server name>;<Management server port number>```. If **/PUBLISHING_SERVER** isn't used, this parameter will be ignored. |
+| */PUBLISHING_WEBSITE_NAME* | Specifies name of the website that will be created for the publishing service. For example, ```/PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service"```. |
+| */PUBLISHING_WEBSITE_PORT* | Specifies the port number used by the publishing service. For example, ```/PUBLISHING_WEBSITE_PORT=83```. |
 
 ### Parameter definitions for Reporting Server
 
 | Parameter | Description |
 |-----------|-------------|
-| /REPORTING_SERVER | Specifies that the Reporting Server will be installed. No value is expected |
-| /REPORTING_WEBSITE_NAME | Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService" |
-| /REPORTING_WEBSITE_PORT | Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82 |
-</tbody>
-</table>  
+| */REPORTING_SERVER* | Specifies that the Reporting Server will be installed. No value is expected. |
+| */REPORTING_WEBSITE_NAME* | Specifies name of the website that will be created for the Reporting Service. For example, ```/REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService"```. |
+| */REPORTING_WEBSITE_PORT* | Specifies the port number that the Reporting Service will use. For example, ```/REPORTING_WEBSITE_PORT=82```. |
 
 ### Parameters for using an existing Reporting Server database
 
 | Parameter | Description |
 |-----------|-------------|
-| /EXISTING\_REPORTING\_DB_SQL_SERVER_USE_LOCAL | Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected. |
-| /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" |
-| /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. |
-| /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" |
-| /EXISTING_REPORTING_DB_NAME | Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_NAME="AppVReporting" |
+| */EXISTING\_REPORTING\_DB_SQL_SERVER_USE_LOCAL* | Indicates that the Microsoft SQL Server is installed on the local server. This is a switch parameter, so no value is expected. |
+| */EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME* | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. For example,  ```/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="mycomputer1"```. |
+| */EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT* | Indicates that the default SQL instance is to be used. This is a switch parameter, so no value is expected. |
+| */EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE* | Specifies the name of the custom SQL instance that should be used. Takes a string. For example, ```/EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"```. |
+| */EXISTING_REPORTING_DB_NAME* | Specifies the name of the existing Reporting database that should be used. Takes a string. For example, ```/EXISTING_REPORTING_DB_NAME="AppVReporting"```. |
 
 ### Parameter definitions for Reporting Server database installation
 
 | Parameter | Description |
 |-----------|-------------|
-| /DB\_PREDEPLOY\_REPORTING | Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected |
-| /REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" |
-| /REPORTING_DB_NAME | Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB" |
-| /REPORTING_SERVER_MACHINE_USE_LOCAL | Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
-| /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername" |
-| /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias" |
+| */DB\_PREDEPLOY\_REPORTING* | Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected. |
+| */REPORTING_DB_SQLINSTANCE_USE_DEFAULT* | Specifies the name of the custom SQL instance that should be used. Takes a string. For example, ```/REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"```. |
+| */REPORTING_DB_NAME* | Specifies the name of the new Reporting database that should be created. Takes a string. For example, ```/REPORTING_DB_NAME="AppVMgmtDB"```. |
+| */REPORTING_SERVER_MACHINE_USE_LOCAL* | Indicates that the Reporting server that will be accessing the database is installed on the local server. This is a switch parameter, so no value is expected. |
+| */REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT* | Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. For example, ```/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername"```. |
+| */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT* | Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. For example, ```/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias"```. |
 
 ### Parameters for using an existing Management Server database
 
 | Parameter | Description |
 |-----------|-------------|
-| /EXISTING\_MANAGEMENT\_DB_SQL_SERVER_USE_LOCAL | Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
-| /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" |
-| /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
-| /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that will be used. Example usage **/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE="AppVManagement"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
-| /EXISTING_MANAGEMENT_DB_NAME | Specifies the name of the existing management database that should be used. Example usage: **/EXISTING_MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+| */EXISTING\_MANAGEMENT\_DB_SQL_SERVER_USE_LOCAL* | Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this variable will be ignored. |
+| */EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME* | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. For example, ```/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="mycomputer1"```. |
+| */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this variable will be ignored. |
+| */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE* | Specifies the name of the custom SQL instance that will be used. For example, ```/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE="AppVManagement"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this will be ignored. |
+| */EXISTING_MANAGEMENT_DB_NAME* | Specifies the name of the existing management database that should be used. For example, ```/EXISTING_MANAGEMENT_DB_NAME="AppVMgmtDB"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this will be ignored. |
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [Deploying the App-V Server](appv-deploying-the-appv-server.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 70121311f4..4ffe1ba432 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -6,120 +6,92 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # How to Deploy the App-V Server (new installation)
 
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
->**Important**<br>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+## Before you start
 
-**Before you start:**
+>[!IMPORTANT]
+>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
 
--   Ensure that you’ve installed required software. See [App-V Prerequisites](appv-prerequisites.md).
+* Ensure that you’ve installed required software. See [App-V prerequisites](appv-prerequisites.md).
+* Review the server section of [App-V security considerations](appv-security-considerations.md).
+* Specify a port where each component will be hosted.
+* Add firewall rules to allow incoming requests to access the specified ports.
+* If you use SQL scripts instead of the Windows Installer to set up the Management database or Reporting database, you must run the required SQL scripts before installing the Management Server or Reporting Server. See [How to deploy the App-V databases by using SQL scripts](appv-deploy-appv-databases-with-sql-scripts.md).
 
--   Review the server section of [App-V security considerations](appv-security-considerations.md).
+## Installing the App-V server
 
--   Specify a port where each component will be hosted.
+1. Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
 
--   Add firewall rules to allow incoming requests to access the specified ports.
-
--   If you use SQL scripts, instead of the Windows Installer, to set up the Management database or Reporting database, you must run the SQL scripts before installing the Management Server or Reporting Server. See [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-
-**To install the App-V server**
-
-1.  Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
-
-    -   The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
-
-    -   The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).  
-
-2.  Copy the App-V server installation files to the computer on which you want to install it.
-
-3.  Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
-
-4.  Review and accept the license terms, and choose whether to enable Microsoft updates.
-
-5.  On the **Feature Selection** page, select all of the following components.
+    * The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
+    * The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
+2. Copy the App-V server installation files to the computer on which you want to install it.
+3. Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
+4. Review and accept the license terms, and choose whether to enable Microsoft updates.
+5. On the **Feature Selection** page, select all components listed in the following table.
 
     | Component | Description |
-    | - | - |
+    |---|---|
     | Management server | Provides overall management functionality for the App-V infrastructure. |
     | Management database | Facilitates database predeployments for App-V management. |
     | Publishing server | Provides hosting and streaming functionality for virtual applications. |
     | Reporting server | Provides App-V reporting services. |
     | Reporting database | Facilitates database predeployments for App-V reporting. |
-
-6.  On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
-
-7.  On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
+6. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
+7. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
 
     | Method | What you need to do |
-    | - | - |
-    | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.<br/>Use the format **INSTANCENAME**. The assumed installation location is the local computer.<br/>Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
+    |---|---|
+    | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, then specify the instance name.<br/>Use the format **INSTANCENAME**. The assumed installation location is the local computer.<br/>Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
     | You are using a custom database name. | Select **Custom configuration** and type the database name.<br/>The database name must be unique, or the installation will fail.|
+8. On the **Configure** page, accept the default value, **Use this local computer**.
 
-8.  On the **Configure** page, accept the default value **Use this local computer**.
-
-    >**Note**  If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
-
-9.  On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
+    >[!NOTE]
+    >If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
+9. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
 
     | Method | What you need to do |
-    | - | - |
+    |---|---|
     | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.<br/>Use the format **INSTANCENAME**. The assumed installation location is the local computer.<br/>Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
     | You are using a custom database name. | Select **Custom configuration** and type the database name.<br/>The database name must be unique, or the installation will fail.|
-
-
 10. On the **Configure** page, accept the default value: **Use this local computer**.
 
-    >**Note** 
-    > If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
-
-
+    >[!NOTE]
+    >If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
 11. On the **Configure** (Management Server Configuration) page, specify the following:
 
     |  Item to configure | Description and examples |
-    | - | - |
-    | Type the AD group with sufficient permissions to manage the App-V environment. | Example: MyDomain\MyUser<br><br/>After installation, you can add users or groups on the management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use <strong>Domain local</strong> or <strong>Universal</strong> groups to perform this action.|    
-    | **Website name**: Specify the custom name that will be used to run the publishing service.<br/> | If you do not have a custom name, do not make any changes.|    
-    |**Port binding**: Specify a unique port number that will be used by App-V. | Example: **12345**<br/>Ensure that the port specified is not being used by another website. |
-
+    |---|---|
+    | Specify AD group | Specify the AD group with sufficient permissions to manage the App-V environment. Example: MyDomain\MyUser<br><br/>After installation, you can add users or groups on the management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use <strong>Domain local</strong> or <strong>Universal</strong> groups to perform this action.|
+    |Website name | Specify the custom name that will be used to run the publishing service.<br>If you do not have a custom name, you don't have to change it.|
+    |Port binding | Specify a unique port number that will be used by App-V. Example: **12345**<br>Ensure that the port specified is not being used by another website. |
 12. On the **Configure Publishing Server Configuration** page, specify the following:
 
     | Item to configure | Description and examples |
-    | - | - |
-    | Specify the URL for the management service. | Example: http://localhost:12345 |
-    | **Website name**: Specify the custom name that will be used to run the publishing service.| If you do not have a custom name, do not make any changes. |
-    | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 54321<br/>Ensure that the port specified is not being used by another website. |
-
+    |---|---|
+    | Specify the management service URL | Example: http:<span></span>//localhost:12345 |
+    | Website name | Specify the custom website name that will be used to run the publishing service. <br>If you do not have a custom name, do not make any changes. |
+    | Port binding | Specify a unique port number that will be used by App-V. Example: 54321<br>Ensure that the port specified is not being used by another website. |
 13. On the **Reporting Server** page, specify the following:
 
     | Item to configure | Description and examples |
-    | - | - |
-    | **Website name**: Specify the custom name that will be used to run the Reporting Service. | If you do not have a custom name, do not make any changes. |
-    | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 55555<br/>Ensure that the port specified is not being used by another website. |
-
+    |---|---|
+    | Website name | Specify the custom name that will be used to run the Reporting Service.  <br>If you do not have a custom name, do not make any changes. |
+    | Port binding | Specify a unique port number that will be used by App-V. Example: 55555<br/>Ensure that the port specified is not being used by another website.|
 14. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page.
+15. To verify that the setup completed successfully, open a web browser, and type the following URL with the bracketed variables adjusted according to your specifications in the earlier steps:
 
-15. To verify that the setup completed successfully, open a web browser, and type the following URL:
+    ```http://<Management server machine name>:<Management service port number>/console.html```
 
-    **http://\<_Management server machine name_\>:\<_Management service port number_\>/console.html**.
-
-    Example: **http://localhost:12345/console.html**. If the installation succeeded, the App-V Management console is displayed with no errors.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+    Example: ```http://localhost:12345/console.html```. If the installation succeeded, the App-V Management console will display with no errors.
 
 ## Related topics
 
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
-
-- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
-
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [How to install the management and reporting databases on separate computers from the management and reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+* [How to install the publishing server on a remote computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index d6d019fcff..1d2034eb89 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -6,52 +6,41 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # Deploying App-V for Windows 10
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-App-V supports a number of different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
+App-V supports several different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
 
 ## App-V Deployment Information
 
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
 
--   [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+    This section describes how to install the App-V sequencer used to virtualize applications, and how to enable the App-V client that runs on target computers to facilitate virtualized packages.
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
 
-    This section describes how to install the App-V sequencer, which is used to virtualize applications, and how to enable the App-V client, which runs on target computers to facilitate virtualized packages.
-
--   [Deploying the App-V Server](appv-deploying-the-appv-server.md)
-
-    This section provides information about installing the App-V management, publishing, database and reporting severs.
-
--   [App-V Deployment Checklist](appv-deployment-checklist.md)
+    This section provides information about installing the App-V management, publishing, database, and reporting severs.
+* [App-V deployment checklist](appv-deployment-checklist.md)
 
     This section provides a deployment checklist that can be used to assist with installing App-V.
 
--   [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)<br>
-[Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)<br>
-[Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+The following sections describe how to use App-V to deliver Microsoft Office as a virtualized application to computers in your organization.
 
-    These sections describe how to use App-V to deliver Microsoft Office as a virtualized application to computers in your organization.
+* [Deploying Microsoft Office 2016 by using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
+* [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
 
-## Other Resources for Deploying App-V
+## Other App-V deployment resources
 
-
--   [Application Virtualization (App-V) overview](appv-for-windows.md)
-
--   [Getting Started with App-V](appv-getting-started.md)
-
--   [Planning for App-V](appv-planning-for-appv.md)
-
--   [Operations for App-V](appv-operations.md)
-
--   [Troubleshooting App-V](appv-troubleshooting.md)
-
--   [Technical Reference for App-V](appv-technical-reference.md)
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Getting started with App-V](appv-getting-started.md)
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index 28a866aa22..5d6bd60233 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -6,291 +6,95 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # Deploying Microsoft Office 2010 by Using App-V
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 You can create Office 2010 packages for Microsoft Application Virtualization (App-V) using one of the following methods:
 
--   Application Virtualization (App-V) Sequencer
-
--   Application Virtualization (App-V) Package Accelerator
+* Application Virtualization (App-V) Sequencer
+* Application Virtualization (App-V) Package Accelerator
 
 ## App-V support for Office 2010
 
-
 The following table shows the App-V versions, methods of Office package creation, supported licensing, and supported deployments for Office 2010.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Supported item</th>
-<th align="left">Level of support</th>
-</tr>
-</thead>
-<tbody>
-<tr class="even">
-<td align="left"><p>Package creation</p></td>
-<td align="left"><ul>
-<li><p>Sequencing</p></li>
-<li><p>Package Accelerator</p></li>
-<li><p>Office Deployment Kit</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Supported licensing</p></td>
-<td align="left"><p>Volume Licensing</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Supported deployments</p></td>
-<td align="left"><ul>
-<li><p>Desktop</p></li>
-<li><p>Personal VDI</p></li>
-<li><p>RDS</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Supported item|Support level|
+|---|---|
+|Package creation|- Sequencing<br>- Package Accelerator<br>- Office Deployment Kit|
+|Supported licensing|Volume Licensing|
+|Supported deployments|- Desktop<br>- Personal VDI<br>- RDS|
 
 ## Creating Office 2010 App-V using the sequencer
 
-
-Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V, refer to the following link for detailed instructions:
-
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
+Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069).
 
 ## Creating Office 2010 App-V packages using package accelerators
 
+Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8, and Windows 7. The following pages will show you which package accelerator is best for creating Office 2010 App-V packages on your version of Windows:
 
-Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
-
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
-
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
+* [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
+* [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
 
 For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md).
 
 ## Deploying the Microsoft Office package for App-V
 
-
 You can deploy Office 2010 packages by using any of the following App-V deployment methods:
 
--   System Center Configuration Manager
-
--   App-V server
-
--   Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V server
+* Stand-alone through Windows PowerShell commands
 
 ## Office App-V package management and customization
 
-
 Office 2010 packages can be managed like any other App-V packages through known package management mechanisms. No special instructions are needed, for example, to add, publish, unpublish, or remove Office packages.
 
 ## Microsoft Office integration with Windows
 
-
 The following table provides a full list of supported integration points for Office 2010.
 
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Extension Point</th>
-<th align="left">Description</th>
-<th align="left">Office 2010</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Lync meeting Join Plug-in for Firefox and Chrome</p></td>
-<td align="left"><p>User can join Lync meetings from Firefox and Chrome</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Sent to OneNote Print Driver</p></td>
-<td align="left"><p>User can print to OneNote</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>OneNote Linked Notes</p></td>
-<td align="left"><p>OneNote Linked Notes</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Send to OneNote Internet Explorer Add-In</p></td>
-<td align="left"><p>User can send to OneNote from IE</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Firewall Exception for Lync and Outlook</p></td>
-<td align="left"><p>Firewall Exception for Lync and Outlook</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>MAPI Client</p></td>
-<td align="left"><p>Native apps and add-ins can interact with virtual Outlook through MAPI</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>SharePoint Plugin for Firefox</p></td>
-<td align="left"><p>User can use SharePoint features in Firefox</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Mail Control Panel Applet</p></td>
-<td align="left"><p>User gets the mail control panel applet in Outlook</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Primary Interop Assemblies</p></td>
-<td align="left"><p>Support managed add-ins</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Office Document Cache Handler</p></td>
-<td align="left"><p>Allows Document Cache for Office applications</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Outlook Protocol Search handler</p></td>
-<td align="left"><p>User can search in outlook</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/office/ms440037(v=office.14).aspx).</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>   Groove.SiteClient</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>   PortalConnect.PersonalSite</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>   SharePoint.openDocuments</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>   SharePoint.ExportDatabase</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>   SharePoint.SpreadSheetLauncher</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>   SharePoint.StssyncHander</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>   SharePoint.DragUploadCtl</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>   SharePoint.DragDownloadCtl</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>   Sharpoint.OpenXMLDocuments</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>   Sharepoint.ClipboardCtl</p></td>
-<td align="left"><p>Active X control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>   WinProj.Activator</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>   Name.NameCtrl</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>   STSUPld.CopyCtl</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>   CommunicatorMeetingJoinAx.JoinManager</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>   LISTNET.Listnet</p></td>
-<td align="left"><p>Active X Control</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>   OneDrive Pro Browser Helper</p></td>
-<td align="left"><p>Active X Control]</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>OneDrive Pro Icon Overlays</p></td>
-<td align="left"><p>Windows explorer shell icon overlays when users look at folders OneDrive Pro folders</p></td>
-<td align="left"><p></p></td>
-</tr>
-</tbody>
-</table>
+(POPULATE THE THIRD COLUMN)
 
- 
+|Extension Point|Description|Office 2010|
+|---|---|---|
+|Lync meeting Join Plug-in for Firefox and Chrome|User can join Lync meetings from Firefox and Chrome||
+|Sent to OneNote Print Driver|User can print to OneNote|Yes|
+|OneNote Linked Notes|OneNote Linked Notes||
+|Send to OneNote Internet Explorer Add-In|User can send to OneNote from IE||
+|Firewall Exception for Lync and Outlook|Firewall Exception for Lync and Outlook||
+|MAPI Client|Native apps and add-ins can interact with virtual Outlook through MAPI||
+|SharePoint Plugin for Firefox|User can use SharePoint features in Firefox||
+|Mail Control Panel Applet|User gets the mail control panel applet in Outlook|Yes|
+|Primary Interop Assemblies|Support managed add-ins||
+|Office Document Cache Handler|Allows Document Cache for Office applications||
+|Outlook Protocol Search handler|User can search in Outlook|Yes|
+|Active X Controls:<br>- Groove.SiteClient<br>- PortalConnect.PersonalSite<br>- SharePoint.openDocuments<br>-  SharePoint.ExportDatabase<br>- SharePoint.SpreadSheetLauncher<br>- SharePoint.StssyncHander<br>- SharePoint.DragUploadCtl<br>- SharePoint.DragDownloadCtl<br>- Sharpoint.OpenXMLDocuments<br> - Sharepoint.ClipboardCtl<br>- WinProj.Activator<br>- Name.NameCtrl<br>- STSUPld.CopyCtl<br>- CommunicatorMeetingJoinAx.JoinManager<br>- LISTNET.Listnet<br>- OneDrive Pro Browser Helper|Active X Control. <br><br>For more information about ActiveX controls, see the [ActiveX Control API Reference](<https://msdn.microsoft.com/library/office/ms440037(v=office.14).aspx>).||
+|OneDrive Pro Icon Overlays|Windows explorer shell icon overlays when users look at folders OneDrive Pro folders||
 
 ## Additional resources
 
+### Office 2013 App-V Packages Additional Resources
 
-**Office 2013 App-V Packages Additional Resources**
+* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
+### Office 2010 App-V Packages
 
-**Office 2010 App-V Packages**
+* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399)
+* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399)
+### Connection Groups
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+* [Managing Connection Groups](appv-managing-connection-groups.md)
+* [Connection groups on the App-V team blog](https://blogs.msdn.microsoft.com/gladiator/tag/connection-groups/)
 
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
+### Dynamic Configuration
 
-**Connection Groups**
-
-[Managing Connection Groups](appv-managing-connection-groups.md)
-
-[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
-
-**Dynamic Configuration**
-
-[About App-V Dynamic Configuration](appv-dynamic-configuration.md)
+* [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index dbbd968cfa..7b63794730 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -6,229 +6,94 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # Deploying Microsoft Office 2013 by Using App-V
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
 
-This topic contains the following sections:
+## What to know before you start
 
--   [What to know before you start](#bkmk-before-you-start)
+Before you deploy Office 2013 with App-V, review the following planning information.
 
--   [Creating an Office 2013 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg)
+### Supported Office versions and Office coexistence
 
--   [Publishing the Office package for App-V](#bkmk-pub-pkg-office)
+The following table will direct you to more information about which versions of Office App-V supports and how to run App-V with coexisting versions of Office.
 
--   [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs)
+|Information to review|Description|
+|---|---|
+|[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#supported-versions-of-microsoft-office)|- Supported versions of Office<br>- Supported deployment types like desktop, personal Virtual Desktop Infrastructure (VDI), and pooled VDI<br>- Office licensing options.|
+|[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#before-you-implement-office-coexistence)|Considerations for installing different versions of Office on the same computer.|
 
-## <a href="" id="bkmk-before-you-start"></a>What to know before you start
+### Packaging, publishing, and deployment requirements
 
+Before you deploy Office with App-V, review the following requirements.
 
-Before you deploy Office 2013 by using App-V, review the following planning information.
-
-### <a href="" id="bkmk-supp-vers-coexist"></a>Supported Office versions and Office coexistence
-
-Use the following table to get information about supported versions of Office and about running coexisting versions of Office.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Information to review</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)</p></td>
-<td align="left"><ul>
-<li><p>Supported versions of Office</p></li>
-<li><p>Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)</p></li>
-<li><p>Office licensing options</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting)</p></td>
-<td align="left"><p>Considerations for installing different versions of Office on the same computer</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### <a href="" id="bkmk-pkg-pub-reqs"></a>Packaging, publishing, and deployment requirements
-
-Before you deploy Office by using App-V, review the following requirements.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Task</th>
-<th align="left">Requirement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Packaging</p></td>
-<td align="left"><ul>
-<li><p>All of the Office applications that you want to deploy to users must be in a single package.</p></li>
-<li><p>In App-V and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.</p></li>
-<li><p>If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Publishing</p></td>
-<td align="left"><ul>
-<li><p>You can publish only one Office package to each client computer.</p></li>
-<li><p>You must publish the Office package globally. You cannot publish to the user.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
-<ul>
-<li><p>Office 365 ProPlus</p></li>
-<li><p>Visio Pro for Office 365</p></li>
-<li><p>Project Pro for Office 365</p></li>
-</ul></td>
-<td align="left"><p>You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).</p>
-<p>You don’t use shared computer activation if you’re deploying a volume licensed product, such as:</p>
-<ul>
-<li><p>Office Professional Plus 2013</p></li>
-<li><p>Visio Professional 2013</p></li>
-<li><p>Project Professional 2013</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Task|Requirement|
+|---|---|
+|Packaging|All Office applications you wish to deploy to users must be in a single package.<br>In App-V and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation.<br>If you're deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).|
+|Publishing|You can only publish one Office package per client computer.<br>You must publish the Office package globally, not to the user.|
+|Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer using Remote Desktop Services.|You must enable [shared computer activation](https://docs.microsoft.com/en-us/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus).<br>You don’t need to use shared computer activation if you’re deploying a volume licensed product, such as Office Professional Plus 2013, Visio Professional 2013, or Project Professional 2013.|
 
 ### Excluding Office applications from a package
 
 The following table describes the recommended methods for excluding specific Office applications from a package.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Task</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Use the <strong>ExcludeApp</strong> setting when you create the package by using the Office Deployment Tool.</p></td>
-<td align="left"><ul>
-<li><p>Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.</p></li>
-<li><p>For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#BKMK_ExcludeAppElement).</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Modify the DeploymentConfig.xml file</p></td>
-<td align="left"><ul>
-<li><p>Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.</p></li>
-<li><p>For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## <a href="" id="bkmk-create-office-pkg"></a>Creating an Office 2013 package for App-V with the Office Deployment Tool
+|Task|Details|
+|---|---|
+|Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool.|Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.<br>For more information, see [ExcludeApp element](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element).|
+|Modify the **DeploymentConfig.xml** file|Modify the **DeploymentConfig.xml** file after creating the package. This file contains the default package settings for all users on a computer running the App-V Client.<br>For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).|
 
+## Creating an Office 2013 package for App-V with the Office Deployment Tool
 
 Complete the following steps to create an Office 2013 package for App-V or later.
 
-**Important**  
-In App-V and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
-
- 
+>[!IMPORTANT]
+>In App-V and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
 
 ### Review prerequisites for using the Office Deployment Tool
 
-The computer on which you are installing the Office Deployment Tool must have:
+Before you start, make sure that the computer on which you are installing the Office Deployment Tool has the following:
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisite</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Prerequisite software</p></td>
-<td align="left"><p>.Net Framework 4</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Supported operating systems</p></td>
-<td align="left"><ul>
-<li><p>64-bit version of Windows 8 or later</p></li>
-<li><p>64-bit version of Windows 7</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
+|Prerequisite|Description|
+|---|---|
+|Prerequisite software|.NET Framework 4|
+|Supported operating systems|64-bit version of Windows 8 or later<br>64-bit version of Windows 7|
 
- 
+>[!NOTE]
+>In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
 
-**Note**  
-In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
+### Create Office 2013 App-V packages using Office Deployment Tool
 
- 
-
-### Create Office 2013 App-V Packages Using Office Deployment Tool
-
-You create Office 2013 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing.
+You create Office 2013 App-V packages with the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing.
 
 Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
 
 ### Download the Office Deployment Tool
 
-Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
+Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The App-V sequencer can't create or modify packages. To create a package:
 
-1.  Download the [Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778).
-
-2.  Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
+1. Download the [Office 2013 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778).
+2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
 
     Example: \\\\Server\\Office2013
-
-3.  Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+3. Check that a **setup.exe** and a **configuration.xml** file exist and are in the location you specified.
 
 ### Download Office 2013 applications
 
-After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. After getting the Office applications, you create the Office 2013 App-V package.
+After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. You can create the Office 2013 App-V package after getting all the Office applications.
 
-The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
+The XML file included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
 
-1.  **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
 
-    1.  Open the sample XML file in Notepad or your favorite text editor.
+    1. Open the sample XML file in Notepad or your favorite text editor.
 
-    2.  With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
+    2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
 
-        ``` syntax
+        ```XML
         <Configuration>
            <Add SourcePath= ”\\Server\Office2013” OfficeClientEdition="32" >
             <Product ID="O365ProPlusRetail ">
@@ -237,255 +102,139 @@ The XML file that is included in the Office Deployment Tool specifies the produc
             <Product ID="VisioProRetail">
               <Language ID="en-us" />
             </Product>
-          </Add>  
+          </Add>
         </Configuration>
         ```
 
-        **Note**<br>
-        The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
+        >[!NOTE]
+        >The configuration XML is a sample XML file. This file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
 
-        The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-xml-file), later in this topic.
+        The previous example of an XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications by specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-xml-file), later in this topic.
 
         After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2013 applications that will later be converted into an App-V package. The following is an example command:
 
-2.  **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details:
-
-    ``` syntax
+    ```PowerShell
     \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml
     ```
 
-    In the example:
+    The following is a table that describes each element of the command:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p><code>\\server\Office2013</code></p></td>
-    <td align="left"><p>is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p><code>setup.exe</code></p></td>
-    <td align="left"><p>is the Office Deployment Tool.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p><code>/download</code></p></td>
-    <td align="left"><p>downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p><code>\\server\Office2013\Customconfig.xml</code></p></td>
-    <td align="left"><p>passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2013.</p></td>
-    </tr>
-    </tbody>
-    </table>
+    |Element|Description|
+    |---|---|
+    |```\\server\Office2013```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, **Customconfig.xml**.|
+    |```setup.exe```|This is the Office Deployment Tool.|
+    |```/download```|This downloads the Office 2013 applications that you specify in the **Customconfig.xml** file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.|
+    |```\\server\Office2013\Customconfig.xml```|This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the XML configuration file, which in this example is ```\\Server\Office2013```.|
 
 #### Customizable attributes and elements of the XML file
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Input and description</th>
-<th align="left">Example</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Add element:<br>Specifies the products and languages to include in the package.</p></td>
-<td align="left"><p>N/A</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>OfficeClientEdition (attribute of Add element):<br>Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if <strong>OfficeClientEdition</strong> is not set to a valid value.</p></td>
-<td align="left"><p><code>OfficeClientEdition=&quot;32&quot;</code></p>
-<p><code>OfficeClientEdition=&quot;64&quot;</code></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Product element:<br>Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.</p></td>
-<td align="left"><p><code>Product ID =&quot;O365ProPlusRetail &quot;</code></p>
-<p><code>Product ID =&quot;VisioProRetail&quot;</code></p>
-<p><code>Product ID =&quot;ProjectProRetail&quot;</code></p>
-<p><code>Product ID =&quot;ProPlusVolume&quot;</code></p>
-<p><code>Product ID =&quot;VisioProVolume&quot;</code></p>
-<p><code>Product ID = &quot;ProjectProVolume&quot;</code></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Language element:<br>Specifies the language supported in the applications.</p></td>
-<td align="left"><p><code>Language ID=&quot;en-us&quot;</code></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Version (attribute of Add element):<br>Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).</p></td>
-<td align="left"><p><code>15.1.2.3</code></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>SourcePath (attribute of Add element):<br>Specifies the location in which the applications will be saved to.</p></td>
-<td align="left"><p><code>Sourcepath = &quot;\\Server\Office2013”</code></p></td>
-</tr>
-</tbody>
-</table>
-
-   
+|Input and description|Example|
+|---|---|
+|Add element:<br>Specifies the products and languages to include in the package.|N/A|
+|OfficeClientEdition (attribute of Add element):<br>Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if **OfficeClientEdition** is not set to a valid value.|```OfficeClientEdition="32"```<br>```OfficeClientEdition="64"```|
+|Product element:<br>Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.|```Product ID="O365ProPlusRetail"```<br>```Product ID="VisioProRetail"```<br>```Product ID="ProjectProRetail"```<br>```Product ID="ProPlusVolume"```<br>```Product ID="ProjectProVolume"```|
+|Language element:<br>Specifies the language supported in the applications.|```Language ID="en-us"```|
+|Version (attribute of Add element):<br>Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).|```15.1.2.3```|
+|SourcePath (attribute of Add element):<br>Specifies the location where the applications will be saved to.|```Sourcepath="\Server\Office2013”```|
 
 ### Convert the Office applications into an App-V package
 
-After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. Complete the steps that correspond to your licensing model.
+After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. You'll need to make sure to have the right procedure depending on your licensing model.
 
-**Summary of what you’ll need to do:**
+#### What you'll need to do
 
--   Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers.
+* Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers.
+* Create an Office App-V package for either the Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, then modify the **Customconfig.xml** configuration file.
 
--   Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
+    The following table summarizes the values you need to enter in the **Customconfig.xml** file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
 
-    The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Product ID</th>
-<th align="left">Volume Licensing</th>
-<th align="left">Subscription Licensing</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p><strong>Office 2013</strong></p></td>
-<td align="left"><p>ProPlusVolume</p></td>
-<td align="left"><p>O365ProPlusRetail</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p><strong>Office 2013 with Visio 2013</strong></p></td>
-<td align="left"><p>ProPlusVolume</p>
-<p>VisioProVolume</p></td>
-<td align="left"><p>O365ProPlusRetail</p>
-<p>VisioProRetail</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p><strong>Office 2013 with Visio 2013 and Project 2013</strong></p></td>
-<td align="left"><p>ProPlusVolume</p>
-<p>VisioProVolume</p>
-<p>ProjectProVolume</p></td>
-<td align="left"><p>O365ProPlusRetail</p>
-<p>VisioProRetail</p>
-<p>ProjectProRetail</p></td>
-</tr>
-</tbody>
-</table>
+|Product ID|Volume Licensing|Subscription Licensing|
+|---|---|---|
+|Office 2013|ProPlusVolume|O365ProPlusRetail|
+|Office 2013 with Visio 2013|ProPlusVolume<br>VisioProVolume|O365ProPlusRetail<br>VisioProRetail|
+|Office 2013 with Visio 2013 and Project 2013|ProPlusVolume<br>VisioProVolume<br>ProjectProVolume|O365ProPlusRetail<br>VisioProRetail<br>ProjectProRetail|
 
 #### How to convert the Office applications into an App-V package
 
-1.  In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
+1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    - **SourcePath**: Point to the Office applications downloaded earlier.
-    
-    - **ProductID**: Specify the type of licensing, as shown in the following examples:
-        - Subscription Licensing:
-        ```
-<Configuration>
-   <Add SourcePath= "\\server\Office 2013" OfficeClientEdition="32" >
-    <Product ID="O365ProPlusRetail">
-      <Language ID="en-us" />
-    </Product>
-    <Product ID="VisioProRetail">
-      <Language ID="en-us" />
-    </Product>
-  </Add>  
-</Configuration> 
+    * **SourcePath**: Point to the Office applications downloaded earlier.
+    * **ProductID**: Specify the type of licensing, as shown in the following examples:
+        * Subscription Licensing:
+        ```XML
+        <Configuration>
+           <Add SourcePath= "\\server\Office 2013" OfficeClientEdition="32" >
+            <Product ID="O365ProPlusRetail">
+              <Language ID="en-us" />
+            </Product>
+            <Product ID="VisioProRetail">
+              <Language ID="en-us" />
+            </Product>
+          </Add>
+        </Configuration>
         ```
         In this example, the following changes were made to create a package with Subscription licensing:
         
-        **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.<br>
-        **Product ID** for Office was changed to `O365ProPlusRetail`.<br>
-        **Product ID** for Visio was changed to `VisioProRetail`.
-        
-        - Volume Licensing
-        ```
-<Configuration>
-   <Add SourcePath= "\\Server\Office2013" OfficeClientEdition="32" >
-    <Product ID="ProPlusVolume">
-      <Language ID="en-us" />
-    </Product>
-    <Product ID="VisioProVolume">
-      <Language ID="en-us" />
-    </Product>
-  </Add>  
-</Configuration>
+        * **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.
+        * **Product ID** for Office was changed to `O365ProPlusRetail`.
+        * **Product ID** for Visio was changed to `VisioProRetail`.
+        * Volume Licensing
+        ```XML
+        <Configuration>
+           <Add SourcePath= "\\Server\Office2013" OfficeClientEdition="32" >
+            <Product ID="ProPlusVolume">
+              <Language ID="en-us" />
+            </Product>
+            <Product ID="VisioProVolume">
+              <Language ID="en-us" />
+            </Product>
+          </Add>
+        </Configuration>
         ```
         In this example, the following changes were made to create a package with Volume licensing:
         
-        **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.<br>
-        **Product ID** for Office was changed to `ProPlusVolume`.<br>
-        **Product ID** for Visio was changed to `VisioProVolume`.
-    
-    - **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
-    
-    - **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+        * **SourcePath** is the source's path, which was changed to point to the Office applications that were downloaded earlier.
+        * **Product ID** for Office was changed to `ProPlusVolume`.
+        * **Product ID** for Visio was changed to `VisioProVolume`.
+    * **ExcludeApp** (optional) lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
+    * **PACKAGEGUID** (optional)—By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
         
         An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
         
-        **Note**&nbsp;&nbsp;Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
-
-2.  Use the /packager command to convert the Office applications to an Office 2013 App-V package.
+        >[!NOTE]
+        >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+2. Use the **/packager** command to convert the Office applications to an Office 2013 App-V package.
 
     For example:
 
-    ``` syntax
+    ```PowerShell
     \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml  \\server\share\Office2013AppV
     ```
 
     In the example:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p><code>\\server\Office2013</code></p></td>
-    <td align="left"><p>is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p><code>setup.exe</code></p></td>
-    <td align="left"><p>is the Office Deployment Tool.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p><code>/packager</code></p></td>
-    <td align="left"><p>creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p><code>\\server\Office2013\Customconfig.xml</code></p></td>
-    <td align="left"><p>passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p><code>\\server\share\Office2013AppV</code></p></td>
-    <td align="left"><p>specifies the location of the newly created Office App-V package.</p></td>
-    </tr>
-    </tbody>
-    </table>
+    |Element|Description|
+    |---|---|
+    |```\\server\Office2013```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is named **Customconfig.xml**.|
+    |```setup.exe```|This is the Office Deployment Tool.|
+    |```/packager```|This creates the Office 2013 App-V package with Volume Licensing as specified in the **Customconfig.xml** file.|
+    |```\\server\Office2013\Customconfig.xml```|This passes the configuration XML file, which in this example is named "Customconfig," that has been prepared for the packaging stage.|
+    |```\\server\share\Office2013AppV```|This specifies the location of the newly created Office App-V package.|
 
-    After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
-    **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.<br>
-    **WorkingDir**
+    After you run the **/packager** command, the following folders will appear in the directory where you specified the package should be saved:
+
+    * **App-V Packages**, which contains an Office 2013 App-V package and two deployment configuration files.<br>
+    * **WorkingDir**
     
-    **Note**&nbsp;&nbsp;To troubleshoot any issues, see the log files in the %temp% directory (default).
+    >[!NOTE]
+    >To troubleshoot any issues, see the log files in the %temp% directory (default).
+3. Verify that the Office 2013 App-V package works correctly:
 
-3.  Verify that the Office 2013 App-V package works correctly:
-
-    1.  Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear.
-
-    2.  Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected.
-
-## <a href="" id="bkmk-pub-pkg-office"></a>Publishing the Office package for App-V
+    1. Publish the Office 2013 App-V package that you created globally to a test computer and verify that the Office 2013 shortcuts appear.
+    2. Start a few Office 2013 applications, such as Excel or Word, to test that your package is working as expected.
 
+## Publishing the Office package for App-V
 
 Use the following information to publish an Office package.
 
@@ -493,121 +242,77 @@ Use the following information to publish an Office package.
 
 Deploy the App-V package for Office 2013 by using the same methods you use for any other package:
 
--   System Center Configuration Manager
-
--   App-V Server
-
--   Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V Server
+* Stand-alone through Windows PowerShell commands
 
 ### Publishing prerequisites and requirements
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisite or requirement</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Enable Windows PowerShell scripting on the App-V clients</p></td>
-<td align="left"><p>To publish Office 2013 packages, you must run a script.</p>
-<p>Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:</p>
-<pre class="syntax" space="preserve"><code>Set-AppvClientConfiguration –EnablePackageScripts 1</code></pre></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Publish the Office 2013 package globally</p></td>
-<td align="left"><p>Extension points in the Office App-V package require installation at the computer level.</p>
-<p>When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Prerequisite or requirement|Details|
+|---|---|
+|Enable Windows PowerShell scripting on the App-V clients.|To publish Office 2013 packages, you must run a script. Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:<br>```Set-AppvClientConfiguration –EnablePackageScripts 1```|
+|Publish the Office 2013 package globally.|Extension points in the Office App-V package require installation at the computer level.<br>When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.|
 
 ### How to publish an Office package
 
-Run the following command to publish an Office package globally:
+Run the following command to publish an Office package globally, wtih the bracketed value replaced by the path to the App-V package:
 
--   `Add-AppvClientPackage <Path_to_AppV_Package> | Publish-AppvClientPackage –global`
+```PowerShell
+Add-AppvClientPackage <Path_to_AppV_Package> | Publish-AppvClientPackage –global
+```
 
--   From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group.
-
-## <a href="" id="bkmk-custmz-manage-office-pkgs"></a>Customizing and managing Office App-V packages
+* From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group.
 
+## Customizing and managing Office App-V packages
 
 To manage your Office App-V packages, use the same operations as you would for any other package, but there are a few exceptions, as outlined in the following sections.
 
--   [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins)
+* [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins)
+* [Disabling Office 2013 applications](#bkmk-disable-office-apps)
+* [Disabling Office 2013 shortcuts](#bkmk-disable-shortcuts)
+* [Managing Office 2013 package upgrades](#bkmk-manage-office-pkg-upgrd)
+* [Managing Office 2013 licensing upgrades](#bkmk-manage-office-lic-upgrd)
+* [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project)
 
--   [Disabling Office 2013 applications](#bkmk-disable-office-apps)
+### Enabling Office plug-ins by using connection groups
 
--   [Disabling Office 2013 shortcuts](#bkmk-disable-shortcuts)
+Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You can't use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps.
 
--   [Managing Office 2013 package upgrades](#bkmk-manage-office-pkg-upgrd)
+#### To enable plug-ins for Office App-V packages
 
--   [Managing Office 2013 licensing upgrades](#bkmk-manage-office-lic-upgrd)
+1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Office 365 ProPlus (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
+3. Create an App-V package that includes the desired plug-ins.
+4. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
 
--   [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project)
+    >[!IMPORTANT]
+    >The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, then add the plug-in App-V package.
+6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package.
+7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2013 App-V package has.
 
-### <a href="" id="bkmk-enable-office-plugins"></a>Enabling Office plug-ins by using connection groups
+    Since the Office 2013 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as **Integrated** and that both **InProcessEnabled** and **OutOfProcessEnabled** match the settings of the Office 2013 App-V package you published.
+8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
+9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the updated file.
+10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2013 App-V package is in use when the Connection Group is enabled. If that happens, you'll have to reboot to successfully enable the Connection Group.
+11. After you successfully publish both packages and enable the Connection Group, start the target Office 2013 application and verify that the plug-in you published and added to the Connection Group works as expected.
 
-Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps.
+### Disabling Office 2013 applications
 
-**To enable plug-ins for Office App-V packages**
+You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
 
-1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+>[!NOTE]
+>To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool#excludeapp-element).
 
-2.  Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
+#### To disable an Office 2013 application
 
-3.  Create an App-V package that includes the desired plug-ins.
+1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
+2. Search for the Office application you want to disable, for example, Access 2013.
+3. Change the value of "Enabled" from "true" to "false."
+4. Save the Deployment Configuration File.
+5. Add the Office 2013 App-V Package with the new Deployment Configuration File.
 
-4.  Add a Connection Group through App-V server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
-
-5.  Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
-
-    **Important**&nbsp;&nbsp;The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package.
-
-6.  Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package.
-
-7.  Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2013 App-V package has.
-
-    Since the Office 2013 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2013 App-V package you published.
-
-8.  Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
-
-9.  If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file.
-
-10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2013 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group.
-
-11. After you successfully publish both packages and enable the Connection Group, start the target Office 2013 application and verify that the plug-in you published and added to the connection group works as expected.
-
-### <a href="" id="bkmk-disable-office-apps"></a>Disabling Office 2013 applications
-
-You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
-
-**Note**  
-To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](http://technet.microsoft.com/library/jj219426.aspx).
-
- 
-
-**To disable an Office 2013 application**
-
-1.  Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
-
-2.  Search for the Office application you want to disable, for example, Access 2013.
-
-3.  Change the value of "Enabled" from "true" to "false."
-
-4.  Save the Deployment Configuration File.
-
-5.  Add the Office 2013 App-V Package with the new Deployment Configuration File.
-
-    ``` syntax
+    ``` XML
     <Application Id="[{AppVPackageRoot)]\officefl5\INFOPATH.EXE" Enabled="true">
       <VisualElements>
         <Name>InfoPath Filler 2013</Name>
@@ -630,20 +335,16 @@ To exclude specific Office applications (for example, Access and InfoPath) when
       </VisualElements>
     </Application>
     ```
+6. Re-add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
 
-6.  Re-add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
-
-### <a href="" id="bkmk-disable-shortcuts"></a>Disabling Office 2013 shortcuts
+### Disabling Office 2013 shortcuts
 
 You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access.
 
-**To disable shortcuts for Office 2013 applications**
+1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
+2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems &lt;shortcut&gt; &lt;/shortcut&gt; intact to disable the Microsoft Access shortcut.
 
-1.  Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
-
-2.  To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems &lt;shortcut&gt; &lt;/shortcut&gt; intact to disable the Microsoft Access shortcut.
-
-    ``` syntax
+    ```XML
     Shortcuts 
 
     -->
@@ -663,119 +364,74 @@ You may want to disable shortcuts for certain Office applications instead of unp
            <ApplicationId>[{AppVPackageRoot}]\officel5\MSACCESS.EXE</ApplicationId>
         </Shortcut>
     ```
-
-3.  Save the Deployment Configuration File.
-
-4.  Republish Office 2013 App-V Package with new Deployment Configuration File.
+3. Save the Deployment Configuration File.
+4. Republish Office 2013 App-V Package with new Deployment Configuration File.
 
 Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document.
 
-### <a href="" id="bkmk-manage-office-pkg-upgrd"></a>Managing Office 2013 package upgrades
+### Managing Office 2013 package upgrades
 
 To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2013 package, perform the following steps.
 
-**How to upgrade a previously deployed Office 2013 package**
+#### How to upgrade a previously deployed Office 2013 package
 
-1.  Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
+1. Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
 
-    **Note**  
-    Office App-V packages have two Version IDs:
+    >[!NOTE]
+    >Office App-V packages have two Version IDs:
+      * An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
+      * A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
+2. Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
+3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
 
-    -   An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
-
-    -   A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
-
-     
-
-2.  Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
-
-3.  Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
-
-### <a href="" id="bkmk-manage-office-lic-upgrd"></a>Managing Office 2013 licensing upgrades
+### Managing Office 2013 licensing upgrades
 
 If a new Office 2013 App-V Package has a different license than the Office 2013 App-V Package currently deployed. For instance, the Office 2013 package deployed is a subscription based Office 2013 and the new Office 2013 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade:
 
-**How to upgrade an Office 2013 License**
+#### How to upgrade an Office 2013 License
 
-1.  Unpublish the already deployed Office 2013 Subscription Licensing App-V package.
-
-2.  Remove the unpublished Office 2013 Subscription Licensing App-V package.
-
-3.  Restart the computer.
-
-4.  Add the new Office 2013 App-V Package Volume Licensing.
-
-5.  Publish the added Office 2013 App-V Package with Volume Licensing.
+1. Unpublish the already deployed Office 2013 Subscription Licensing App-V package.
+2. Remove the unpublished Office 2013 Subscription Licensing App-V package.
+3. Restart the computer.
+4. Add the new Office 2013 App-V Package Volume Licensing.
+5. Publish the added Office 2013 App-V Package with Volume Licensing.
 
 An Office 2013 App-V Package with your chosen licensing will be successfully deployed.
 
-### <a href="" id="bkmk-deploy-visio-project"></a>Deploying Visio 2013 and Project 2013 with Office
+### Deploying Visio 2013 and Project 2013 with Office
 
 This section describes the requirements and options for deploying Visio 2013 and Project 2013 with Office.
 
-- **To package and publish Visio 2013 and Project 2013 with Office**: Include Visio 2013 and Project 2013 in the same package with Office. If you aren’t deploying Office, you can create a package that contains Visio and/or Project.
+* **To package and publish Visio 2013 and Project 2013 with Office**: Include Visio 2013 and Project 2013 in the same package with Office. If you aren’t deploying Office, you can create a package that contains Visio and/or Project.
+* **To deploy Visio 2013 and Project 2013 to specific users**: Use one of the following methods:
 
-- **To deploy Visio 2013 and Project 2013 to specific users**: Use one of the following methods:
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Goal</th>
-<th align="left">Method</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Create two different packages and deploy each one to a different group of users</p></td>
-<td align="left"><p>Create and deploy the following packages:</p>
-<ul>
-<li><p>A package that contains only Office - deploy to computers whose users need only Office.</p></li>
-<li><p>A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>If you want only one package for the whole organization, or if you have users who share computers:</p></td>
-<td align="left"><p>Follows these steps:</p>
-<ol>
-<li><p>Create a package that contains Office, Visio, and Project.</p></li>
-<li><p>Deploy the package to all users.</p></li>
-<li><p>Use [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) to prevent specific users from using Visio and Project.</p></li>
-</ol></td>
-</tr>
-</tbody>
-</table>
+|Goal|Method|
+|---|---|
+|Create two different packages and deploy each one to a different group of users|Create and deploy the following packages:<br>A package that contains only Office—deploy to computers whose users need only Office.<br>A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.|
+|Create just one package for the whole organization, or for users who share computers|Follow these steps:<br>1. Create a package that contains Office, Visio, and Project.<br>2. Deploy the package to all users.<br>3. Use [AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project.|
 
 ## Additional resources
 
+### Additional resources for Office 2013 App-V Packages
 
-**Office 2013 App-V Packages Additional Resources**
+* [Office 2013 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778)
+* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
 
-[Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778)
+### Additional resources for Office 2010 App-V Packages
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
+* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
+* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
 
-**Office 2010 App-V Packages**
+### Additional resources for Connection Groups
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
+* [Managing Connection Groups](appv-managing-connection-groups.md)
+* [Connection groups on the App-V team blog](https://blogs.msdn.microsoft.com/gladiator/tag/connection-groups/)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+### Additional resources for Dynamic Configuration
 
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
-
-**Connection Groups**
-
-[Managing Connection Groups](appv-managing-connection-groups.md)
-
-[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
-
-**Dynamic Configuration**
-
-[About App-V Dynamic Configuration](appv-dynamic-configuration.md)
+* [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index a85db55986..e43a70509e 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -6,257 +6,216 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # Deploying Microsoft Office 2016 by Using App-V
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md).
-
-This topic contains the following sections:
-
--   [What to know before you start](#what-to-know-before-you-start)
-
--   [Creating an Office 2016 package for App-V with the Office Deployment Tool](#creating-an-office-2016-package-for-app-v-with-the-office-deployment-tool) 
-
--   [Publishing the Office package for App-V](#publishing-the-office-package-for-app-v) 
-
--   [Customizing and managing Office App-V packages](#customizing-and-managing-office-app-v-packages) 
+Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md).
 
 ## What to know before you start
 
-Before you deploy Office 2016 by using App-V, review the following planning information.
+Before you deploy Office 2016 with App-V, review the following planning information.
 
 ### Supported Office versions and Office coexistence
 
-Use the following table to get information about supported versions of Office and about running coexisting versions of Office.
+Use the following table to get information about supported versions of Office and running coexisting versions of Office.
 
-| **Information to review**           | **Description**        |
-|-------------------------------------|------------------------|
-| [Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)     | - Supported versions of Office<br>- Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)<br>- Office licensing options |
-| [Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting) | Considerations for installing different versions of Office on the same computer   |
+|Information to review|Description|
+|---|---|
+|[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#supported-versions-of-microsoft-office)|Supported versions of Office and deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), and pooled VDI), and Office licensing options.|
+|[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#before-you-implement-office-coexistence)|Considerations for installing different versions of Office on the same computer.|
 
 ### Packaging, publishing, and deployment requirements
 
-Before you deploy Office by using App-V, review the following requirements.
+Before you deploy Office with App-V, review the following requirements.
 
- 
-
-| **Task**  | **Requirement**   |
+|Task|Requirement|
 |-----------|-------------------|
-| Packaging  | - All of the Office applications that you want to deploy to users must be in a single package.<br>- In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.<br>- If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). |
-| Publishing   | - You can publish only one Office package to each client computer.<br>- You must publish the Office package globally. You cannot publish to the user. |
-| Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:<br>- Office 365 ProPlus<br>- Visio Pro for Office 365<br>- Project Pro for Office 365 | You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx). |
+| Packaging.  | All Office applications that you deploy to users must be in a single package.<br>In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation.<br>If you're deploying Microsoft Visio 2016 and Microsoft Project 2016 at the same time as Office, you must put them all in the same package. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). |
+| Publishing.   | You can only publish one Office package per client computer.<br>You must publish the Office package globally, not to the user. |
+| Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer with Remote Desktop Services. | You must enable [shared computer activation](https://docs.microsoft.com/en-us/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus). |
 
 ### Excluding Office applications from a package
 
 The following table describes the recommended methods for excluding specific Office applications from a package.
 
-| **Task**    | **Details**   |
+|Task|Details|
 |-------------|---------------|
-| Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool. | Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.<br><br>For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#BKMK_ExcludeAppElement). |
-| Modify the DeploymentConfig.xml file                                                            | Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.<br>For more information, see [Disabling Office 2016 applications](#disabling-office-2016-applications).                      |
+| Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool. | With this setting, you can exclude specific Office applications from the package that the Office Deployment Tool creates. For example, you can use this setting to create a package that contains only Microsoft Word.<br>For more information, see [ExcludeApp element](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element). |
+| Modify the DeploymentConfig.xml file | Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.<br>For more information, see [Disabling Office 2016 applications](#disabling-office-2016-applications).                      |
 
 ## Creating an Office 2016 package for App-V with the Office Deployment Tool
 
 Complete the following steps to create an Office 2016 package for App-V.
 
->**Important**&nbsp;&nbsp;In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
+>[!IMPORTANT]
+>In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
 
 ### Review prerequisites for using the Office Deployment Tool
 
-The computer on which you are installing the Office Deployment Tool must have:
+The computer on which you are installing the Office Deployment Tool must have the following:
 
- 
-
-| **Prerequisite**     | **Description**    |
+| Prerequisite     | Description    |
 |----------------------|--------------------|
 | Prerequisite software    | .Net Framework 4    |
-| Supported operating systems | -   64-bit version of Windows 10<br>- 64-bit version of Windows 8 or 8.1<br>- 64-bit version of Windows 7 |
+| Supported operating systems | 64-bit version of Windows 10<br>64-bit version of Windows 8 or 8.1<br>64-bit version of Windows 7 |
 
->**Note**&nbsp;&nbsp;In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
+>[!NOTE]
+>In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
 
-### Create Office 2016 App-V Packages Using Office Deployment Tool
+### Create Office 2016 App-V packages with the Office Deployment Tool
 
-You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Subscription Licensing.
+You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with subscription licensing.
 
 Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
 
 ### Download the Office Deployment Tool
 
-Office 2016 App-V Packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
+Office 2016 App-V packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation, follow these steps:
 
-1.  Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
+1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
 
-    > **Important**&nbsp;&nbsp;You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
+    >[!IMPORTANT]
+    >You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
+2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
 
-2.  Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
-
-    Example: \\\\Server\\Office2016
-
-3.  Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+    Example location: \\\\Server\\Office2016
+3. Check that the **setup.exe** and **configuration.xml** files exist and are in the location you specified.
 
 ### Download Office 2016 applications
 
 After you download the Office Deployment Tool, you can use it to get the latest Office 2016 applications. After getting the Office applications, you create the Office 2016 App-V package.
 
-The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
+The XML file included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
 
-**Step 1: Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+  1. Open the sample XML file in Notepad or your favorite text editor.
+  2. With the sample **configuration.xml** file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the **configuration.xml** file:
 
-1.  Open the sample XML file in Notepad or your favorite text editor.
-
-2.  With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
-
-    ```
-    <Configuration>
-       <Add SourcePath= ”\\Server\Office2016” OfficeClientEdition="32" >
-        <Product ID="O365ProPlusRetail ">
-          <Language ID="en-us" />
-        </Product>
-        <Product ID="VisioProRetail">
-          <Language ID="en-us" />
-        </Product>
-      </Add>  
-    </Configuration>
-    ```
+      ```XML
+      <Configuration>
+         <Add SourcePath= ”\\Server\Office2016” OfficeClientEdition="32" >
+          <Product ID="O365ProPlusRetail ">
+            <Language ID="en-us" />
+          </Product>
+          <Product ID="VisioProRetail">
+            <Language ID="en-us" />
+          </Product>
+        </Add>
+      </Configuration>
+      ```
     
-    >**Note**&nbsp;&nbsp;The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the “&lt;! - -“ from the beginning of the line, and the “-- &gt;” from the end of the line.
+      >[!NOTE]
+      >The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To uncomment these lines, remove the ```<! - -``` from the beginning of the line, and the ```-- >``` from the end of the line.
 
-    The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016, which is the location where Office applications will be saved. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
+      The previous example of an XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016 location where Office applications will be saved. Note that the Product ID of the applications will not affect Office's final licensing. You can create Office 2016 App-V packages with various licensing from the same applications by specifying licensing in a later stage. The following table summarizes the XML file's customizable attributes and elements:
 
-| **Input**    | **Description**            | **Example**    |
-|--------------|----------------------------|----------------|
-| Add element  | Specifies the products and languages to include in the package.     | N/A     |
-| OfficeClientEdition (attribute of Add element) | Specifies the edition of Office 2016 product to use: 32-bit or 64-bit. The operation fails if **OfficeClientEdition** is not set to a valid value.     | **OfficeClientEdition**="32"<br>**OfficeClientEdition**="64"  |
-| Product element   | Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.<br>For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297).   | `Product ID ="O365ProPlusRetail"`<br>`Product ID ="VisioProRetail"`<br>`Product ID ="ProjectProRetail"` |
-| Language element     | Specifies the language supported in the applications    | `Language ID="en-us"`   |
-| Version (attribute of Add element) | Optional. Specifies a build to use for the package<br>Defaults to latest advertised build (as defined in v32.CAB at the Office source).   | `16.1.2.3`    |
-| SourcePath (attribute of Add element)   | Specifies the location in which the applications will be saved to.    | `Sourcepath = "\\Server\Office2016"`     |
-| Channel (part of Add element)       | Optional. Defines which channel to use for updating Office after it is installed.<br>The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client. <br>For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://technet.microsoft.com/library/mt455210.aspx). | `Channel="Current"`<br><br>`Channel="Deferred"`<br><br>`Channel="FirstReleaseDeferred"`<br><br>`Channel="FirstReleaseCurrent"`  |
+      | Input    | Description            | Example    |
+      |--------------|----------------------------|----------------|
+      | Add element  | Specifies which products and languages the package will include.     | N/A     |
+      | **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition**  must be set to a valid value for the operation to succeed.     | `OfficeClientEdition="32"`<br>`OfficeClientEdition="64"`  |
+      | Product element   | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.<br>For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297).   | `Product ID ="O365ProPlusRetail"`<br>`Product ID ="VisioProRetail"`<br>`Product ID ="ProjectProRetail"` |
+      | Language element     | Specifies which language the applications support.    | `Language ID="en-us"`   |
+      | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.<br>Defaults to latest advertised build (as defined in v32.CAB at the Office source).   | `16.1.2.3`    |
+      | SourcePath (attribute of **Add** element)   | Specifies the location the applications will be saved to.    | `Sourcepath = "\\Server\Office2016"`     |
+      | Channel (part of **Add** element)       | Optional. Defines which channel will be used to update Office after installation.<br>The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client. <br>For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://docs.microsoft.com/en-us/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`<br>`Channel="Deferred"`<br>`Channel="FirstReleaseDeferred"`<br>`Channel="FirstReleaseCurrent"`  |
 
-After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+After editing the **configuration.xml** file to specify the desired product, languages, and the location where the Office 2016 applications will be saved to, you can save the configuration file under a name of your choice, such as "Customconfig.xml."
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2016 applications that will later be converted into an App-V package. The following is an example command:
 
-**Step 2: Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with description of details:
+  `\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
 
-`\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
+  The following table describes the example command's elements:
 
-In the example:
-
-| Element | Description |
-|-------------------------------|--------------------------------------|
-| **\\\\server\\Office2016**    | is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.    |
-| **Setup.exe**   | is the Office Deployment Tool.     |
-| **/download**   | downloads the Office 2016 applications that you specify in the customConfig.xml file.  |
-| **\\\\server\\Office2016\\Customconfig.xml** | passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\\\Server\\Office2016. |
+  | Element | Description |
+  |-------------------------------|--------------------------------------|
+  | ```\\server\Office2016```    | This is the network share location that contains the Office Deployment Tool and the custom **Configuration.xml** file, which in this example is **Customconfig.xml**.    |
+  | ``Setup.exe``   | This is the Office Deployment Tool.     |
+  | ```/download```  | Downloads the Office 2016 applications that you specify in the **Customconfig.xml** file.  |
+  | ```\\server\Office2016\Customconfig.xml```| This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the configuration file, which in this example is ```\\Server\Office2016```. |
 
 ### Convert the Office applications into an App-V package
 
 After you download the Office 2016 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2016 App-V package. Complete the steps that correspond to your licensing model.
 
-**Summary of what you’ll need to do:**
+#### What you’ll need to do
 
--   Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
+* Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
+* Create an Office App-V package for either Subscription Licensing package by using the Office Deployment Tool, and then modify the **Customconfig.xml** configuration file.
 
--   Create an Office App-V package for either Subscription Licensing package by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
+    The following table summarizes the values you need to enter in the **Customconfig.xml** file. The steps in the sections that follow the table will specify the exact entries you need to make.
 
-    The following table summarizes the values you need to enter in the CustomConfig.xml file. The steps in the sections that follow the table will specify the exact entries you need to make.
+>[!NOTE]
+>You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
 
->**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
-
-| **Product ID**                                   | **Subscription Licensing**                                  |
-|--------------------------------------------------|-------------------------------------------------------------|
-| **Office 2016**                                  | O365ProPlusRetail                                           |
-| **Office 2016 with Visio 2016**                  | O365ProPlusRetail<br>VisioProRetail                         |
-| **Office 2016 with Visio 2016 and Project 2016** | O365ProPlusRetail<br>VisioProRetail<br>ProjectProRetail     |
+| Product ID  | Subscription licensing  |
+|---|---|
+| Office 2016| O365ProPlusRetail |
+| Office 2016 with Visio 2016  | O365ProPlusRetail<br>VisioProRetail  |
+| Office 2016 with Visio 2016 and Project 2016     | O365ProPlusRetail<br>VisioProRetail<br>ProjectProRetail     |
 
 #### How to convert the Office applications into an App-V package
+
 1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    - **SourcePath**: Point to the Office applications downloaded earlier.
+    * **SourcePath**: Change to the location where you saved the Office applications you downloaded during setup.
+    * **ProductID**: Specify the type of licensing, as shown in the following example:
 
-    - **ProductID**: Specify the type of licensing, as shown in the following example:
-
-        - Subscription Licensing:
+        * Subscription Licensing:
+        ```XML
+        <Configuration>
+           <Add SourcePath= "\\server\Office 2016" OfficeClientEdition="32" >
+            <Product ID="O365ProPlusRetail">
+              <Language ID="en-us" />
+            </Product>
+            <Product ID="VisioProRetail">
+              <Language ID="en-us" />
+            </Product>
+          </Add>
+        </Configuration>
         ```
-<Configuration>
-   <Add SourcePath= "\\server\Office 2016" OfficeClientEdition="32" >
-    <Product ID="O365ProPlusRetail">
-      <Language ID="en-us" />
-    </Product>
-    <Product ID="VisioProRetail">
-      <Language ID="en-us" />
-    </Product>
-  </Add>  
-</Configuration>
-        ```
-        In this example, the following changes were made to create a package with Subscription licensing:
+        This example made the following changes to create this Subscription Licensing package:
         
-        **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.<br>
-        **Product ID** for Office was changed to `O365ProPlusRetail`.<br>
-        **Product ID** for Visio was changed to `VisioProRetail`.
-        
-    - **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access.
-
-    - **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+        * **SourcePath** was changed to point to the Office applications that were downloaded earlier.
+        * **Product ID** for Office was changed to `O365ProPlusRetail`.
+        * **Product ID** for Visio was changed to `VisioProRetail`.
+    * **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package created by the Office Deployment Tool. For example, you can exclude Access.
+    * **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use **PACKAGEGUID** to specify a different package ID for each package, which allows you to publish multiple App-V packages created by the Office Deployment Tool, and then manage your published packages with the App-V Server.
         
         An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
         
-        >**Note**&nbsp;&nbsp;Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+        >[!NOTE]
+        >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
 
-2.	Use the /packager command to convert the Office applications to an Office 2016 App-V package.
+    The following is an example packager command:
 
-    For example:
-
-    ``` syntax
+    ```syntax
     \\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml  \\server\share\Office2016AppV
     ```
 
-    In the example:
+    The following table describes each element used in the example command:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p><code>\\server\Office2016</code></p></td>
-    <td align="left"><p>is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p><code>Setup.exe</code></p></td>
-    <td align="left"><p>is the Office Deployment Tool.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p><code>/packager</code></p></td>
-    <td align="left"><p>creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p><code>\\server\Office2016\Customconfig.xml</code></p></td>
-    <td align="left"><p>passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p><code>\\server\share\Office2016AppV</code></p></td>
-    <td align="left"><p>specifies the location of the newly created Office App-V package.</p></td>
-    </tr>
-    </tbody>
-    </table>
+    | Element | Description |
+    |-------------------------------|--------------------------------------|
+    |```\\server\Office2016```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is Customconfig.xml.|
+    |```Setup.exe```|This is the Office Deployment Tool.|
+    |```/packager```|This command creates the Office 2016 App-V package with the license type specified in the Customconfig.xml file.|
+    |```\\server\Office2016\Customconfig.xml```|This passes the configuration XML file that has been prepared for the packaging stage. In this example, the file is Customconfig.xml.|
+    |```\\server\share\Office2016AppV```|This specifies the location of the newly created Office App-V package.|
 
-    After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:<br>
+    After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
     
-    - **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files.
-    - **WorkingDir**
-
-    **Note**&nbsp;&nbsp;To troubleshoot any issues, see the log files in the %temp% directory (default).
+    * **App-V Packages**—contains an Office 2016 App-V package and two deployment configuration files.
+    * **WorkingDir**
 
+    >[!NOTE]
+    >To troubleshoot any issues, see the log files in the %temp% directory (default).
 3. Verify that the Office 2016 App-V package works correctly:
 
-    1. Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear.
-
+    1. Publish the Office 2016 App-V package that you created globally to a test computer and verify that the Office 2016 shortcuts appear.
     2. Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
 
 ## Publishing the Office package for App-V
@@ -265,94 +224,78 @@ Use the following information to publish an Office package.
 
 ### Methods for publishing Office App-V packages
 
-Deploy the App-V package for Office 2016 by using the same methods you use for any other package:
+Deploy the App-V package for Office 2016 by using the same methods as the other packages that you've already deployed:
 
--   System Center Configuration Manager
-
--   App-V Server
-
--   Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V Server
+* Stand-alone through Windows PowerShell commands
 
 ### Publishing prerequisites and requirements
 
-| **Prerequisite or requirement**       | **Details**        |
+| Prerequisite or requirement           | Details            |
 |---------------------------------------|--------------------|
-| Enable Windows PowerShell scripting on the App-V clients | To publish Office 2016 packages, you must run a script.<br><br>Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:<br>`Set-AppvClientConfiguration -EnablePackageScripts 1`    |
-| Publish the Office 2016 package globally     | Extension points in the Office App-V package require installation at the computer level.<br><br>When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2016 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages. |
+| Enable Windows PowerShell scripting on the App-V clients. | To publish Office 2016 packages, you must run a script. However, package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:<br>`Set-AppvClientConfiguration -EnablePackageScripts 1`    |
+| Publish the Office 2016 package globally.     | Extension points in the Office App-V package require installation at the computer level.<br>When you publish at the computer level, no prerequisite actions or redistributables are needed. The Office 2016 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages. |
 
 ### How to publish an Office package
 
 Run the following command to publish an Office package globally:
 
--   `Add-AppvClientPackage <Path_to_AppV_Package > | Publish-AppvClientPackage -global`
+```PowerShell
+Add-AppvClientPackage <Path_to_AppV_Package > | Publish-AppvClientPackage -global
+```
 
--   From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group.
+* You can add permissions to a group of computers instead of just a user group through the Web Management Console on the App-V Server. This lets packages be published globally to the computers in the corresponding group.
 
 ## Customizing and managing Office App-V packages
 
 To manage your Office App-V packages, use the same operations as you would for any other package, with a few exceptions as outlined in the following sections.
 
--   [Enabling Office plug-ins by using connection groups](#enabling-office-plug-ins-by-using-connection-groups) 
-
--   [Disabling Office 2016 applications](#disabling-office-2016-applications) 
-
--   [Disabling Office 2016 shortcuts](#disabling-office-2016-shortcuts) 
-
--   [Managing Office 2016 package upgrades](#managing-office-2016-package-upgrades) 
-
--   [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office) 
+* [Enabling Office plug-ins by using connection groups](#enabling-office-plug-ins-by-using-connection-groups)
+* [Disabling Office 2016 applications](#disabling-office-2016-applications)
+* [Disabling Office 2016 shortcuts](#disabling-office-2016-shortcuts)
+* [Managing Office 2016 package upgrades](#managing-office-2016-package-upgrades)
+* [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office)
 
 ### Enabling Office plug-ins by using connection groups
 
-Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps.
+The following steps will tell you how to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that only contains the plug-ins (you can't use the Office Deployment Tool to create the plug-ins package). After that, create a connection group that contains the Office package and the plug-ins package.
 
-#### To enable plug-ins for Office App-V packages
+#### Enable plug-ins for Office App-V packages
 
-1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Office 365 ProPlus (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins.
+3. Create an App-V package that includes the plug-ins you want.
+4. Add a Connection Group through the App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
 
-2.  Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
+    >[!IMPORTANT]
+    >The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
+6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match published Office 2016 App-V package's global settings.
+7. Verify that the plug-in package's Deployment Configuration file has the same settings as the Office 2016 App-V package.
 
-3.  Create an App-V package that includes the desired plug-ins.
-
-4.  Add a Connection Group through App-V server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
-
-5.  Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
-
-    > **Important**&nbsp;&nbsp;The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
-
-6.  Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2016 App-V package.
-
-7.  Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2016 App-V package has.
-
-    Since the Office 2016 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2016 App-V package you published.
-
-8.  Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
-
-9.  If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file.
-
-10.  Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2016 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group.
-
-11.  After you successfully publish both packages and enable the Connection Group, start the target Office 2016 application and verify that the plug-in you published and added to the connection group works as expected.
+    The Office 2016 App-V plug-in package's settings must match those of the operating system to allow for integration. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2016 App-V package you published.
+8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
+9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file.
+10. Ensure that the Connection Group you created on your desired computer is enabled. The Connection Group created will be shown as "pending" if the Office 2016 App-V package is being used while the Connection Group is enabled. If that happens, you'll have to reboot the computer to successfully enable the Connection Group.
+11. After you successfully publish both packages and enable the Connection Group, verify the plug-ins you published on the Connection Group work as expected.
 
 ### Disabling Office 2016 applications
 
-You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
+You can also disable specific applications in your Office App-V package. For example, if you don't want to use Access, you can disable Access while leaving all other Office applications available. When you disable an application, the user will no longer see its shortcut icon. You don't need to re-sequence the application to do this. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, just save the changes and add the Office 2016 App-V package, then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
 
->**Note**&nbsp;&nbsp;To exclude specific Office applications (for example, Access) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
+>[!NOTE]
+>To exclude specific Office applications when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
 
-#### To disable an Office 2016 application
+#### Disable an Office 2016 application
 
-1.  Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
+1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
+2. Search for the Office application you want to disable, for example, Access 2016.
+3. Change the value of **Enabled** to **false**.
+4. Save the Deployment Configuration File.
+5. Add the Office 2016 App-V Package with the new Deployment Configuration File.
 
-2.  Search for the Office application you want to disable, for example, Access 2016.
-
-3.  Change the value of "Enabled" from "true" to "false."
-
-4.  Save the Deployment Configuration File.
-
-5.  Add the Office 2016 App-V Package with the new Deployment Configuration File.
-
-    ``` syntax
+    ```XML
     <Application Id="[{AppVPackageRoot}]\officel6\lync.exe" Enabled="true">
       <VisualElements>
         <Name>Lync 2016</Name>
@@ -368,21 +311,19 @@ You may want to disable specific applications in your Office App-V package. For
       </VisualElements>
     </Application>
     ```
-
 6. Re-add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
 
 ### Disabling Office 2016 shortcuts
 
 You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access.
 
-#### To disable shortcuts for Office 2016 applications
+#### Disable shortcuts for Office 2016 applications
 
-1.  Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
+1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
+2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. The following example shows how to delete the Microsoft Access shortcuts while keeping the subsystems `<shortcut> </shortcut>` intact.
 
-2.  To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems &lt;shortcut&gt; &lt;/shortcut&gt; intact to disable the Microsoft Access shortcut.
-
-    ``` syntax
-    Shortcuts 
+    ``` XML
+    Shortcuts
     
     -->
      <Shortcuts Enabled="true">
@@ -401,45 +342,42 @@ You may want to disable shortcuts for certain Office applications instead of unp
            <ApplicationId>[{AppVPackageRoot}]\officel6\MSACCESS.EXE</ApplicationId>
         </Shortcut>
     ```
-
 3. Save the Deployment Configuration File.
-
-4. Republish Office 2016 App-V Package with new Deployment Configuration File.
+4. Republish the Office 2016 App-V Package with the new Deployment Configuration File.
 
 Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document.
 
 ### Managing Office 2016 package upgrades
 
-To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2016 package, perform the following steps.
+To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2016 package, perform the steps outlined in the following section.
 
 #### How to upgrade a previously deployed Office 2016 package
 
-1.  Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
+1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
 
-    > **Note**&nbsp;&nbsp;Office App-V packages have two Version IDs:
-    > - An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
-    > - A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
-
-2.  Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
-
-3.  Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
+    >[!NOTE]
+    >Office App-V packages have two Version IDs:
+      >* An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
+      >* A second App-V Package Version ID, formatted as X.X.X.X, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect the new version of Office. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
+2. Globally publish the newly created Office 2016 App-V Packages onto the computers you want to apply the new updates to. Since the new package has the same lineage as the older Office 2016 App-V Package, publishing will be fast, as publishing the new package with the updates only applies the new changes to the old package.
+3. Upgrades will be applied in the same manner of any globally published App-V packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
 
 ### Deploying Visio 2016 and Project 2016 with Office
 
 The following table describes the requirements and options for deploying Visio 2016 and Project 2016 with Office.
 
-| **Task**            | **Details**   |
+| Task                | Details       |
 |---------------------|---------------|
 | How do I package and publish Visio 2016 and Project 2016 with Office? | You must include Visio 2016 and Project 2016 in the same package with Office.<br>If you are not deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic.  |
-| How can I deploy Visio 2016 and Project 2016 to specific users?       | Use one of the following methods:<br>**To create two different packages and deploy each one to a different group of users**:<br>Create and deploy the following packages:<br>- A package that contains only Office - deploy to computers whose users need only Office.<br>- A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.<br><br>**To create only one package for the whole organization, or create a package intended for users who share computers**:<br>Follow these steps:<br>1. Create a package that contains Office, Visio, and Project.<br>2. Deploy the package to all users.<br>3. Use [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) to prevent specific users from using Visio and Project. |
+| How can I deploy Visio 2016 and Project 2016 to specific users?       | Use one of the following methods:<br>**To create two different packages and deploy each one to a different group of users**:<br>Create and deploy the following packages:<br>- A package that contains only Office—deploy to computers whose users need only Office.<br>- A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.<br><br>**To create only one package for the whole organization, or to create a package intended for users who share computers**:<br>1. Create a package that contains Office, Visio, and Project.<br>2. Deploy the package to all users.<br>3. Use [AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project. |
 
 ## Related topics
 
-- [Deploying App-V for Windows 10](appv-deploying-appv.md)
-- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
-- [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
+* [Deploying App-V for Windows 10](appv-deploying-appv.md)
+* [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+* [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 946c1b15fd..79da7a2972 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -36,7 +36,7 @@ Explains how to configure the App-V client to enable only administrators to publ
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for using an ESD and App-V
 
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 68e3cdbb61..58d77d2a5a 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -6,29 +6,26 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# Deploying the App-V Sequencer and configuring the client
 
+>Applies to: Windows 10, version 1607
 
-# Deploying the App-V Sequencer and Configuring the Client
-
-**Applies to**
--   Windows 10, version 1607
-
-The App-V Sequencer and client enable administrators to virtualize and run virtualized applications.
+The App-V Sequencer and client let administrators to virtualize and run virtual applications.
 
 ## Enable the client
 
-The App-V client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and to double-click file types, so that they can start a virtualized application. The client can also obtain the virtual application content from the management server.
+The App-V client is the component that runs a virtualized application on a target computer. The client lets users interact with icons and file types, starting virtualized applications. The client can also get the virtual application content from the management server.
 
-> [!NOTE]  
-> In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
+>[!NOTE]
+>In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
 
 [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
 
-## Client Configuration Settings
+## Client configuration settings
 
-The App-V client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. For information about client settings that you can configure through Windows PowerShell or through the registry, see [About Client Configuration Settings](appv-client-configuration-settings.md).
+The App-V client stores its configuration in the registry. Understanding the format used in the data registry can help you learn useful information about the client. For information about client settings that you can configure through Windows PowerShell or through the registry, see [About client configuration settings](appv-client-configuration-settings.md).
 
 ## Configure the client by using the ADMX template and Group Policy
 
@@ -36,28 +33,26 @@ You can use Group Policy to configure the client settings for the App-V client a
 
 To manage the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
 
-1.  Save the **.admx** file to the following directory: **Windows \\ PolicyDefinitions**
-
-2.  Save the **.adml** file to the following directory: **Windows \\ PolicyDefinitions \\ <Language Directory>**
+1. Save the **.admx** file to the following directory: ```Windows\PolicyDefinitions```
+2. Save the **.adml** file to the following directory: ```Windows\PolicyDefinitions\<Language Directory>```
 
 After you have completed the preceding steps, you can use Group Policy to configure the client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
 
 ## Understanding Shared Content Store mode for App-V clients
 
-The App-V Shared Content Store (SCS) mode enables the SCS App-V clients to run virtualized applications without saving any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use the SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V client are supported with SCS mode.
+App-V Shared Content Store (SCS) mode lets SCS App-V clients run virtualized applications without having to save any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V client are supported with SCS mode.
 
-> [!IMPORTANT]  
-> If the App-V client is configured to run in the SCS mode, the location where the App-V packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V client in the SCS mode across the internet.
+>[!IMPORTANT]
+>If the App-V client is configured to run in the SCS mode, the location where the App-V packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V client in the SCS mode across the internet.
 
 Additionally, the SCS is not a physical location that contains virtualized packages. It is a mode that allows the App-V client to stream the required virtualized package data across the network.
 
 The SCS mode is helpful in the following scenarios:
 
--   Virtual desktop infrastructure (VDI) deployments
+* Virtual desktop infrastructure (VDI) deployments
+* Remote Desktop Services deployments
 
--   Remote Desktop Services deployments
-
-To use SCS in your environment, you must configure the App-V client to run in SCS mode (it will not use SCS mode by default). 
+To use SCS in your environment, you must configure the App-V client to run in SCS mode, as it does not use SCS mode by default.
 
 There might be cases when the administrator pre-loads some virtual applications on the computer that runs the App-V client in SCS mode. This can be accomplished with Windows PowerShell commands to add, publish, and mount the package. For example, if a package is pre-loaded on all computers, the administrator could add, publish, and mount the package by using Windows PowerShell commands. The package would not stream across the network because it would be locally stored.
 
@@ -65,15 +60,14 @@ There might be cases when the administrator pre-loads some virtual applications
 
 Use the following steps to locate and configure the Group Policy setting for the SCS Mode for App-V clients.
 
-1.  In the Group Policy Management Console, navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Streaming**.
+1. In the Group Policy Management Console, navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Streaming**.
+2. Enable the **Set the Shared Content Mode (SCS) mode** setting.
 
-2.  Enable the **Set the Shared Content Mode (SCS) mode** setting.
-
-### Configure an individual client to use the SCS mode
+### Configure an individual client to use SCS mode
 
 To configure the App-V client to run in SCS mode, on the client, enter the following Windows PowerShell command:
 
-```
+```PowerShell
 Set-AppvClientConfiguration -SharedContentStoreMode 1
 ```
 
@@ -83,15 +77,17 @@ The Sequencer is a tool that is used to convert standard applications into virtu
 
 For a list of changes in the App-V Sequencer, see [What's new in App-V](appv-about-appv.md).
 
-To deploy the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
+To deploy the sequencer, see [How to install the Sequencer](appv-install-the-sequencer.md).
 
-## App-V Client and Sequencer logs
+## App-V client and Sequencer logs
 
+You can use the App-V Sequencer log information to troubleshoot Sequencer installation and operational events while using App-V. The Sequencer-related log information can be reviewed with the **Event Viewer**. The following file path is the specific path for Sequencer-related events:
 
-You can use the App-V Sequencer log information to help troubleshoot the Sequencer installation and operational events while using App-V. The Sequencer-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Sequencer-related events:
+**Event Viewer\Applications and Services Logs\Microsoft\App V**.
 
-**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**. Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**.
+>[!NOTE]
+>Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 1112538222..2b88ff503b 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -6,83 +6,79 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # Deploying the App-V server
 
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
->**Note**<br>If you plan to use the App-V server components in your deployment, note that they reference App-V 5.x. This is because the App-V server components have not changed in App-V for Windows 10. 
+You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V security considerations](appv-security-considerations.md).
 
-You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V Security Considerations](appv-security-considerations.md). 
+>[!NOTE]
+>If you plan to use the App-V server components in your deployment, note that the version number is still listed as App-V 5.x, as the App-V server components have not changed in App-V for Windows 10.
 
-For information about deploying App-V for Windows 10, see [What's new in App-V](appv-about-appv.md).
+To learn more about deploying App-V for Windows 10, read [What's new in App-V](appv-about-appv.md).
 
->**Important**<br>Before you install and configure the App-V servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
+>[!IMPORTANT]
+>Before installing and configuring the App-V servers, you must specify the port or ports where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports, as the installer does not modify firewall settings.
 
 ## Download and install App-V server components
 
->**Note**<br>
-If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+>[!NOTE]
+>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components, as they haven't changed since App-V 5.0 was released.
 
-App-V offers the following five server components, each of which serves a specific purpose in an App-V environment. 
+App-V offers the following five server components, each of which serves a specific purpose in an App-V environment.
 
-- **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
+* **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
 
-    >**Note**<br>If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
-    
-- **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the management database.
- 
-- **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. See [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md) for more information about configuring the publishing server.
+ >[!NOTE]
+    >If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
+* **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. For more information about the management database, see [How to deploy the App-V server](appv-deploy-the-appv-server.md).
+* **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. To learn how to configure the publishing server, see [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md).
+* **Reporting server.** Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. To learn more about App-V's reporting capabilities, see [About App-V reporting](appv-reporting.md).
+* **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. To learn more about the reporting database, see [How to deploy the App-V server](appv-deploy-the-appv-server.md).
 
-- **Reporting server.** Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. See [About App-V reporting](appv-reporting.md) for more information about the reporting capabilities in App-V.
+All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
 
-- **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the reporting database.
+* The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
+* The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
 
-All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
+In large organizations, you might want to install more than one instance of the server components to get the following benefits.
 
--   The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
-
--   The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
-
-In large organizations, you might want to install more than one instance of the server components to get:
-
-- Fault tolerance for situations when one of the servers is unavailable.
-
-- High availability to balance server requests. We recommend using a network load balancer to achieve this.
-
-- Scalability to support a high load. For example, you can install additional servers behind a network load balancer.
+* Fault tolerance for situations when one of the servers is unavailable.
+* High availability to balance server requests. A network load balancer can also help you acheive this.
+* Scalability to support high loads. For example, you can install additional servers behind a network load balancer.
 
 ## App-V standalone deployment
-The App-V standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are installed on a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. Therefore, you should not use this strategy for larger deployments.
 
-- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+The App-V standalone deployment's topology is good for small deployments or test environments. In this implementation type, all server components are installed on a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. However, because services and associated databases will compete for the computer's resources, it's not a good idea to use the standalone deployment for larger deployments.
 
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+The following articles will give you more information about how to set up an App-V standalone deployment.
 
-##  App-V Server distributed deployment
-The distributed deployment topology can support a large App-V client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V server components are deployed across multiple computers, based on the structure and requirements of the organization.
+* [How to deploy the App-V server](appv-deploy-the-appv-server.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
 
-- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+## App-V server distributed deployment
 
-- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
+The distributed deployment topology can support a large App-V client base, allowing you to more easily manage and scale your environment. When you use this type of deployment the App-V server components are deployed across multiple computers, based on your organization's structure and requirements.
 
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
-
-- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
-
-- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
+* [How to install the management and reporting databases on separate computers from the management and reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+* [How to install the management server on a standalone computer and connect it to the database](appv-install-the-management-server-on-a-standalone-computer.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
+* [How to install the publishing server on a remote computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+* [How to install the management server on a standalone computer and connect it to the database](appv-install-the-management-server-on-a-standalone-computer.md)
 
 ## Using an Enterprise Software Distribution (ESD) solution and App-V
-You can also deploy packages by using an ESD. The full capabilities for integration will vary depending on the ESD that you use.
 
->**Note**<br>The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
+You can also deploy packages with an ESD. Its full integration capabilities will vary depending on which ESD you use.
 
-[Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+>[!NOTE]
+>The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
+
+* [Deploying App-V packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
 
 ## App-V Server logs
+
 You can use App-V server log information to help troubleshoot the server installation and operational events while using App-V. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events:
 
 **Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**
@@ -92,22 +88,23 @@ Associated setup logs are saved in the following directory:
 **%temp%**
 
 ## App-V reporting
+
 App-V reporting allows App-V clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V client collects:
 
--   Information about the computer that runs the App-V client.
+* Information about the computer running the App-V client.
+* Information about virtualized packages on a specific computer running the App-V client.
+* Information about package open and shutdown for a specific user.
 
--   Information about virtualized packages on a specific computer that runs the App-V client.
+The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services (SSRS) to generate any necessary reports.
 
--   Information about package open and shutdown for a specific user.
+If you want to retrieve report information, you must use Microsoft SQL SSRS, which is available with Microsoft SQL. SSRS must be deployed separately to generate the associated reports, as it isn't automatically installed during App-V server installation.
 
-The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports.
+For more information, see [About App-V reporting](appv-reporting.md) and [How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
 
-If you want to retrieve report information, you must use Microsoft SQL Server Reporting Services (SSRS) which is available with Microsoft SQL. SSRS is not installed when you install the App-V reporting server and it must be deployed separately to generate the associated reports.
+## Other App-V server resources
 
-For more information, see [About App-V Reporting](appv-reporting.md) and [How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
-
-## Other resources for the App-V server
-- [Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
 
 ## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index 2382fb9bf3..e979c7f02f 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -6,74 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # App-V Deployment Checklist
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-This checklist can be used to help you during an App-V deployment.
+This checklist outlines the recommended steps and items to consider when deploying App-V features. Use it to organize your priorites while you deploy App-V. You can copy this checklist into a spreadsheet program and customize it for your use.
 
->**Note**<br>
-This checklist outlines the recommended steps and items to consider when deploying App-V features. We recommend that you copy this checklist into a spreadsheet program and customize it for your use.
+|Status|Task|References|Notes|
+|---|---|---|---|
+|![Checklist box](../app-v/images/checklistbox.gif)|Prepare the computing environment for App-V deployment during your planning phase.|[App-V planning checklist](appv-planning-checklist.md)||
+|![Checklist box](../app-v/images/checklistbox.gif)|Review App-V's supported configurations.|[App-V supported configurations](appv-supported-configurations.md)||
+|![Checklist box](../app-v/images/checklistbox.gif)|Run App-V Setup to deploy the required App-V features for your environment.|[How to install the sequencer](appv-install-the-sequencer.md)<br>[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)<br>[How to deploy the App-V server](appv-deploy-the-appv-server.md)||
 
-<table>
-<colgroup>
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left"></th>
-<th align="left">Task</th>
-<th align="left">References</th>
-<th align="left">Notes</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Complete the planning phase to prepare the computing environment for App-V deployment.</p></td>
-<td align="left"><p>[App-V Planning Checklist](appv-planning-checklist.md)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Review the App-V supported configurations information.</p></td>
-<td align="left"><p>[App-V Supported Configurations](appv-supported-configurations.md)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Run App-V Setup to deploy the required App-V features for your environment.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>Keep track of the names of the servers and associated URLs created during installation. This information will be used throughout the installation process.</p>
-</div>
-<div>
- 
-</div></td>
-<td align="left"><p></p>
-<ul>
-<li><p>[How to Install the Sequencer](appv-install-the-sequencer.md)</p></li>
-<li><p>[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)</p></li>
-<li><p>[How to Deploy the App-V Server](appv-deploy-the-appv-server.md)</p></li>
-</ul></td>
-<td align="left"><p></p></td>
-</tr>
-</tbody>
-</table>
+>[!NOTE]
+>Keep track of server names and associated URLs you create during installation. You'll need this information throughout the installation process.
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 765d08ffa9..5cc4247912 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -735,7 +735,7 @@ To create the file manually, the information above in previous sections can be c
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 4201fc2dd5..3ae3740c77 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -29,4 +29,4 @@ Starting in App-V 5.0 SP3, you can configure the App-V client so that only admin
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 40e2ad2093..c21abca90a 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -41,7 +41,7 @@ Use the following procedure to configure the App-V for reporting.
     </tr>
     <tr class="even">
     <td align="left"><p>ReportingServerURL</p></td>
-    <td align="left"><p>Specifies the location on the reporting server where client information is saved. For example, http://&lt;reportingservername&gt;:&lt;reportingportnumber&gt;.</p>
+    <td align="left"><p>Specifies the location on the reporting server where client information is saved. For example, https://&lt;reportingservername&gt;:&lt;reportingportnumber&gt;.</p>
     <div class="alert">
     <strong>Note</strong>  
     <p>This is the port number that was assigned during the Reporting Server setup</p>
@@ -82,7 +82,7 @@ Use the following procedure to configure the App-V for reporting.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index 99775a8445..ff0ad45667 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -6,49 +6,37 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # Enable the App-V in-box client
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
+The App-V client is the component that runs virtualized applications on user devices. Once you enable the client, users can interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
 
-With Windows 10, version 1607, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell.
+With Windows 10, version 1607, the App-V client is installed automatically. However, you'll still need to enable the client yourself to allow user devices to access and run virtual applications. You can set up the client with the Group Policy editor or with Windows PowerShell.
 
-**To enable the App-V client with Group Policy:**
+Here's how to enable the App-V client with Group Policy:
 
-1.  Open the device’s **Group Policy Editor**.
+1. Open the device’s **Group Policy Editor**.
+2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+3. Run **Enables App-V Client**, then select **Enabled**.
+4. Restart the device.
 
-2.  Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+Here's how to enable the App-V client with Windows PowerShell:
 
-3.  Run **Enables App-V Client** and then select **Enabled** on the screen that appears.
+1. Open Windows PowerShell.
+2. Enter **Enable-Appv**, then select the Enter key.
+3. Restart the device.
+4. To verify that the App-V client is working, enter **Get-AppvStatus**, then select the Enter key.
 
-4.  Restart the device.
+Check out these articles for more information about how to configure the App-V client:
 
-**To enable the App-V client with Windows PowerShell:**
-
-1.  Open Windows PowerShell.
-
-2.  Type `Enable-Appv` and press ENTER.
-
-3.  Restart the device.
-
-4.  To verify that the App-V client is enabled on the device, type `Get-AppvStatus` and press ENTER.
-
-
-For information about configuring the App-V client, see:
-
-- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
-
-- [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
-
-- [Using the client management console](appv-using-the-client-management-console.md)
-
-- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) 
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
+* [How to modify client configuration by using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+* [Using the client management console](appv-using-the-client-management-console.md)
+* [How to configure the client to receive package and connection group updates From the Publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 655ab01b0e..d055f0c12d 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -47,7 +47,7 @@ Use the following links for more information about creating and managing virtual
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index 9b59235639..857938e467 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -66,4 +66,4 @@ The topics in this section provide information and step-by-step procedures to he
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index c70689420c..1003f2f5a6 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -6,73 +6,52 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# Getting started with App-V for Windows 10
 
+>Applies to: Windows 10, version 1607
 
-# Getting Started with App-V for Windows 10
+Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
 
-**Applies to**
--   Windows 10, version 1607
-
-Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
-
-With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
+With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you're new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
 
 If you’re already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).
 
->**Important**
-You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade.
+>[!IMPORTANT]
+>You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade your existing App-V installation to App-V 5.0 SP2 before upgrading to App-V for Windows.
 
-For information about previous versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index).
+To learn more about previous versions of App-V, see [MDOP information experience](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/index).
 
 ## Getting started with App-V for Windows 10 (new installations)
 
-To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table provides information about the App-V for Windows 10 components and where to find them.
+To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table describes the App-V for Windows 10 components, what they do, and where to find them.
 
 <!--App-V Remote Desktop Services (RDS) client once had its own row in the table below, and could have its own row again. As of 7/29/2016, it's in the same row as App-V client --> 
 
 | Component  | What it does     | Where to find it     |
 |------------|--|------|
-| App-V server components         | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For information about the server components, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).<br><br>**Note** If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:<br><br> - The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.<br><br> -  The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).<br><br>See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components. 
-| App-V client and App-V Remote Desktop Services (RDS) client       | The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607. <br><br>For information about enabling the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
-| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must be running the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).  |
+| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).<br><br>If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:<br><br> If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.<br><br> If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx).<br><br>See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.|
+| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607. <br><br>To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
+| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).  |
 
 For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md).
 
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For information about Microsoft training opportunities, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx).
+If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx).
 
 ## Getting started with App-V
 
+[What's new in App-V](appv-about-appv.md) provides a high-level overview of App-V and how it can be used in your organization.
 
--   [What's new in App-V](appv-about-appv.md)
+[Evaluating App-V](appv-evaluating-appv.md) provides information about how you can best evaluate App-V for use in your organization.
 
-    Provides a high-level overview of App-V and how it can be used in your organization.
+[High Level Architecture for App-V](appv-high-level-architecture.md) provides a description of the App-V features and how they work together.
 
--   [Evaluating App-V](appv-evaluating-appv.md)
-
-    Provides information about how you can best evaluate App-V for use in your organization.
-
--   [High Level Architecture for App-V](appv-high-level-architecture.md)
-
-    Provides a description of the App-V features and how they work together.
-
-## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
-
-
--   [Application Virtualization (App-V) overview](appv-for-windows.md)
-
--   [Planning for App-V](appv-planning-for-appv.md)
-
--   [Deploying App-V](appv-deploying-appv.md)
-
--   [Operations for App-V](appv-operations.md)
-
--   [Troubleshooting App-V](appv-troubleshooting.md)
-
--   [Technical Reference for App-V](appv-technical-reference.md)
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Other resources for this product
 
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 53dae3fb94..3b799fe1ab 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,85 +1,33 @@
 ---
-title: High Level Architecture for App-V (Windows 10)
-description: High Level Architecture for App-V
+title: High-level architecture for App-V (Windows 10)
+description: High-level Architecture for App-V.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# High-level architecture for App-V
 
+>Applies to: Windows 10, version 1607
 
-# High Level Architecture for App-V
-
-**Applies to**
--   Windows 10, version 1607
-
-Use the following information to help you simplify you Microsoft Application Virtualization (App-V) deployment.
-
-## Architecture Overview
+Use the following information to simplify your Microsoft Application Virtualization (App-V) deployment.
 
+## Architecture overview
 
 A typical App-V implementation consists of the following elements.
 
-<table>
-<colgroup>
-<col width="30%" />
-<col width="70%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Element</th>
-<th align="left">More information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V Management Server</p></td>
-<td align="left"><p>The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:</p>
-<ul>
-<li><p>Fault Tolerance and High Availability – Installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline.</p>
-<p>You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, a network load balancer should also be considered so that server requests are balanced.</p></li>
-<li><p>Scalability – You can add additional management servers as necessary to support a high load, for example you can install multiple servers behind a load balancer.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V Publishing Server</p></td>
-<td align="left"><p>The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports the following protocols:</p>
-<ul>
-<li><p>HTTP, and HTTPS</p></li>
-</ul>
-<p>You can also help increase App-V availability by installing the Publishing server on multiple computers. A network load balancer should also be considered so that server requests are balanced.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V Reporting Server</p></td>
-<td align="left"><p>The App-V Reporting server enables authorized users to run and view existing App-V reports and ad hoc reports that can help them manage the App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. A network load balancer should also be considered so that server requests are balanced.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V Client</p></td>
-<td align="left"><p>The App-V client enables packages created using App-V to run on target computers.</p></td>
-</tr>
-</tbody>
-</table>
+|Element|Description|
+|---|---|
+|App-V Management server|The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:<br>**Fault tolerance and high availability**—installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline. You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, consider using a network load balancer to keep server requests balanced.<br>**Scalability**—you can add additional management servers as necessary to support a high load. For example, you can install multiple servers behind a load balancer.|
+|App-V Publishing Server|The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports HTTP and HTTPS protocols.<br>You can also help increase App-V availability by installing the Publishing server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Reporting Server|The App-V Reporting server lets authorized users run and view existing App-V reports and ad hoc reports for managing App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Client|The App-V client enables packages created using App-V to run on target computers.|
 
-
-**Note**  
-If you are using App-V with Electronic Software Distribution (ESD) you are not required to use the App-V Management server. However, you can still utilize the reporting and streaming functionality of App-V.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+>[!NOTE]
+>If you are using App-V with electronic software distribution (ESD), you aren't required to use the App-V Management server. However, you can still use App-V's reporting and streaming functionality.
 
 ## Related topics
 
-
-[Getting Started with App-V](appv-getting-started.md)
-
- 
-
- 
-
-
-
-
-
+- [Getting Started with App-V](appv-getting-started.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index b2d945ee06..efc8ef2948 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -139,7 +139,7 @@ Before attempting this procedure, you should read and understand the information
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index eb3ed96877..3097201087 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -1,100 +1,77 @@
 ---
-title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services (Windows 10)
-description: How to install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
+title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
+description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services
 
-
-# How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
-
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
 Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail.
 
->**Note**  
-After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
+>[!NOTE]
+>After you complete the deployment, the administrator installing the service will need the Microsoft SQL Server name, instance name and the database name to connect to these databases.
 
-**To install the management database and the management server on separate computers**
+## Installing the management database and the management server on separate computers
 
-1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**, then select **Next**.
+4. On the **Feature selection** page, select the components you want to install by first selecting the **Management Server Database** checkbox, then selecting **Next**.
+5. On the **Installation location** page, accept the default location and select **Next**.
+6. On the initial **Create new management server database** page, accept the default selections if appropriate, then select **Next**.
+  * If you are using a custom SQL Server instance, select **Use a custom instance** and enter the name of the instance.
+  * If you are using a custom database name, select **Custom configuration** and enter the database name.
+7. On the next **Create new management server database** page, select **Use a remote computer**, then enter the remote machine account using the following format: ```Domain\MachineAccount```.
 
-2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+    >[!NOTE]
+    >If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: ```Domain\AdministratorLoginName```. After that, select **Next**.
+8. To start the installation, select **Install**.
 
-3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+## Installing the reporting database and the reporting server on separate computers
 
-4.  On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**.
+1. Copy the App-V server installation files to the computer you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. After that, select **Next**.
+4. On the **Feature selection** page, select the components you want to install by first selecting the **Reporting Server Database** checkbox, then selecting **Next**.
+5. On the **Installation Location** page, accept the default location and select **Next**.
+6. On the initial **Create new management server database** page, accept the default selections if appropriate, then select **Next**.
+ * If you're using a custom SQL Server instance, select **Use a custom instance** and enter the instance name.
+ * If you're using a custom database name, select **Custom configuration** and enter the database name.
+7. On the next **Create new management server database** page, select **Use a remote computer**, and enter the remote machine account using the following format: ```Domain\MachineAccount```.
 
-5.  On the **Installation Location** page, accept the default location and click **Next**.
+    >[!NOTE]
+    >If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. After that, select **Next**.
+8. To start the installation, select **Install**.
 
-6.  On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**.
+## Installing the management and reporting databases using App-V database scripts
 
-    If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
+1. Copy the App-V server installation files to the computer on which you want to install it on.
+2. To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
 
-    If you are using a custom database name, then select **Custom configuration** and type the database name.
+  ```SQL
+    appv\_server\_setup.exe /LAYOUT /LAYOUTDIR=”InstallationExtractionLocation”
+  ```
+  
+3. After the extraction has been completed, to access the App-V database scripts and instructions readme file:
 
-7.  On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
+ * The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
+ * The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
+4. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
 
-    >**Note**  
-    If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
+ >[!NOTE]
+ >For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
+5. Run the scripts on the computer running Microsoft SQL Server.
 
-8.  To start the installation, click **Install**.
+## Have a suggestion for App-V?
 
-**To install the reporting database and the reporting server on separate computers**
-
-1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
-
-2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
-
-3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4.  On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**.
-
-5.  On the **Installation Location** page, accept the default location and click **Next**.
-
-6.  On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**.
-
-    If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
-
-    If you are using a custom database name, then select **Custom configuration** and type the database name.
-
-7.  On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: Domain\\MachineAccount.
-
-    **Note**  
-    If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
-
-8.  To start the installation, click **Install**.
-
-**To install the management and reporting databases using App-V database scripts**
-
-1.  Copy the App-V server installation files to the computer on which you want to install it on.
-
-2.  To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
-
-    **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**
-
-3.  After the extraction has been completed, to access the App-V database scripts and instructions readme file:
-
-    -   The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
-
-    -   The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
-
-4.  For each database, copy the scripts to a share and modify them following the instructions in the readme file.
-
-    **Note**  
-    For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).     
-
-5.  Run the scripts on the computer running Microsoft SQL Server.
-
-## Have a suggestion for App-V? 
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index fa923602c4..2da4a3b2f6 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -6,56 +6,34 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # How to install the Management Server on a Standalone Computer and Connect it to the Database
 
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
-Use the following procedure to install the management server on a standalone computer and connect it to the database.
+To install the management server on a standalone computer and connect it to the database, follow these steps.
 
-**To install the management server on a standalone computer and connect it to the database**
+1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting Started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Udpate, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**.
+4. On the **Feature Selection** page, select the **Management Server** checkbox, then select **Next**.
+5. On the **Installation Location** page, accept the default location, then select **Next**.
+6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```.
 
-1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+ >[!NOTE]
+ >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance**, then enter the instance's name. Specify the **SQL Server Database name** that this management server will use, such as ```AppvManagement```.
+7. On the **Configure management server configuration** page, specify the following items:
+  * The AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
+  * The **Website Name** you want to use for the management service. Accept the default if you do not have a custom name.
+  * For the **Port Binding**, specify a unique port number, such as **12345**.
+8. Select **Install**.
+9. To confirm that the setup has completed successfully, open a web browser and enter the following URL: https://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings displayed.
 
-2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+## Have a suggestion for App-V?
 
-3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4.  On the **Feature Selection** page, select the **Management Server** checkbox and click **Next**.
-
-5.  On the **Installation Location** page, accept the default location and click **Next**.
-
-6.  On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**.
-
-    >**Note**  
-    If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
-
-7.  On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
-
-    Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**.
-
-8.  Click **Install**.
-
-9.  To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed.
-
-## Have a suggestion for App-V?  
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-
-[Deploying App-V](appv-deploying-appv.md)
-
- 
-
- 
-
-
-
-
-
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 5a9a64344a..a67700ab9a 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -6,50 +6,35 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# How to install the publishing server on a remote computer
 
-
-# How to Install the Publishing Server on a Remote Computer
-
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
 Use the following procedure to install the publishing server on a separate computer. Before you perform the following procedure, ensure the database and management server are available.
 
-**To install the publishing server on a separate computer**
+## Installing the publishing server on a separate computer
 
-1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. Click **Next**.
+4. On the **Feature selection** page, select the **Publishing Server** checkbox, then select **Next**.
+5. On the **Installation location** page, accept the default location, then select **Next**.
+6. On the **Configure publishing server configuration** page, specify the following items:
 
-2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+ * The URL for the management service that the publishing server will connect to. For example, **http:<span></span>//ManagementServerName:12345**.
+ * Specify the website name that you want to use for the publishing service. If you don't have a custom name, then use the default name.
+ * For the **Port binding**, specify a unique port number that will be used by App-V. For example, **54321**.
+7. On the **Ready to install** page, select **Install**.
+8. After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server:
 
-3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+    1. Open the App-V management server console.
+    2. In the left pane, select **Servers**, then select **Register New Server**.
+    3. Enter the server name and a description (if required), then select **Add**.
+9. To verify that the publishing server is running correctly, you should import a package to the management server, entitle that package to an AD group, then publish it. Using an internet browser, open the following URL: **https://publishingserver:pubport**. If the server is running correctly, information like the following example should appear.
 
-4.  On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**.
-
-5.  On the **Installation Location** page, accept the default location and click **Next**.
-
-6.  On the **Configure Publishing Server Configuration** page, specify the following items:
-
-    -   The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
-
-    -   Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name.
-
-    -   For the **Port Binding**, specify a unique port number that will be used by App-V, for example **54321**.
-
-7.  On the **Ready to Install** page, click **Install**.
-
-8.  After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server:
-
-    1.  Open the App-V management server console.
-
-    2.  In the left pane, select **Servers**, and then select **Register New Server**.
-
-    3.  Type the name of this server and a description (if required) and click **Add**.
-
-9.  To verify that the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed:
-
-    ```syntax
+    ```SQL
     <Publishing Protocol="1.0">
     
         <Packages>
@@ -69,18 +54,8 @@ Use the following procedure to install the publishing server on a separate compu
 
 ## Have a suggestion for App-V? 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-
-[Deploying App-V](appv-deploying-appv.md)
-
- 
-
- 
-
-
-
-
-
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index 99f591c3af..edf22cbc3d 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -1,58 +1,45 @@
 ---
-title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database (Windows 10)
+title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
 description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# How to install the reporting server on a standalone computer and connect it to the database
 
-
-# How to install the Reporting Server on a Standalone Computer and Connect it to the Database
-
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
 Use the following procedure to install the reporting server on a standalone computer and connect it to the database.
 
-> **Important**&nbsp;&nbsp;Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md).
+>[!IMPORTANT]
+>Before performing the following procedure you should read and understand [About App-V reporting](appv-reporting.md).
 
-**To install the reporting server on a standalone computer and connect it to the database**
+## Install the reporting server on a standalone computer and connect it to the database
 
-1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer you plan to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. Select **Next**.
+4. On the **Feature selection** page, select the **Reporting Server** checkbox, then select **Next**.
+5. On the **Installation location** page, accept the default location and select **Next**.
+6. On the **Configure existing reporting database** page, select **Use a remote SQL Server**, then enter the machine name of the computer running Microsoft SQL Server. For example, you can name your computer **SqlServerMachine**.
 
-2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+    >[!NOTE]
+    >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server instance, select **Use the default instance**. If you're using a custom Microsoft SQL Server instance, select **Use a custom instance**, then enter the name of your custom instance. Specify the **SQL Server Database name** that this reporting server will use; for example, you can name the server **AppvReporting**.
+7. On the **Configure reporting server configuration** page.
 
-3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4.  On the **Feature Selection** page, select the **Reporting Server** checkbox and click **Next**.
-
-5.  On the **Installation Location** page, accept the default location and click **Next**.
-
-6.  On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**.
-
-    **Note**  
-    If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
-
-7.  On the **Configure Reporting Server Configuration** page.
-
-    -   Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name.
-
-    -   For the **Port binding**, specify a unique port number that will be used by App-V, for example **55555**. You should also ensure that the port specified is not being used by another website.
-
-8.  Click **Install**.
+    * Specify the website name  you want to use for the reporting service. Leave the default unchanged if you do not have a custom name.
+    * For the **Port binding**, specify a unique, five-digit port number for App-V to use, such as **55555**. Make sure that the specified port isn't being used by another website.
+8. Select **Install**.
 
 ## Have a suggestion for App-V? 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-
-[About App-V Reporting](appv-reporting.md)
-
-[Deploying App-V](appv-deploying-appv.md)
-
-[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
+* [About App-V reporting](appv-reporting.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index c07313e6e7..c799df5bae 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -6,48 +6,43 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # Install the App-V Sequencer
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications.
 
 The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit (Windows ADK).
 
-> [!NOTE]  
-> The computer that will run the sequencer must not have the App-V client enabled on it. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
+>[!NOTE]
+>The computer that will run the sequencer must not have the App-V client enabled. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource-intensive, so make sure the computer that will run the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
 
-To install the App-V Sequencer:
+## How to install the App-V Sequencer
 
-1.  Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
-
-2.  Click or press the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
+1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
+2. Select the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
 
     ![Selecting APP-V features in ADK](images/app-v-in-adk.png)
+3. To open the Sequencer, go to the **Start** menu and select **Microsoft Application Virtualization (App-V) Sequencer**.
 
-3.  To open the Sequencer, from the **Start** menu, select **Microsoft Application Virtualization (App-V) Sequencer** .
-
-See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
+See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
 
 ## Command-line options for installing the sequencer
 
 You can also use the command line to install the App-V sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**:
 
-| **Command**       | **Description**  |
+| Command       | Description  |
 |-------------------|------------------|
-| /INSTALLDIR       | Specifies the installation directory.  |
-| /Log   | Specifies where the installation log will be saved, the default location is **%Temp%**. For example, **C:\\Logs\\ log.log**.    |
-| /q     | Specifies a quiet or silent installation.      |
-| /Uninstall        | Specifies the removal of the sequencer.  |
-| /ACCEPTEULA       | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**.         |
-| /LAYOUT           | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V. No value is expected. |
-| /LAYOUTDIR        | Specifies the layout directory. Requires a string value. Example usage:**/LAYOUTDIR=”C:\\Application Virtualization Client”**.    |
-| /? Or /h or /help | Displays associated help.   |
+| **/INSTALLDIR**       | Specifies the installation directory.  |
+| **/Log**   | Specifies where the installation log will be saved. The default location is **%Temp%**. For example, **C:\\Logs\\log.log**.    |
+| **/q**     | Specifies a quiet or silent installation.      |
+| **/Uninstall**        | Specifies the removal of the sequencer.  |
+| **/ACCEPTEULA**       | Accepts the license agreement. This is required for an unattended installation. For example, **/ACCEPTEULA** or **/ACCEPTEULA=1**.         |
+| **/LAYOUT**           | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V. No value is expected. |
+| **/LAYOUTDIR**        | Specifies the layout directory. Requires a string value. For example, **/LAYOUTDIR=”C:\\Application Virtualization Client”**.    |
+| **/?** or **/h** or **/help** | Displays associated help.   |
 
 ## To troubleshoot the App-V sequencer installation
 
@@ -55,8 +50,8 @@ For more information regarding the sequencer installation, you can view the erro
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index a42284d262..2a510d8f89 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -160,7 +160,7 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
 
 <br>
 
-- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).
+- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).
 
 ## <a href="" id="bkmk-display-help-cmdlet"></a>Displaying the help for a Windows PowerShell cmdlet
 
@@ -174,4 +174,4 @@ To display help for a specific Windows PowerShell cmdlet:
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index faf98d1a83..3db885c191 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -33,7 +33,7 @@ Additionally, ISV’s who want to explicitly virtualize or not virtualize calls
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for maintaining App-V
 
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 97eee09c9b..e3c9eca586 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -273,7 +273,7 @@ For more information about pending tasks, see [Upgrading an in-use App-V package
 
 ## Have a suggestion for App-V? 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index d355206820..a82855cb2a 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -128,7 +128,7 @@ This topic explains the following procedures:
 
 ## Have a suggestion for App-V? 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 7822555b01..3f69438c95 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -67,7 +67,7 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for App-V connection groups
 
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index f08ad71d32..e74aecb295 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -250,7 +250,7 @@ There is no direct method to upgrade to a full App-V infrastructure. Use the inf
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for performing App-V migration tasks
 
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 0d54d46c3d..c3c5a98cac 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -147,7 +147,7 @@ This topic explains how to:
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 2390fd040c..febf5efcda 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -30,7 +30,7 @@ Use the following procedure to configure the App-V client configuration.
 
 ## Have a suggestion for App-V? 
  
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 51ac36eeca..fc39d7dc05 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -28,7 +28,7 @@ Follow these steps to create a new management server console:
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index ff65d8049c..23b04fbff1 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -6,73 +6,47 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # Operations for App-V
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks.
 
 ## Operations Information
 
-
--   [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
+- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
 
     Describes how to create, modify, and convert virtualized packages.
-
--   [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
+- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
 
     Describes how to use the App-V Management console to perform tasks such as sequencing an application, changing a package, using a project template, and using a package accelerator.
-
--   [Managing Connection Groups](appv-managing-connection-groups.md)
+- [Managing Connection Groups](appv-managing-connection-groups.md)
 
     Describes how connection groups enable virtualized applications to communicate with each other in the virtual environment; explains how to create, publish, and delete them; and describes how connection groups can help you better manage your virtualized applications.
-
--   [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
 
     Describes how to deploy App-V packages by using an ESD.
-
--   [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
+- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
 
     Describes how perform client configuration tasks using the client management console.
-
--   [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
 
     Provides instructions for migrating to App-V from a previous version.
-
--   [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
 
     Describes the set of Windows PowerShell cmdlets available for administrators performing various App-V server tasks.
 
+## Additional information
+
+- [Application Virtualization (App-V) overview](appv-for-windows.md)
+- [Getting Started with App-V](appv-getting-started.md)
+- [Planning for App-V](appv-planning-for-appv.md)
+- [Deploying App-V](appv-deploying-appv.md)
+- [Troubleshooting App-V](appv-troubleshooting.md)
+- [Technical Reference for App-V](appv-technical-reference.md)
+
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other Resources for App-V Operations
-
-
--   [Application Virtualization (App-V) overview](appv-for-windows.md)
-
--   [Getting Started with App-V](appv-getting-started.md)
-
--   [Planning for App-V](appv-planning-for-appv.md)
-
--   [Deploying App-V](appv-deploying-appv.md)
-
--   [Troubleshooting App-V](appv-troubleshooting.md)
-
--   [Technical Reference for App-V](appv-technical-reference.md)
-
- 
-
- 
-
-
-
-
-
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 5fe043b48f..faf22cca11 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -271,7 +271,7 @@ For more information, see:
 
 - [Get Started with UE-V](/windows/configuration/ue-v/uev-getting-started)
 
-In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).
+In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).
 
 **Note**  
 Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
@@ -444,41 +444,41 @@ In a non-persistent environment, it is unlikely these pended operations will be
 
 The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance.
 
-<!-- Following bold text used to say **.NET NGEN Blog and Script (Highly Recommended)**  but the script doesn't seem to exist any more. The link to the script was [Script](http://aka.ms/DrainNGenQueue)  -->
+<!-- Following bold text used to say **.NET NGEN Blog and Script (Highly Recommended)**  but the script doesn't seem to exist any more. The link to the script was [Script](https://aka.ms/DrainNGenQueue)  -->
 
 **.NET NGEN Blog (Highly Recommended)**
 
--   [How to speed up NGEN optimization](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
+-   [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
 
 **Windows Server and Server Roles**
 
 Server Performance Tuning Guidelines for
 
--   [Microsoft Windows Server 2012 R2](http://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
+-   [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
 
--   [Microsoft Windows Server 2012](http://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
+-   [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
 
--   [Microsoft Windows Server 2008 R2](http://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
+-   [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
 
 **Server Roles**
 
--   [Remote Desktop Virtualization Host](http://msdn.microsoft.com/library/windows/hardware/dn567643.aspx)
+-   [Remote Desktop Virtualization Host](https://msdn.microsoft.com/library/windows/hardware/dn567643.aspx)
 
--   [Remote Desktop Session Host](http://msdn.microsoft.com/library/windows/hardware/dn567648.aspx)
+-   [Remote Desktop Session Host](https://msdn.microsoft.com/library/windows/hardware/dn567648.aspx)
 
--   [IIS Relevance: App-V Management, Publishing, Reporting Web Services](http://msdn.microsoft.com/library/windows/hardware/dn567678.aspx)
+-   [IIS Relevance: App-V Management, Publishing, Reporting Web Services](https://msdn.microsoft.com/library/windows/hardware/dn567678.aspx)
 
--   [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](http://technet.microsoft.com/library/jj134210.aspx)
+-   [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](https://technet.microsoft.com/library/jj134210.aspx)
 
 **Windows Client (Guest OS) Performance Tuning Guidance**
 
--   [Microsoft Windows 7](http://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
+-   [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
 
--   [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
+-   [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
 
--   [Microsoft Windows 8](http://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
+-   [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
 
--   [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
+-   [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
 
 ## Sequencing Steps to Optimize Packages for Publishing Performance
 
@@ -735,7 +735,7 @@ The following terms are used when describing concepts and actions related to App
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index e83f075640..9525003f91 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -6,78 +6,29 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # App-V Planning Checklist
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 This checklist can be used to help you plan for preparing your organization for an App-V deployment.
 
-> [!NOTE]    
-> This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V deployment. It is recommended that you copy this checklist and customize it for your use.
+>[!NOTE]
+>This checklist outlines the recommended steps and a high-level list of items to consider when planning an App-V deployment. It's a good idea to copy this checklist and customize it for your use.
 
-<table>
-<colgroup>
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left"></th>
-<th align="left">Task</th>
-<th align="left">References</th>
-<th align="left">Notes</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.</p></td>
-<td align="left"><p>[Getting Started with App-V](appv-getting-started.md)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Plan for App-V deployment prerequisites and prepare your computing environment.</p></td>
-<td align="left"><p>[App-V Prerequisites](appv-prerequisites.md)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>If you plan to use the App-V management server, plan for the required roles.</p></td>
-<td align="left"><p>[Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Plan for the App-V sequencer and client so you to create and run virtualized applications.</p></td>
-<td align="left"><p>[Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>If applicable, review the options and steps for migrating from a previous version of App-V.</p></td>
-<td align="left"><p>[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Decide whether to configure App-V clients in Shared Content Store mode.</p></td>
-<td align="left"><p>[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)</p></td>
-<td align="left"><p></p></td>
-</tr>
-</tbody>
-</table>
+|Status|Task|References|Notes|
+|---|---|---|---|
+|![Checklist box](../app-v/images/checklistbox.gif)|Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.|[Getting started with App-V](appv-getting-started.md)||
+|![Checklist box](../app-v/images/checklistbox.gif)|Plan for App-V deployment prerequisites and prepare your computing environment.|[App-V prerequisites](appv-prerequisites.md)||
+|![Checklist box](../app-v/images/checklistbox.gif)|If you plan to use the App-V management server, plan for the required roles.|[Planning for the App-V server deployment](appv-planning-for-appv-server-deployment.md)||
+|![Checklist box](../app-v/images/checklistbox.gif)|Plan for the App-V sequencer and client to create and run virtualized applications.|[Planning for the App-V Sequencer and client deployment](appv-planning-for-sequencer-and-client-deployment.md)||
+|![Checklist box](../app-v/images/checklistbox.gif)|If applicable, review the options and steps for migrating from a previous version of App-V.|[Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md)||
+|![Checklist box](../app-v/images/checklistbox.gif)|Decide whether to configure App-V clients in Shared Content Store mode.|[Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)||
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 965c94670f..28f695046f 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -6,145 +6,56 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # Planning to Use Folder Redirection with App-V
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 Microsoft Application Virtualization (App-V) supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location.
 
-This topic contains the following sections:
+## What is folder redirection?
 
--   [Requirements for using folder redirection](#bkmk-folder-redir-reqs)
+Folder redirection lets end users work with files that have been redirected to another folder as if the files still exist on the local drive.
 
--   [How to configure folder redirection for use with App-V](#bkmk-folder-redir-cfg)
+* Users and administrators can redirect the path of a folder to a network location. The documents in the specified folder will be available to users from any computer in the network.
+    * For example, you can redirect the Documents folder from your computer's local hard disk to a network location. The user can then access the folder's documents from any computer on the network.
+* The new location can be a folder on either the local computer or a shared network.
+* Folder redirection immediately updates the files, while roaming data is typically synchronized when the user logs in or out of a session.
 
--   [How folder redirection works with App-V](#bkmk-folder-redir-works)
+## Requirements for using folder redirection with App-V
 
--   [Overview of folder redirection](#bkmk-folder-redir-overview)
+To use %AppData% folder redirection, you must:
 
-## <a href="" id="bkmk-folder-redir-reqs"></a>Requirements and unsupported scenarios for using folder redirection
+* Have an App-V package that has an AppData virtual file system (VFS) folder.
+* Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.
+* Roam both or neither of the following:
+    * Files under %appdata%\Microsoft\AppV\Client\Catalog
+    * Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages
 
+For more information, see [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Requirements</p></td>
-<td align="left"><p>To use %AppData% folder redirection, you must:</p>
-<ul>
-<li><p>Have an App-V package that has an AppData virtual file system (VFS) folder.</p></li>
-<li><p>Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.</p></li>
-<li><p>Roam both or neither of the following:</p>
-<ul>
-<li><p>Files under %appdata%\Microsoft\AppV\Client\Catalog</p></li>
-<li><p>Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages</p>
-<p>For more detail, see [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).</p></li>
-</ul></li>
-<li><p>Ensure that the following folders are available to each user who logs into the computer that is running the App-V client:</p>
-<ul>
-<li><p>%AppData% is configured to the desired network location (with or without [Offline Files](http://technet.microsoft.com/library/cc780552.aspx) support).</p></li>
-<li><p>%LocalAppData% is configured to the desired local folder.</p></li>
-</ul></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Unsupported scenarios</p></td>
-<td align="left"><ul>
-<li><p>Configuring %LocalAppData% as a network drive.</p></li>
-<li><p>Redirecting the Start menu to a single folder for multiple users.</p></li>
-<li><p>If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch, unless the unavailable network share has been enabled for Offline Files.</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
+## Unsupported scenarios for App-V folder redirection
 
- 
+The following scenatios aren't supported by App-V:
 
-## <a href="" id="bkmk-folder-redir-cfg"></a>How to configure folder redirection for use with App-V
+* Configuring %LocalAppData% as a network drive.
+* Redirecting the Start menu to a single folder for multiple users.
+* If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch, unless the unavailable network share has been enabled for Offline Files.
 
+## How to configure folder redirection for use with App-V
 
-Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, etc. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V.
-
-## <a href="" id="bkmk-folder-redir-works"></a>How folder redirection works with App-V
+Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, and so on. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V.
 
+## How folder redirection works with App-V
 
 The following table describes how folder redirection works when %AppData% is redirected to a network and when you have met the requirements listed earlier in this article.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Virtual environment state</th>
-<th align="left">Action that occurs</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>When the virtual environment starts</p></td>
-<td align="left"><p>The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).</p>
-<ul>
-<li><p>LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under:</p>
-<p><code>%LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData</code></p></li>
-<li><p>The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.</p></li>
-<li><p>While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.</p></li>
-<li><p>Entries to the AppData folder are made using the user context, not the system context.</p></li>
-</ul>
-</td>
-</tr>
-<tr class="even">
-<td align="left"><p>When the virtual environment shuts down</p></td>
-<td align="left"><p>The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under:</p>
-<p><code>HKCU\Software\Microsoft\AppV\Client\Packages\&lt;PACKAGE_GUID&gt;\AppDataTime</code></p>
-<p>To provide redundancy, App-V keeps the three most recent copies of the compressed data under %AppData%.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## <a href="" id="bkmk-folder-redir-overview"></a>Overview of folder redirection
-
-
-<table>
-<colgroup>
-<col width="30%" />
-<col width="70%" />
-</colgroup>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Purpose</p></td>
-<td align="left"><p>Enables end users to work with files, which have been redirected to another folder, as if the files still existed on the local drive.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Description</p></td>
-<td align="left"><p>Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.</p>
-<ul>
-<li><p>Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.</p></li>
-<li><p>The new location can be a folder on the local computer or a folder on a shared network.</p></li>
-<li><p>Folder redirection updates the files immediately, whereas roaming data is typically synchronized when the user logs in or logs off.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Usage example</p></td>
-<td align="left"><p>You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>More resources</p></td>
-<td align="left"><p>[Folder redirection overview](http://technet.microsoft.com/library/cc778976.aspx)</p></td>
-</tr>
-</tbody>
-</table>
+|Virtual environment state|Action that occurs|
+|---|---|
+|When the virtual environment starts.|The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).<br>- LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under ```%LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData```<br>- The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.<br>- While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.<br>- Entries to the AppData folder are made using the user context, not the system context.|
+|When the virtual environment shuts down.|The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp that indicates the last known upload is simultaneously saved as a registry key under ```HKCU\Software\Microsoft\AppV\Client\Packages\<PACKAGE_GUID>\AppDataTime```. App-V keeps the three most recent copies of the compressed data under %AppData% for redundancy.|
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index 2080ab4880..eb5dc60914 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -6,102 +6,54 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# Planning for the App-V server deployment
 
-
-# Planning for the App-V Server Deployment
-
-**Applies to**
--   Windows Server 2016
+>Applies to: Windows Server 2016
 
 The Microsoft Application Virtualization (App-V) server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise.
 
-## Planning for App-V Server Deployment
-
+## About the App-V server
 
 The App-V server consists of the following features:
 
--   Management Server – provides overall management functionality for the App-V infrastructure.
+* Management Server—provides overall management functionality for the App-V infrastructure.
+* Management Database—facilitates database predeployments for App-V management.
+* Publishing Server—provides hosting and streaming functionality for virtual applications.
+* Reporting Server—provides App-V reporting services.
+* Reporting Database—facilitates database predeployments for App-V reporting.
 
--   Management Database – facilitates database predeployments for App-V management.
+The following list describes recommended App-V server infrastructure installation methods:
 
--   Publishing Server – provides hosting and streaming functionality for virtual applications.
+* Install the App-V server. For more information, see [How to deploy the App-V Server](appv-deploy-the-appv-server.md).
+* Install the database, reporting, and management features on separate computers. For more information, see [How to install the Management and Reporting databases on separate computers from the Management and Reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md).
+* Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V packages using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
+* Install all server features on a single computer.
 
--   Reporting Server – provides App-V reporting services.
+## App-V server interaction
 
--   Reporting Database – facilitates database predeployments for App-V reporting.
+This section describes how the various App-V server roles interact with each other.
 
-The following list displays the recommended methods for installing the App-V server infrastructure:
+The App-V Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V Client. App-V publishing servers managed by a single management server can serve different clients with different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other.
 
--   Install the App-V server. For more information, see [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).
+>[!NOTE]
+>The Management Server does not perform load balancing. The associated metadata is passed to the publishing server for use when processing client requests.
 
--   Install the database, reporting, and management features on separate computers. For more information, see [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md).
+## Server-related protocols and external features
 
--   Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
-
--   Install all server features on a single computer.
-
-## <a href="" id="---------app-v-5-1-server-interaction"></a> App-V Server Interaction
-
-
-This section contains information about how the various App-V server roles interact with each other.
-
-The App-V Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V Client. App-V publishing servers managed by a single management server can be serving different clients and can have different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other.
-
-**Note**  
-The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests.
-
- 
-
-## Server-Related Protocols and External Features
-
-
-The following displays information about server-related protocols used by the App-V servers. The table also includes the reporting mechanism for each server type.
-
-<table>
-<colgroup>
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Server Type</th>
-<th align="left">Protocols</th>
-<th align="left">External Features Needed</th>
-<th align="left">Reporting</th>
-<th align="left"></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>IIS server</p></td>
-<td align="left"><p>HTTP</p>
-<p>HTTPS</p></td>
-<td align="left"><p>This server-protocol combination requires a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.</p></td>
-<td align="left"><p>Internal</p></td>
-<td align="left"></td>
-</tr>
-<tr class="even">
-<td align="left"><p>File</p></td>
-<td align="left"><p>SMB</p></td>
-<td align="left"><p>This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer with file sharing or streaming capability.</p></td>
-<td align="left"><p>Internal</p></td>
-<td align="left"></td>
-</tr>
-</tbody>
-</table>
+The following table lists server-related protocols used by the App-V servers, and also describes the reporting mechanism for each server type.
 
+|Server type|Protocols|External features needed|Reporting|
+|---|---|---|---|
+|IIS server|HTTP<br>HTTPS|This server-protocol combination requires a mechanism to synchronize content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.|Internal|
+|File|SMB|This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer that's capable of file sharing or streaming.|Internal|
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-
-[Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index c6410c847f..6a3f8107da 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -6,45 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # Planning for App-V
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-Use this information to plan how to deploy App-V so that it does not disrupt your users or the network.
+Use the following information to plan to deploy App-V without disrupting your existing network or user experience.
 
 ## Planning information
 
--   [Preparing Your Environment for App-V](appv-preparing-your-environment.md)
+[Preparing your environment for App-V](appv-preparing-your-environment.md) describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V setup.
 
-    This section describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V setup.
+[Planning to deploy App-V](appv-planning-to-deploy-appv.md) describes the minimum hardware and software requirements and other planning information for the App-V sequencer and App-V server components.
 
--   [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+[App-V planning checklist](appv-planning-checklist.md) is a planning checklist that can assist you with App-V deployment planning.
 
-    This section describes the minimum hardware and software requirements and other planning information for the App-V sequencer and App-V server components.
+## Other App-V planning resources
 
--   [App-V Planning Checklist](appv-planning-checklist.md)
-
-    Planning checklist that can be used to assist in App-V deployment planning.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other resources for App-V planning
-
--   [Application Virtualization (App-V) overview](appv-for-windows.md)
-
--   [Getting started with App-V](appv-getting-started.md)
-
--   [Deploying App-V](appv-deploying-appv.md)
-
--   [Operations for App-V](appv-operations.md)
-
--   [Troubleshooting App-V](appv-troubleshooting.md)
-
--   [Technical reference for App-V](appv-technical-reference.md)
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Getting started with App-V](appv-getting-started.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 7b1341c67d..32232234da 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -6,133 +6,100 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# Planning for high availability with App-V Server
 
+>Applies to: Windows 10, version 1607
 
-# Planning for High Availability with App-V Server
+Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high available service level.
 
-**Applies to**
--   Windows 10, version 1607
+The following sections will he following sections to help you understand the options to deploy App-V in a highly available configuration.
 
-Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high level of available service.
+## Support for Microsoft SQL Server clustering
 
-Use the information in the following sections to help you understand the options to deploy App-V in a highly available configuration.
+You can run the App-V Management and Reporting databases on computers running Microsoft SQL Server clusters. However, you must install the databases using scripts.
 
--   [Support for Microsoft SQL Server clustering](#bkmk-sqlcluster)
+For deployment instructions, see [How to deploy the App-V databases by using SQL scripts](appv-deploy-appv-databases-with-sql-scripts.md).
 
--   [Support for IIS Network Load Balancing](#bkmk-iisloadbal)
+## Support for IIS network load balancing
 
--   [Support for clustered file servers when running (SCS) mode](#bkmk-clusterscsmode)
+You can use Internet Information Services' (IIS) network load balancing (NLB) to configure a highly available environment for computers running the App-V Management, Publishing, and Reporting services that are deployed through IIS.
 
--   [Support for Microsoft SQL Server Mirroring](#bkmk-sqlmirroring)
+Review the following articles to learn more about configuring IIS and NLB for computers running Windows Server operating systems:
 
--   [Support for Microsoft SQL Server Always On](#bkmk-sqlalwayson)
+* [Achieving High Availability and Scalability - ARR and NLB](https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb) describes how to configure IIS 7.0.
 
-## <a href="" id="bkmk-sqlcluster"></a>Support for Microsoft SQL Server clustering
+* [Network load balancing overview](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831698(v=ws.11)>) will tell you more about how to configure Microsoft Windows Server.
 
+    This information also applies to IIS NLB clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
 
-You can run the App-V Management database and Reporting database on computers that are running Microsoft SQL Server clusters. However, you must install the databases using scripts.
+>[!NOTE]
+>The IIS NLB functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details have changed in Windows Server 2012. To learn how to work with these changes, see [Common management tasks and navigation in Windows](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831491(v=ws.11)>).
 
-For instructions, see [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-
-## <a href="" id="bkmk-iisloadbal"></a>Support for IIS Network Load Balancing
-
-
-You can use Internet Information Services (IIS) Network Load Balancing to configure a highly available environment for computers running the App-V Management, Publishing, and Reporting services which are deployed through IIS.
-
-Review the following for more information about configuring IIS and Network Load Balancing for computers running Windows Server operating systems:
-
--   Provides information about configuring Internet Information Services (IIS) 7.0.
-
-    [Achieving High Availability and Scalability - ARR and NLB](http://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb)
-
--   Configuring Microsoft Windows Server
-
-    [Network Load Balancing Overview](https://technet.microsoft.com/library/hh831698(v=ws.11).aspx).
-
-    This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
-
-    **Note**  
-    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows](https://technet.microsoft.com/library/hh831491.aspx).
-
-## <a href="" id="bkmk-clusterscsmode"></a>Support for clustered file servers when running SCS mode
+## Support for clustered file servers when running SCS mode
 
 Running App-V Server in Shared Content Store (SCS) mode with clustered file servers is supported.
 
-The following steps can be used to enable this configuration:
+To enable SCS mode configurations, follow these steps:
 
--   Configure the App-V client to run in Shared Content Store mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
-
--   Configure the file server cluster, configured in either the scale out mode (which started with Windows Server 2012) or the earlier clustering mode, with a virtual SAN.
+1. Configure the App-V client to run in SCS mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
+2. Configure the file server cluster, configured in either the scale out mode (which started with Windows Server 2012) or the earlier clustering mode, with a virtual SAN.
 
 The following steps can be used to validate the configuration:
 
-1.  Add a package on the publishing server. For more information about adding a package, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md).
+1. Add a package on the publishing server. To learn how to add a package, see [How to add or upgrade packages by using the Management console](appv-add-or-upgrade-packages-with-the-management-console.md).
+2. Perform a publishing refresh on the computer running the App-V client and open an application.
+3. Switch cluster nodes mid-publishing refresh and mid-streaming to ensure failover works correctly.
 
-2.  Perform a publishing refresh on the computer running the App-V client and open an application.
+Review the following articles to learn more about configuring Windows Server failover clusters:
 
-3.  Switch cluster nodes mid-publishing refresh and mid-streaming to ensure failover works correctly.
+* [Create a failover cluster](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn505754(v=ws.11)>)
+* [Use cluster shared volumes in a failover cluster](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612868(v=ws.11)>)
 
-Review the following for more information about configuring Windows Server Failover clusters:
-
--   [Create a Failover Cluster](https://technet.microsoft.com/library/dn505754(v=ws.11).aspx).
-
--   [Use Cluster Shared Volumes in a Failover Cluster](https://technet.microsoft.com/library/jj612868(v=ws.11).aspx).
-
-## <a href="" id="bkmk-sqlmirroring"></a>Support for Microsoft SQL Server Mirroring
+## Support for Microsoft SQL Server mirroring
 
 Using Microsoft SQL Server mirroring, where the App-V management server database is mirrored utilizing two SQL Server instances, for App-V management server databases is supported.
 
-Review the following for more information about configuring Microsoft SQL Server Mirroring:
+Review the following to learn more about how to configure Microsoft SQL Server mirroring:
 
--   [Prepare a Mirror Database for Mirroring (SQL Server)](https://technet.microsoft.com/library/ms189053.aspx)
-
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://msdn.microsoft.com/library/ms188712.aspx)
+* [Prepare a mirror database for mirroring (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server)
+* [Establish a database mirroring session using Windows Authentication (SQL Server Management Studio)](https://msdn.microsoft.com/library/ms188712.aspx) (FIX LINK)
 
 The following steps can be used to validate the configuration:
 
-1.  Initiate a Microsoft SQL Server Mirroring session.
+1. Initiate a Microsoft SQL Server Mirroring session.
+2. Select **Failover** to designate a new master Microsoft SQL Server instance.
+3. Verify that the App-V management server continues to function as expected after the failover.
 
-2.  Select **Failover** to designate a new master Microsoft SQL Server instance.
+The connection string on the management server can be modified to include ```failover partner = <server2>```. This will only help when the primary on the mirror has failed over to the secondary and the computer running the App-V client is doing a fresh connection (say after reboot).
 
-3.  Verify that the App-V management server continues to function as expected after the failover.
+Use the following steps to modify the connection string to include ```failover partner = <server2>```:
 
-The connection string on the management server can be modified to include **failover partner = &lt;server2&gt;**. This will only help when the primary on the mirror has failed over to the secondary and the computer running the App-V client is doing a fresh connection (say after reboot).
+>[!IMPORTANT]
+>This process involves changing the Windows registry with Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. Always make a backup copy of the registry files (**System.dat** and **User.dat**) before chagning the registry. Microsoft can't guarantee that problems caused by changing the registry can be resolved, so change the registry at your own risk.
 
-Use the following steps to modify the connection string to include **failover partner = &lt;server2&gt;**:
-
-**Important**  
-This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
-
-
-1.  Login to the management server and open **regedit**.
-
-2.  Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**.
-
-3.  Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the **failover partner = &lt;server2&gt;**.
-
-4.  Restart management service using the IIS console.
-
-    **Note**  
-    Database Mirroring is on the list of Deprecated Database Engine Features for Microsoft SQL Server 2012 due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
+1. Log in to the management server and open **regedit**.
+2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**.
+3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the ```failover partner = <server2>``` value.
+4. Restart management service using the IIS console.
+ >[!NOTE]
+ >Database Mirroring is on the list of [deprecated database engine features in SQL Server 2012](<https://msdn.microsoft.com/library/ms143729(v=sql.110).aspx>) due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
 
 Click any of the following links for more information:
 
--   [Prepare a Mirror Database for Mirroring (SQL Server)](https://technet.microsoft.com/library/ms189053.aspx).
+* [Prepare a mirror database for mirroring (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server).
+* [Establish a database mirroring session using Windows Authentication (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/establish-database-mirroring-session-windows-authentication).
+* [Deprecated database engine features in SQL Server 2012](<https://msdn.microsoft.com/library/ms143729(v=sql.110).aspx>).
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://technet.microsoft.com/library/ms188712(v=sql.130).aspx).
+## Support for Microsoft SQL Server Always On configuration
 
--   [Deprecated Database Engine Features in SQL Server 2012](https://msdn.microsoft.com/library/ms143729(v=sql.110).aspx).
-
-## <a href="" id="bkmk-sqlalwayson"></a>Support for Microsoft SQL Server Always On configuration
-
-The App-V management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. For more information, see [Always On Availability Groups (SQL Server)](https://technet.microsoft.com/library/hh510230.aspx).
+The App-V management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. For more information, see [Always On Availability Groups (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/always-on-availability-groups-sql-server).
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 44f198b58d..bcc0dd487f 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -6,38 +6,31 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # Planning for the App-V Sequencer and Client Deployment
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-Before you can use App-V, you must install the App-V Sequencer, enable the App-V client, and optionally the App-V shared content store. The following sections address planning for these installations.
+Before you can use App-V, you must install the App-V Sequencer and enable the App-V client. You can also the App-V shared content store, although it isn't required. The following sections will tell you how to set these up.
 
 ## Planning for App-V Sequencer deployment
 
-
 App-V uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V Sequencer.
 
-> [!NOTE]  
+> [!NOTE]
 > For information about the new functionality of App-V sequencer, see [What's new in App-V](appv-about-appv.md).
 
+The computer running the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V supported configurations](appv-supported-configurations.md).
 
-The computer that runs the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V Supported Configurations](appv-supported-configurations.md).
+Ideally, you should install the sequencer on a computer running as a virtual machine. This lets you revert the computer that's running the sequencer to a “clean” state before sequencing another application. When installing the sequencer using a virtual machine, you should do the following things:
 
-Ideally, you should install the sequencer on a computer running as a virtual machine. This enables you to more easily revert the computer running the sequencer to a “clean” state before sequencing another application. When you install the sequencer using a virtual machine, you should perform the following steps:
-
-1.  Install all associated sequencer prerequisites.
-
-2.  Install the sequencer.
-
-3.  Take a “snapshot” of the environment.
-
-> [!IMPORTANT]  
->You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns.
+1. Install all associated sequencer prerequisites.
+2. Install the sequencer.
+3. Take a “snapshot” of the environment.
 
+>[!IMPORTANT]
+>Your corporate security team should review and approve the sequencing process plan before implementing it. For security reasons, it's a good idea to keep sequencer operations in a lab separate from the production environment. The sequencing computers must be capapble of connecting to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they shouldn't remail on the corporate network unprotected. You can protect your sequencing computers by operating them on an isolated network, behind a firewall, or by using virtual machines on an isolated virtual network. Make sure your solution follows your company's corporate security policies.
 
 ## Planning for App-V client deployment
 
@@ -45,28 +38,24 @@ In Windows 10, version 1607, the App-V client is included with the operating sys
 
 ## Planning for the App-V Shared Content Store (SCS)
 
-The App-V Shared Content Store mode allows the computer running the App-V client to run virtualized applications and none of the package contents is saved on the computer running the App-V client. Virtual applications are streamed to target computers only when requested by the client.
+The App-V Shared Content Store mode allows computers running the App-V client to run virtualized applications without saving any package contents to the App-V client computer. Virtual applications are streamed to target computers only when requested by the client.
 
-The following list displays some of the benefits of using the App-V Shared Content Store:
+The following list displays some of the benefits of using App-V SCS:
 
--   Reduced app-to-app and multi-user application conflicts and hence a reduced need for regression testing
-
--   Accelerated application deployment by reduction of deployment risk
-
--   Simplified profile management
+* Reduced app-to-app and multi-user application conflicts reduces the need for regression testing
+* Reduced deployment risk accelerates application deployment
+* Simplified profile management
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
-## Other resources for the App-V deployment
+## Other App-V deployment resources
 
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
 
 ## Related topics
 
-- [How to Install the Sequencer](appv-install-the-sequencer.md)
-
-- [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
-
-- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+* [How to install the sequencer](appv-install-the-sequencer.md)
+* [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index ec4b6f331f..378e61401d 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -1,266 +1,138 @@
 ---
-title: Planning for Using App-V with Office (Windows 10)
+title: Planning for Deploying App-V with Office (Windows 10)
 description: Planning for Using App-V with Office
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# Planning for deploying App-V with Office
 
+>Applies to: Windows 10, version 1607
 
-# Planning for Using App-V with Office
+Use the following information to plan how to deploy Office within Microsoft Application Virtualization (App-V).
 
-**Applies to**
--   Windows 10, version 1607
+## App-V language pack support
 
-Use the following information to plan how to deploy Office by using Microsoft Application Virtualization (App-V). This article includes:
-
--   [App-V support for Language Packs](#bkmk-lang-pack)
-
--   [Supported versions of Microsoft Office](#bkmk-office-vers-supp-appv)
-
--   [Planning for using App-V with coexisting versions of Office](#bkmk-plan-coexisting)
-
--   [How Office integrates with Windows when you deploy use App-V to deploy Office](#bkmk-office-integration-win)
-
-## <a href="" id="bkmk-lang-pack"></a>App-V support for Language Packs
-
-You can use the App-V Sequencer to create plug-in packages for Language Packs, Language Interface Packs, Proofing Tools and ScreenTip Languages. You can then include the plug-in packages in a Connection Group, along with the Office package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in Language Packs interact seamlessly in the same connection group, just like any other packages that are grouped together in a connection group.
-
->[!NOTE] 
->Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack.
-
-## <a href="" id="bkmk-office-vers-supp-appv"></a>Supported versions of Microsoft Office
-See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/en-us/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products.
+You can use the App-V Sequencer to create plug-in packages for language packs, language interface packs, proofing tools, and ScreenTip languages. You can then include the plug-in packages in a connection group, along with the Office package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in language packs will interact seamlessly in the same connection group.
 
 >[!NOTE]
->You must use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.
+>Microsoft Visio and Microsoft Project do not support the Thai Language Pack.
 
->Support for the [Office 2013 version of Office 365 ended in Februrary 2017](https://support.microsoft.com/kb/3199744)
+## Supported versions of Microsoft Office
 
-## <a href="" id="bkmk-plan-coexisting"></a>Planning for using App-V with coexisting versions of Office
+For a list of supported Office products, see [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/en-us/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click).
 
-You can install more than one version of Microsoft Office side by side on the same computer by using “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSI) version of Office, Click-to-Run, and App-V. However, using Office coexistence is not recommended by Microsoft.
+>[!NOTE]
+>You must use the Office Deployment Tool instead of the App-V Sequencer to create App-V packages for Office 365 ProPlus. App-V does not support package creation for volume-licensed versions of Office Professional Plus or Office Standard. Support for the [Office 2013 version of Office 365 ended in Februrary 2017](https://support.microsoft.com/kb/3199744).
 
-Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, when you are migrating to a newer version of Office, issues occasionally arise that can’t be resolved immediately, so you can temporarily implement coexistence to help facilitate a faster migration to the latest product version. Using Office coexistence on a long-term basis is never recommended, and your organization should have a plan to fully transition in the immediate future.
+## Using App-V with coexisting versions of Office
+
+You can simultaneously install more than one version of Microsoft Office on the same computer with a feature called “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSI) version of Office, Click-to-Run, and App-V. However, Microsoft doesn't recommend using Office coexistence.
+
+Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, in cases where issues arise during migration that you can't immediately resolve, Office coexistence can allow for faster migration to the latest Office version. Since this solution is only meant to be temporary, your organization must set up a plan to fully transition to the newer version of Office in the meantime.
 
 ### Before you implement Office coexistence
 
-Before implementing Office coexistence, review the following Office documentation. Choose the article that corresponds to the newest version of Office for which you plan to implement coexistence.
+Before implementing Office coexistence, review the information in the following table that corresponds to the newest version of Office that you will use in coexistence. The documentation linked here will guide you in implementing coexistence for Windows Installer-based (MSI) and Click-to-Run installations of Office.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Office version</th>
-<th align="left">Link to guidance</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Office 2016</p></td>
-<td align="left"><p>[Information about how to use Outlook 2016 or 2013 and an earlier version of Outlook installed on the same computer](https://support.microsoft.com/kb/2782408)</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Office 2013</p></td>
-<td align="left"><p>[Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](http://support.microsoft.com/kb/2784668)</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Office 2010</p></td>
-<td align="left"><p>[Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](http://support.microsoft.com/kb/2121447)</p></td>
-</tr>
-</tbody>
-</table>
+|Office version|Relevant how-to guides|
+|---|---|
+|Office 2016|[How to use Outlook 2016 or 2013 and an earlier version of Outlook installed on the same computer](https://support.microsoft.com/kb/2782408)|
+|Office 2013|[How to use Office 2013 suites and programs (MSI deployment) on a computer running another version of Office](https://support.microsoft.com/kb/2784668)|
+|Office 2010|How to use Office 2010 suites and programs on a computer running another version of Office](https://support.microsoft.com/kb/2121447)|
 
-
-The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSI) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments.
+Once you've reviewed the relevant guide, this topic will supplement what you've learned with information about Office coexistence that's more specific to App-V deployments.
 
 ### Supported Office coexistence scenarios
 
-The following tables summarize the supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience.
+The following tables summarize supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience.
 
->[!NOTE] 
+>[!NOTE]
 >Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service.
 
- 
+### Windows integrations and Office coexistence
 
-### Windows integrations & Office coexistence
+Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows OS, but coexistence can cause these integrations to conflict. App-V can sequence certain version of Office to exclude integrations that could be potential problem spots, isolating them from the OS and preventing compatibility or user experience issues.
 
-The Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows operating system. When you use coexistence, common operating system integrations between two Office versions can conflict, causing compatibility and user experience issues. With App-V, you can sequence certain versions of Office to exclude integrations, thereby “isolating” them from the operating system.
+The following table describes the integration level of each version of Office, and which mode App-V can use to sequence them.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left"></th>
-<th align="left">Mode in which App-V can sequence this version of Office</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Office 2007</p></td>
-<td align="left"><p>Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Office 2010</p></td>
-<td align="left"><p>Integrated and non-integrated mode.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Office 2013</p></td>
-<td align="left"><p>Always integrated. Windows operating system integrations cannot be disabled.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Office 2016</p></td>
-<td align="left"><p>Always integrated. Windows operating system integrations cannot be disabled.</p></td>
-</tr>
-</tbody>
-</table>
+|Office version|The modes App-V can sequence this version of Office with|
+|---|---|
+|Office 2007|Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.|
+|Office 2010|Integrated and non-integrated mode.|
+|Office 2013|Always integrated. Windows operating system integrations cannot be disabled.|
+|Office 2016|Always integrated. Windows operating system integrations cannot be disabled.|
 
-Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://support.microsoft.com/kb/2830069).
+Microsoft recommends deploying Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069).
 
 ### Known limitations of Office coexistence scenarios
 
-The following sections describe some issues that you might encounter when using App-V to implement coexistence with Office.
+The following sections describe issues you might encounter when using App-V to implement coexistence with Office.
 
 ### Limitations common to Windows Installer-based/Click-to-Run and App-V Office coexistence scenarios
 
-The following limitations can occur when you install the following versions of Office on the same computer:
+Limitations can occur when you install the following versions of Office on the same computer:
 
--   Office 2010 by using the Windows Installer-based version
+* Office 2010 with the Windows Installer-based version
+* Office 2013 or Office 2016 with App-V
 
--   Office 2013 or Office 2016 by using App-V
-
-After you publish Office 2013 or Office 2016 by using App-V side by side with an earlier version of the Windows Installer-based Office 2010, it might also cause the Windows Installer to start. This is because the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer.
+Publishing Office 2013 or Office 2016 with App-V at the same time as an earlier version of the Windows Installer-based Office 2010 might cause the Windows Installer to start. This is because either the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer.
 
 To bypass the auto-registration operation for native Word 2010, follow these steps:
 
-1.  Exit Word 2010.
+1. Exit Word 2010.
+2. Start the Registry Editor by doing the following:
 
-2.  Start the Registry Editor by doing the following:
+    * In Windows 7k, select **Start**, type **regedit** in the Start Search box, then select the Enter key.
 
-    -   In Windows 7: Click **Start**, type **regedit** in the Start Search box, and then press Enter.
+    * In Windows 8.1 or Windows 10, enter **regedit**, select **Enter** on the Start page, then select the Enter key.
 
-    -   In Windows 8.1 or Windows 10, type **regedit** press Enter on the Start page and then press Enter.
-
-    If you are prompted for an administrator password or for a confirmation, type the password, or click **Continue**.
-
-3.  Locate and then select the following registry subkey:
+    If you're prompted for an administrator password, enter the password. If you're propmted for a confirmation, select **Continue**.
+3. Locate and then select the following registry subkey:
 
     ``` syntax
     HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
     ```
+4. On the **Edit** menu, select **New**, then select **DWORD Value**.
+5. Type **NoReReg**, then select the Enter key.
+6. Right-click **NoReReg**, then select **Modify**.
+7. In the **Valuedata** box, enter **1**, then select **OK**.
+8. On the File menu, select **Exit** to close Registry Editor.
 
-4.  On the **Edit** menu, click **New**, and then click **DWORD Value**.
+## How Office integrates with Windows when you use App-V to deploy Office
 
-5.  Type **NoReReg**, and then press Enter.
-
-6.  Right-click **NoReReg** and then click **Modify**.
-
-7.  In the **Valuedata** box, type **1**, and then click **OK**.
-
-8.  On the File menu, click **Exit** to close Registry Editor.
-
-
-
-## <a href="" id="bkmk-office-integration-win"></a>How Office integrates with Windows when you use App-V to deploy Office
-
-When you deploy Office 2013 or Office 2016 by using App-V, Office is fully integrated with the operating system, which provides end users with the same features and functionality as Office has when it is deployed without App-V.
+When you deploy Office 2013 or Office 2016 with App-V, Office is fully integrated with the operating system that provides end-users with the same features and functionality that Office has when deployed without App-V.
 
 The Office 2013 or Office 2016 App-V package supports the following integration points with the Windows operating system:
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Extension Point</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Skype for Business (formerly Lync) meeting Join Plug-in for Firefox and Chrome</p></td>
-<td align="left"><p>User can join Skype meetings from Firefox and Chrome</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Sent to OneNote Print Driver</p></td>
-<td align="left"><p>User can print to OneNote</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>OneNote Linked Notes</p></td>
-<td align="left"><p>OneNote Linked Notes</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Send to OneNote Internet Explorer Add-In</p></td>
-<td align="left"><p>User can send to OneNote from IE</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Firewall Exception for Skype for Business (formerly Lync) and Outlook</p></td>
-<td align="left"><p>Firewall Exception for Skype for Business (formerly Lync) and Outlook</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>MAPI Client</p></td>
-<td align="left"><p>Native apps and add-ins can interact with virtual Outlook through MAPI</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>SharePoint Plug-in for Firefox</p></td>
-<td align="left"><p>User can use SharePoint features in Firefox</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Mail Control Panel Applet</p></td>
-<td align="left"><p>User gets the mail control panel applet in Outlook</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Primary Interop Assemblies</p></td>
-<td align="left"><p>Support managed add-ins</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Office Document Cache Handler</p></td>
-<td align="left"><p>Allows Document Cache for Office applications</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Outlook Protocol Search handler</p></td>
-<td align="left"><p>User can search in outlook</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Active X Controls</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/vs/alm/ms440037(v=office.14).aspx).</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>OneDrive Pro Icon Overlays</p></td>
-<td align="left"><p>Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Shell extensions</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Shortcuts</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Windows Search</p></td>
-<td align="left"><p></p></td>
-</tr>
-</tbody>
-</table>
+|Integration point|Description|
+|---|---|
+|Skype for Business (formerly Lync) Meeting Join plug-in for Firefox and Chrome|User can join Skype meetings from Firefox and Chrome|
+|Sent to OneNote Print Driver|User can print to OneNote|
+|OneNote Linked Notes|OneNote Linked Notes|
+|Send to OneNote Internet Explorer add-in|User can send to OneNote from IE|
+|Firewall exception for Skype for Business (formerly Lync) and Outlook|Firewall exception for Skype for Business (formerly Lync) and Outlook|
+|MAPI client|Native apps and add-ins can interact with virtual Outlook through MAPI|
+|SharePoint Plug-in for Firefox|User can use SharePoint features in Firefox|
+|Mail Control Panel Applet|User gets the mail control panel applet in Outlook|
+|Primary Interop Assemblies|Support managed add-ins|
+|Office Document Cache Handler|Allows Document Cache for Office applications|
+|Outlook Protocol Search Handler|User can search in Outlook|
+|Active X Controls|For more information on ActiveX controls, refer to [ActiveX Control API Reference](<https://msdn.microsoft.com/library/vs/alm/ms440037(v=office.14).aspx>).|
+|OneDrive Pro Icon Overlays|Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders|
+|Shell extensions||
+|Shortcuts||
+|Windows Search||
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-- [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
-- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+* [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
+* [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index 5e18534d50..ee75ec9087 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -6,32 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
 # Planning to Deploy App-V with an electronic software distribution system
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv).
+If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with System Center Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv).
 
 Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
 
 | Deployment requirement or option | Description |
-| - | - |
+|---|---|
 | The App-V Management server, Management database, and Publishing server are not required. | These functions are handled by the implemented ESD solution. |
-| You can deploy the App-V Reporting server and Reporting database side by side with the ESD. | The side-by-side deployment lets you to collect data and generate reports.<br/>If you enable the App-V client to send report information, and you are not using the App-V Reporting server, the reporting data is stored in associated .xml files. |
+| You can deploy the App-V Reporting server and Reporting database side-by-side with the ESD. | The side-by-side deployment lets you collect data and generate reports.<br/>If you enable the App-V client to send report information without using the App-V Reporting server, the reporting data will be stored in associated .xml files. |
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-- [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
-
-- [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
-
-- [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
-
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [How to deploy App-V packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
+* [How to enable only administrators to publish packages by using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index dab76ddfbf..7e9a2005e7 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -6,77 +6,51 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
-
-
 # Planning to Deploy App-V for Windows 10
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-There are a number of different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to formulate a deployment plan that best meets your business requirements.
+There are several different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to make a deployment plan that best meets your needs.
 
 ## App-V supported configurations
 
-Describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
-
-[App-V Supported Configurations](appv-supported-configurations.md)
+[App-V supported configurations](appv-supported-configurations.md) describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
 
 ## App-V capacity planning
 
-Describes the available options for scaling your App-V deployment.
-
-[App-V Capacity Planning](appv-capacity-planning.md)
+[App-V capacity planning](appv-capacity-planning.md) describes the available options for scaling your App-V deployment.
 
 ## Planning for high availability with App-V
 
-Describes the available options for ensuring high availability of App-V databases and services.
-
-[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
+[Planning for high availability with App-V](appv-planning-for-high-availability-with-appv.md) describes the available options for ensuring high availability of App-V databases and services.
 
 ## Planning to Deploy App-V with an Electronic Software Distribution System
 
-Describes the options and requirements for deploying App-V with an electronic software distribution system.
-
-[Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
+[Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) describes the options and requirements for deploying App-V with an electronic software distribution system.
 
 ## Planning for App-V server deployment
 
-Describes the planning considerations for the App-V Server components and their functions.
-
-[Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)
+[Planning for the App-V server deployment](appv-planning-for-appv-server-deployment.md) describes the planning considerations for the App-V Server components and their functions.
 
 ## Planning for the App-V Sequencer and Client deployment
 
-Describes the planning considerations for the App-V Client and for the Sequencer software, which you use to create virtual applications and application packages.
-
-[Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)
+[Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md) describes planning considerations you should make for deploying the App-V Client and the Sequencer software, which you use to create virtual applications and application packages.
 
 ## Planning for migrating from a previous version of App-V
 
-Describes the recommended path for migrating from previous versions of App-V, while ensuring that existing server configurations, packages and clients continue to work in your new App-V environment.
-
-[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+[Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md) describes the recommended path for migrating from previous versions of App-V without disrupting your existing server configurations, packages, and clients.
 
 ## Planning for using App-V with Office
 
-Describes the requirements for using App-V with Office and explains the supported scenarios, including information about coexisting versions of Office.
-
-[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md)
+[Planning for using App-V with Office](appv-planning-for-using-appv-with-office.md) describes the requirements for using App-V with Office and the supported scenarios, including information about coexisting versions of Office.
 
 ## Planning to use folder redirection with App-V
 
-Explains how folder redirection works with App-V.
-
-[Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md)
+[Planning to use folder redirection with App-V](appv-planning-folder-redirection-with-appv.md) explains how folder redirection works with App-V.
 
 ## Other Resources for App-V Planning
 
--   [Planning for App-V](appv-planning-for-appv.md)
-
--   [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index cb6cfe9f54..045ae3eac4 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -6,32 +6,22 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# Preparing your environment for App-V
 
-# Preparing Your Environment for App-V
+>Applies to: Windows 10, version 1607
 
-**Applies to**
--   Windows 10, version 1607
-
-There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan for Microsoft Application Virtualization (App-V). This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements.
+There are several different deployment configurations and prerequisites that you must consider before creating your deployment plan for Microsoft App-V. The following articles will help you gather the information you need to set up a deployment plan that best suits your business’ needs.
 
 ## App-V prerequisites
 
--   [App-V Prerequisites](appv-prerequisites.md)
-
-    Lists the prerequisite software that you must install before installing App-V.
+[App-V prerequisites](appv-prerequisites.md) lists the prerequisite software that you must install before installing App-V.
 
 ## App-V security considerations
 
--   [App-V Security Considerations](appv-security-considerations.md)
+[App-V security considerations](appv-security-considerations.md) describes accounts, groups, log files, and other considerations for securing your App-V environment.
 
-    Describes accounts, groups, log files, and other considerations for securing your App-V environment.
+## Other App-V planning resources
 
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other resources for App-V planning
-
--   [Planning for App-V](appv-planning-for-appv.md)
+* [Planning for App-V](appv-planning-for-appv.md)
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index 1181322016..f8f7d4b0e9 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -6,14 +6,11 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
 ---
+# App-V for Windows 10 prerequisites
 
-
-# App-V for Windows 10 Prerequisites
-
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 Before installing App-V for Windows 10, ensure that you have installed all of the following required prerequisite software.
 
@@ -21,559 +18,145 @@ For a list of supported operating systems and hardware requirements for the App-
 
 ## Summary of software preinstalled on each operating system
 
-
 The following table indicates the software that is already installed for different operating systems.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Operating system</th>
-<th align="left">Prerequisite description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Windows 10</p></td>
-<td align="left"><p>All of the prerequisite software is already installed.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Windows 8.1</p></td>
-<td align="left"><p>All of the prerequisite software is already installed.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>If you are running Windows 8, upgrade to Windows 8.1 before using App-V.</p>
-</div>
-<div>
- 
-</div></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Windows Server 2016</p></td>
-<td align="left"><p>The following prerequisite software is already installed:</p>
-<ul>
-<li><p>Microsoft .NET Framework 4.5</p></li>
-<li><p>Windows PowerShell 3.0</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>Installing Windows PowerShell 3.0 requires a restart.</p>
-</div>
-<div>
- 
-</div></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Windows 7</p></td>
-<td align="left"><p>The prerequisite software is not already installed. You must install it before you can install App-V.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Operating system|Prerequisite description|
+|---|---|
+|Windows 10|All prerequisite software is already installed.|
+|Windows 8.1|All prerequisite software is already installed.<br>If you're running Windows 8, upgrade to Windows 8.1 before using App-V.|
+|Windows Server 2016|The following prerequisite software is already installed:<br>- Microsoft .NET Framework 4.5<br>- Windows PowerShell 3.0<br><br>Installing Windows PowerShell requires a restart.|
+|Windows 7|No prerequisite software is installed. You must install the software before you can install App-V.|
 
 ## App-V Server prerequisite software
 
-
 Install the required prerequisite software for the App-V server components.
 
 ### What to know before you start
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Account for installing the App-V Server</p></td>
-<td align="left"><p>The account that you use to install the App-V Server components must have:</p>
-<ul>
-<li><p>Administrative rights on the computer on which you are installing the components.</p></li>
-<li><p>The ability to query Active Directory Domain Services.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Port and firewall</p></td>
-<td align="left"><ul>
-<li><p>Specify a port where each component will be hosted.</p></li>
-<li><p>Add the associated firewall rules to allow incoming requests to the specified ports.</p></li>
-</ul>
-<p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Web Distributed Authoring and Versioning (WebDAV)</p></td>
-<td align="left"><p>WebDAV is automatically disabled for the Management Service.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Supported deployment scenarios</p></td>
-<td align="left"><ul>
-<li><p>A stand-alone deployment, where all components are deployed on the same server.</p></li>
-<li><p>A distributed deployment.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Unsupported deployment scenarios</p></td>
-<td align="left"><ul>
-<li><p>Installing side-by-side instances of multiple App-V Server versions on the same server.</p></li>
-<li><p>Installing the App-V server components on a computer that runs server core or domain controller.</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
+The account you use to install the App-V Server components must have:
 
- 
+* Administrative rights on the computer on which you are installing the components.
+* The ability to query Active Directory Domain Services.
+
+You must specify a port where each component will be hosted, and add the associated firewall rules to allow incoming requests to the specified ports.
+
+Web Distributed Authoring and Versioning (WebDAV) is automatically disabled for the Management Service.
+
+The following are supported deployment scenarios for App-V:
+
+* A stand-alone deployment where all components are deployed on the same server.
+* A distributed deployment.
+
+The following deployment scenarios are not supported:
+
+* Installing side-by-side instances of multiple App-V Server versions on the same server.
+* Installing the App-V server components on a computer that runs server core or domain controller.
+
+|Item|Description|
+|---|---|
+|Account for installing the App-V Server|The account that you use to install the App-V Server components must have:<br>- Administrative rights on the computer on which you are installing the components.<br>- The ability to query Active Directory Domain Services.|
+|Port and firewall|- Specify a port where each component will be hosted.<br>- Add the associated firewall rules to allow incoming requests to the specified ports.|
+|Web Distributed Authoring and Versioning (WebDAV)|WebDAV is automatically disabled for the Management Service.|
+|Supported deployment scenarios|- A stand-alone deployment, where all components are deployed on the same server.<br>- A distributed deployment.|
+|Unsupported deployment scenarios|- Installing side-by-side instances of multiple App-V Server versions on the same server.<br>- Installing the App-V server components on a computer that runs server core or domain controller.|
 
 ### Management server prerequisite software
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisites and required settings</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Supported version of SQL Server</p></td>
-<td align="left"><p>For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)</p></td>
-<td align="left"><p>Installing Windows PowerShell 3.0 requires a restart.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Download and install [KB2533623](http://support.microsoft.com/kb/2533623)</p></td>
-<td align="left"><p>Applies to Windows 7 only.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>64-bit ASP.NET registration</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Windows Server Web Server Role</p></td>
-<td align="left"><p>This role must be added to a server operating system that is supported for the Management server.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Web Server (IIS) Management Tools</p></td>
-<td align="left"><p>Click <strong>IIS Management Scripts and Tools</strong>.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Web Server Role Services</p></td>
-<td align="left"><p><strong>Common HTTP Features:</strong></p>
-<ul>
-<li><p>Static Content</p></li>
-<li><p>Default Document</p></li>
-</ul>
-<p><strong>Application Development:</strong></p>
-<ul>
-<li><p>ASP.NET</p></li>
-<li><p>.NET Extensibility</p></li>
-<li><p>ISAPI Extensions</p></li>
-<li><p>ISAPI Filters</p></li>
-</ul>
-<p><strong>Security:</strong></p>
-<ul>
-<li><p>Windows Authentication</p></li>
-<li><p>Request Filtering</p></li>
-</ul>
-<p><strong>Management Tools:</strong></p>
-<ul>
-<li><p>IIS Management Console</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Default installation location</p></td>
-<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Location of the Management database</p></td>
-<td align="left"><p>SQL Server database name, SQL Server database instance name, and database name.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Management console and Management database permissions</p></td>
-<td align="left"><p>A user or group that can access the Management console and database after the deployment is complete. Only these users or groups will have access to the Management console and database unless additional administrators are added by using the Management console.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Management service website name</p></td>
-<td align="left"><p>Name for the Management console website.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Management service port binding</p></td>
-<td align="left"><p>Unique port number for the Management service. This port cannot be used by another process on the computer.</p></td>
-</tr>
-</tbody>
-</table>
+|Prerequisites and required settings|Details|
+|---|---|
+|Supported version of SQL Server|For supported versions, see [App-V supported configurations](appv-supported-configurations.md).|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)|Installing Windows PowerShell 3.0 requires a restart.|
+|Download and install [KB2533623](https://support.microsoft.com/kb/2533623)|Applies to Windows 7 only.|
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Windows Server Web Server Role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|Common HTTP features:<br>- Static content<br>- Default document<br><br>Application development:<br>- ASP<span></span>.NET<br>- .NET Extensibility<br>- ISAPI Extensions<br>- ISAPI Filters<br><br>Security:<br>- Windows Authentication<br>- Request Filtering<br><br>Management Tools:<br>- IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Location of the Management database|SQL Server database name, SQL Server database instance name, and database name.|
+|Management console and Management database permissions|A user or group that can access the Management console and database after the deployment is complete. Only these users or groups can access the Management console and database unless the Management console is used to add additional administrators.|
+|Management service website name|Name for the Management console website.|
+|Management service port binding|Unique port number for the Management service. This port cannot be used by another process on the computer.|
 
-> [!IMPORTANT]  
-> JavaScript must be enabled on the browser that opens the Web Management Console.
+>[!IMPORTANT]
+>JavaScript must be enabled on the browser that opens the Web Management Console.
 
 ### Management server database prerequisite software
 
-The Management database is required only if you are using the App-V Management server.
+The Management database is only required if you use the App-V Management server.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisites and required settings</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Default installation location</p></td>
-<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Custom SQL Server instance name (if applicable)</p></td>
-<td align="left"><p>Format to use: <strong>INSTANCENAME</strong></p>
-<p>This format is based on the assumption that the installation is on the local computer.</p>
-<p>If you specify the name with the format <strong>SVR\INSTANCE</strong>, the installation will fail.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Custom database name (if applicable)</p></td>
-<td align="left"><p>Unique database name.</p>
-<p>Default: AppVManagement</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Management server location</p></td>
-<td align="left"><p>Machine account on which the Management server is deployed.</p>
-<p>Format to use: Domain\MachineAccount</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Management server installation administrator</p></td>
-<td align="left"><p>Account used to install the Management server.</p>
-<p>Format to use: Domain\AdministratorLoginName</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft SQL Server Service Agent</p></td>
-<td align="left"><p>Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](http://technet.microsoft.com/magazine/gg313742.aspx).</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Custom SQL Server instance name (if applicable)|Format to use: **INSTANCENAME**<br>This format assumes that the installation is on the local computer.<br>If you specify the name with the format **SVR\INSTANCE**, the installation will fail.|
+|Custom database name (if applicable)|Unique database name.<br>Default: AppVManagement|
+|Management server location|Machine account on which the Management server is deployed.<br>Format to use: **Domain\MachineAccount**|
+|Management server installation administrator|Account used to install the Management server.<br>Format to use: **Domain\AdministratorLoginName**|
+|Microsoft SQL Server Service Agent|Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to restart services automatically](https://technet.microsoft.com/magazine/gg313742.aspx).|
 
 ### Publishing server prerequisite software
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisites and required settings</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>64-bit ASP.NET registration</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Web Server Role</p></td>
-<td align="left"><p>This role must be added to a server operating system that is supported for the Management server.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Web Server (IIS) Management Tools</p></td>
-<td align="left"><p>Click <strong>IIS Management Scripts and Tools</strong>.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Web Server Role Services</p></td>
-<td align="left"><p><strong>Common HTTP Features:</strong></p>
-<ul>
-<li><p>Static Content</p></li>
-<li><p>Default Document</p></li>
-</ul>
-<p><strong>Application Development:</strong></p>
-<ul>
-<li><p>ASP.NET</p></li>
-<li><p>.NET Extensibility</p></li>
-<li><p>ISAPI Extensions</p></li>
-<li><p>ISAPI Filters</p></li>
-</ul>
-<p><strong>Security:</strong></p>
-<ul>
-<li><p>Windows Authentication</p></li>
-<li><p>Request Filtering</p></li>
-</ul>
-<p><strong>Management Tools:</strong></p>
-<ul>
-<li><p>IIS Management Console</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Default installation location</p></td>
-<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Management service URL</p></td>
-<td align="left"><p>URL of the App-V Management service. This is the port with which the Publishing server communicates.</p>
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Installation architecture</th>
-<th align="left">Format to use for the URL</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Management server and Publishing server are installed on the same server</p></td>
-<td align="left"><p>http://localhost:12345</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Management server and Publishing server are installed on different servers</p></td>
-<td align="left"><p>http://MyAppvServer.MyDomain.com</p></td>
-</tr>
-</tbody>
-</table>
-<p> </p>
-<p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Publishing service website name</p></td>
-<td align="left"><p>Name for the Publishing website.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Publishing service port binding</p></td>
-<td align="left"><p>Unique port number for the Publishing service. This port cannot be used by another process on the computer.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Web Server role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|Common HTTP features:<br>- Static content<br>- Default document<br><br>Application development:<br>- ASP<span></span>.NET<br>- .NET Extensibility<br>- ISAPI Extensions<br>- ISAPI Filters<br><br>Security:<br>- Windows Authentication<br>- Request Filtering<br><br>Management Tools:<br>- IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Management service URL|URL of the App-V Management service. This is the port with which the Publishing server communicates.<br>Management server and Publishing server are installed on the same server, use the format **https://<span></span>localhost:12345**.<br>If the Management server and Publishing server are installed on different servers, use the format **https:<span></span>//MyAppvServer<span></span>.MyDomain<span></span>.com**.|
+|Publishing service website name|Name for the Publishing website.|
+|Publishing service port binding|Unique port number for the Publishing service. This port cannot be used by another process on the computer.|
 
 ### Reporting server prerequisite software
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisites and required settings</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Supported version of SQL Server</p></td>
-<td align="left"><p>For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>64-bit ASP.NET registration</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Windows Server Web Server Role</p></td>
-<td align="left"><p>This role must be added to a server operating system that is supported for the Management server.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Web Server (IIS) Management Tools</p></td>
-<td align="left"><p>Click <strong>IIS Management Scripts and Tools</strong>.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Web Server Role Services</p></td>
-<td align="left"><p>To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.</p>
-<p><strong>Common HTTP Features:</strong></p>
-<ul>
-<li><p>Static Content</p></li>
-<li><p>Default Document</p></li>
-</ul>
-<p><strong>Application Development:</strong></p>
-<ul>
-<li><p>ASP.NET</p></li>
-<li><p>.NET Extensibility</p></li>
-<li><p>ISAPI Extensions</p></li>
-<li><p>ISAPI Filters</p></li>
-</ul>
-<p><strong>Security:</strong></p>
-<ul>
-<li><p>Windows Authentication</p></li>
-<li><p>Request Filtering</p></li>
-</ul>
-<p><strong>Management Tools:</strong></p>
-<ul>
-<li><p>IIS Management Console</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Default installation location</p></td>
-<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Reporting service website name</p></td>
-<td align="left"><p>Name for the Reporting website.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Reporting service port binding</p></td>
-<td align="left"><p>Unique port number for the Reporting service. This port cannot be used by another process on the computer.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Prerequisites and required settings|Details|
+|---|---|
+|Supported version of SQL Server|For supported versions, see [App-V supported configurations](appv-supported-configurations.md).|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Windows Server Web Server role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.<br><br>Common HTTP features:<br>- Static content<br>- Default document<br><br>Application development:<br>- ASP<span></span>.NET<br>- .NET Extensibility<br>- ISAPI Extensions<br>- ISAPI Filters<br><br>Security:<br>- Windows Authentication<br>- Request Filtering<br><br>- Management Tools:<br>- IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Reporting service website name|Name for the Reporting website.|
+|Reporting service port binding|Unique port number for the Reporting service. This port cannot be used by another process on the computer.|
 
 ### Reporting database prerequisite software
 
-The Reporting database is required only if you are using the App-V Reporting server.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisites and required settings</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Default installation location</p></td>
-<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Custom SQL Server instance name (if applicable)</p></td>
-<td align="left"><p>Format to use: <strong>INSTANCENAME</strong></p>
-<p>This format is based on the assumption that the installation is on the local computer.</p>
-<p>If you specify the name with the format <strong>SVR\INSTANCE</strong>, the installation will fail.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Custom database name (if applicable)</p></td>
-<td align="left"><p>Unique database name.</p>
-<p>Default: AppVReporting</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Reporting server location</p></td>
-<td align="left"><p>Machine account on which the Reporting server is deployed.</p>
-<p>Format to use: Domain\MachineAccount</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Reporting server installation administrator</p></td>
-<td align="left"><p>Account used to install the Reporting server.</p>
-<p>Format to use: Domain\AdministratorLoginName</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft SQL Server Service and Microsoft SQL Server Service Agent</p></td>
-<td align="left"><p>Configure these services to be associated with user accounts that have access to query AD DS.</p></td>
-</tr>
-</tbody>
-</table>
+You only require the Reporting database if you're using the App-V Reporting server.
 
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Custom SQL Server instance name (if applicable)|Format to use: **INSTANCENAME**<br>his format assumes that the installation is on the local computer.<br>If you specify the name with the format **SVR\INSTANCE**, the installation will fail.|
+|Custom database name (if applicable)|Unique database name.<br>Default: AppVReporting|
+|Reporting server location|The Reporting server will be deployed on this machine account.<br>Format to use: **Domain\MachineAccount**|
+|Reporting server installation administrator|Account used to install the Reporting server.<br>Format to use: **Domain\AdministratorLoginName**|
+|Microsoft SQL Server Service and Microsoft SQL Server Service Agent|Configure these services to be associated with user accounts that have access to query AD DS.|
 
 ## Sequencer prerequisite software
 
+What to know before installing the prerequisites:
 
-**What to know before installing the prerequisites:**
+* Best practice: The computer that runs the sequencer should have the same hardware and software configurations as the computers running the virtual applications.
 
--   Best practice: The computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications.
+* The sequencing process is resource-intensive, so make sure that the computer running the sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications must not exceed those of the sequencer. For more information, see [App-V supported configurations](appv-supported-configurations.md).
 
--   The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications cannot exceed those of the Sequencer. For more information, see [App-V Supported Configurations](appv-supported-configurations.md).
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisite</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)</p>
-<p></p></td>
-<td align="left"><p>Installing Windows PowerShell 3.0 requires a restart.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[KB2533623](http://support.microsoft.com/kb/2533623)</p></td>
-<td align="left"><p>Applies to Windows 7 only: Download and install the KB.</p></td>
-</tr>
-</tbody>
-</table>
-
-
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+|Prerequisite|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)|Installing Windows PowerShell 3.0 requires a restart.|
+|[KB2533623](https://support.microsoft.com/kb/2533623)|Applies to Windows 7 only: download and install the KB.|
 
 ## Related topics
 
-- [Planning for App-V](appv-planning-for-appv.md)
-- [App-V Supported Configurations](appv-supported-configurations.md)
-
- 
-
- 
-
-
-
-
-
+* [Planning for App-V](appv-planning-for-appv.md)
+* [App-V Supported Configurations](appv-supported-configurations.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index b826d5365e..739de9f0a3 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -25,7 +25,7 @@ After you create a connection group, you must publish it to computers that run t
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index bf8d8c0686..fb9ad9b19f 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -42,7 +42,7 @@ The ability to enable only administrators to publish or unpublish packages (desc
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index d5c5f8ec6c..c337d9ddd7 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -39,7 +39,7 @@ Use the following procedure to register or unregister a publishing server.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index cbfeb16785..96cb952b96 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -105,7 +105,7 @@ The following are known issues and workarounds for Application Virtualization (A
 
 ## Related resources list
 For information that can help with troubleshooting App-V for Windows 10, see:
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
 
 - [The Official Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
 
@@ -114,7 +114,7 @@ For information that can help with troubleshooting App-V for Windows 10, see:
 - [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv)
 
 ## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 - [What's new in App-V for Windows 10](appv-about-appv.md)
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index 9b6c2d8902..ac04ab1fb4 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -149,13 +149,13 @@ The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt
 
 ## Related resources list
 For information that can help with troubleshooting App-V for Windows 10, see:
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
 - [The Official Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
 - [Technical Reference for App-V](https://technet.microsoft.com/itpro/windows/manage/appv-technical-reference)
 - [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv)
 
 ## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 <a href="https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md" class="button big">Help us to improve</a>
 
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index c516639d17..afe9597029 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -6,288 +6,209 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
 ---
+# About App-V reporting
 
+>Applies to: Windows 10, version 1607
 
-# About App-V Reporting
-
-**Applies to**
--   Windows 10, version 1607
-
-Application Virtualization (App-V) includes a built-in reporting feature that helps you collect information about computers running the App-V client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database.
-
-## <a href="" id="---------app-v-reporting-overview"></a> App-V Reporting Overview
+Application Virtualization (App-V) includes a built-in reporting feature that collects information about computers running the App-V client and virtual application package usage. You can generate reports from a centralized database with this information.
 
+## App-V reporting overview
 
 The following list displays the end–to-end high-level workflow for reporting in App-V.
 
-1.  The App-V Reporting server has the following prerequisites:
+1. The App-V Reporting server requires the following things:
 
-    -   Internet Information Service (IIS) web server role
+ * Internet Information Service (IIS) web server role
+ * Windows Authentication role (under **IIS / Security**)
+ * SQL Server installed and running with SQL Server Reporting Services (SSRS)
 
-    -   Windows Authentication role (under **IIS / Security**)
+    To confirm SQL Server Reporting Services is running, enter <https://localhost/Reports> in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should appear.
+2. Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server.
+3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports](https://www.microsoft.com/en-us/download/details.aspx?id=42630).
 
-    -   SQL Server installed and running with SQL Server Reporting Services (SSRS)
+    >[!NOTE]
+    >If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V.
+4. After importing the App-V Windows PowerShell module using **Import-Module AppvClient** as administrator, enable App-V client reporting. This sample Windows PowerShell command enables App-V reporting:
 
-    To confirm SQL Server Reporting Services is running, view `http://localhost/Reports` in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should display.
-
-2.  Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server.
-
-3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports ](https://www.microsoft.com/en-us/download/details.aspx?id=42630).
-
-    >**Note**  
-    If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V.
-
-     
-
-4.  After importing the App-V Windows PowerShell module using `Import-Module AppvClient` as administrator, enable App-V client reporting. This sample Windows PowerShell command enables App-V reporting:
-
-    ``` syntax
+    ```PowerShell
     Set-AppvClientConfiguration -ReportingServerURL <url>:<port> -ReportingEnabled 1 -ReportingStartTime <0-23> -ReportingRandomDelay <#min>
     ```
 
-    To immediately send App-V report data, run `Send-AppvClientReport` on the App-V client.
+    To immediately send App-V report data, run **Send-AppvClientReport** on the App-V client.
 
-    For more information about configuring reporting on the App-V client, see [About Client Configuration Settings](appv-client-configuration-settings.md). To administer App-V Reporting with Windows PowerShell, see [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
+    For more information about configuring reporting on the App-V client, see [About client configuration settings](appv-client-configuration-settings.md). To administer App-V Reporting with Windows PowerShell, see [How to enable reporting on the App-V client by using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
+5. After the reporting server receives the data from the App-V client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server, which then notifies the App-V client.
+6. When the App-V client receives the success notification, it empties the data cache to conserve space.
 
-5.  After the reporting server receives the data from the App-V client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server and then a notification is sent to the App-V client.
-
-6.  When the App-V client receives the success notification, it empties the data cache to conserve space.
-
-    >**Note**  
-    By default, the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
+    >[!NOTE]
+    >By default, the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
     
     If the App-V client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache.
 
-### <a href="" id="-------------app-v-reporting-server-frequently-asked-questions"></a> App-V reporting server frequently asked questions
+### App-V reporting server frequently asked questions
 
-The following list displays answers to common questions about App-V reporting.
+The following sections provide answers to frequently asked questions about how App-V reporting works.
 
-- **What is the frequency that reporting information is sent to the reporting database?**
+#### How frequently is reporting information sent to the reporting database?
 
-    The frequency depends on how the reporting task is configured on the computer running the App-V client. You must configure the frequency / interval for sending the reporting data. App-V Reporting is not enabled by default.
+Frequency depends on the computer running the App-V client's reporting configuration. You must configure the frequency or interval for sending the reporting data manually, as App-V reporting is not enabled by default.
 
-- **What information is stored in the reporting server database?**
+#### What information is stored in the reporting server database?
 
-    The following list displays what is stored in the reporting database:
-    - The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.
-    - App-V Client information: version.
-    - Published package list: GUID, version GUID, name.
-    - Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.
+The following information is stored in the reporting database:
 
-- **What is the average volume of information that is sent to the reporting server?**
+* The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.
+* App-V client information: version.
+* Published package list: GUID, version GUID, name.
+* Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.
 
-    It depends. The following list displays the three sets of the data sent to the reporting server:
-    - Operating system, and App-V client information. ~150 Bytes, every time this data is sent.
-    - Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.
-    - Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the Windows PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is **DeleteOnSuccess**.
-    
-    So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user.
+#### What is the average volume of information that is sent to the reporting server?
 
-- **Can reporting be scheduled?**
+It depends. Three sets of data can be sent to the reporting server:
 
-    Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send-AppvClientReport**), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:
-    - Using a Windows PowerShell cmdlet: **Set-AppvClientConfiguration**. For example:
-    `Set-AppvClientConfiguration -ReportingEnabled 1 -ReportingServerURL http://any.com/appv-reporting`
-    
-    For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md) and look for the following entries: **ReportingEnabled**, **ReportingServerURL**, **ReportingDataCacheLimit**, **ReportingDataBlockSize**, **ReportingStartTime**, **ReportingRandomDelay**, **ReportingInterval**.
-    
-    - By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.
-    
-    **Note**  
-    Group Policy settings override local settings configured using Windows PowerShell.
+* Operating system and App-V client information, which is about 150 Bytes every time it gets sent to the server.
+* Published package lists, which are about 7 KB per 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.
+* Virtual application usage information is about 0.25 KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the Windows PowerShell cmdlet, there is an optional argument called **DeleteOnSuccess** that controls if the data needs to be re-sent the next time around.
 
+For example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15 KB + 20 × 0.25 KB, or about 5 KB/user.
 
-## <a href="" id="---------app-v-client-reporting"></a> App-V Client Reporting
+#### Can I schedule reporting?
 
+Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send-AppvClientReport**), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:
 
-To use App-V reporting you must enable and configure the App-V client. To configure reporting on the client, use the Windows PowerShell cmdlet **Set-AppVClientConfiguration**, or the Group Policy **ADMX Template**. For more information about the Windows PowerShell cmdlets, see [About Client Configuration Settings](appv-client-configuration-settings.md). The following section provides examples of Windows PowerShell commands for configuring App-V client reporting.
+* Using a Windows PowerShell cmdlet: **Set-AppvClientConfiguration**. For example:
 
-### Configuring App-V Client reporting using Windows PowerShell
+    ```PowerShell
+    Set-AppvClientConfiguration -ReportingEnabled 1 -ReportingServerURL http://any.com/appv-reporting
+    ```
+
+    For a complete list of client configuration settings, go to [About client configuration settings](appv-client-configuration-settings.md) and look for the following entries: **ReportingEnabled**, **ReportingServerURL**, **ReportingDataCacheLimit**, **ReportingDataBlockSize**, **ReportingStartTime**, **ReportingRandomDelay**, **ReportingInterval**.
+* Using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.
+
+    >[!NOTE]
+    >Group Policy settings override local settings configured using Windows PowerShell.
+
+## App-V Client reporting
+
+To use App-V reporting you must enable and configure the App-V client. To configure reporting on the client, use the Windows PowerShell cmdlet **Set-AppVClientConfiguration**, or the Group Policy **ADMX Template**. For more information about the Windows PowerShell cmdlets, see [About client configuration settings](appv-client-configuration-settings.md). The following section provides examples of Windows PowerShell commands for configuring App-V client reporting.
+
+### Configuring App-V client reporting using Windows PowerShell
 
 The following examples show how Windows PowerShell parameters can configure the reporting features of the App-V client.
 
-**Note**  
-The following configuration task can also be configured using Group Policy settings in the App-V ADMX template. The App-V settings are under **Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V**.
+>[!NOTE]
+>The following configuration tasks can also be configured using Group Policy settings in the App-V ADMX template. The App-V settings are under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
 
-**To enable reporting and to initiate data collection on the computer running the App-V client**:
+#### Enabling reporting and initiating data collection on the computer running the App-V client
 
-`Set-AppVClientConfiguration –ReportingEnabled 1`
+Use the following command to enable reporting and initiate date collection on the computer running the App-V client:
 
-**To configure the client to automatically send data to a specific reporting server**:
+```PowerShell
+Set-AppVClientConfiguration –ReportingEnabled 1
+```
 
-``` syntax
+#### Configuring the client to automatically send data to a specific reporting server
+
+To configure the client to automatically send data to a specific reporting server, use a command with the following format:
+
+```PowerShell
 Set-AppVClientConfiguration -ReportingServerURL http://MyReportingServer:MyPort/ -ReportingStartTime 20 -ReportingInterval 1 -ReportingRandomDelay 30
 ```
 
-The preceding example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
+This example command configures the client to automatically send the reporting data to the reporting server URL ```http://MyReportingServer:MyPort/```. The reporting data will be sent to the URL daily between 8:00 PM and 8:30 PM, depending on the session's generated random delay.
 
-**To limit the size of the data cache on the client**:
+#### Limiting the size of the client's data cache
 
-`Set-AppvClientConfiguration –ReportingDataCacheLimit 100`
+To limit the client's data cache size, use a command with the following format:
 
-Configures the maximum size of the reporting cache on the computer running the App-V client to 100 MB. If the cache limit is reached before the data is sent to the server, then the log rolls over and data will be overwritten as necessary.
+```PowerShell
+Set-AppvClientConfiguration –ReportingDataCacheLimit 100
+```
 
-**To configure the data block size transmitted across the network between the client and the server**:
+This example command configures the maximum size of the App-V client computer's reporting cache to 100 MB. If the cache limit is reached before the data is sent to the server, then the log rolls over and data will be overwritten as necessary.
 
-`Set-AppvClientConfiguration –ReportingDataBlockSize 10240`
+#### Configuring the data block size transmitted across the network between the client and the server
 
-Specifies the maximum data block that the client sends to 10240 MB.
+To configure the data block size, use a command with the following format:
+
+```PowerShell
+Set-AppvClientConfiguration –ReportingDataBlockSize 10240
+```
+
+This example command specifies the maximum size of the data block as 10,240 MB.
 
 ### Types of data collected
 
 The following table displays the types of information you can collect by using App-V reporting.
 
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Client Information</th>
-<th align="left">Package Information</th>
-<th align="left">Application Usage</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Host Name</p></td>
-<td align="left"><p>Package Name</p></td>
-<td align="left"><p>Start and End Times</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V Client Version</p></td>
-<td align="left"><p>Package Version</p></td>
-<td align="left"><p>Run Status</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Processor Architecture</p></td>
-<td align="left"><p>Package Source</p></td>
-<td align="left"><p>Shutdown State</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Operating System Version</p></td>
-<td align="left"><p>Percent Cached</p></td>
-<td align="left"><p>Application Name</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Service Pack Level</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>Application Version</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Operating System Type</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>Username</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p></p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>Connection Group</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Client information|Package information|Application usage|
+|---|---|---|
+|Host name|Package name|Start and end times|
+|App-V client version|Package version|Run status|
+|Processor architecture|Package source|Shutdown state|
+|Operating system version|Percent cached|Application name|
+|Service Pack level||Application version|
+|Operating system type||Username|
+|||Connection group|
 
 The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file.
 
 ### Sending data to the server
 
-You can configure the computer that is running the App-V client to automatically send data to the specified reporting server. To specify the server use the **Set-AppvClientConfiguration** cmdlet with the following settings:
+You can configure the computer that is running the App-V client to automatically send data to the specified reporting server. To specify the server, use the **Set-AppvClientConfiguration** cmdlet with the following settings:
 
--   ReportingEnabled
-
--   ReportingServerURL
-
--   ReportingStartTime
-
--   ReportingInterval
-
--   ReportingRandomDelay
+* ReportingEnabled
+* ReportingServerURL
+* ReportingStartTime
+* ReportingInterval
+* ReportingRandomDelay
 
 After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following Windows PowerShell cmdlet:
 
-`Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess`
+```PowerShell
+Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess
+```
 
 If the reporting server has been previously configured, then the **–URL** parameter can be omitted. Alternatively, if the data should be sent to an alternate location, specify a different URL to override the configured **ReportingServerURL** for this data collection.
 
-The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache is cleared. If this is not specified, then the cache will not be cleared.
+The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache will be cleared. If this is not specified, then the cache will not be cleared.
 
 ### Manual Data Collection
 
 You can also use the **Send-AppVClientReport** cmdlet to manually collect data. This solution is helpful with or without an existing reporting server. The following list displays information about collecting data with or without a reporting server.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">With a Reporting Server</th>
-<th align="left">Without a Reporting Server</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>If you have an existing App-V reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency.</p></td>
-<td align="left"><p>If you do not have an existing App-V reporting Server, use the <strong>–URL</strong> parameter to send the data to a specified share. For example:</p>
-<p><code>Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess</code></p>
-<p>The previous example will send the reporting data to <strong>\\MyShare\MyData\</strong> location indicated by the <strong>-URL</strong> parameter. After the data has been sent, the cache is cleared.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>If a location other than the Reporting Server is specified, the data is sent using <strong>.xml</strong> format with no additional processing.</p>
-</div>
-<div>
- 
-</div></td>
-</tr>
-</tbody>
-</table>
+|With a reporting server|Without a reporting server|
+|---|---|
+|f you have an existing App-V reporting server, create a customized scheduled task or script. Specify that the client sends the data to the specified location at the desired frequency.|If you do not have an existing App-V reporting Server, use the **–URL** parameter to send the data to a specified share. For example: ```Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess``` <br>The previous example will send the reporting data to the ```\\MyShare\MyData\``` location indicated by the **-URL** parameter. After the data has been sent, the cache is cleared.|
 
- 
+>[!NOTE]
+>If a location other than the Reporting Server is specified, the data is sent in **.xml** format with no additional processing.
 
-### Creating Reports
+### Creating reports
 
 To retrieve report information and create reports using App-V you must use one of the following methods:
 
--   **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports.
+* Microsoft SQL Server Reporting Services (SSRS)—Microsoft SSRS is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. For more information, see the [What is SQL Server Reporting Services (SSRS)?](https://docs.microsoft.com/en-us/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports) article.
 
-    Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://technet.microsoft.com/en-us/library/ms159106(v=sql.130).aspx).
-
--   **Scripting** – You can generate reports by scripting directly against the App-V reporting database. For example:
+* Scripting—You can generate reports by scripting directly against the App-V reporting database. For example:
 
     **Stored Procedure:**
 
     **spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
 
-    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://technet.microsoft.com/library/ms178130).
+    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. Make sure the Microsoft SQL Server Agent is set to **AutoStart**. For more information, see [Autostart SQL Server Agent (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/ssms/agent/autostart-sql-server-agent-sql-server-management-studio).
 
-    The stored procedure is also created when using the App-V database scripts.
+    The stored procedure is also created when when you use the App-V database scripts.
 
-You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server will be able to manage without impacting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**.
+You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server can manage without affecting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**.
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-
-[Deploying the App-V server](appv-deploying-the-appv-server.md)
-
-[How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md)
-
- 
-
- 
-
-
-
-
-
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
+* [How to install the reporting server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index c404cdd892..16285b7ef5 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -155,7 +155,7 @@ This method lets you launch any command within the context of an App-V package,
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index b29f528873..c5286a0658 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -6,143 +6,66 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
 ---
+# App-V security considerations
 
-
-# App-V Security Considerations
-
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
 
-**Important**  
-App-V is not a security product and does not provide any guarantees for a secure environment.
+>[!IMPORTANT]
+>App-V is not a security product and does not provide any guarantees for a secure environment.
 
- 
+## The PackageStoreAccessControl (PSAC) feature has been deprecated
 
-## PackageStoreAccessControl (PSAC) feature has been deprecated
-
-
-Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
+Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
 
 ## General security considerations
 
+**Understand the security risks.** The most serious risk to App-V is from unauthorized users hijacking an App-V client's functionality, giving the hacker the ability to reconfigure key data on App-V clients. By comparison, short-term loss of App-V functionality from a denial-of-service attack would not be as catastrophic.
 
-**Understand the security risks.** The most serious risk to App-V is that its functionality could be hijacked by an unauthorized user who could then reconfigure key data on App-V clients. The loss of App-V functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact.
+**Physically secure your computers**. A security strategy that doesn't consider physical security is incomplete. Anyone with physical access to an App-V server could potentially attack the entire client base, so potential physical attacks or thefts should be prevented at all cost. App-V servers should be stored in a physically secure server room with controlled access. Lock the computer with the operating system or a secured screen saver to keep computers secure when the administrators are away.
 
-**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012). (THIS LINK NEEDS TO BE UPDATED)
 
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012).
-
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://technet.microsoft.com/library/hh994572.aspx).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://docs.microsoft.com/en-us/sql/relational-databases/security/password-policy) and [Strong Passwords](https://docs.microsoft.com/en-us/sql/relational-databases/security/strong-passwords). (THIS LINK NEEDS TO BE UPDATED)
 
 ## Accounts and groups in App-V
 
+A best practice for user account management is to create domain global groups and add user accounts to them. After that, add the domain global accounts to the necessary App-V local groups on the App-V servers.
 
-A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V local groups on the App-V servers.
+>[!NOTE]
+>App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
 
-**Note**  
-App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
+### App-V server security
 
- 
+No groups are created automatically during App-V setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations.
 
-### <a href="" id="-------------app-v-5-1-server-security"></a> App-V server security
-
-No groups are created automatically during App-V Setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Group name</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V Management Admin group</p></td>
-<td align="left"><p>Used to manage the App-V management server. This group is created during the App-V Management Server installation.</p>
-<div class="alert">
-<strong>Important</strong>  
-<p>There is no method to create the group using the management console after you have completed the installation.</p>
-</div>
-<div>
- 
-</div></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Database read/write for Management Service account</p></td>
-<td align="left"><p>Provides read/write access to the management database. This account should be created during the App-V management database installation.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V Management Service install admin account</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>This is only required if management database is being installed separately from the service.</p>
-</div>
-<div>
- 
-</div></td>
-<td align="left"><p>Provides public access to schema-version table in management database. This account should be created during the App-V management database installation.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V Reporting Service install admin account</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>This is only required if reporting database is being installed separately from the service.</p>
-</div>
-<div>
- 
-</div></td>
-<td align="left"><p>Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+|Group name|Details|Important notes|
+|---|---|---|
+|App-V Management Admin group|Used to manage the App-V management server. This group is created during the App-V Management Server installation.|The management console can't create a new group after installation is complete.|
+|Database read/write for Management Service account|Provides read/write access to the management database. This account should be created during App-V management database installation.||
+|App-V Management Service install admin account|Provides public access to schema-version table in management database. This account should be created during App-V management database installation.|This is only required if the management database is being installed separately from the service.|
+|App-V Reporting Service install admin account|Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.|This is only required if reporting database is being installed separately from the service.|
 
 Consider the following additional information:
 
--   Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
+* Access to the package shares: If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
+  >[!NOTE]
+  >In previous versions of App-V, package share was referred to as content share.
+* Registering publishing servers with Management Server: A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
 
-    **Note**  
-    In previous versions of App-V, package share was referred to as content share.
-
-     
-
--   Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
-
-### <a href="" id="-------------app-v-5-1-package-security"></a> App-V package security
+### App-V package security
 
 The following will help you plan how to ensure that virtualized packages are secure.
 
--   If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. When the package is deployed, if the file or directory is modified by a user it will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former case occurs if the file or directory does not exist in a virtual file system location; the latter case occurs if the file or directory exists in a virtual file system location, for example **%windir%**.
+* If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. If thje file or directory is modified by a user when the package is deployed, the modified file or directory will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former occurs if the file or directory does not exist in a virtual file system location; the latter occurs if the file or directory exists in a virtual file system location, such as **%windir%**.
 
-## <a href="" id="---------app-v-5-1-log-files"></a> App-V log files
+## App-V log files
 
-
-During App-V Setup, setup log files are created in the **%temp%** folder of the installing user.
-
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+During App-V setup, setup log files are created in the **%temp%** folder of the installing user.
 
 ## Related topics
 
-
-[Preparing Your Environment for App-V](appv-preparing-your-environment.md)
-
- 
-
- 
-
-
-
-
-
+[Preparing Your Environment for App-V](appv-preparing-your-environment.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index 0fcb1d5719..ba31867ad8 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -6,220 +6,211 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
 ---
-
-
 # Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
-**Applies to**
--   Windows 10, version 1607 and later
+>Applies to: Windows 10, version 1607 and later
 
 In Windows 10, version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
 
-**To review or do before you start sequencing**
+## Before you start sequencing
 
-1.  Determine the type of virtualized application package you want to create:
+1. Determine the type of virtualized application package you want to create:
 
     | Application type | Description |
-    | - | - |
+    |---|---|
     | Standard | Creates a package that contains an application or a suite of applications. This is the preferred option for most application types. |
     | Add-on or plug-in | Creates a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or for another package that is linked by using connection groups. |
-    | Middleware | Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages by using connection groups. |
+    | Middleware | Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages through connection groups. |
 
-2.  Copy all required installation files to the computer that is running the sequencer.
+2. Copy all required installation files to the computer that is running the sequencer.
 
-3.  Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application.
+3. Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application.
 
-4.  Review the following items:
+4. Review the following items:
 
-    -   If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package.
+    - If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package.
+    - If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume.
 
-    -   If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume.
+>[!NOTE]
+>The App-V Sequencer cannot sequence applications with filenames matching "CO_<_x_>" where *x* is any numeral. Error 0x8007139F will be generated.
 
->[!NOTE]    
->The App-V Sequencer cannot sequence applications with filenames matching "CO_<_x_>" where x is any numeral. Error 0x8007139F will be generated.
+## Sequence a new standard application
 
-**To sequence a new standard application**
+1. On the computer that runs the sequencer, select **All Programs**, and then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
 
-1.  On the computer that runs the sequencer, click **All Programs**, and then click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+2. In the sequencer, select **Create a New Virtual Application Package**. Select **Create Package (default)**, and then select **Next**.
 
-2.  In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**.
+3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
 
-3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
-
-    >[!IMPORTANT]  
+    >[!IMPORTANT]
     >If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
 
-4.  On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**.
+4. On the **Type of Application** page, select the **Standard Application (default)** check box, and then select **Next**.
 
-5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the application.
 
-    >[!NOTE]  
+    >[!NOTE]
     >If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package.
-    
-    If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then click **Next**.
 
-6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
+    If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then select **Next**.
 
-    Click **Next**.
+6. On the **Package Name** page, specify a name for the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console. Once you're done, select **Next**.
 
-7.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
+7. On the **Installation** page, when the sequencer and application installer are ready, you can install the application so that the sequencer can monitor the installation process.
 
-    >[!IMPORTANT]  
+    >[!IMPORTANT]
     >You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
-    
-    Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
 
-8.  On the **Installation** page, wait while the sequencer configures the virtualized application package.
+    Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, then select **Next**.
 
-9.  On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+8. On the **Installation** page, wait while the sequencer configures the virtualized application package.
 
-    >[!NOTE]  
+9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then select **Run All**. To run specific programs, select the program or programs, and then select **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+
+    >[!NOTE]
     >To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
-    
-    Click **Next**.
 
-10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+    Select **Next**.
 
-11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
+10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, select **Next**.
 
-    -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+11. The **Customize** page is displayed. If you've finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
 
-    -   Specify the operating systems that can run this package.
+    - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+    - Specify the operating systems that can run this package.
 
-    Click **Next**.
+    Once you're ready, select **Next**.
 
-12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
+12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then select **Next**.
 
-    >[!NOTE]  
-    >If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application.
+    >[!NOTE]
+    >If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened. After that, depending on how the background loading is configured, it will load the rest of the application.
 
-13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**.
+13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. After that, select **Next**.
 
-    >[!IMPORTANT]  
+    >[!IMPORTANT]
     >Make sure that the operating systems you specify here are supported by the application you are sequencing.
 
-
-14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before saving it. Select **Next**.
 
     To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
 
-    >[!IMPORTANT]  
+    >[!IMPORTANT]
     >The system does not support non-printable characters in **Comments** and **Descriptions**.
-    
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
 
-15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created.
+    The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. After that, select **Create**.
 
-    The package is now available in the sequencer.
+15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then select **Close**. This information is also available in the **Report.xml** file located in the directory where the package was created.
 
-    >[!IMPORTANT]  
-    >After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
-     
+    Your package should now be available in the sequencer.
 
-**To sequence an add-on or plug-in application**
+    >[!IMPORTANT]
+    >After you have successfully created a virtual application package, you can't run the virtual application package on the computer that is running the sequencer.
 
->[!NOTE]  
+## Sequence an add-on or plug-in application
+
+>[!NOTE]
 >Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer.
+>For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that's running the sequencer. You should also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
 
->For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
+1. On the computer that runs the sequencer, first, select **All Programs**, then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
 
-1.  On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+2. In the sequencer, select **Create a New Virtual Application Package**, select **Create Package (default)**, and then select **Next**.
 
-2.  In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**.
+3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
 
-3.  On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
-
-    >[!IMPORTANT] 
+    >[!IMPORTANT]
     >If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
 
-4.  On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
+4. On the **Type of Application** page, select **Add-on or Plug-in**, and then select **Next**.
 
-5.  On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, then select **Next**.
 
-6.  On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
+6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, select **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
 
-7. Click **Next**.
+7. Select **Next**.
 
-8.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V Management Console.
+8. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V Management Console.
 
-9. Click **Next**.
+9. Select **Next**.
 
-10.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
+10. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then select **Next**.
 
-11.  On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
+11. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, select **Next**.
 
 12. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**.
 
-    -   Optimize how the package will run across a slow or unreliable network.
+    - Optimize how the package will run across a slow or unreliable network.
+    - Specify the operating systems that can run this package.
 
-    -   Specify the operating systems that can run this package.
+    When you're finished, select **Next**.
 
-    Click **Next**.
+13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all applications to run. After all applications have run, close each application. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Select **Next**.
 
-13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**.
+    >[!NOTE]
+    >If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, select **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
 
-    >[!NOTE]   
-    >If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
+14. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Select **Next**.
 
-12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**.
+15. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Select **Next**.
 
-13. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+    To save the package immediately, select **Save the package now**. Optionally, add a **Description** for the package. Descriptions are useful for identifying the version and other important information about the package.
 
-    To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package.
-
-    >[!IMPORTANT]   
+    >[!IMPORTANT]
     >The system does not support non-printable characters in Comments and Descriptions.
-    
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
 
-**To sequence a middleware application**
+    The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. Select **Create**.
 
-1.  On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+### Sequence a middleware application
 
-2.  In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**.
+1. On the computer that runs the sequencer, select **All Programs**, then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
 
-3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+2. In the sequencer, select **Create a New Virtual Application Package**, select **Create Package (default)**, and then select **Next**.
 
-    >[!IMPORTANT] 
+3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
+
+    >[!IMPORTANT]
     >If you are required to disable virus scanning software, you should first scan the computer that runs the App-V Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
 
-4.  On the **Type of Application** page, select **Middleware**, and then click **Next**.
+4. On the **Type of Application** page, select **Middleware**, and then select **Next**.
 
-5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, then select **Next**.
 
-6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
+6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
 
-7. Click **Next**.
+7. Select **Next**.
 
-8. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
+8. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then select **Next**.
 
 9. On the **Installation** page, wait while the sequencer configures the virtual application package.
 
-10. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+10. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, select **Next**.
 
-11. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**.
+11. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Once you're done, select **Next**.
 
-12. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+12. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Select **Next**.
 
     To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package.
 
-    >[!IMPORTANT]   
-    >The system does not support non-printable characters in Comments and Descriptions.
-    
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+    >[!IMPORTANT]
+    >The system does not support non-printable characters in comments and descriptions.
 
-13. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
+    The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. Select **Create**.
 
-    The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
+13. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then select **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
 
-    >[!IMPORTANT]    
-    >After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
+    The package is now available in the sequencer. To edit the package properties, select **Edit \[Package Name\]**.
+
+    >[!IMPORTANT]
+    >After you have successfully created a virtual application package, you can't run the virtual application package on the computer that is running the sequencer.
 
 ## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
+
 - [Install the App-V Sequencer](appv-install-the-sequencer.md)
 - [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 8d8eb13511..8a03631883 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -71,4 +71,4 @@ In Windows 10, version 1703, running the new-appvsequencerpackage or the update-
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index e1e458b316..3a0c6514b4 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -6,158 +6,87 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
 ---
-
-
 # App-V Supported Configurations
 
-**Applies to**
--   Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; and Windows Server 2008 R2
+>Applies to: Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2
 
-This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V Prerequisites](appv-prerequisites.md).
+This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V prerequisites](appv-prerequisites.md).
 
 ## App-V Server system requirements
 
-This section lists the operating system and hardware requirements for all of the App-V server components.
+This section lists the operating system and hardware requirements for all App-V server components.
 
 ### Unsupported App-V server scenarios
 
 The App-V server does not support the following scenarios:
 
--   Deployment to a computer that runs the Server Core installation option.
-
--   Deployment to a computer that runs a previous version of the App-V server components. You can install App-V side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the Application Virtualization Management Service (HWS) 4.x is not supported.
-
--   Deployment to a computer that runs Microsoft SQL Server Express edition.
-
--   Deployment to a domain controller.
-
--   Short paths. If you plan to use a short path, you must create a new volume.
+* Deployment to a computer that runs the Server Core installation option.
+* Deployment to a computer that runs a previous version of the App-V server components. You can only install App-V side-by-side with the App-V 4.5 Lightweight Streaming Server (LWS) server. This scenario doesn't support side-by-side deployment of App-V and the Application Virtualization Management Service (HWS) 4.x.
+* Deployment to a computer running Microsoft SQL Server Express edition.
+* Deployment to a domain controller.
+* Short paths. If you plan to use a short path, you must create a new volume.
 
 ### Management server operating system requirements
 
-The App-V Management server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
+You can install the App-V Management server on a server running Windows Server 2008 R2 with SP1 or later.
 
-> [!IMPORTANT]  
-> Deployment of the Management server role to a computer with Remote Desktop Services enabled is not supported.
-
- 
+>[!IMPORTANT]
+>Deploying a Management server role to a computer with Remote Desktop Services enabled is not supported.
 
 ### Management server hardware requirements
 
--   Processor—1.4 GHz or faster, 64-bit (x64) processor
-
--   RAM—1 GB RAM (64-bit)
-
--   Disk space—200 MB available hard disk space, not including the content directory
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 1 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
 
 ### Management server database requirements
 
-The following table lists the SQL Server versions that are supported for the App-V Management database installation.
+The following table lists the SQL Server versions that the App-V Management database installation supports.
 
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">SQL Server version</th>
-<th align="left">Service pack</th>
-<th align="left">System architecture</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Microsoft SQL Server 2014</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft SQL Server 2012</p></td>
-<td align="left"><p>SP2</p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft SQL Server 2008 R2</p></td>
-<td align="left"><p>SP3</p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-</tbody>
-</table>
+|SQL Server version|Service pack|System architecture|
+|---|---|---|
+|Microsoft SQL Server 2014||32-bit or 64-bit|
+|Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
+|Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
 
- 
 
 ### Publishing server operating system requirements
 
 The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
 
-
 ### Publishing server hardware requirements
 
 App-V adds no additional requirements beyond those of Windows Server.
 
--   Processor—1.4 GHz or faster, 64-bit (x64) processor
-
--   RAM—2 GB RAM (64-bit)
-
--   Disk space—200 MB available hard disk space, not including the content directory
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 2 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
 
 ### Reporting server operating system requirements
 
-The App-V Reporting server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later. 
+You can install the App-V Reporting server on a server running Windows Server 2008 R2 with SP1 or later.
 
 ### Reporting server hardware requirements
 
 App-V adds no additional requirements beyond those of Windows Server.
 
--   Processor—1.4 GHz or faster, 64-bit (x64) processor
-
--   RAM—2 GB RAM (64-bit)
-
--   Disk space—200 MB available hard disk space
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 2 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
 
 ### Reporting server database requirements
 
 The following table lists the SQL Server versions that are supported for the App-V Reporting database installation.
 
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">SQL Server version</th>
-<th align="left">Service pack</th>
-<th align="left">System architecture</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Microsoft SQL Server 2014</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft SQL Server 2012</p></td>
-<td align="left"><p>SP2</p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft SQL Server 2008 R2</p></td>
-<td align="left"><p>SP3</p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-</tbody>
-</table>
+|SQL Server version|Service pack|System architecture|
+|---|---|---|
+|Microsoft SQL Server 2014||32-bit or 64-bit|
+|Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
+|Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
 
- 
-
-## App-V client requirements and Remote Desktop Services client requirements
+## App-V client and Remote Desktop Services client requirements
 
 With Windows 10, version 1607 and later releases, the App-V client is included with Windows 10 Enterprise and Windows 10 Education. The App-V client is no longer part of the Microsoft Desktop Optimization Pack. Before you can use the App-V client, it must be enabled, as described in [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
 
@@ -165,76 +94,27 @@ Similarly, the App-V Remote Desktop Services (RDS) client is included with Windo
 
 ## Sequencer system requirements
 
+The following table lists the operating systems that the App-V Sequencer installation supports.
 
-The following table lists the operating systems that are supported for the App-V Sequencer installation.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Operating system</th>
-<th align="left">Service pack</th>
-<th align="left">System architecture</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
-<td align="left"></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft Windows Server 2012</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
-<td align="left"><p>SP1</p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft Windows 10</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit and 64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows 8.1</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit and 64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft Windows 8</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit and 64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows 7</p></td>
-<td align="left"><p>SP1</p></td>
-<td align="left"><p>32-bit and 64-bit</p></td>
-</tr>
-</tbody>
-</table>
-
+|Operating system|Service pack|System architecture|
+|---|---|---|
+|Microsoft Windows Server 2012 R2||64-bit|
+|Microsoft Windows Server 2012||64-bit|
+|Microsoft Windows Server 2008 R2|SP1|64-bit|
+|Microsoft Windows 10||32-bit and 64-bit|
+|Microsoft Windows 8.1||32-bit and 64-bit|
+|Microsoft Windows 8||32-bit and 64-bit|
+|Microsoft Windows 7|SP1|32-bit and 64-bit|
 
 ### Sequencer hardware requirements
 
-See the Windows or Windows Server documentation for the hardware requirements. App-V adds no additional hardware requirements.
+See the Windows or Windows Server documentation for the hardware requirements.
 
-## <a href="" id="bkmk-supp-ver-sccm"></a>Supported versions of System Center Configuration Manager
+## Supported versions of System Center Configuration Manager
 
 The App-V client works with System Center Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
 
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
 ## Related topics
 
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-- [App-V Prerequisites](appv-prerequisites.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [App-V prerequisites](appv-prerequisites.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index f93b0e90ca..81b431ddac 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -39,7 +39,7 @@ This section provides reference information related to managing App-V.
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index 3fbc1956ed..242fdc9cf7 100644
--- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -29,7 +29,7 @@ Use the following procedure to transfer the access and default package configura
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index c1e0968b82..c3011b5f88 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -17,7 +17,7 @@ ms.date: 04/19/2017
 
 For information that can help with troubleshooting App-V for Windows 10, see:
 
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
 
 - [Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
 
@@ -42,4 +42,4 @@ For information that can help with troubleshooting App-V for Windows 10, see:
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index 2cd95ea922..9331c1584b 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -72,7 +72,7 @@ Once you’ve enabled the in-box App-V client, you need to configure it to point
 
 Type the following cmdlet in a Windows PowerShell window: 
 
-`Add-AppvPublishingServer -Name AppVServer -URL http:// appvserver:2222` 
+`Add-AppvPublishingServer -Name AppVServer -URL https:// appvserver:2222` 
 
 **To modify client settings to point to an existing App-V publishing server with Group Policy** 
 
@@ -96,4 +96,4 @@ Type the following cmdlet in a Windows PowerShell window:
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index 1372c4e630..54b1306b2e 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -82,7 +82,7 @@ The client management console contains the following described main tabs.
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
index ffb8290ae7..fdf7299db8 100644
--- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -33,7 +33,7 @@ Use the following procedure to view and configure default package extensions.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index 60f321a711..46b0feb4f1 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -154,7 +154,7 @@ In your publishing metadata query, enter the string values that correspond to th
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/application-management/index.md b/windows/application-management/index.md
index fdd42c35b8..23490f9d99 100644
--- a/windows/application-management/index.md
+++ b/windows/application-management/index.md
@@ -24,8 +24,8 @@ Learn about managing applications in Windows 10 and Windows 10 Mobile clients.
 | [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) | Learn how to enable or block Windows Mixed Reality apps. |
 |[App-V](app-v/appv-getting-started.md)| Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications|
 | [Service Host process refactoring](svchost-service-refactoring.md) | Changes to Service Host grouping in Windows 10  |
-|[Per User services in Windows 10](sideload-apps-in-windows-10.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016|
+|[Per User services in Windows 10](per-user-services-in-windows.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016|
 [Disabling System Services in Windows Server](https://docs.microsoft.com/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) | Security guidelines for disabling services in Windows Server 2016 with Desktop Experience
 |[Understand apps in Windows 10](apps-in-windows-10.md)| Overview of the different apps included by default in Windows 10 Enterprise|
-| [Deploy app updgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | How to upgrade apps on Windows 10 Mobile  |
+| [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | How to upgrade apps on Windows 10 Mobile  |
 [Change history for Application management](change-history-for-application-management.md) | This topic lists new and updated topics in the Application management documentation for Windows 10 and Windows 10 Mobile. 
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 5b232fca9e..659b090224 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -68,6 +68,10 @@
 ### [ICSPValidate](icspvalidate.md)
 ### [Samples for writing a custom configuration service provider](samples-for-writing-a-custom-configuration-service-provider.md)
 ## [Configuration service provider reference](configuration-service-provider-reference.md)
+### [AccountManagement CSP](accountmanagement-csp.md)
+#### [AccountManagement DDF file](accountmanagement-ddf.md)
+### [Accounts CSP](accounts-csp.md)
+#### [Accounts DDF file](accounts-ddf-file.md)
 ### [ActiveSync CSP](activesync-csp.md)
 #### [ActiveSync DDF file](activesync-ddf-file.md)
 ### [AllJoynManagement CSP](alljoynmanagement-csp.md)
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
new file mode 100644
index 0000000000..f43068ab86
--- /dev/null
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -0,0 +1,62 @@
+---
+title: AccountManagement CSP
+description: Used to configure settings in the Account Manager service
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/23/2018
+---
+
+# AccountManagement CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
+
+> [!Note]  
+> The AccountManagement CSP is only supported in Windows Holographic for Business edition.
+
+
+The following diagram shows the AccountManagement configuration service provider in tree format.
+
+![accountmanagement csp](images/provisioning-csp-accountmanagement.png)
+
+<a href="" id="accountmanagement"></a>**./Vendor/MSFT/AccountManagement**  
+Root node for the AccountManagement configuration service provider.
+
+<a href="" id="accountmanagement-userprofilemanagemen-enableprofilemanager"></a>**UserProfileManagement**  
+Interior node. 
+
+<a href="" id="accountmanagement-userprofilemanagement-deletionpolicy"></a>**UserProfileManagement/EnableProfileManager**  
+Enable profile lifetime mangement for shared or communal device scenarios. Default value is false.
+
+Supported operations are Add, Get,Replace, and Delete. Value type is bool.
+
+<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystartdeletion"></a>**UserProfileManagement/DeletionPolicy**  
+Configures when profiles will be deleted. Default value is 1.
+
+Valid values:  
+
+-  0 - delete immediately when the device returns to a state with no currently active users
+-  1 - delete at storage capacity threshold
+-  2 - delete at both storage capacity threshold and profile inactivity threshold
+
+Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+
+<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStartDeletion**  
+Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
+
+Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+
+<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStopDeletion**  
+Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
+
+Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+
+<a href="" id="accountmanagement-userprofilemanagement-profileinactivitythreshold"></a>**UserProfileManagement/ProfileInactivityThreshold**  
+Start deleting profiles when they have not been logged on during the specified period, given as number of days. Default value is 30.
+
+Supported operations are Add, Get,Replace, and Delete. Value type is integer.
\ No newline at end of file
diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md
new file mode 100644
index 0000000000..eddb5ce0ba
--- /dev/null
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@@ -0,0 +1,201 @@
+---
+title: AccountManagement DDF file
+description: Used to configure settings in the Account Manager service
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/23/2018
+---
+
+# AccountManagement DDF file 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider.
+
+The XML below is for Windows 10, version 1803.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+      <Node>
+        <NodeName>AccountManagement</NodeName>
+        <Path>./Device/Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.0/MDM/AccountManagement</MIME>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>UserProfileManagement</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>EnableProfileManager</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <DefaultValue>false</DefaultValue>
+              <Description>Enable profile lifetime mangement for shared or communal device scenarios.</Description>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>Enable profile manager</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>DeletionPolicy</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <DefaultValue>1</DefaultValue>
+              <Description>Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>Profile deletion policy</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>StorageCapacityStartDeletion</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <DefaultValue>25</DefaultValue>
+              <Description>Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>Storage capacity threshold to start profile deletion</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>StorageCapacityStopDeletion</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <DefaultValue>50</DefaultValue>
+              <Description>Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>Storage capacity threshold to stop profile deletion</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>ProfileInactivityThreshold</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <DefaultValue>30</DefaultValue>
+              <Description>Start deleting profiles when they have not been logged on during the specified period, given as number of days.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>Profile inactive threshold</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
+      </Node>
+</MgmtTree>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
new file mode 100644
index 0000000000..0cec8a8ad3
--- /dev/null
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -0,0 +1,51 @@
+---
+title: Accounts CSP
+description: The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and joint it to a local user group.
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 04/17/2018
+---
+
+# Accounts CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and joint it to a local user group. This CSP was added in Windows 10, version 1803.
+
+
+The following diagram shows the Accounts configuration service provider in tree format.
+
+![Accounts CSP diagram](images/provisioning-csp-accounts.png) 
+
+<a href="" id="accounts"></a>**./Device/Vendor/MSFT/Accounts**  
+Root node.
+
+<a href="" id="domain"></a>**Domain**  
+Interior node for the account domain information.
+
+<a href="" id="domain-computername"></a>**Domain/ComputerName**  
+This node specifies the name for a device.  This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution:  %RAND:<# of digits>% and %SERIAL%.  
+
+Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456").  (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect.
+
+Supported operation is Add.
+
+<a href="" id="users"></a>**Users**  
+Interior node for the user account information.
+
+<a href="" id="users-username"></a>**Users/_UserName_**  
+This node specifies the username for a new local user account.  This setting can be managed remotely.
+
+<a href="" id="users-username-password"></a>**Users/_UserName_/Password**  
+This node specifies the password for a new local user account.  This setting can be managed remotely. 
+
+Supported operation is Add.
+
+<a href="" id="users-username-localusergroup"></a>**Users/_UserName_/LocalUserGroup**  
+This optional node specifies the local user group that a local user account should be joined to.  If the node is not set, the new local user account is joined just to the Standard Users group.  Set the value to 2 for Administrators group. This setting can be managed remotely.
+
+Supported operation is Add.
\ No newline at end of file
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
new file mode 100644
index 0000000000..311ed73e93
--- /dev/null
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -0,0 +1,179 @@
+---
+title: Accounts DDF file
+description: XML file containing the device description framework
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 04/17/2018
+---
+
+# Accounts CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **Accounts** configuration service provider.
+
+The XML below is for Windows 10, version 1803.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+      <Node>
+        <NodeName>Accounts</NodeName>
+        <Path>./Device/Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+            <MIME>com.microsoft/1.0/MDM/Accounts</MIME> 
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>Domain</NodeName>
+          <DFProperties>
+            <AccessType>
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>ComputerName</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Add />
+              </AccessType>
+              <Description>This node specifies the name for a device.  This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution:  %RAND:&lt;# of digits&gt;% and %SERIAL%.  Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456").  (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect.</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFTitle>ComputerName</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>Users</NodeName>
+          <DFProperties>
+            <AccessType>
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+              <AccessType>
+              </AccessType>
+              <Description>This node specifies the username for a new local user account.  This setting can be managed remotely.</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>UserName</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>Password</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                </AccessType>
+                <Description>This node specifies the password for a new local user account.  This setting can be managed remotely. </Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFTitle>Password</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>LocalUserGroup</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                </AccessType>
+                <DefaultValue>1</DefaultValue>
+                <Description>This optional node specifies the local user group that a local user account should be joined to.  If the node is not set, the new local user account is joined just to the Standard Users group.  Set the value to 2 for Administrators group. This setting can be managed remotely.</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+      </Node>
+</MgmtTree>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index b08768dc86..f083dad4a1 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -7,20 +7,20 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/01/2018
+ms.date: 03/20/2018
 ---
 
 # AssignedAccess CSP
 
 
-The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode. Once the CSP has been executed, then the next user login that is associated with the kiosk mode puts the device in the kiosk mode running the application specified in the CSP configuration.
+The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, then the next user login that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
 
 For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
 
  In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps).
 
 > [!Note]
-> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting in Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S.
+> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S.
 
 The following diagram shows the AssignedAccess configuration service provider in tree format
 
@@ -30,12 +30,16 @@ The following diagram shows the AssignedAccess configuration service provider in
 Root node for the CSP.
 
 <a href="" id="assignedaccess-kioskmodeapp"></a>**./Device/Vendor/MSFT/AssignedAccess/KioskModeApp**  
-A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, follow the information in [this Microsoft website](http://go.microsoft.com/fwlink/p/?LinkId=404220).
+A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, see [Find the Application User Model ID of an installed app](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app).
+
+For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
 
 > [!Note]  
-> You cannot set both KioskModeApp and Configuration at the same time in the device in Windows 10, version 1709.
+> You cannot set both KioskModeApp and Configuration at the same time in the device in Windows 10, version 1709.  
+>
+> You cannot set both KioskModeApp and ShellLauncher at the same time on the device.
 
-In Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md).
+Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md).
 
 Here's an example:
 
@@ -44,9 +48,9 @@ Here's an example:
 ```
 
 > [!Tip]  
-> In this example the double \\\ is only required because it's in json and json escapes \ into \\\\. If MDM server uses json parser\composer, they should only ask customer to type one \\, which will be \\\ in the json. If user types \\\\, it'll be \\\\\\\ in json, which is wrong. For the same reason, domain\account used in Configuration xml does not need \\\ but only one \\, because xml does not (require) escape \\.
+> In this example the double \\\ is required because it's in JSON and JSON escapes \ into \\\\. If an MDM server uses JSON parser\composer, they should ask customers to type only one \\, which will be \\\ in the JSON. If user types \\\\, it'll become \\\\\\\ in JSON, which will cause erroneous results. For the same reason, domain\account used in Configuration xml does not need \\\ but only one \\, because xml does not (need to) escape \\.
 >
-> This comment applies to both domain\account, AzureAD\someone@contoso.onmicrosoft.com, i.e. as long as a \ used in json string. 
+> This applies to both domain\account, AzureAD\someone@contoso.onmicrosoft.com, i.e. as long as a \ used in JSON string. 
 
 When configuring the kiosk mode app, the account name will be used to find the target user. The account name includes domain name and user name.
 
@@ -59,11 +63,10 @@ For a local account, the domain name should be the device name. When Get is exec
 The supported operations are Add, Delete, Get and Replace. When there's no configuration, the Get and Delete methods fail. When there's already a configuration for kiosk mode app, the Add method fails. The data pattern for Add and Replace is the same.
 
 <a href="" id="assignedaccess-configuration"></a>**./Device/Vendor/MSFT/AssignedAccess/Configuration**  
-Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps).Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). 
+Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps). Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). 
 
 > [!Note]  
 > You cannot set both KioskModeApp and Configuration at the same time on the device in Windows 10, version 1709.  
-> You cannot set both ShellLauncher and Configuration at the same time on the device.
 
 Enterprises can use this to easily configure and manage the curated lockdown experience. 
 
@@ -97,12 +100,14 @@ Additionally, the status payload includes a profileId, which can be used by the
 Supported operation is Get.
 
 <a href="" id="assignedaccess-shelllauncher"></a>**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher**  
-Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema.
+Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. For more information, see [Shell Launcher](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/shell-launcher).
 
 > [!Note]  
-> You cannot set both ShellLauncher and Configuration at the same time on the device.
+> You cannot set both ShellLauncher and KioskModeApp at the same time on the device.
 >
-> Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature if it is available within the SKU.
+> Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature if it is available within the SKU. I. Shell Launcher as a feature and the ShellLauncher node both require Windows Enterprise or Windows Education to function.  
+>  
+>The ShellLauncher node is not supported in Windows 10 Pro.
 
 <a href="" id="assignedaccess-statusconfiguration"></a>**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration**  
 Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema.
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index 5948135c19..1183e5b3d6 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -63,7 +63,7 @@ The following image shows the ClientCertificateInstall configuration service pro
 
 
 <a href="" id="clientcertificateinstall-pfxcertinstall-uniqueid-containername"></a>**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName**  
-<p style="margin-left: 20px">ptional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node is not specified when Windows Hello for Business KSP is chosen, enrollment will fail.
+<p style="margin-left: 20px">Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node is not specified when Windows Hello for Business KSP is chosen, enrollment will fail.
 
 <p style="margin-left: 20px">Date type is string.
 
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 691891af81..25ce5fcc58 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/20/2018
 ---
 
 # Configuration service provider reference
@@ -29,6 +29,7 @@ Footnotes:
 - 1 - Added in Windows 10, version 1607
 - 2 - Added in Windows 10, version 1703
 - 3 - Added in Windows 10, version 1709
+- 4 - Added in Windows 10, version 1803
 
 <!--StartCSPs-->
 <hr/>
@@ -36,7 +37,7 @@ Footnotes:
 ## CSP support  
 
 <!--StartCSP-->
-[APPLICATION CSP](application-csp.md)  
+[AccountManagement CSP](accountmanagement-csp.md)  
 
 <!--StartSKU-->
 <table>
@@ -50,13 +51,41 @@ Footnotes:
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
+<!--StartCSP-->
+[Accounts CSP](accounts-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 
@@ -119,6 +148,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[APPLICATION CSP](application-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [AppLocker CSP](applocker-csp.md)  
 
@@ -2509,7 +2566,8 @@ Footnotes:
  Footnotes: 
 - 1 - Added in Windows 10, version 1607
 - 2 - Added in Windows 10, version 1703  
-- 3 - Added in Windows 10, version 1803  
+- 3 - Added in Windows 10, version 1709
+- 4 - Added in Windows 10, version 1803
 
 ## CSP DDF files download
 
@@ -2527,6 +2585,7 @@ The following list shows the configuration service providers supported in Window
 
 | Configuration service provider        | Windows Holographic edition      | Windows Holographic for Business edition |
 |--------|--------|------------|
+| [AccountManagement CSP](accountmanagement-csp.md)   | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)3       |
 | [Application CSP](application-csp.md)   | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       |
 | [AppLocker CSP](applocker-csp.md)      | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |
 | [CertificateStore CSP](certificatestore-csp.md)    | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)|
@@ -2549,30 +2608,11 @@ The following list shows the configuration service providers supported in Window
 
 Footnotes: 
 - 2 - Added in Windows 10, version 1703
-
-## <a href="" id="newcsps"></a>New CSPs added in Windows 10, version 1703
-
--   [BitLocker CSP](bitlocker-csp.md)
--   [CleanPC CSP](cleanpc-csp.md)
--   [DeveloperSetup CSP](developersetup-csp.md)
--   [DynamicManagement CSP](dynamicmanagement-csp.md)
--   [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)
--   [Messaging CSP](messaging-csp.md)
--   [NetworkProxy CSP](networkproxy-csp.md)
--   [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
--   [Office CSP](office-csp.md)
--   [Personalization CSP](personalization-csp.md)
-
-## <a href="" id="newcsps"></a>New CSPs added in Windows 10, version 1511
-
--   [AllJoynManagement CSP](alljoynmanagement-csp.md)
--   [Maps CSP](maps-csp.md)
--   [Reporting CSP](reporting-csp.md)
--   [SurfaceHub CSP](surfacehub-csp.md)
--   [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
+- 3 - Added in Windows 10, version 1803
 
 ## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
 
+-   [AccountManagement CSP](accountmanagement-csp.md)
 -   [APPLICATION CSP](application-csp.md)
 -   [CertificateStore CSP](certificatestore-csp.md)
 -   [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
@@ -2631,6 +2671,8 @@ The CSPs supported in Windows 10 S is the same as in Windows 10 Pro except that
 - [CellularSettings CSP](cellularsettings-csp.md)
 - [CertificateStore CSP](certificatestore-csp.md)
 - [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
+- [CMPolicy CSP](cmpolicy-csp.md)
+- [CM_ProxyEntries CSP](cm-proxyentries-csp.md)
 - [CM_CellularEntries CSP](cm-cellularentries-csp.md)
 - [Defender CSP](defender-csp.md)
 - [DevDetail CSP](devdetail-csp.md)
@@ -2640,6 +2682,8 @@ The CSPs supported in Windows 10 S is the same as in Windows 10 Pro except that
 - [DiagnosticLog CSP](diagnosticlog-csp.md)
 - [DMAcc CSP](dmacc-csp.md)
 - [DMClient CSP](dmclient-csp.md)
+- [eUICCs CSP](euiccs-csp.md)
+- [Firewall CSP](firewall-csp.md)
 - [EMAIL2 CSP](email2-csp.md)
 - [EnterpriseAPN CSP](enterpriseapn-csp.md)
 - [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
@@ -2669,4 +2713,5 @@ The CSPs supported in Windows 10 S is the same as in Windows 10 Pro except that
 - [WiFi CSP](wifi-csp.md)
 - [Win32AppInventory CSP](win32appinventory-csp.md)
 - [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
+- [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
 - [WindowsLicensing CSP](windowslicensing-csp.md)
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 2ad3ca1434..404877f84d 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -112,7 +112,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 </Replace>
 ```
 <a href="" id="appmanagement-removepackage"></a>**AppManagement/RemovePackage**  
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Used to remove packages.
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Used to remove packages. Not supported for ./User/Vendor/MSFT.
 
 <p style="margin-left: 20px">Parameters:
 <ul>
@@ -121,34 +121,18 @@ The following image shows the EnterpriseModernAppManagement configuration servic
          <li>Name: Specifies the PackageFullName of the particular package to remove.</li>
          <li>RemoveForAllUsers: 
             <ul>
-               <li>0 (default) – Package will be un-provisioned so that new users do not receive the package. The package will remain installed for current users.</li>
-               <li>1 – Package will be removed for all users.</li>
+               <li>0 (default) – Package will be un-provisioned so that new users do not receive the package. The package will remain installed for current users. This is not currently supported.</li>
+               <li>1 – Package will be removed for all users only if it is a provisioned package.</li>
             </ul>
          </li>
       </ul>
    </li>
-   <li>User (optional): Specifies the SID of the particular user for whom to remove the package; only the package for the specified user can be removed. Not required for ./User/Vendor/MSFT.</li>
+   <li>User (optional): Specifies the SID of the particular user for whom to remove the package; only the package for the specified user can be removed.</li>
 </ul>
     
     
 <p style="margin-left: 20px">Supported operation is Execute.
 
-<p style="margin-left: 20px">The following example removes a package for the specified user:
-
-```XML
-<Exec>
-   <CmdID>10</CmdID>
-   <Item>
-      <Target>
-              <LocURI>./User/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/RemovePackage</LocURI>
-      </Target>
-      <Meta><Format xmlns="syncml:metinf">xml</Format></Meta>
-      <Data>
-          <Package Name= "{PackageFullName}"/>
-      </Data>
-   </Item>
-</Exec>
-```
 <p style="margin-left: 20px">The following example removes a package for all users:
 
 ````XML
@@ -307,7 +291,12 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 <p style="margin-left: 20px">Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-users"></a>**.../*PackageFamilyName*/*PackageFullName*/Users**  
-<p style="margin-left: 20px">Required. Registered users of the app. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.
+<p style="margin-left: 20px">Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.
+
+-   Not Installed = 0
+-   Staged = 1
+-   Installed = 2
+-   Paused = 6
 
 <p style="margin-left: 20px">Supported operation is Get.
 
diff --git a/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png b/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png
new file mode 100644
index 0000000000..1475cb600f
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-accounts.png b/windows/client-management/mdm/images/provisioning-csp-accounts.png
new file mode 100644
index 0000000000..ceb90aff58
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-accounts.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png b/windows/client-management/mdm/images/provisioning-csp-networkproxy.png
index e46232fa42..23671d20f1 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png and b/windows/client-management/mdm/images/provisioning-csp-networkproxy.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png
index 8a01ad0dff..69effac5fd 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png and b/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png b/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png
index 7a3f671955..68672472c3 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png and b/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-vpn.png b/windows/client-management/mdm/images/provisioning-csp-vpn.png
index 15e907a16c..f46b884641 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-vpn.png and b/windows/client-management/mdm/images/provisioning-csp-vpn.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-wifi.png b/windows/client-management/mdm/images/provisioning-csp-wifi.png
index c3f21cb31d..463a784f95 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-wifi.png and b/windows/client-management/mdm/images/provisioning-csp-wifi.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png
index 8e18128149..c8f2721143 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png and b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png differ
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 4fe82b932b..72566a2607 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -110,7 +110,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
 
 3.  Type in your Azure AD username. This is the email address you use to log into Microsoft Office 365 and similar services.
 
-    If the tenant is a cloud-only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
+    If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [these steps](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). If your tenant is not configured for auto-enrollment, you will have to go through the enrollment flow a second time to connect your device to MDM. After you complete the flow, your device will be connected to your organization’s Azure AD domain.
 
@@ -142,7 +142,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
 
     ![azure ad sign in](images/unifiedenrollment-rs1-19.png)
 
-7.  If the tenant is a cloud only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+7.  If the tenant is a cloud only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
@@ -194,7 +194,7 @@ All Windows 10-based devices can be connected to a work or school account. You
 
     ![join work or school account to azure ad](images/unifiedenrollment-rs1-25-b.png)
 
-5.  If the tenant is a cloud only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly into the page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+5.  If the tenant is a cloud only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly into the page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index 9467b896ff..b82b5779fd 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/27/2018
+ms.date: 03/22/2018
 ---
 
 # MultiSIM CSP 
@@ -24,35 +24,132 @@ The following diagram shows the MultiSIM configuration service provider in tree
 <a href="" id="multisim"></a>**./Device/Vendor/MSFT/MultiSIM**  
 Root node.
 
-<a href="" id="tbd"></a>**_ModemID_**  
+<a href="" id="modemid"></a>**_ModemID_**  
 Node representing a Mobile Broadband Modem. The node name is the modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded modem.
 
-<a href="" id="modemid"></a>**_ModemID_/Identifier**  
+<a href="" id="modemid-identifier"></a>**_ModemID_/Identifier**  
 Modem ID.
 
-<a href="" id="tbd"></a>**_ModemID_/IsEmbedded**  
+Supported operation is Get. Value type is string.
+
+<a href="" id="modemid-isembedded"></a>**_ModemID_/IsEmbedded**  
 Indicates whether this modem is embedded or external.
 
-<a href="" id="tbd"></a>**_ModemID_/Slots**  
+Supported operation is Get. Value type is bool.
+
+<a href="" id="modemid-slots"></a>**_ModemID_/Slots**  
 Represents all SIM slots in the Modem.
 
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_**  
+<a href="" id="modemid-slots-slotid"></a>**_ModemID_/Slots/_SlotID_**  
 Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot.
 
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/Identifier**  
+<a href="" id="modemid-slots-slotid-identifier"></a>**_ModemID_/Slots/_SlotID_/Identifier**  
 Slot ID.
 
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/IsEmbedded**  
+Supported operation is Get. Value type is integer.
+
+<a href="" id="modemid-slots-slotid-isembedded"></a>**_ModemID_/Slots/_SlotID_/IsEmbedded**  
 Indicates whether this Slot is embedded or a physical SIM slot.
 
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/IsSelected**  
+Supported operation is Get. Value type is bool.
+
+<a href="" id="modemid-slots-slotid-isselected"></a>**_ModemID_/Slots/_SlotID_/IsSelected**  
 Indicates whether this Slot is selected or not.
 
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/State**  
+Supported operation is Get and Replace. Value type is bool.
+
+<a href="" id="modemid-slots-slotid-state"></a>**_ModemID_/Slots/_SlotID_/State**  
 Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8)
 
-<a href="" id="tbd"></a>**_ModemID_/Policies**  
+Supported operation is Get. Value type is integer.
+
+<a href="" id="modemid-policies"></a>**_ModemID_/Policies**  
 Policies associated with the Modem.
 
-<a href="" id="tbd"></a>**_ModemID_/Policies/SlotSelectionEnabled**  
-Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true.
\ No newline at end of file
+<a href="" id="modemid-policies-slotselectionenabled"></a>**_ModemID_/Policies/SlotSelectionEnabled**  
+Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true.
+
+Supported operation is Get and Replace. Value type is bool.
+
+## Examples
+
+Get modem
+``` syntax
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Get>
+      <CmdID>1</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/MultiSIM
+          </LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
+
+Get slots
+``` syntax
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Get>
+      <CmdID>1</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/MultiSIM/Embedded/Slots
+          </LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
+
+Get slot state
+``` syntax
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Get>
+      <CmdID>1</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/MultiSIM/Embedded/Slots/Embedded/State
+          </LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
+
+Select slot
+``` syntax
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Replace>
+      <CmdID>1</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/MultiSIM/Embedded/Slots/0/IsSelected
+          </LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">bool</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Data>true</Data>
+      </Item>
+    </Replace>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index 74bed4f1aa..6348228427 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/26/2017
+ms.date: 04/12/2018
 ---
 
 # NetworkProxy CSP
@@ -31,38 +31,41 @@ The following diagram shows the NetworkProxy configuration service provider in t
 ![networkproxy csp](images/provisioning-csp-networkproxy.png)
 
 <a href="" id="networkproxy"></a>**./Vendor/MSFT/NetworkProxy**  
-<p style="margin-left: 20px">The root node for the NetworkProxy configuration service provider..</p>
+The root node for the NetworkProxy configuration service provider..</p>
+
+<a href="" id="proxysettingsperuser"></a>**ProxySettingsPerUser**  
+Added in Windows 10, version 1803. When set to 0, it enables proxy configuration as global, machine wide; set to 1 for proxy configuratio per user.
 
 <a href="" id="autodetect"></a>**AutoDetect**  
-<p style="margin-left: 20px">Automatically detect settings. If enabled, the system tries to find the path to a PAC script.</p>
-<p style="margin-left: 20px">Valid values:</p>
+Automatically detect settings. If enabled, the system tries to find the path to a PAC script.</p>
+Valid values:</p>
 <ul>
 <li>0 - Disabled</li>
 <li>1 (default) - Enabled</li>
 </ul>
-<p style="margin-left: 20px">The data type is int. Supported operations are Get and Replace.</p>
+The data type is int. Supported operations are Get and Replace.</p>
 
 <a href="" id="setupscripturl"></a>**SetupScriptUrl**  
-<p style="margin-left: 20px">Address to the PAC script you want to use.</p>
-<p style="margin-left: 20px">The data type is string. Supported operations are Get and Replace.</p>
+Address to the PAC script you want to use.</p>
+The data type is string. Supported operations are Get and Replace.</p>
 
 <a href="" id="proxyserver"></a>**ProxyServer**  
-<p style="margin-left: 20px">Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.</p>
-<p style="margin-left: 20px">Supported operation is Get.</p>
+Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.</p>
+Supported operation is Get.</p>
 
 <a href="" id="proxyaddress"></a>**ProxyAddress**  
-<p style="margin-left: 20px">Address to the proxy server. Specify an address in the format &lt;server&gt;[“:”&lt;port&gt;]. </p>
-<p style="margin-left: 20px">The data type is string. Supported operations are Get and Replace.</p>
+Address to the proxy server. Specify an address in the format &lt;server&gt;[“:”&lt;port&gt;]. </p>
+The data type is string. Supported operations are Get and Replace.</p>
 
 <a href="" id="exceptions"></a>**Exceptions**  
-<p style="margin-left: 20px">Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries. </p>
-<p style="margin-left: 20px">The data type is string. Supported operations are Get and Replace.</p>
+Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries. </p>
+The data type is string. Supported operations are Get and Replace.</p>
 
 <a href="" id="useproxyforlocaladdresses"></a>**UseProxyForLocalAddresses**  
-<p style="margin-left: 20px">Specifies whether the proxy server should be used for local (intranet) addresses. </p>
-<p style="margin-left: 20px">Valid values:</p>
+Specifies whether the proxy server should be used for local (intranet) addresses. </p>
+Valid values:</p>
 <ul>
 <li>0 (default) - Do not use proxy server for local addresses</li>
 <li>1 - Use proxy server for local addresses</li>
 </ul>
-<p style="margin-left: 20px">The data type is int. Supported operations are Get and Replace.</p>
+The data type is int. Supported operations are Get and Replace.</p>
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 04192347f7..6c8aea7fd4 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/15/2018
+ms.date: 04/11/2018
 ---
 
 # What's new in MDM enrollment and management
@@ -1147,6 +1147,9 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
 <li>AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</li>
 <li>ApplicationDefaults/EnableAppUriHandlers</li>
+<li>ApplicationManagement/MSIAllowUserControlOverInstall</li>
+<li>ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges</li>
+<li>Bluetooth/AllowPromptedProximalConnections</li>
 <li>Browser/AllowConfigurationUpdateForBooksLibrary</li>
 <li>Browser/AlwaysEnableBooksLibrary</li>
 <li>Browser/EnableExtendedBooksTelemetry</li>
@@ -1167,6 +1170,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>KioskBrowser/BlockedUrlExceptions</li>
 <li>KioskBrowser/BlockedUrls</li>
 <li>KioskBrowser/DefaultURL</li>
+<li>KioskBrowser/EnableEndSessionButton</li>
 <li>KioskBrowser/EnableHomeButton</li>
 <li>KioskBrowser/EnableNavigationButtons</li>
 <li>KioskBrowser/RestartOnIdleTime</li>
@@ -1174,15 +1178,11 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon</li> 
 <li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</li> 
 <li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</li> 
-<li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible</li> 
+<li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</li>
+<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li>
+<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li>
 <li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey</li> 
 <li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li> 
-<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways</li> 
 <li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li> 
 <li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li> 
 <li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</li> 
@@ -1193,11 +1193,13 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers</li> 
 <li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</li> 
 <li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</li> 
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</li> 
 <li>LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</li> 
 <li>LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel</li> 
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</li> 
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</li> 
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</li> 
 <li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li> 
 <li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li> 
 <li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li> 
@@ -1283,16 +1285,6 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </ul>
 </td></tr>
 <tr class="odd">
-<td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
-<ul>
-<li>AutomaticRedeployment</li>
-<li>doAutomaticRedeployment</li>
-<li>LastError</li>
-<li>Status</li>
-</ul>
-</td></tr>
-<tr class="odd">
 <td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
 <td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
 </td></tr>
@@ -1345,6 +1337,27 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>OS/Mode</li>
 </ul>
 </td></tr>
+<tr>
+<td style="vertical-align:top">[AccountManagement CSP](accountmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[RootCATrustedCertificates CSP](rootcacertificates-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>UntrustedCertificates</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[NetworkProxy CSP](\networkproxy--csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>ProxySettingsPerUser</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Accounts CSP](accounts-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
 </td></tr>
 </tbody>
 </table>
@@ -1614,6 +1627,57 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### April 2018
+
+<table class="mx-tdBreakAll">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>Settings/AllowVirtualGPU</li>
+<li>Settings/SaveFilesToHost</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[NetworkProxy CSP](\networkproxy--csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>ProxySettingsPerUser</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Accounts CSP](accounts-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
+<ul>
+<li>Bluetooth/AllowPromptedProximalConnections</li>
+<li>KioskBrowser/EnableEndSessionButton</li>
+<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li>
+<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li>
+<li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
+
 ### March 2018
 
 <table class="mx-tdBreakAll">
@@ -1651,17 +1715,50 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </ul>
 </td></tr>
 <tr>
+<td style="vertical-align:top">[AccountManagement CSP](accountmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[RootCATrustedCertificates CSP](rootcacertificates-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>UntrustedCertificates</li>
+</ul>
+</td></tr>
+<tr>
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
 <ul>
 <li>ApplicationDefaults/EnableAppUriHandlers</li>
+<li>ApplicationManagement/MSIAllowUserControlOverInstall</li>
+<li>ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges</li>
 <li>Connectivity/AllowPhonePCLinking</li>
+<li>Notifications/DisallowCloudNotification</li>
+<li>Notifications/DisallowTileNotification</li>
 <li>RestrictedGroups/ConfigureGroupMembership</li>
 </ul>
-<p>The following policy was updated in Windows 10, version 1803:</p>
+<p>The following existing policies were updated:</p>
 <ul>
-<li>TextInput/AllowIMENetworkAccess - when this policy is set to 1, suggestions from the Microsoft AI chatbot Rinna are enabled in the Japanese IME.</li>
+<li>Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.</li>
+<li>InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML</li>
+<li>TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.</li>
 </ul>
+<p>Added a new section:</p>
+<ul>
+<li>[Policies supported by GP](policy-configuration-service-provider.md#policies-supported-by-gp) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Policy CSP - Bluetooth](policy-csp-bluetooth.md)</td>
+<td style="vertical-align:top"><p>Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[MultiSIM CSP](multisim-csp.md)</td>
+<td style="vertical-align:top"><p>Added SyncML examples and updated the settings descriptions.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
+<td style="vertical-align:top"><p>Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.</p>
 </td></tr>
 </tbody>
 </table>
@@ -1770,14 +1867,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</li> 
 <li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</li> 
 <li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge</li> 
-<li>LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey</li> 
 <li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li> 
-<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways</li> 
 <li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li> 
 <li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li> 
 <li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</li> 
@@ -1788,10 +1878,8 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers</li> 
 <li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</li> 
 <li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</li> 
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</li> 
 <li>LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</li> 
 <li>LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel</li> 
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</li> 
 <li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</li> 
 <li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li> 
 <li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li> 
@@ -1875,16 +1963,6 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </ul>
 </td></tr>
 <tr class="odd">
-<td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
-<ul>
-<li>AutomaticRedeployment</li>
-<li>doAutomaticRedeployment</li>
-<li>LastError</li>
-<li>Status</li>
-</ul>
-</td></tr>
-<tr class="odd">
 <td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
 <td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
 </td></tr>
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c5ec170ba9..f3472fae60 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP
@@ -152,13 +152,13 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-accountlockoutduration" id="accountpoliciesaccountlockoutpolicy-accountlockoutduration">AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</a>
+    <a href="./policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-accountlockoutduration" id="accountpoliciesaccountlockoutpolicy-accountlockoutduration">AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</a>
   </dd>
   <dd>
-    <a href="policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-accountlockoutthreshold" id="accountpoliciesaccountlockoutpolicy-accountlockoutthreshold">AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</a>
+    <a href="./policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-accountlockoutthreshold" id="accountpoliciesaccountlockoutpolicy-accountlockoutthreshold">AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</a>
   </dd>
   <dd>
-    <a href="policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter" id="accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter">AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</a>
+    <a href="./policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter" id="accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter">AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</a>
   </dd>
 </dl>
 
@@ -225,6 +225,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps" id="applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall" id="applicationmanagement-msiallowusercontroloverinstall">ApplicationManagement/MSIAllowUserControlOverInstall</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges" id="applicationmanagement-msialwaysinstallwithelevatedprivileges">ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges</a>
+  </dd>
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly" id="applicationmanagement-requireprivatestoreonly">ApplicationManagement/RequirePrivateStoreOnly</a>
   </dd>
@@ -236,6 +242,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### AppRuntime policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional" id="appruntime-allowmicrosoftaccountstobeoptional">AppRuntime/AllowMicrosoftAccountsToBeOptional</a>
+  </dd>
+</dl>
+
 ### AppVirtualization policies
 
 <dl>
@@ -342,7 +356,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### Authentication policies
 
 <dl>
-<dd>
+  <dd>
     <a href="./policy-csp-authentication.md#authentication-allowaadpasswordreset" id="authentication-allowaadpasswordreset">Authentication/AllowAadPasswordReset</a>
   </dd>
   <dd>
@@ -393,6 +407,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-bluetooth.md#bluetooth-allowprepairing" id="bluetooth-allowprepairing">Bluetooth/AllowPrepairing</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-bluetooth.md#bluetooth-allowpromptedproximalconnections" id="bluetooth-allowpromptedproximalconnections">Bluetooth/AllowPromptedProximalConnections</a>
+  </dd>
   <dd>
     <a href="./policy-csp-bluetooth.md#bluetooth-localdevicename" id="bluetooth-localdevicename">Bluetooth/LocalDeviceName</a>
   </dd>
@@ -467,10 +484,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-browser.md#browser-disablelockdownofstartpages" id="browser-disablelockdownofstartpages">Browser/DisableLockdownOfStartPages</a>
   </dd>
-<dd>
+  <dd>
     <a href="./policy-csp-browser.md#browser-enableextendedbookstelemetry" id="browser-enableextendedbookstelemetry">Browser/EnableExtendedBooksTelemetry</a>
   </dd>
-  <dd>
   <dd>
     <a href="./policy-csp-browser.md#browser-enterprisemodesitelist" id="browser-enterprisemodesitelist">Browser/EnterpriseModeSiteList</a>
   </dd>
@@ -542,13 +558,13 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata" id="cellular-letappsaccesscellulardata">Cellular/LetAppsAccessCellularData</a>
   </dd>
   <dd>
-    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forceallowtheseapps" id="cellular-letappsaccesscellulardata_forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
+    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forceallowtheseapps" id="cellular-letappsaccesscellulardata-forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
   </dd>
   <dd>
-    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forcedenytheseapps" id="cellular-letappsaccesscellulardata_forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
+    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forcedenytheseapps" id="cellular-letappsaccesscellulardata-forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
   </dd>
   <dd>
-    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps" id="cellular-letappsaccesscellulardata_userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
+    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps" id="cellular-letappsaccesscellulardata-userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
   </dd>
   <dd>
     <a href="./policy-csp-cellular.md#cellular-showappcellularaccessui" id="cellular-showappcellularaccessui">Cellular/ShowAppCellularAccessUI</a>
@@ -573,6 +589,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-connectivity.md#connectivity-allownfc" id="connectivity-allownfc">Connectivity/AllowNFC</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allowphonepclinking" id="connectivity-allowphonepclinking">Connectivity/AllowPhonePCLinking</a>
+  </dd>
   <dd>
     <a href="./policy-csp-connectivity.md#connectivity-allowusbconnection" id="connectivity-allowusbconnection">Connectivity/AllowUSBConnection</a>
   </dd>
@@ -606,7 +625,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp" id="controlpolicyconflict-mdmwinsovergp">ControlPolicyConflict/MDMWinsOverGP</a>
+    <a href="./policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp" id="controlpolicyconflict-mdmwinsovergp">ControlPolicyConflict/MDMWinsOverGP</a>
   </dd>
 </dl>
 
@@ -624,6 +643,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### CredentialsDelegation policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials" id="credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials">CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials</a>
+  </dd>
+</dl>
+
 ### CredentialsUI policies
 
 <dl>
@@ -793,7 +820,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp" id="deliveryoptimization-dodelayforegrounddownloadfromhttp">DeliveryOptimization/DODelayForegroundDownloadFromHttp</a>
   </dd>
-  <dd>
   <dd>
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode" id="deliveryoptimization-dodownloadmode">DeliveryOptimization/DODownloadMode</a>
   </dd>
@@ -803,7 +829,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource" id="deliveryoptimization-dogroupidsource">DeliveryOptimization/DOGroupIdSource</a>
   </dd>
-  <dd>
   <dd>
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage" id="deliveryoptimization-domaxcacheage">DeliveryOptimization/DOMaxCacheAge</a>
   </dd>
@@ -938,6 +963,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-minimumpasswordage" id="devicelock-minimumpasswordage">DeviceLock/MinimumPasswordAge</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera" id="devicelock-preventenablinglockscreencamera">DeviceLock/PreventEnablingLockScreenCamera</a>
+  </dd>
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow" id="devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
   </dd>
@@ -1061,9 +1089,15 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-experience.md#experience-allowsimerrordialogpromptwhennosim" id="experience-allowsimerrordialogpromptwhennosim">Experience/AllowSIMErrorDialogPromptWhenNoSIM</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowsaveasofofficefiles" id="experience-allowsaveasofofficefiles">Experience/AllowSaveAsOfOfficeFiles</a>
+  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowscreencapture" id="experience-allowscreencapture">Experience/AllowScreenCapture</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowsharingofofficefiles" id="experience-allowsharingofofficefiles">Experience/AllowSharingOfOfficeFiles</a>
+  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowsyncmysettings" id="experience-allowsyncmysettings">Experience/AllowSyncMySettings</a>
   </dd>
@@ -1113,6 +1147,17 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### FileExplorer policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer" id="fileexplorer-turnoffdataexecutionpreventionforexplorer">FileExplorer/TurnOffDataExecutionPreventionForExplorer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption" id="fileexplorer-turnoffheapterminationoncorruption">FileExplorer/TurnOffHeapTerminationOnCorruption</a>
+  </dd>
+</dl>
+
 ### Games policies
 
 <dl>
@@ -1351,6 +1396,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence" id="internetexplorer-internetzoneallowuserdatapersistence">InternetExplorer/InternetZoneAllowUserDataPersistence</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer" id="internetexplorer-internetzoneallowvbscripttorunininternetexplorer">InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer</a>
+  </dd>
   <dd>
     <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols" id="internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols">InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls</a>
   </dd>
@@ -1519,6 +1567,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes" id="internetexplorer-lockeddowninternetzonenavigatewindowsandframes">InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions" id="internetexplorer-lockeddownintranetjavapermissions">InternetExplorer/LockedDownIntranetJavaPermissions</a>
+  </dd>
   <dd>
     <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources" id="internetexplorer-lockeddownintranetzoneallowaccesstodatasources">InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources</a>
   </dd>
@@ -1750,6 +1801,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence" id="internetexplorer-restrictedsiteszoneallowuserdatapersistence">InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer" id="internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer">InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</a>
+  </dd>
   <dd>
     <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols" id="internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols">InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</a>
   </dd>
@@ -1887,26 +1941,29 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="policy-csp-kioskbrowser.md#kioskbrowser-blockedurlexceptions" id="kioskbrowser-blockedurlexceptions">KioskBrowser/BlockedUrlExceptions</a>
+    <a href="./policy-csp-kioskbrowser.md#kioskbrowser-blockedurlexceptions" id="kioskbrowser-blockedurlexceptions">KioskBrowser/BlockedUrlExceptions</a>
   </dd>
   <dd>
-    <a href="policy-csp-kioskbrowser.md#kioskbrowser-blockedurls" id="kioskbrowser-blockedurls">KioskBrowser/BlockedUrls</a>
+    <a href="./policy-csp-kioskbrowser.md#kioskbrowser-blockedurls" id="kioskbrowser-blockedurls">KioskBrowser/BlockedUrls</a>
   </dd>
   <dd>
-    <a href="policy-csp-kioskbrowser.md#kioskbrowser-defaulturl" id="kioskbrowser-defaulturl">KioskBrowser/DefaultURL</a>
+    <a href="./policy-csp-kioskbrowser.md#kioskbrowser-defaulturl" id="kioskbrowser-defaulturl">KioskBrowser/DefaultURL</a>
+  </dd>
+  <dd>
+    <a href="policy-csp-kioskbrowser.md#kioskbrowser-enableendsessionbutton" id="kioskbrowser-enableendsessionbutton">KioskBrowser/EnableEndSessionButton</a>
   </dd>
   <dd>
     <a href="policy-csp-kioskbrowser.md#kioskbrowser-enablehomebutton" id="kioskbrowser-enablehomebutton">KioskBrowser/EnableHomeButton</a>
   </dd>
   <dd>
-    <a href="policy-csp-kioskbrowser.md#kioskbrowser-enablenavigationbuttons" id="kioskbrowser-enablenavigationbuttons">KioskBrowser/EnableNavigationButtons</a>
+    <a href="./policy-csp-kioskbrowser.md#kioskbrowser-enablenavigationbuttons" id="kioskbrowser-enablenavigationbuttons">KioskBrowser/EnableNavigationButtons</a>
   </dd>
   <dd>
-    <a href="policy-csp-kioskbrowser.md#kioskbrowser-restartonidletime" id="kioskbrowser-restartonidletime">KioskBrowser/RestartOnIdleTime</a>
+    <a href="./policy-csp-kioskbrowser.md#kioskbrowser-restartonidletime" id="kioskbrowser-restartonidletime">KioskBrowser/RestartOnIdleTime</a>
   </dd>
 </dl>
 
-### LanmanWorkstation  policies
+### LanmanWorkstation policies
 
 <dl>
   <dd>
@@ -1946,6 +2003,27 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameguestaccount" id="localpoliciessecurityoptions-accounts-renameguestaccount">LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowundockwithouthavingtologon" id="localpoliciessecurityoptions-devices-allowundockwithouthavingtologon">LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia" id="localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia">LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters" id="localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters">LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly" id="localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly">LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways" id="localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible" id="localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges" id="localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges">LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</a>
+  </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
   </dd>
@@ -1967,15 +2045,75 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon" id="localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior" id="localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior">LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers" id="localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession" id="localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways" id="localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees" id="localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts" id="localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts">LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares" id="localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares">LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-leteveryonepermissionsapplytoanonymoususers" id="localpoliciessecurityoptions-networkaccess-leteveryonepermissionsapplytoanonymoususers">LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares" id="localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares">LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam" id="localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam">LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</a>
+  </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange" id="localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange">LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel" id="localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel">LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers">LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication" id="localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic" id="localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic" id="localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers" id="localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</a>
+  </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon" id="localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon">LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</a>
   </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon" id="localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile" id="localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile">LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems" id="localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems">LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</a>
+  </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
   </dd>
@@ -1985,6 +2123,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers" id="localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-detectapplicationinstallationsandpromptforelevation" id="localpoliciessecurityoptions-useraccountcontrol-detectapplicationinstallationsandpromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</a>
+  </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated" id="localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</a>
   </dd>
@@ -1997,6 +2138,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation" id="localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation">LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode" id="localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode">LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</a>
+  </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations" id="localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations">LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</a>
   </dd>
@@ -2043,6 +2187,46 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### MSSecurityGuide policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon" id="mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon">MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver" id="mssecurityguide-configuresmbv1clientdriver">MSSecurityGuide/ConfigureSMBV1ClientDriver</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server" id="mssecurityguide-configuresmbv1server">MSSecurityGuide/ConfigureSMBV1Server</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection" id="mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection">MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications" id="mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications">MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication" id="mssecurityguide-wdigestauthentication">MSSecurityGuide/WDigestAuthentication</a>
+  </dd>
+</dl>
+
+### MSSLegacy policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes" id="msslegacy-allowicmpredirectstooverrideospfgeneratedroutes">MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers" id="msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers">MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel" id="msslegacy-ipsourceroutingprotectionlevel">MSSLegacy/IPSourceRoutingProtectionLevel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel" id="msslegacy-ipv6sourceroutingprotectionlevel">MSSLegacy/IPv6SourceRoutingProtectionLevel</a>
+  </dd>
+</dl>
+
 ### NetworkIsolation policies
 
 <dl>
@@ -2075,14 +2259,23 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### Notifications policies
 
 <dl>
+  <dd>
+    <a href="./policy-csp-notifications.md#notifications-disallowcloudnotification" id="notifications-disallowcloudnotification">Notifications/DisallowCloudNotification</a>
+  </dd>
   <dd>
     <a href="./policy-csp-notifications.md#notifications-disallownotificationmirroring" id="notifications-disallownotificationmirroring">Notifications/DisallowNotificationMirroring</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-notifications.md#notifications-disallowtilenotification" id="notifications-disallowtilenotification">Notifications/DisallowTileNotification</a>
+  </dd>
 </dl>
 
 ### Power policies
 
 <dl>
+  <dd>
+    <a href="./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery" id="power-allowstandbystateswhensleepingonbattery">Power/AllowStandbyStatesWhenSleepingOnBattery</a>
+  </dd>
   <dd>
     <a href="./policy-csp-power.md#power-allowstandbywhensleepingpluggedin" id="power-allowstandbywhensleepingpluggedin">Power/AllowStandbyWhenSleepingPluggedIn</a>
   </dd>
@@ -2491,15 +2684,16 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 ### RestrictedGroups policies
 
+<dl>
   <dd>
-    <a href="policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership">RestrictedGroups/ConfigureGroupMembership</a>
+    <a href="./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership" id="restrictedgroups-configuregroupmembership">RestrictedGroups/ConfigureGroupMembership</a>
   </dd>
-
+</dl>
 
 ### Search policies
 
 <dl>
-<dd>
+  <dd>
     <a href="./policy-csp-search.md#search-allowcloudsearch" id="search-allowcloudsearch">Search/AllowCloudSearch</a>
   </dd>
   <dd>
@@ -2512,7 +2706,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-search.md#search-allowsearchtouselocation" id="search-allowsearchtouselocation">Search/AllowSearchToUseLocation</a>
   </dd>
   <dd>
-    <a href="./policy-csp-search.md#search-allowstoringimagesfromvisionsearch">Search/AllowStoringImagesFromVisionSearch</a>
+    <a href="./policy-csp-search.md#search-allowstoringimagesfromvisionsearch" id="search-allowstoringimagesfromvisionsearch">Search/AllowStoringImagesFromVisionSearch</a>
   </dd>
   <dd>
     <a href="./policy-csp-search.md#search-allowusingdiacritics" id="search-allowusingdiacritics">Search/AllowUsingDiacritics</a>
@@ -2532,7 +2726,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-search.md#search-donotusewebresults" id="search-donotusewebresults">Search/DoNotUseWebResults</a>
   </dd>
-
   <dd>
     <a href="./policy-csp-search.md#search-preventindexinglowdiskspacemb" id="search-preventindexinglowdiskspacemb">Search/PreventIndexingLowDiskSpaceMB</a>
   </dd>
@@ -2566,7 +2759,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-security.md#security-cleartpmifnotready" id="security-cleartpmifnotready">Security/ClearTPMIfNotReady</a>
   </dd>
   <dd>
-    <a href="#./policy-csp-security.mdsecurity-configurewindowspasswords" id="security.mdsecurity-configurewindowspasswords">Security/ConfigureWindowsPasswords</a>
+    <a href="./policy-csp-security.md#security-configurewindowspasswords" id="security-configurewindowspasswords">Security/ConfigureWindowsPasswords</a>
   </dd>
   <dd>
     <a href="./policy-csp-security.md#security-preventautomaticdeviceencryptionforazureadjoineddevices" id="security-preventautomaticdeviceencryptionforazureadjoineddevices">Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
@@ -2747,10 +2940,10 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
+    <a href="./policy-csp-storage.md#storage-allowdiskhealthmodelupdates" id="storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
   </dd>
   <dd>
-    <a href="./policy-csp-storage.md#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
+    <a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
   </dd>
 </dl>
 
@@ -2808,22 +3001,22 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode" id="systemservices-configurehomegrouplistenerservicestartupmode">SystemServices/ConfigureHomeGroupListenerServiceStartupMode</a>
+    <a href="./policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode" id="systemservices-configurehomegrouplistenerservicestartupmode">SystemServices/ConfigureHomeGroupListenerServiceStartupMode</a>
   </dd>
   <dd>
-    <a href="policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode" id="systemservices-configurehomegroupproviderservicestartupmode">SystemServices/ConfigureHomeGroupProviderServiceStartupMode</a>
+    <a href="./policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode" id="systemservices-configurehomegroupproviderservicestartupmode">SystemServices/ConfigureHomeGroupProviderServiceStartupMode</a>
   </dd>
   <dd>
-    <a href="policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode" id="systemservices-configurexboxaccessorymanagementservicestartupmode">SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode</a>
+    <a href="./policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode" id="systemservices-configurexboxaccessorymanagementservicestartupmode">SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode</a>
   </dd>
   <dd>
-    <a href="policy-csp-systemservices.md#systemservices-configurexboxliveauthmanagerservicestartupmode" id="systemservices-configurexboxliveauthmanagerservicestartupmode">SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode</a>
+    <a href="./policy-csp-systemservices.md#systemservices-configurexboxliveauthmanagerservicestartupmode" id="systemservices-configurexboxliveauthmanagerservicestartupmode">SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode</a>
   </dd>
   <dd>
-    <a href="policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode" id="systemservices-configurexboxlivegamesaveservicestartupmode">SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode</a>
+    <a href="./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode" id="systemservices-configurexboxlivegamesaveservicestartupmode">SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode</a>
   </dd>
   <dd>
-    <a href="policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode" id="systemservices-configurexboxlivenetworkingservicestartupmode">SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</a>
+    <a href="./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode" id="systemservices-configurexboxlivenetworkingservicestartupmode">SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</a>
   </dd>
 </dl>
 
@@ -2831,7 +3024,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="policy-csp-taskscheduler.md#taskscheduler-enablexboxgamesavetask" id="taskscheduler-enablexboxgamesavetask">TaskScheduler/EnableXboxGameSaveTask</a>
+    <a href="./policy-csp-taskscheduler.md#taskscheduler-enablexboxgamesavetask" id="taskscheduler-enablexboxgamesavetask">TaskScheduler/EnableXboxGameSaveTask</a>
   </dd>
 </dl>
 
@@ -2871,6 +3064,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall" id="textinput-allowlanguagefeaturesuninstall">TextInput/AllowLanguageFeaturesUninstall</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowlinguisticdatacollection" id="textinput-allowlinguisticdatacollection">TextInput/AllowLinguisticDataCollection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-enabletouchkeyboardautoinvokeindesktopmode" id="textinput-enabletouchkeyboardautoinvokeindesktopmode">TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode</a>
+  </dd>
   <dd>
     <a href="./policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208" id="textinput-excludejapaneseimeexceptjis0208">TextInput/ExcludeJapaneseIMEExceptJIS0208</a>
   </dd>
@@ -2884,10 +3083,10 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-textinput.md#textinput-forcetouchkeyboarddockedstate" id="textinput-forcetouchkeyboarddockedstate">TextInput/ForceTouchKeyboardDockedState</a>
   </dd>
   <dd>
-    <a href="./policy-csp-textinput.md#textinput-touchkeyboarddictationbuttonavailability" id="">TextInput/TouchKeyboardDictationButtonAvailability</a>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboarddictationbuttonavailability" id="textinput-touchkeyboarddictationbuttonavailability">TextInput/TouchKeyboardDictationButtonAvailability</a>
   </dd>
   <dd>
-    <a href="./policy-csp-textinput.md#textinput-touchkeyboardemojibuttonavailability" id="textinput-touchkeyboarddictationbuttonavailability">TextInput/TouchKeyboardEmojiButtonAvailability</a>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboardemojibuttonavailability" id="textinput-touchkeyboardemojibuttonavailability">TextInput/TouchKeyboardEmojiButtonAvailability</a>
   </dd>
   <dd>
     <a href="./policy-csp-textinput.md#textinput-touchkeyboardfullmodeavailability" id="textinput-touchkeyboardfullmodeavailability">TextInput/TouchKeyboardFullModeAvailability</a>
@@ -2996,7 +3195,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-update.md#update-ignoremoupdatedownloadlimit" id="update-ignoremoupdatedownloadlimit">Update/IgnoreMOUpdateDownloadLimit</a>
   </dd>
   <dd>
-    <a href="./policy-csp-update.md#update-managepreviewbuilds">Update/ManagePreviewBuilds</a>
+    <a href="./policy-csp-update.md#update-managepreviewbuilds" id="update-managepreviewbuilds">Update/ManagePreviewBuilds</a>
   </dd>
   <dd>
     <a href="./policy-csp-update.md#update-pausedeferrals" id="update-pausedeferrals">Update/PauseDeferrals</a>
@@ -3013,6 +3212,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-update.md#update-pausequalityupdatesstarttime" id="update-pausequalityupdatesstarttime">Update/PauseQualityUpdatesStartTime</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-phoneupdaterestrictions" id="update-phoneupdaterestrictions">Update/PhoneUpdateRestrictions</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-requiredeferupgrade" id="update-requiredeferupgrade">Update/RequireDeferUpgrade</a>
   </dd>
@@ -3064,91 +3266,91 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller" id="userrights-accesscredentialmanagerastrustedcaller">UserRights/AccessCredentialManagerAsTrustedCaller</a>
+    <a href="./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller" id="userrights-accesscredentialmanagerastrustedcaller">UserRights/AccessCredentialManagerAsTrustedCaller</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-accessfromnetwork" id="userrights-accessfromnetwork">UserRights/AccessFromNetwork</a>
+    <a href="./policy-csp-userrights.md#userrights-accessfromnetwork" id="userrights-accessfromnetwork">UserRights/AccessFromNetwork</a>
   </dd>
   <dd>
-    <a href="#userrights-actaspartoftheoperatingsystem" id="userrights-actaspartoftheoperatingsystem">UserRights/ActAsPartOfTheOperatingSystem</a>
+    <a href="./policy-csp-userrights.md#userrights-actaspartoftheoperatingsystem" id="userrights-actaspartoftheoperatingsystem">UserRights/ActAsPartOfTheOperatingSystem</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-allowlocallogon" id="userrights-allowlocallogon">UserRights/AllowLocalLogOn</a>
+    <a href="./policy-csp-userrights.md#userrights-allowlocallogon" id="userrights-allowlocallogon">UserRights/AllowLocalLogOn</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-backupfilesanddirectories" id="userrights-backupfilesanddirectories">UserRights/BackupFilesAndDirectories</a>
+    <a href="./policy-csp-userrights.md#userrights-backupfilesanddirectories" id="userrights-backupfilesanddirectories">UserRights/BackupFilesAndDirectories</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-changesystemtime" id="userrights-changesystemtime">UserRights/ChangeSystemTime</a>
+    <a href="./policy-csp-userrights.md#userrights-changesystemtime" id="userrights-changesystemtime">UserRights/ChangeSystemTime</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-createglobalobjects" id="userrights-createglobalobjects">UserRights/CreateGlobalObjects</a>
+    <a href="./policy-csp-userrights.md#userrights-createglobalobjects" id="userrights-createglobalobjects">UserRights/CreateGlobalObjects</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-createpagefile" id="userrights-createpagefile">UserRights/CreatePageFile</a>
+    <a href="./policy-csp-userrights.md#userrights-createpagefile" id="userrights-createpagefile">UserRights/CreatePageFile</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-createpermanentsharedobjects" id="userrights-createpermanentsharedobjects">UserRights/CreatePermanentSharedObjects</a>
+    <a href="./policy-csp-userrights.md#userrights-createpermanentsharedobjects" id="userrights-createpermanentsharedobjects">UserRights/CreatePermanentSharedObjects</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-createsymboliclinks" id="userrights-createsymboliclinks">UserRights/CreateSymbolicLinks</a>
+    <a href="./policy-csp-userrights.md#userrights-createsymboliclinks" id="userrights-createsymboliclinks">UserRights/CreateSymbolicLinks</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-createtoken" id="userrights-createtoken">UserRights/CreateToken</a>
+    <a href="./policy-csp-userrights.md#userrights-createtoken" id="userrights-createtoken">UserRights/CreateToken</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-debugprograms" id="userrights-debugprograms">UserRights/DebugPrograms</a>
+    <a href="./policy-csp-userrights.md#userrights-debugprograms" id="userrights-debugprograms">UserRights/DebugPrograms</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-denyaccessfromnetwork" id="userrights-denyaccessfromnetwork">UserRights/DenyAccessFromNetwork</a>
+    <a href="./policy-csp-userrights.md#userrights-denyaccessfromnetwork" id="userrights-denyaccessfromnetwork">UserRights/DenyAccessFromNetwork</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-denylocallogon" id="userrights-denylocallogon">UserRights/DenyLocalLogOn</a>
+    <a href="./policy-csp-userrights.md#userrights-denylocallogon" id="userrights-denylocallogon">UserRights/DenyLocalLogOn</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-denyremotedesktopserviceslogon" id="userrights-denyremotedesktopserviceslogon">UserRights/DenyRemoteDesktopServicesLogOn</a>
+    <a href="./policy-csp-userrights.md#userrights-denyremotedesktopserviceslogon" id="userrights-denyremotedesktopserviceslogon">UserRights/DenyRemoteDesktopServicesLogOn</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-enabledelegation" id="userrights-enabledelegation">UserRights/EnableDelegation</a>
+    <a href="./policy-csp-userrights.md#userrights-enabledelegation" id="userrights-enabledelegation">UserRights/EnableDelegation</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-generatesecurityaudits" id="userrights-generatesecurityaudits">UserRights/GenerateSecurityAudits</a>
+    <a href="./policy-csp-userrights.md#userrights-generatesecurityaudits" id="userrights-generatesecurityaudits">UserRights/GenerateSecurityAudits</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-impersonateclient" id="userrights-impersonateclient">UserRights/ImpersonateClient</a>
+    <a href="./policy-csp-userrights.md#userrights-impersonateclient" id="userrights-impersonateclient">UserRights/ImpersonateClient</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-increaseschedulingpriority" id="userrights-increaseschedulingpriority">UserRights/IncreaseSchedulingPriority</a>
+    <a href="./policy-csp-userrights.md#userrights-increaseschedulingpriority" id="userrights-increaseschedulingpriority">UserRights/IncreaseSchedulingPriority</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-loadunloaddevicedrivers" id="userrights-loadunloaddevicedrivers">UserRights/LoadUnloadDeviceDrivers</a>
+    <a href="./policy-csp-userrights.md#userrights-loadunloaddevicedrivers" id="userrights-loadunloaddevicedrivers">UserRights/LoadUnloadDeviceDrivers</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-lockmemory" id="userrights-lockmemory">UserRights/LockMemory</a>
+    <a href="./policy-csp-userrights.md#userrights-lockmemory" id="userrights-lockmemory">UserRights/LockMemory</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-manageauditingandsecuritylog" id="userrights-manageauditingandsecuritylog">UserRights/ManageAuditingAndSecurityLog</a>
+    <a href="./policy-csp-userrights.md#userrights-manageauditingandsecuritylog" id="userrights-manageauditingandsecuritylog">UserRights/ManageAuditingAndSecurityLog</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-managevolume" id="userrights-managevolume">UserRights/ManageVolume</a>
+    <a href="./policy-csp-userrights.md#userrights-managevolume" id="userrights-managevolume">UserRights/ManageVolume</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-modifyfirmwareenvironment" id="userrights-modifyfirmwareenvironment">UserRights/ModifyFirmwareEnvironment</a>
+    <a href="./policy-csp-userrights.md#userrights-modifyfirmwareenvironment" id="userrights-modifyfirmwareenvironment">UserRights/ModifyFirmwareEnvironment</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-modifyobjectlabel" id="userrights-modifyobjectlabel">UserRights/ModifyObjectLabel</a>
+    <a href="./policy-csp-userrights.md#userrights-modifyobjectlabel" id="userrights-modifyobjectlabel">UserRights/ModifyObjectLabel</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-profilesingleprocess" id="userrights-profilesingleprocess">UserRights/ProfileSingleProcess</a>
+    <a href="./policy-csp-userrights.md#userrights-profilesingleprocess" id="userrights-profilesingleprocess">UserRights/ProfileSingleProcess</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-remoteshutdown" id="userrights-remoteshutdown">UserRights/RemoteShutdown</a>
+    <a href="./policy-csp-userrights.md#userrights-remoteshutdown" id="userrights-remoteshutdown">UserRights/RemoteShutdown</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-restorefilesanddirectories" id="userrights-restorefilesanddirectories">UserRights/RestoreFilesAndDirectories</a>
+    <a href="./policy-csp-userrights.md#userrights-restorefilesanddirectories" id="userrights-restorefilesanddirectories">UserRights/RestoreFilesAndDirectories</a>
   </dd>
   <dd>
-    <a href="policy-csp-userrights.md#userrights-takeownership" id="userrights-takeownership">UserRights/TakeOwnership</a>
+    <a href="./policy-csp-userrights.md#userrights-takeownership" id="userrights-takeownership">UserRights/TakeOwnership</a>
   </dd>
 </dl>
 
@@ -3178,15 +3380,29 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### WindowsConnectionManager policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork" id="windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork">WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork</a>
+  </dd>
+</dl>
+
 ### WindowsDefenderSecurityCenter policies
 
 <dl>
   <dd>
     <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname" id="windowsdefendersecuritycenter-companyname">WindowsDefenderSecurityCenter/CompanyName</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui" id="windowsdefendersecuritycenter-disableaccountprotectionui">WindowsDefenderSecurityCenter/DisableAccountProtectionUI</a>
+  </dd>
   <dd>
     <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui" id="windowsdefendersecuritycenter-disableappbrowserui">WindowsDefenderSecurityCenter/DisableAppBrowserUI</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui" id="windowsdefendersecuritycenter-disabledevicesecurityui">WindowsDefenderSecurityCenter/DisableDeviceSecurityUI</a>
+  </dd>
   <dd>
     <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications" id="windowsdefendersecuritycenter-disableenhancednotifications">WindowsDefenderSecurityCenter/DisableEnhancedNotifications</a>
   </dd>
@@ -3217,6 +3433,15 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enableinappcustomization" id="windowsdefendersecuritycenter-enableinappcustomization">WindowsDefenderSecurityCenter/EnableInAppCustomization</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hideransomwaredatarecovery" id="windowsdefendersecuritycenter-hideransomwaredatarecovery">WindowsDefenderSecurityCenter/HideRansomwareDataRecovery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidesecureboot" id="windowsdefendersecuritycenter-hidesecureboot">WindowsDefenderSecurityCenter/HideSecureBoot</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting" id="windowsdefendersecuritycenter-hidetpmtroubleshooting">WindowsDefenderSecurityCenter/HideTPMTroubleshooting</a>
+  </dd>
   <dd>
     <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone" id="windowsdefendersecuritycenter-phone">WindowsDefenderSecurityCenter/Phone</a>
   </dd>
@@ -3245,19 +3470,33 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui" id="windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers" id="windowslogon-enumeratelocalusersondomainjoinedcomputers">WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers</a>
+  </dd>
   <dd>
     <a href="./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching" id="windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart" id="windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart">WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart</a>
+  </dd>
+</dl>
+
+### WindowsPowerShell policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging" id="windowspowershell-turnonpowershellscriptblocklogging">WindowsPowerShell/TurnOnPowerShellScriptBlockLogging</a>
+  </dd>
 </dl>
 
 ### WirelessDisplay policies
 
 <dl>
   <dd>
-    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsadvertisement">WirelessDisplay/AllowMdnsAdvertisement</a>
+    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsadvertisement" id="wirelessdisplay-allowmdnsadvertisement">WirelessDisplay/AllowMdnsAdvertisement</a>
   </dd>
   <dd>
-    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsdiscovery">WirelessDisplay/AllowMdnsDiscovery</a>
+    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsdiscovery" id="wirelessdisplay-allowmdnsdiscovery">WirelessDisplay/AllowMdnsDiscovery</a>
   </dd>
   <dd>
     <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectionfrompc" id="wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
@@ -3701,12 +3940,15 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
 -   [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
 -   [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration)
+-   [ApplicationDefaults/EnableAppUriHandlers](./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers)
 -   [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
 -   [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
 -   [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
 -   [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr)
 -   [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata)
 -   [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps)
+-   [ApplicationManagement/MSIAllowUserControlOverInstall](./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall)
+-   [ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges](./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges)
 -   [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly)
 -   [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume)
 -   [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume)
@@ -3745,6 +3987,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
 -   [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
 -   [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles)
+-   [Browser/PreventTabPreloading](./policy-csp-browser.md#browser-preventtabpreloading)
 -   [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc)
 -   [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
 -   [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
@@ -3759,6 +4002,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps)
 -   [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
 -   [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
+-   [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking)
 -   [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
 -   [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
 -   [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
@@ -4118,6 +4362,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
 -   [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
 -   [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
+-   [LanmanWorkstation/EnableInsecureGuestLogons](./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons)
 -   [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation)
 -   [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation)
 -   [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts)
@@ -4154,6 +4399,10 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers)
 -   [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon)
 -   [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile)
 -   [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation)
@@ -4187,7 +4436,9 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers)
 -   [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative)
 -   [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources)
+-   [Notifications/DisallowCloudNotification](./policy-csp-notifications.md#notifications-disallowcloudnotification)
 -   [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring)
+-   [Notifications/DisallowTileNotification](./policy-csp-notifications.md#notifications-disallowtilenotification)
 -   [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
 -   [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
 -   [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
@@ -4352,6 +4603,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode)
 -   [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode)
 -   [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
+-   [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection)
 -   [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
 -   [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
 -   [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
@@ -4456,72 +4708,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
 -   [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
 
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Policies supported by IoT Core  
-
--   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
--   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
--   [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)  
--   [Browser/AllowAutofill](#browser-allowautofill)  
--   [Browser/AllowBrowser](#browser-allowbrowser)  
--   [Browser/AllowCookies](#browser-allowcookies)  
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
--   [Browser/AllowInPrivate](#browser-allowinprivate)  
--   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)  
--   [Browser/AllowPopups](#browser-allowpopups)  
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
--   [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist)  
--   [Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl)  
--   [Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer)  
--   [Camera/AllowCamera](#camera-allowcamera)  
--   [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)  
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
--   [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming)  
--   [Connectivity/AllowNFC](#connectivity-allownfc)  
--   [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)  
--   [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular)  
--   [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular)  
--   [Connectivity/DiablePrintingOverHTTP](#connectivity-diableprintingoverhttp)  
--   [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](#connectivity-disabledownloadingofprintdriversoverhttp)  
--   [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)  
--   [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths)  
--   [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](#connectivity-prohibitinstallationandconfigurationofnetworkbridge)  
--   [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon)  
--   [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword)  
--   [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess)  
--   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
--   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
--   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
--   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
--   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
--   [Security/AllowAddProvisioningPackage](#security-allowaddprovisioningpackage)  
--   [Security/AllowRemoveProvisioningPackage](#security-allowremoveprovisioningpackage)  
--   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
--   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)  
--   [System/AllowEmbeddedMode](#system-allowembeddedmode)  
--   [System/AllowFontProviders](#system-allowfontproviders)  
--   [System/AllowStorageCard](#system-allowstoragecard)  
--   [System/TelemetryProxy](#system-telemetryproxy)  
--   [Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate)  
--   [Update/AllowUpdateService](#update-allowupdateservice)  
--   [Update/PauseDeferrals](#update-pausedeferrals)  
--   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
--   [Update/RequireUpdateApproval](#update-requireupdateapproval)  
--   [Update/ScheduledInstallDay](#update-scheduledinstallday)  
--   [Update/ScheduledInstallTime](#update-scheduledinstalltime)  
--   [Update/UpdateServiceUrl](#update-updateserviceurl)  
--   [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots)  
--   [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)  
--   [Wifi/AllowWiFi](#wifi-allowwifi)  
--   [Wifi/WLANScanMode](#wifi-wlanscanmode)  
-<!--EndIoTCore-->
-
 <!--StartHoloLens-->
 ## <a href="" id="hololenspolicies"></a>Policies supported by Windows Holographic for Business  
 
@@ -4545,18 +4731,11 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Experience/AllowCortana](#experience-allowcortana)  
 -   [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)  
 -   [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)  
--   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
--   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
--   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
--   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
--   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
 -   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
 -   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
 -   [Settings/AllowDateTime](#settings-allowdatetime)  
 -   [Settings/AllowVPN](#settings-allowvpn)  
+-   [System/AllowFontProviders](#system-allowfontproviders)  
 -   [System/AllowLocation](#system-allowlocation)  
 -   [System/AllowTelemetry](#system-allowtelemetry)  
 -   [Update/AllowAutoUpdate](#update-allowautoupdate)  
@@ -4566,125 +4745,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Update/UpdateServiceUrl](#update-updateserviceurl)  
 <!--EndHoloLens-->
 
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Policies supported by Microsoft Surface Hub  
-  
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
--   [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing)  
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
--   [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)  
--   [Browser/AllowAddressBarDropdown](#browser-allowaddressbardropdown)  
--   [Browser/AllowCookies](#browser-allowcookies)  
--   [Browser/AllowDeveloperTools](#browser-allowdevelopertools)  
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
--   [Browser/AllowMicrosoftCompatibilityList](#browser-allowmicrosoftcompatibilitylist)  
--   [Browser/AllowPopups](#browser-allowpopups)  
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
--   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
--   [Browser/ClearBrowsingDataOnExit](#browser-clearbrowsingdataonexit)  
--   [Browser/ConfigureAdditionalSearchEngines](#browser-configureadditionalsearchengines)  
--   [Browser/DisableLockdownOfStartPages](#browser-disablelockdownofstartpages)  
--   [Browser/HomePages](#browser-homepages)  
--   [Browser/PreventLiveTileDataCollection](#browser-preventlivetiledatacollection)  
--   [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride)  
--   [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles)  
--   [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine)  
--   [Camera/AllowCamera](#camera-allowcamera)  
--   [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)  
--   [ConfigOperations/ADMXInstall](#configoperations-admxinstall)  
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
--   [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices)  
--   [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)  
--   [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)  
--   [Defender/AllowArchiveScanning](#defender-allowarchivescanning)  
--   [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)  
--   [Defender/AllowCloudProtection](#defender-allowcloudprotection)  
--   [Defender/AllowEmailScanning](#defender-allowemailscanning)  
--   [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives)  
--   [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning)  
--   [Defender/AllowIOAVProtection](#defender-allowioavprotection)  
--   [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem)  
--   [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection)  
--   [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring)  
--   [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles)  
--   [Defender/AllowScriptScanning](#defender-allowscriptscanning)  
--   [Defender/AllowUserUIAccess](#defender-allowuseruiaccess)  
--   [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor)  
--   [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware)  
--   [Defender/ExcludedExtensions](#defender-excludedextensions)  
--   [Defender/ExcludedPaths](#defender-excludedpaths)  
--   [Defender/ExcludedProcesses](#defender-excludedprocesses)  
--   [Defender/PUAProtection](#defender-puaprotection)  
--   [Defender/RealTimeScanDirection](#defender-realtimescandirection)  
--   [Defender/ScanParameter](#defender-scanparameter)  
--   [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime)  
--   [Defender/ScheduleScanDay](#defender-schedulescanday)  
--   [Defender/ScheduleScanTime](#defender-schedulescantime)  
--   [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval)  
--   [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent)  
--   [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction)  
--   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)  
--   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)  
--   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)  
--   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)  
--   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)  
--   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)  
--   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)  
--   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)  
--   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)  
--   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)  
--   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)  
--   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)  
--   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)  
--   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)  
--   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)  
--   [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders)  
--   [Privacy/EnableActivityFeed](#privacy-enableactivityfeed)  
--   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
--   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
--   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
--   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
--   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
--   [Privacy/PublishUserActivities](#privacy-publishuseractivities)  
--   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)  
--   [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot)  
--   [Start/StartLayout](#start-startlayout)
--   [System/AllowFontProviders](#system-allowfontproviders)  
--   [System/AllowLocation](#system-allowlocation)  
--   [System/AllowTelemetry](#system-allowtelemetry)  
--   [TextInput/AllowIMELogging](#textinput-allowimelogging)  
--   [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess)  
--   [TextInput/AllowInputPanel](#textinput-allowinputpanel)  
--   [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters)  
--   [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters)  
--   [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph)  
--   [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary)  
--   [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall)  
--   [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208)  
--   [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc)  
--   [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis)  
--   [Update/AllowAutoUpdate](#update-allowautoupdate)  
--   [Update/AllowUpdateService](#update-allowupdateservice)  
--   [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule)  
--   [Update/AutoRestartRequiredNotificationDismissal](#update-autorestartrequirednotificationdismissal)  
--   [Update/BranchReadinessLevel](#update-branchreadinesslevel)  
--   [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays)  
--   [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays)  
--   [Update/DetectionFrequency](#update-detectionfrequency)  
--   [Update/PauseFeatureUpdates](#update-pausefeatureupdates)  
--   [Update/PauseQualityUpdates](#update-pausequalityupdates)  
--   [Update/ScheduleImminentRestartWarning](#update-scheduleimminentrestartwarning)  
--   [Update/ScheduleRestartWarning](#update-schedulerestartwarning)  
--   [Update/SetAutoRestartNotificationDisable](#update-setautorestartnotificationdisable)  
--   [Update/UpdateServiceUrl](#update-updateserviceurl)  
--   [Update/UpdateServiceUrlAlternate](#update-updateserviceurlalternate)  
--   [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)  
-<!--EndSurfaceHub-->
-
 <!--StartEAS-->
 ## <a href="" id="eas"></a>Policies that can be set using Exchange Active Sync (EAS)  
 
@@ -4712,7 +4772,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Wifi/AllowWiFi](#wifi-allowwifi)  
 <!--EndEAS-->
 
-
 ## Examples
 
 Set the minimum password length to 4 characters.
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 774334df19..02d3d2895e 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - ApplicationDefaults
@@ -189,20 +189,14 @@ If you do not configure this policy setting, the default behavior depends on the
 ADMX Info:  
 -   GP English name: *Configure web-to-app linking with app URI handlers*
 -   GP name: *EnableAppUriHandlers*
+-   GP path: *System/Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 This setting supports a range of values between 0 and 1.
 
-
 <!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 47b9d1e09d..082ad6881d 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - ApplicationManagement
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -43,6 +45,12 @@ ms.date: 03/12/2018
   <dd>
     <a href="#applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
   </dd>
+  <dd>
+    <a href="#applicationmanagement-msiallowusercontroloverinstall">ApplicationManagement/MSIAllowUserControlOverInstall</a>
+  </dd>
+  <dd>
+    <a href="#applicationmanagement-msialwaysinstallwithelevatedprivileges">ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges</a>
+  </dd>
   <dd>
     <a href="#applicationmanagement-requireprivatestoreonly">ApplicationManagement/RequirePrivateStoreOnly</a>
   </dd>
@@ -538,6 +546,133 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="applicationmanagement-msiallowusercontroloverinstall"></a>**ApplicationManagement/MSIAllowUserControlOverInstall**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This policy setting permits users to change installation options that typically are available only to system administrators.
+
+If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a security violation.
+
+If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed.
+
+If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user.
+
+This policy setting is designed for less restrictive environments. It can be used to circumvent errors in an installation program that prevents software from being installed.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow user control over installs*
+-   GP name: *EnableUserControl*
+-   GP path: *Windows Components/Windows Installer*
+-   GP ADMX file name: *MSI.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+This setting supports a range of values between 0 and 1.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="applicationmanagement-msialwaysinstallwithelevatedprivileges"></a>**ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.
+
+If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.
+
+If you disable or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.
+
+Note: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.
+
+Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Always install with elevated privileges*
+-   GP name: *AlwaysInstallElevated*
+-   GP path: *Windows Components/Windows Installer*
+-   GP ADMX file name: *MSI.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+This setting supports a range of values between 0 and 1.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="applicationmanagement-requireprivatestoreonly"></a>**ApplicationManagement/RequirePrivateStoreOnly**  
 
@@ -583,7 +718,9 @@ Most restricted value is 1.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
+-   GP English name: *Only display the private store within the Microsoft Store*
 -   GP name: *RequirePrivateStoreOnly*
+-   GP path: *Windows Components/Store*
 -   GP ADMX file name: *WindowsStore.admx*
 
 <!--/ADMXMapped-->
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 7e6fb10c8d..386d22dfe2 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - AppRuntime
@@ -32,6 +32,29 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="appruntime-allowmicrosoftaccountstobeoptional"></a>**AppRuntime/AllowMicrosoftAccountsToBeOptional**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index fb08f30dc0..0205e259b0 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/06/2018
 ---
 
 # Policy CSP - Bluetooth
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -28,6 +30,9 @@ ms.date: 03/12/2018
   <dd>
     <a href="#bluetooth-allowprepairing">Bluetooth/AllowPrepairing</a>
   </dd>
+  <dd>
+    <a href="#bluetooth-allowpromptedproximalconnections">Bluetooth/AllowPromptedProximalConnections</a>
+  </dd>
   <dd>
     <a href="#bluetooth-localdevicename">Bluetooth/LocalDeviceName</a>
   </dd>
@@ -197,6 +202,62 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="bluetooth-allowpromptedproximalconnections"></a>**Bluetooth/AllowPromptedProximalConnections**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This policy allows the IT admin to block users on these managed devices from using Quick Pair and other proximity based scenarios.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:  
+
+-   0 - Disallow. Block users on these managed devices from using Quick Pair and other proximity based scenarios
+-   1 - Allow. Allow users on these managed devices to use Quick Pair and other proximity based scenarios
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="bluetooth-localdevicename"></a>**Bluetooth/LocalDeviceName**  
 
@@ -282,7 +343,7 @@ If this policy is not set or it is deleted, the default local radio name is used
 <!--Description-->
 Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
 
-The default value is an empty string.
+The default value is an empty string. For more information, see [ServicesAllowedList usage guide](#servicesallowedlist-usage-guide)
 
 <!--/Description-->
 <!--/Policy-->
@@ -297,6 +358,95 @@ Footnote:
 
 <!--/Policies-->
 
+## ServicesAllowedList usage guide
+
+When the Bluetooth/ServicesAllowedList policy is provisioned, it will only allow pairing and connections of Windows PCs and phones to explicitly define Bluetooth profiles and services. It is an allowed list, enabling admins to still allow custom Bluetooth profiles that are not defined by the Bluetooth Special Interests Group (SIG).
+
+To define which profiles and services are allowed, enter the profile or service Universally Unique Identifiers (UUID) using semicolon delimiter. To get a profile UUID, refer to the [Service Discovery](https://www.bluetooth.com/specifications/assigned-numbers/service-discovery) page on the Bluetooth SIG website. 
+
+These UUIDs all use the same base UUID with the profile identifiers added to the beginning of the base UUID.
+
+Here are some examples:
+
+**Bluetooth Headsets for Voice (HFP)**
+
+BASE_UUID = 0x00000000-0000-1000-8000-00805F9B34FB
+
+|UUID name  |Protocol specification  |UUID  |
+|---------|---------|---------|
+|HFP(Hands Free Profile)     |Hands-Free Profile (HFP) *         |0x111E         |
+
+Footnote: * Used as both Service Class Identifier and Profile Identifier.
+
+Hands Free Profile UUID = base UUID + 0x111E to the beginning = 0000111E-0000-1000-8000-00805F9B34FB
+
+**Allow Audio Headsets only (Voice)**
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|HFP (Hands Free Profile)     |For voice enabled headsets         |0x111E        |
+|GAP (Generic Access Profile)*     |Generic service used by Bluetooth         |0x1800         |
+|DID (Device ID)*     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters*     |Generic service used by Bluetooth         |0x1813         |
+
+Footnote: * *GAP, DID, and Scan Parameter are required, as these are underlying profiles and services used by all Bluetooth devices.
+
+This means that if you only want Bluetooth headsets, the UUIDs are:
+
+{0000111E-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Allow Audio Headsets and Speakers (Voice & Music)**
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|HFP (Hands Free Profile)     |For voice enabled headsets         |0x111E         |
+|A2DP Source (Advance Audio Distribution)|For streaming to Bluetooth speakers         |0x110A         |
+|GAP (Generic Access Profile)     |Generic service used by Bluetooth         |0x1800         |
+|Device ID (DID)     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters     |Generic service used by Bluetooth         |0x1813         |
+
+{0000111E-0000-1000-8000-00805F9B34FB};{0000110A-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Classic Keyboards and Mice**
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|HID (Human Interface Device)     |For classic BR/EDR keyboards and mice         |0x1124         |
+|GAP (Generic Access Profile)     |Generic service used by Bluetooth         |0x1800         |
+|DID (Device ID)     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters     |Generic service used by Bluetooth         |0x1813         |
+
+{00001801-0000-1000-8000-00805F9B34FB};{00001812-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+> [!Note]  
+> For both Classic and LE use a super set of the two formula’s UUIDs
+
+**LE Keyboards and Mice**  
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|Generic Access Atribute     |For the LE Protocol         |0x1801         |
+|HID Over GATT *     |For LE keyboards and mice         |0x1812         |
+|GAP (Generic Access Profile)     |Generic service used by Bluetooth         |0x1800         |
+|DID (Device ID)     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters     |Generic service used by Bluetooth         |0x1813         |
+
+Footnote: * The Surface pen uses the HID over GATT profile
+
+{00001801-0000-1000-8000-00805F9B34FB};{00001812-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Allow File Transfer**
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|OBEX Object Push (OPP)     |For file transfer         |0x1105         |
+|Object Exchange (OBEX)     |Protocol for file transfer         |0x0008         |
+|Generic Access Profile (GAP)     |Generic service used by Bluetooth         |0x1800         |
+|Device ID (DID)     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters     |Generic service used by Bluetooth         |0x1813         |
+
+{00001105-0000-1000-8000-00805F9B34FB};{00000008-0000-1000-8000-00805F9B34FB};{0000111E-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
 <!--StartHoloLens-->
 ## <a href="" id="hololenspolicies"></a>Bluetooth policies supported by Windows Holographic for Business  
 
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 79d91ff2dc..514ff83491 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/13/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - Browser
@@ -445,8 +445,9 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 – Not allowed.
--   1 (default) – Allowed.
+-   0 – Block all cookies
+-   1 – Block only third party cookies
+-   2 - Allow cookies
 
 <!--/SupportedValues-->
 <!--Validation-->
@@ -2190,10 +2191,17 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code. 
+Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed*
+-   GP name: *PreventTabPreloading*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
 
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 431c59baa4..9c86945186 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - Cellular
@@ -92,8 +92,10 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
+-   GP English name: *Let Windows apps access cellular data*
 -   GP name: *LetAppsAccessCellularData*
 -   GP element: *LetAppsAccessCellularData_Enum*
+-   GP path: *Network/WWAN Service/Cellular Data Access*
 -   GP ADMX file name: *wwansvc.admx*
 
 <!--/ADMXMapped-->
@@ -150,8 +152,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
+-   GP English name: *Let Windows apps access cellular data*
 -   GP name: *LetAppsAccessCellularData*
 -   GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List*
+-   GP path: *Network/WWAN Service/Cellular Data Access*
 -   GP ADMX file name: *wwansvc.admx*
 
 <!--/ADMXMapped-->
@@ -200,8 +204,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
+-   GP English name: *Let Windows apps access cellular data*
 -   GP name: *LetAppsAccessCellularData*
 -   GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List*
+-   GP path: *Network/WWAN Service/Cellular Data Access*
 -   GP ADMX file name: *wwansvc.admx*
 
 <!--/ADMXMapped-->
@@ -250,8 +256,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
+-   GP English name: *Let Windows apps access cellular data*
 -   GP name: *LetAppsAccessCellularData*
 -   GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List*
+-   GP path: *Network/WWAN Service/Cellular Data Access*
 -   GP ADMX file name: *wwansvc.admx*
 
 <!--/ADMXMapped-->
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index faf33814cc..e07d5f9e02 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 03/14/2018
 ---
 
 # Policy CSP - Connectivity
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -34,6 +36,9 @@ ms.date: 03/12/2018
   <dd>
     <a href="#connectivity-allownfc">Connectivity/AllowNFC</a>
   </dd>
+  <dd>
+    <a href="#connectivity-allowphonepclinking">Connectivity/AllowPhonePCLinking</a>
+  </dd>
   <dd>
     <a href="#connectivity-allowusbconnection">Connectivity/AllowUSBConnection</a>
   </dd>
@@ -355,6 +360,76 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="connectivity-allowphonepclinking"></a>**Connectivity/AllowPhonePCLinking**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC.
+
+If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device is not allowed to be linked to phones, will remove itself from the device list of any linked Phones, and cannot participate in 'Continue on PC experiences'.
+If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *enableMMX*
+-   GP ADMX file name: *grouppolicy.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+This setting supports a range of values between 0 and 1.  
+
+- 0 - Do not link
+- 1 (default) - Allow phone-PC linking
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+Validation:  
+
+If the Connectivity/AllowPhonePCLinking policy is configured to value 0, the add a phone button in the Phones section in settings will be greyed out and clicking it will not launch the window for a user to enter their phone number.
+
+Device that has previously opt-in to MMX will also stop showing on the device list.
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="connectivity-allowusbconnection"></a>**Connectivity/AllowUSBConnection**  
 
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index e347fbd029..edd5e6b205 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - CredentialsDelegation
@@ -32,6 +32,29 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials"></a>**CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index cf43d37c41..9b31c6322f 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - DeliveryOptimization
@@ -1219,8 +1219,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
+-   GP English name: *Maximum Background Download Bandwidth (percentage)*
 -   GP name: *PercentageMaxBackgroundBandwidth*
 -   GP element: *PercentageMaxBackgroundBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
 -   GP ADMX file name: *DeliveryOptimization.admx*
 
 <!--/ADMXMapped-->
@@ -1231,6 +1233,15 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**  
 
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
 <!--Description-->
 This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) and [DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) policies instead.
 
@@ -1282,8 +1293,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
+-   GP English name: *Maximum Foreground Download Bandwidth (percentage)*
 -   GP name: *PercentageMaxForegroundBandwidth*
 -   GP element: *PercentageMaxForegroundBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
 -   GP ADMX file name: *DeliveryOptimization.admx*
 
 <!--/ADMXMapped-->
@@ -1388,7 +1401,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
+Added in Windows&nbsp;10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 
 <!--/Description-->
 > [!TIP]
@@ -1454,7 +1467,7 @@ This policy allows an IT Admin to define the following:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
+Added in Windows&nbsp;10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 
 <!--/Description-->
 > [!TIP]
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 1a791a7b71..0a7c86e017 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - DeviceLock
@@ -547,7 +547,7 @@ The following list shows the supported values:
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
@@ -1036,6 +1036,29 @@ GP Info:
 <!--Policy-->
 <a href="" id="devicelock-preventenablinglockscreencamera"></a>**DeviceLock/PreventEnablingLockScreenCamera**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 835be83eb0..6c9a23cd61 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - EventLogService
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 3f96460055..38e01b4868 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - Experience
@@ -359,7 +359,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect.
+Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), then disabling the MDM unenrollment has no effect.
 
 > [!NOTE]
 > The MDM server can always remotely delete the account.
@@ -436,6 +436,15 @@ The following list shows the supported values:
 <!--Policy-->
 <a href="" id="experience-allowsaveasofofficefiles"></a>**Experience/AllowSaveAsOfOfficeFiles**  
 
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
 <!--Description-->
 This policy is deprecated.
 
@@ -503,6 +512,15 @@ The following list shows the supported values:
 <!--Policy-->
 <a href="" id="experience-allowsharingofofficefiles"></a>**Experience/AllowSharingOfOfficeFiles**  
 
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
 <!--Description-->
 This policy is deprecated.
 
@@ -1027,7 +1045,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1083. This policy allows IT admins to turn off Suggestions in Settings app. These suggestions from Microsoft may show after each OS clean install, upgrade or an on-going basis to help users discover apps/features on Windows or across devices, to make thier experience productive.  
+Added in Windows 10, version 1803. This policy allows IT admins to turn off Suggestions in Settings app. These suggestions from Microsoft may show after each OS clean install, upgrade or an on-going basis to help users discover apps/features on Windows or across devices, to make thier experience productive.  
 
 -  User setting is under Settings -> Privacy -> General -> Show me suggested content in Settings app.
 -  User Setting is changeable on a per user basis.
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 9216df0e67..df185f9924 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - FileExplorer
@@ -35,6 +35,29 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="fileexplorer-turnoffdataexecutionpreventionforexplorer"></a>**FileExplorer/TurnOffDataExecutionPreventionForExplorer**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -70,6 +93,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="fileexplorer-turnoffheapterminationoncorruption"></a>**FileExplorer/TurnOffHeapTerminationOnCorruption**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 304792e860..580431a0ff 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - InternetExplorer
@@ -2129,6 +2129,11 @@ Value - A number indicating the zone with which this site should be associated f
 
 If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
 
+> [!Note]  
+> This policy is a list that contains the site and index value.
+
+The list is a set of pairs of strings. Each string is seperated by F000. Each pair of string are stored as a registry name and value.  The registry name is the site and the value is an index. The index has to be sequential. See an example below.
+
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
@@ -2145,6 +2150,31 @@ ADMX Info:
 -   GP ADMX file name: *inetres.admx*
 
 <!--/ADMXBacked-->
+<!--Example-->
+```syntax
+  <SyncBody>
+      <Replace>
+          <CmdID>2</CmdID>
+           <Item>
+               <Meta>
+                  <Format>chr</Format>
+                  <Type>text/plain</Type>
+              </Meta>
+              <Target>
+                  <LocURI>./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSiteToZoneAssignmentList</LocURI>
+              </Target>
+               <Data>&lt;Enabled/&gt;&lt;Data id=&quot;IZ_ZonemapPrompt&quot; value=&quot;http://adfs.contoso.org&#xF000;1&#xF000;http://microsoft.com&#xF000;2&quot;/&gt;</Data>
+          </Item>
+      </Replace>
+      <Final/>
+  </SyncBody>
+```
+
+Value and index pairs in the SyncML example:  
+- http://adfs.contoso.org 1
+- http://microsoft.com 2
+
+<!--/Example-->
 <!--/Policy-->
 
 <hr/>
@@ -5542,6 +5572,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="internetexplorer-internetzoneallowvbscripttorunininternetexplorer"></a>**InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -9236,6 +9289,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="internetexplorer-lockeddownintranetjavapermissions"></a>**InternetExplorer/LockedDownIntranetJavaPermissions**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -14307,6 +14383,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer"></a>**InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 27f995e4d9..f662a910d4 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/11/2018
 ---
 
 # Policy CSP - KioskBrowser
@@ -14,6 +14,8 @@ ms.date: 03/12/2018
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
+These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user’s browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](https://docs.microsoft.com/en-us/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_). 
+
 
 <hr/>
 
@@ -30,6 +32,9 @@ ms.date: 03/12/2018
   <dd>
     <a href="#kioskbrowser-defaulturl">KioskBrowser/DefaultURL</a>
   </dd>
+  <dd>
+    <a href="#kioskbrowser-enableendsessionbutton">KioskBrowser/EnableEndSessionButton</a>
+  </dd>
   <dd>
     <a href="#kioskbrowser-enablehomebutton">KioskBrowser/EnableHomeButton</a>
   </dd>
@@ -74,7 +79,6 @@ ms.date: 03/12/2018
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
-> * User
 > * Device
 
 <hr/>
@@ -83,6 +87,9 @@ ms.date: 03/12/2018
 <!--Description-->
 Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
 
+> [!Note]  
+> This policy only applies to the Kiosk Browser app in Microsoft Store.
+
 <!--/Description-->
 <!--/Policy-->
 
@@ -118,7 +125,6 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
-> * User
 > * Device
 
 <hr/>
@@ -127,6 +133,9 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
 <!--Description-->
 Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
 
+> [!Note]  
+> This policy only applies to the Kiosk Browser app in Microsoft Store.
+
 <!--/Description-->
 <!--/Policy-->
 
@@ -162,7 +171,6 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
-> * User
 > * Device
 
 <hr/>
@@ -171,11 +179,66 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
 <!--Description-->
 Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.
 
+> [!Note]  
+> This policy only applies to the Kiosk Browser app in Microsoft Store.
+
 <!--/Description-->
 <!--/Policy-->
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="kioskbrowser-enableendsessionbutton"></a>**KioskBrowser/EnableEndSessionButton**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Shows the Kiosk Browser's end session button. When the policy is enabled, the Kiosk Browser app shows a button to reset the browser. When the user clicks on the button, the app will prompt the user for confirmation to end the session. When the user confirms, the Kiosk broswser will clear all browsing data (cache, cookies, etc.) and navigate back to the default URL.
+
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="kioskbrowser-enablehomebutton"></a>**KioskBrowser/EnableHomeButton**  
 
@@ -206,7 +269,6 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
-> * User
 > * Device
 
 <hr/>
@@ -215,6 +277,9 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
 <!--Description-->
 Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
 
+> [!Note]  
+> This policy only applies to the Kiosk Browser app in Microsoft Store.
+
 <!--/Description-->
 <!--/Policy-->
 
@@ -250,7 +315,6 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
-> * User
 > * Device
 
 <hr/>
@@ -259,6 +323,9 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
 <!--Description-->
 Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).
 
+> [!Note]  
+> This policy only applies to the Kiosk Browser app in Microsoft Store.
+
 <!--/Description-->
 <!--/Policy-->
 
@@ -294,7 +361,6 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation but
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
-> * User
 > * Device
 
 <hr/>
@@ -305,6 +371,9 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle
 
 The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
 
+> [!Note]  
+> This policy only applies to the Kiosk Browser app in Microsoft Store.
+
 <!--/Description-->
 <!--/Policy-->
 <hr/>
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index 5c860249fc..15c57e928a 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/16/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - LanmanWorkstation
@@ -78,20 +78,14 @@ Insecure guest logons are used by file servers to allow unauthenticated access t
 ADMX Info:  
 -   GP English name: *Enable insecure guest logons*
 -   GP name: *Pol_EnableInsecureGuestLogons*
+-   GP path: *Network/Lanman Workstation*
 -   GP ADMX file name: *LanmanWorkstation.admx*
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 This setting supports a range of values between 0 and 1.
 
-
 <!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 27c960d639..34c61a2c31 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/06/2018
 ---
 
 # Policy CSP - LocalPoliciesSecurityOptions
@@ -57,18 +57,9 @@ ms.date: 03/12/2018
   <dd>
     <a href="#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</a>
   </dd>
-  <dd>
-    <a href="#localpoliciessecurityoptions-domainmember-digitallysignsecurechanneldatawhenpossible">LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible</a>
-  </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges">LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</a>
   </dd>
-  <dd>
-    <a href="#localpoliciessecurityoptions-domainmember-maximummachineaccountpasswordage">LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge</a>
-  </dd>
-  <dd>
-    <a href="#localpoliciessecurityoptions-domainmember-requirestrongsessionkey">LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey</a>
-  </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
   </dd>
@@ -93,9 +84,6 @@ ms.date: 03/12/2018
   <dd>
     <a href="#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior">LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</a>
   </dd>
-  <dd>
-    <a href="#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways</a>
-  </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</a>
   </dd>
@@ -126,9 +114,6 @@ ms.date: 03/12/2018
   <dd>
     <a href="#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam">LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</a>
   </dd>
-  <dd>
-    <a href="#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm">LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</a>
-  </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
   </dd>
@@ -139,10 +124,19 @@ ms.date: 03/12/2018
     <a href="#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel">LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel</a>
   </dd>
   <dd>
-    <a href="#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients">LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</a>
+    <a href="#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers">LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</a>
   </dd>
   <dd>
-    <a href="#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers">LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</a>
+    <a href="#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</a>
+  </dd>
+  <dd>
+    <a href="#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</a>
+  </dd>
+  <dd>
+    <a href="#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</a>
+  </dd>
+  <dd>
+    <a href="#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</a>
   </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon">LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</a>
@@ -846,6 +840,15 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 <!--/RegistryMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
 <!--/Policy-->
 
 <hr/>
@@ -909,63 +912,15 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 <!--/RegistryMapped-->
-<!--/Policy-->
+<!--SupportedValues-->
 
-<hr/>
+<!--/SupportedValues-->
+<!--Example-->
 
-<!--Policy-->
-<a href="" id="localpoliciessecurityoptions-domainmember-digitallysignsecurechanneldatawhenpossible"></a>**LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible**  
+<!--/Example-->
+<!--Validation-->
 
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Domain member: Digitally sign secure channel data (when possible)
-
-This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
-
-This setting determines whether or not the domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed which ensures that it cannot be tampered with in transit.
-
-Default: Enabled.
-
-<!--/Description-->
-<!--RegistryMapped-->
-GP Info:  
--   GP English name: *Domain member: Digitally sign secure channel data (when possible)*
--   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
-
-<!--/RegistryMapped-->
+<!--/Validation-->
 <!--/Policy-->
 
 <hr/>
@@ -1024,131 +979,15 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 <!--/RegistryMapped-->
-<!--/Policy-->
+<!--SupportedValues-->
 
-<hr/>
+<!--/SupportedValues-->
+<!--Example-->
 
-<!--Policy-->
-<a href="" id="localpoliciessecurityoptions-domainmember-maximummachineaccountpasswordage"></a>**LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge**  
+<!--/Example-->
+<!--Validation-->
 
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Domain member: Maximum machine account password age
-
-This security setting determines how often a domain member will attempt to change its computer account password.
-
-Default: 30 days.
-
-Important
-
-This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.
-
-<!--/Description-->
-<!--RegistryMapped-->
-GP Info:  
--   GP English name: *Domain member: Maximum machine account password age*
--   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
-
-<!--/RegistryMapped-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="localpoliciessecurityoptions-domainmember-requirestrongsessionkey"></a>**LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Domain member: Require strong (Windows 2000 or later) session key
-
-This security setting determines whether 128-bit key strength is required for encrypted secure channel data.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller within the domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup, and so on.
-
-Depending on what version of Windows is running on the domain controller that the domain member is communicating with and the settings of the parameters:
-
-Domain member: Digitally encrypt or sign secure channel data (always)
-Domain member: Digitally encrypt secure channel data (when possible)
-Some or all of the information that is transmitted over the secure channel will be encrypted. This policy setting determines whether or not 128-bit key strength is required for the secure channel information that is encrypted.
-
-If this setting is enabled, then the secure channel will not be established unless 128-bit encryption can be performed. If this setting is disabled, then the key strength is negotiated with the domain controller.
-
-Default: Enabled.
-
-Important
-
-In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later.
-In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.
-
-<!--/Description-->
-<!--RegistryMapped-->
-GP Info:  
--   GP English name: *Domain member: Require strong (Windows 2000 or later) session key*
--   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
-
-<!--/RegistryMapped-->
+<!--/Validation-->
 <!--/Policy-->
 
 <hr/>
@@ -1650,77 +1489,6 @@ GP Info:
 
 <hr/>
 
-<!--Policy-->
-<a href="" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Microsoft network client: Digitally sign communications (always)
-
-This security setting determines whether packet signing is required by the SMB client component.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
-
-If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
-
-Default: Disabled.
-
-Important
-
-For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
-
-<!--/Description-->
-<!--RegistryMapped-->
-GP Info:  
--   GP English name: *Microsoft network client: Digitally sign communications (always)*
--   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
-
-<!--/RegistryMapped-->
-<!--/Policy-->
-
-<hr/>
-
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees**  
 
@@ -2334,63 +2102,6 @@ GP Info:
 
 <hr/>
 
-<!--Policy-->
-<a href="" id="localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Network security: Allow Local System to use computer identity for NTLM
-
-This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.
-
-If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.
-
-If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously.
-
-By default, this policy is enabled on Windows 7 and above.
-
-By default, this policy is disabled on Windows Vista.
-
-This policy is supported on at least Windows Vista or Windows Server 2008.
-
-Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy.
-
-<!--/Description-->
-<!--/Policy-->
-
-<hr/>
-
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**  
 
@@ -2586,66 +2297,6 @@ GP Info:
 
 <hr/>
 
-<!--Policy-->
-<a href="" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
-
-This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
-
-Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
-Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
-
-Default:
-
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
-
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
-
-<!--/Description-->
-<!--RegistryMapped-->
-GP Info:  
--   GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients*
--   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
-
-<!--/RegistryMapped-->
-<!--/Policy-->
-
-<hr/>
-
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers**  
 
@@ -2706,6 +2357,282 @@ GP Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
+
+This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
+
+If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
+
+If you do not configure this policy setting, no exceptions will be applied.
+
+The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character.
+
+<!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Network security: Restrict NTLM: Audit Incoming NTLM Traffic
+
+This policy setting allows you to audit incoming NTLM traffic.
+
+If you select "Disable", or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
+
+If you select "Enable auditing for domain accounts", the server will log events for NTLM pass-through authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all domain accounts" option.
+
+If you select "Enable auditing for all accounts", the server will log events for all NTLM authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all accounts" option.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Audit events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
+
+<!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Restrict NTLM: Audit Incoming NTLM Traffic*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Network security: Restrict NTLM: Incoming NTLM traffic
+
+This policy setting allows you to deny or allow incoming NTLM traffic.
+
+If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests.
+
+If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
+
+If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
+
+<!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Restrict NTLM: Incoming NTLM traffic*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
+
+This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
+
+If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
+
+If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
+
+If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Audit and block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
+
+<!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon"></a>**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon**  
 
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 8759b6d49a..bed4009f6a 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - MSSecurityGuide
@@ -47,6 +47,29 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon"></a>**MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -79,6 +102,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="mssecurityguide-configuresmbv1clientdriver"></a>**MSSecurityGuide/ConfigureSMBV1ClientDriver**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -111,6 +157,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="mssecurityguide-configuresmbv1server"></a>**MSSecurityGuide/ConfigureSMBV1Server**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -143,6 +212,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection"></a>**MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -175,6 +267,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications"></a>**MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -207,6 +322,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="mssecurityguide-wdigestauthentication"></a>**MSSecurityGuide/WDigestAuthentication**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index 54107559ca..85f1361fe8 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - MSSLegacy
@@ -41,6 +41,29 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="msslegacy-allowicmpredirectstooverrideospfgeneratedroutes"></a>**MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -73,6 +96,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers"></a>**MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -105,6 +151,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="msslegacy-ipsourceroutingprotectionlevel"></a>**MSSLegacy/IPSourceRoutingProtectionLevel**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -137,6 +206,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="msslegacy-ipv6sourceroutingprotectionlevel"></a>**MSSLegacy/IPv6SourceRoutingProtectionLevel**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 8dddbe0d18..e5838dc453 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - Notifications
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -19,12 +21,89 @@ ms.date: 03/12/2018
 ## Notifications policies  
 
 <dl>
+  <dd>
+    <a href="#notifications-disallowcloudnotification">Notifications/DisallowCloudNotification</a>
+  </dd>
   <dd>
     <a href="#notifications-disallownotificationmirroring">Notifications/DisallowNotificationMirroring</a>
   </dd>
+  <dd>
+    <a href="#notifications-disallowtilenotification">Notifications/DisallowTileNotification</a>
+  </dd>
 </dl>
 
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="notifications-disallowcloudnotification"></a>**Notifications/DisallowCloudNotification**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This policy setting blocks applications from using the network to send tile, badge, toast, and raw notifications. Specifically, this policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to use [periodic (polling) notifications](https://docs.microsoft.com/windows/uwp/design/shell/tiles-and-notifications/periodic-notification-overview).
+
+If you enable this policy setting, applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs.
+
+If you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application.
+
+If you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to use periodic (polling) notifications.
+
+No reboots or service restarts are required for this policy setting to take effect.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off notifications network usage*
+-   GP name: *NoCloudNotification*
+-   GP path: *Start Menu and Taskbar/Notifications*
+-   GP ADMX file name: *WPN.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+This setting supports a range of values between 0 and 1.
+
+<!--/SupportedValues-->
+<!--Validation-->
+Validation:  
+1. Enable policy
+2. Reboot machine
+3. Ensure that you can't receive a notification from Facebook app while FB app isn't running
+
+<!--/Validation-->
+
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
@@ -86,6 +165,74 @@ The following list shows the supported values:
 
 <!--/SupportedValues-->
 <!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="notifications-disallowtilenotification"></a>**Notifications/DisallowTileNotification**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This policy setting turns off tile notifications.
+
+If you enable this policy setting, applications and system features will not be able to update their tiles and tile badges in the Start screen.
+
+If you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user.
+
+No reboots or service restarts are required for this policy setting to take effect.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off tile notifications*
+-   GP name: *NoTileNotification*
+-   GP path: *Start Menu and Taskbar/Notifications*
+-   GP ADMX file name: *WPN.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+This setting supports a range of values between 0 and 1.
+
+<!--/SupportedValues-->
+<!--Validation-->
+Validation:  
+1. Enable policy
+2. Reboot machine
+3. Ensure that all tiles are default (no live tile content showing, like no weather forecast on the Weather tile)
+
+<!--/Validation-->
+<!--/Policy-->
 <hr/>
 
 Footnote:
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 5bee576aca..9b6886930d 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - Power
@@ -57,6 +57,29 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="power-allowstandbystateswhensleepingonbattery"></a>**Power/AllowStandbyStatesWhenSleepingOnBattery**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -171,10 +194,10 @@ ADMX Info:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -191,7 +214,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+Added in Windows&nbsp;10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
 
@@ -235,10 +258,10 @@ ADMX Info:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -255,7 +278,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+Added in Windows&nbsp;10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
 
@@ -299,10 +322,10 @@ ADMX Info:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -319,7 +342,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+Added in Windows&nbsp;10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
 
@@ -363,10 +386,10 @@ ADMX Info:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -383,7 +406,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+Added in Windows&nbsp;10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
 
@@ -551,10 +574,10 @@ ADMX Info:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -571,7 +594,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+Added in Windows&nbsp;10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
 
@@ -615,10 +638,10 @@ ADMX Info:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -635,7 +658,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+Added in Windows&nbsp;10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
 
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index c084709cd0..18b6e20034 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/19/2018
 ---
 
 # Policy CSP - Privacy
@@ -3352,13 +3352,13 @@ ADMX Info:
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 </tr>
 </table>
 
@@ -3404,13 +3404,13 @@ ADMX Info:
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 </tr>
 </table>
 
@@ -3456,13 +3456,13 @@ ADMX Info:
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 </tr>
 </table>
 
@@ -3508,13 +3508,13 @@ ADMX Info:
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 </tr>
 </table>
 
@@ -4493,14 +4493,6 @@ Footnote:
 ## <a href="" id="hololenspolicies"></a>Privacy policies supported by Windows Holographic for Business  
 
 -   [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)  
--   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
--   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
--   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
--   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
--   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
 <!--EndHoloLens-->
 
 <!--StartIoTCore-->
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index dfdf82afa1..12b9c8386e 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -834,7 +834,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
 > [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. Desktop users should use Search/DoNotUseWebResults. 
 
 
 Specifies what level of safe search (filtering adult content) is required.
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 9dd4ebd067..1efa6419f1 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -80,7 +80,7 @@ ms.date: 03/12/2018
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--DbMapped-->
@@ -129,7 +129,7 @@ GP Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--DbMapped-->
@@ -178,7 +178,7 @@ GP Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--DbMapped-->
@@ -227,7 +227,7 @@ GP Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--DbMapped-->
@@ -276,7 +276,7 @@ GP Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--DbMapped-->
@@ -325,7 +325,7 @@ GP Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--DbMapped-->
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 7fee0be3b0..4ac73d9f96 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -65,7 +65,7 @@ ms.date: 03/12/2018
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.
+Added in Windows 10, version 1803. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Disabled.
 
 <!--/Description-->
 <!--/Policy-->
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 07ba3d94de..5f1af3e3c0 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - TextInput
@@ -680,29 +680,6 @@ The following list shows the supported values:
 <!--Policy-->
 <a href="" id="textinput-allowlinguisticdatacollection"></a>**TextInput/AllowLinguisticDataCollection**  
 
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td></td>
-	<td></td>
-	<td></td>
-	<td></td>
-	<td></td>
-	<td></td>
-	<td></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -717,21 +694,16 @@ The following list shows the supported values:
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
+-   GP English name: *Improve inking and typing recognition*
 -   GP name: *AllowLinguisticDataCollection*
+-   GP path: *Windows Components/Text Input*
 -   GP ADMX file name: *TextInput.admx*
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 This setting supports a range of values between 0 and 1.
 
-
 <!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
 <!--/Policy-->
 
 <hr/>
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 70198e988d..5462333ba5 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - Update
@@ -917,6 +917,15 @@ The following list shows the supported values:
 </table>
 
 <!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
 <!--Description-->
 Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
 
@@ -2138,6 +2147,15 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="update-phoneupdaterestrictions"></a>**Update/PhoneUpdateRestrictions**  
 
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
 <!--Description-->
 This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead.
 
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index c5ac238f1d..4f33bd0bdf 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - WindowsConnectionManager
@@ -32,6 +32,29 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork"></a>**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 16e39d3e9c..5029554ef7 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - WindowsLogon
@@ -166,6 +166,29 @@ ADMX Info:
 <!--Policy-->
 <a href="" id="windowslogon-enumeratelocalusersondomainjoinedcomputers"></a>**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -270,6 +293,29 @@ To validate on Desktop, do the following:
 <!--Policy-->
 <a href="" id="windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart"></a>**WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index ee96a4746f..dca0467136 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
 ---
 
 # Policy CSP - WindowsPowerShell
@@ -32,6 +32,29 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="windowspowershell-turnonpowershellscriptblocklogging"></a>**WindowsPowerShell/TurnOnPowerShellScriptBlockLogging**  
 
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 27677b6c69..fc9618891f 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -7,15 +7,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/29/2018
+ms.date: 03/23/2018
 ---
 
 # RemoteWipe CSP
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely wipe a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely wiped after being lost or stolen.
 
 The following diagram shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server.
@@ -47,29 +44,6 @@ Supported operation is Exec.
 
 <a href="" id="doWipePersistUserData"></a>**doWipePersistUserData**  
 Added in Windows 10, version 1709.  Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
-
-<a href="" id="automaticredeployment"></a>**AutomaticRedeployment**  
-Added in Windows 10, version 1803. Node for the Automatic Redeployment operation.
-
-<a href="" id="doautomaticredeployment"></a>**AutomaticRedeployment/doAutomaticRedeployment**  
-Added in Windows 10, version 1803. Exec on this node triggers Automatic Redeployment operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
-
-<a href="" id="lasterror"></a>**AutomaticRedeployment/LastError**  
-Added in Windows 10, version 1803. Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).
-
-<a href="" id="status"></a>**AutomaticRedeployment/Status**  
-Added in Windows 10, version 1803. Status value indicating current state of an Automatic Redeployment operation. 
-
-Supported values:  
-
--  0: Never run (not started). The default state. 
--  1: Complete. 
--  10: Reset has been scheduled. 
--  20: Reset is scheduled and waiting for a reboot. 
--  30: Failed during CSP Execute ("Exec" in SyncML). 
--  40: Failed: power requirements not met. 
--  50: Failed: reset internals failed during reset attempt.
-
  
 
 ## Related topics
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index 215cc85669..a9ec625e99 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/29/2018
+ms.date: 03/23/2018
 ---
 
 # RemoteWipe DDF file
@@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **RemoteW
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the DDF for Windows 10, version 1803.
+The XML below is the DDF for Windows 10, version 1709.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -43,7 +43,7 @@ The XML below is the DDF for Windows 10, version 1803.
                 <Permanent />
             </Scope>
             <DFType>
-                <MIME>com.microsoft/1.1/MDM/RemoteWipe</MIME>
+                <DDFName></DDFName>
             </DFType>
             <Description>The root node for remote wipe function.</Description>
         </DFProperties>
@@ -131,94 +131,8 @@ The XML below is the DDF for Windows 10, version 1803.
               <Description>Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.</Description>
             </DFProperties>
         </Node>
-        <Node>
-          <NodeName>AutomaticRedeployment</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DFFormat>
-              <node />
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <DDFName></DDFName>
-            </DFType>
-          </DFProperties>
-          <Node>
-            <NodeName>doAutomaticRedeployment</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Exec />
-              </AccessType>
-              <DFFormat>
-                <chr />
-              </DFFormat>
-              <Occurrence>
-                <One />
-              </Occurrence>
-              <Scope>
-                <Permanent />
-              </Scope>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>LastError</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-              </AccessType>
-              <DefaultValue>0</DefaultValue>
-              <Description>Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <One />
-              </Occurrence>
-              <Scope>
-                <Permanent />
-              </Scope>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>Status</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-              </AccessType>
-              <DefaultValue>0</DefaultValue>
-              <Description>Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <One />
-              </Occurrence>
-              <Scope>
-                <Permanent />
-              </Scope>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-       </Node>
     </Node>
 </MgmtTree>
-
 ```
 
 ## Related topics
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 8f5c11db9d..b7fa5a8362 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -7,11 +7,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/26/2017
+ms.date: 03/06/2018
 ---
 
 # RootCATrustedCertificates CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates.
 
 > [!Note]
@@ -44,6 +47,9 @@ Node for trusted publisher certificates.
 <a href="" id="rootcatrustedcertificates-trustedpeople"></a>**RootCATrustedCertificates/TrustedPeople**  
 Node for trusted people certificates.
 
+<a href="" id="rootcatrustedcertificates-untrustedcertificates"></a>**RootCATrustedCertificates/UntrustedCertificates**  
+Addeded in Windows 10, version 1803. Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable.
+
 <a href="" id="certhash"></a>**_CertHash_**  
 Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
 
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 6e6492a240..03c352d150 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -7,17 +7,19 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/07/2018
 ---
 
 # RootCATrustedCertificates DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -28,7 +30,7 @@ The XML below is the current version for this CSP.
   <VerDTD>1.2</VerDTD>
       <Node>
         <NodeName>RootCATrustedCertificates</NodeName>
-        <Path>./Vendor/MSFT</Path>
+        <Path>./User/Vendor/MSFT</Path>
         <DFProperties>
           <AccessType>
             <Get />
@@ -43,7 +45,7 @@ The XML below is the current version for this CSP.
             <Permanent />
           </Scope>
           <DFType>
-            <DDFName></DDFName>
+            <MIME>com.microsoft/1.1/MDM/RootCATrustedCertificates</MIME>
           </DFType>
         </DFProperties>
         <Node>
@@ -74,8 +76,6 @@ The XML below is the current version for this CSP.
               <AccessType>
                 <Delete />
                 <Get />
-                <Add />
-                <Replace />
               </AccessType>
               <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
               <DFFormat>
@@ -100,12 +100,12 @@ The XML below is the current version for this CSP.
               <DFProperties>
                 <AccessType>
                   <Add />
-                  <Replace />
                   <Get />
+                  <Replace />
                 </AccessType>
                 <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
                 <DFFormat>
-                  <chr />
+                  <b64 />
                 </DFFormat>
                 <Occurrence>
                   <One />
@@ -117,7 +117,7 @@ The XML below is the current version for this CSP.
                   <CIS />
                 </CaseSense>
                 <DFType>
-                  <MIME>text/plain</MIME>
+                  <DDFName></DDFName>
                 </DFType>
               </DFProperties>
             </Node>
@@ -271,8 +271,6 @@ The XML below is the current version for this CSP.
               <AccessType>
                 <Delete />
                 <Get />
-                <Add />
-                <Replace />
               </AccessType>
               <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
               <DFFormat>
@@ -297,12 +295,12 @@ The XML below is the current version for this CSP.
               <DFProperties>
                 <AccessType>
                   <Add />
-                  <Replace />
                   <Get />
+                  <Replace />
                 </AccessType>
                 <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
                 <DFFormat>
-                  <chr />
+                  <b64 />
                 </DFFormat>
                 <Occurrence>
                   <One />
@@ -311,7 +309,7 @@ The XML below is the current version for this CSP.
                   <Dynamic />
                 </Scope>
                 <DFType>
-                  <MIME>text/plain</MIME>
+                  <DDFName></DDFName>
                 </DFType>
               </DFProperties>
             </Node>
@@ -363,7 +361,7 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -384,7 +382,7 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -405,7 +403,7 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the certificate template name. </Description>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -450,8 +448,6 @@ The XML below is the current version for this CSP.
               <AccessType>
                 <Delete />
                 <Get />
-                <Add />
-                <Replace />
               </AccessType>
               <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
               <DFFormat>
@@ -476,12 +472,12 @@ The XML below is the current version for this CSP.
               <DFProperties>
                 <AccessType>
                   <Add />
-                  <Replace />
                   <Get />
+                  <Replace />
                 </AccessType>
                 <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
                 <DFFormat>
-                  <chr />
+                  <b64 />
                 </DFFormat>
                 <Occurrence>
                   <One />
@@ -493,7 +489,7 @@ The XML below is the current version for this CSP.
                   <CIS />
                 </CaseSense>
                 <DFType>
-                  <MIME>text/plain</MIME>
+                  <DDFName></DDFName>
                 </DFType>
               </DFProperties>
             </Node>
@@ -551,7 +547,7 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -575,7 +571,7 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -599,7 +595,7 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the certificate template name. </Description>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -647,8 +643,6 @@ The XML below is the current version for this CSP.
               <AccessType>
                 <Delete />
                 <Get />
-                <Add />
-                <Replace />
               </AccessType>
               <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
               <DFFormat>
@@ -673,12 +667,12 @@ The XML below is the current version for this CSP.
               <DFProperties>
                 <AccessType>
                   <Add />
-                  <Replace />
                   <Get />
+                  <Replace />
                 </AccessType>
                 <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
                 <DFFormat>
-                  <chr />
+                  <b64 />
                 </DFFormat>
                 <Occurrence>
                   <One />
@@ -690,7 +684,7 @@ The XML below is the current version for this CSP.
                   <CIS />
                 </CaseSense>
                 <DFType>
-                  <MIME>text/plain</MIME>
+                  <DDFName></DDFName>
                 </DFType>
               </DFProperties>
             </Node>
@@ -748,7 +742,7 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -772,7 +766,7 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -796,7 +790,1180 @@ The XML below is the current version for this CSP.
                 <AccessType>
                   <Get />
                 </AccessType>
-                <Description>Returns the certificate template name. </Description>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>UntrustedCertificates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Delete />
+              </AccessType>
+              <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFTitle>CertHash</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>EncodedCertificate</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Add />
+                  <Replace />
+                </AccessType>
+                <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
+                <DFFormat>
+                  <b64 />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedBy</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate issuer.  This is equivalent to the Issuer member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidFrom</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>TemplateName</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>RootCATrustedCertificates</NodeName>
+        <Path>./Device/Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.1/MDM/RootCATrustedCertificates</MIME>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>Root</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+              <AccessType>
+                <Delete />
+                <Get />
+              </AccessType>
+              <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFTitle>CertHash</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>EncodedCertificate</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
+                <DFFormat>
+                  <b64 />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedBy</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate issuer.  This is equivalent to the Issuer member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidFrom</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>TemplateName</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>CA</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+              <AccessType>
+                <Delete />
+                <Get />
+              </AccessType>
+              <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFTitle>CertHash</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>EncodedCertificate</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
+                <DFFormat>
+                  <b64 />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedBy</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate issuer.  This is equivalent to the Issuer member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidFrom</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>TemplateName</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>TrustedPublisher</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+              <AccessType>
+                <Delete />
+                <Get />
+              </AccessType>
+              <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFTitle>CertHash</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>EncodedCertificate</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
+                <DFFormat>
+                  <b64 />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedBy</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate issuer.  This is equivalent to the Issuer member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidFrom</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>TemplateName</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>TrustedPeople</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+              <AccessType>
+                <Delete />
+                <Get />
+              </AccessType>
+              <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFTitle>CertHash</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>EncodedCertificate</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
+                <DFFormat>
+                  <b64 />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedBy</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate issuer.  This is equivalent to the Issuer member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidFrom</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>TemplateName</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>UntrustedCertificates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Delete />
+              </AccessType>
+              <Description>Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFTitle>CertHash</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>EncodedCertificate</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Add />
+                  <Replace />
+                </AccessType>
+                <Description>Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.</Description>
+                <DFFormat>
+                  <b64 />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedBy</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate issuer.  This is equivalent to the Issuer member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>IssuedTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidFrom</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ValidTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <CaseSense>
+                  <CIS />
+                </CaseSense>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>TemplateName</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Returns the certificate template name. Supported operation is Get.</Description>
                 <DFFormat>
                   <chr />
                 </DFFormat>
@@ -818,14 +1985,4 @@ The XML below is the current version for this CSP.
         </Node>
       </Node>
 </MgmtTree>
-```
-
- 
-
- 
-
-
-
-
-
-
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 47e0032fd3..fdbdbaed7c 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/26/2017
+ms.date: 04/02/2017
 ---
 
 # VPN CSP
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index a533138079..65e4a03576 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/26/2017
+ms.date: 04/16/2018
 ---
 
 # WiFi CSP
@@ -31,6 +31,9 @@ The following image shows the WiFi configuration service provider in tree format
 
 The following list shows the characteristics and parameters.
 
+<a href="" id="wifi"></a>**Device or User profile**  
+For user profile, use ./User/Vendor/MSFT/Wifi path and for device profile, use ./Device/Vendor/MSFT/Wifi path.
+
 <a href="" id="profile"></a>**Profile**  
 Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase in case of WEP or WPA2 networks.
 
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 710bbc8021..80bd272f42 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/01/2017
+ms.date: 03/22/2018
 ---
 
 # WindowsDefenderApplicationGuard CSP
@@ -81,8 +81,29 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se
 - 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off.
 - 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
 
+<a href="" id="allowvirtualgpu"></a>**Settings/AllowVirtualGPU**  
+Added in Windows 10, version 1803. This policy setting allows you to determine whether Application Guard can use the virtual GPU to process graphics. Supported operations are Add, Get, Replace, and Delete. Value type is integer.  
+
+- 0 (default) - Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0).
+- 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container. 
+
+<a href="" id="savefilestohost"></a>**Settings/SaveFilesToHost**  
+Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files them from container to the host operating system. Supported operations are Add, Get, Replace, and Delete. Value type is integer. 
+
+- 0 (default) - The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0).
+- 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system.  
+
 <a href="" id="status"></a>**Status**  
-<p style="margin-left: 20px">Returns status on Application Guard installation and pre-requisites. Value type is integer. Supported operation is Get.</p>
+<p style="margin-left: 20px">Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. Value type is integer. Supported operation is Get.
+
+Bit 0 - Set to 1 when	WDAG is enabled into enterprise manage mode
+Bit 1	- Set to 1 when	the client machine is Hyper-V capable
+Bit 2	- Set to 1 when	the client machine has a valid OS license and SKU 
+Bit 3	- Set to 1 when	WDAG installed on the client machine
+Bit 4	- Set to 1 when	required Network Isolation Policies are configured
+Bit 5	- Set to 1 when the client machine meets minimum hardware requirements
+
+</p>
 
 <a href="" id="installwindowsdefenderapplicationguard"></a>**InstallWindowsDefenderApplicationGuard**  
 <p style="margin-left: 20px">Initiates remote installation of Application Guard feature. Supported operations are Get and Execute.</p>
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index 4cc13ab9e8..a5571745b5 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/22/2018
 ---
 
 # WindowsDefenderApplicationGuard DDF file
@@ -16,6 +16,8 @@ This topic shows the OMA DM device description framework (DDF) for the **Windows
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
+This XML is for Windows 10, version 1803.
+
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
@@ -25,7 +27,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
   <VerDTD>1.2</VerDTD>
       <Node>
         <NodeName>WindowsDefenderApplicationGuard</NodeName>
-        <Path>./Vendor/MSFT</Path>
+        <Path>./Device/Vendor/MSFT</Path>
         <DFProperties>
           <AccessType>
             <Get />
@@ -40,7 +42,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
             <Permanent />
           </Scope>
           <DFType>
-            <MIME>com.microsoft/1.1/MDM/WindowsDefenderApplicationGuard</MIME>
+            <MIME>com.microsoft/1.2/MDM/WindowsDefenderApplicationGuard</MIME>
           </DFType>
         </DFProperties>
         <Node>
@@ -200,6 +202,52 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
               </DFType>
             </DFProperties>
           </Node>
+          <Node>
+            <NodeName>AllowVirtualGPU</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>SaveFilesToHost</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
         </Node>
         <Node>
           <NodeName>Status</NodeName>
@@ -229,7 +277,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
               <Exec />
             </AccessType>
             <DFFormat>
-              <int />
+              <chr />
             </DFFormat>
             <Occurrence>
               <One />
diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index e08ae3f4bd..94d5785c9f 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -3,16 +3,16 @@
 ## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
 ## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
 ## [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
-## [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
-## [Windows 10, version 1709 diagnostic data for the Full telemetry level](windows-diagnostic-data.md)
-## [Windows 10, version 1703 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md)
+## [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
+## [Windows 10, version 1709 diagnostic data for the Full level](windows-diagnostic-data.md)
+## [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md)
 ## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)
 ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 ## [Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md)
 ## [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md)
 ## [Configure kiosk and shared devices running Windows 10 desktop editions](kiosk-shared-pc.md)
 ### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
-### [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
+### [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md)
 ### [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
 ### [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
 #### [Troubleshoot multi-app kiosk](multi-app-kiosk-troubleshoot.md)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 02dee783c1..457c50223b 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -8,18 +8,27 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: jdeckerms
-ms.date: 03/13/2018
+ms.date: 04/13/2018
 ---
 
 # Change history for Configure Windows 10
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## April 2018
+
+New or changed topic | Description
+--- | ---
+[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints.
+[Configure cellular settings for tablets and PCs](provisioning-apn.md) | Added instructions for confirming that the settings were applied.
+
 ## March 2018
 
 New or changed topic | Description
 --- | ---
 [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Added events and fields that were added in the March update.
+Set up a kiosk on Windows 10 Pro, Enterprise, or Education | Renamed it [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) and reorganized the information to make the choices clearer.
+
 
 ## February 2018
 
diff --git a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
index 9529995ecb..b3e7a68de0 100644
--- a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
@@ -8,14 +8,14 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: brianlic-msft
-ms.date: 10/17/2017
+ms.date: 04/04/2018
 ---
 
 # Configure Windows diagnostic data in your organization
 
 **Applies to**
 
--   Windows 10
+-   Windows 10 Enterprise
 -   Windows 10 Mobile
 -   Windows Server
 
@@ -56,7 +56,7 @@ Windows diagnostic data is vital technical data from Windows devices about the d
 -	Improve Windows – through the aggregate analysis of the use of Windows
 -	Personalize Windows engagement surfaces
 
-Here are some specific examples of Windows diagnostic data data:
+Here are some specific examples of Windows diagnostic data:
 
 -	Type of hardware being used
 -	Applications installed and usage details
@@ -139,15 +139,24 @@ Info collected at the Enhanced and Full levels of diagnostic data is typically g
 
 All diagnostic data data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks.
 
+The data transmitted at the Basic and Enhanced data diagnostic levels is quite small; typically less than 1 MB per device per day,  but occasionally up to 2 MB per device per day).
+
+
 ### Endpoints
 
 The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access.
 
-The following table defines the endpoints for diagnostic data services:
+The following table defines the endpoints for Connected User Experiences and Telemetry component:
+
+Windows release | Endpoint
+--- | ---
+Windows 10, versions 1703 and 1709 | Diagnostics data: v10.vortex-win.data.microsoft.com/collect/v1</br></br>Functional: v20.vortex-win.data.microsoft.com/collect/v1</br>Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com/collect/v1</br>settings-win.data.microsoft.com
+Windows 10, version 1607 | v10.vortex-win.data.microsoft.com</br></br>settings-win.data.microsoft.com
+
+The following table defines the endpoints for other diagnostic data services:
 
 | Service | Endpoint |
 | - | - |
-| Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com<br />settings-win.data.microsoft.com |
 | [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
 | [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
 | OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
@@ -167,7 +176,7 @@ The diagnostic data data is categorized into four levels:
 
 -   **Security**. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
 
--   **Basic**. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the **Security** level.
+-   **Basic**. Basic device info, including: quality-related data, app compatibility, and data from the **Security** level.
 
 -   **Enhanced**. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels.
 
@@ -188,7 +197,7 @@ Windows Server Update Services (WSUS) and System Center Configuration Manager fu
 
 The data gathered at this level includes:
 
--   **Connected User Experiences and Telemetry component settings**. If general diagnostic data data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
+-   **Connected User Experiences and Telemetry component settings**. If general diagnostic data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
 
 -   **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
 
@@ -240,8 +249,6 @@ The data gathered at this level includes:
 
     -   **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage.
 
-    -   **App usage data**. Includes how an app is used, including how long an app is used, when the app has focus, and when the app is started
-
     -   **Internet Explorer add-ons**. Includes a list of Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade.
 
     -   **System data**. Helps provide an understanding about whether a device meets the minimum requirements to upgrade to the next version of the operating system. System information includes the amount of memory, as well as information about the processor and BIOS.
@@ -304,7 +311,7 @@ In Windows 10, version 1709, we introduce the **Limit Enhanced diagnostic data t
 
 ### Full level
 
-The **Full** level gathers data necessary to identify and to help fix problems, following the approval process described below. This level also includes data from the **Basic**, **Enhanced**, and **Security** levels.
+The **Full** level gathers data necessary to identify and to help fix problems, following the approval process described below. This level also includes data from the **Basic**, **Enhanced**, and **Security** levels. This is the default level for Windows 10 Pro.
 
 Additionally, at this level, devices opted in to the [Windows Insider Program](http://insider.windows.com) will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing. These events help us make decisions on which builds are flighted. All devices in the [Windows Insider Program](http://insider.windows.com) are automatically set to this level.
 
@@ -322,9 +329,9 @@ However, before more data is gathered, Microsoft’s privacy governance team, in
 
 Sharing diagnostic data data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
 
-Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available.
+Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available.
 
-IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level.  If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy overrides users’ choices. The remainder of this section describes how to do that.
+IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level.  If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy sets the upper boundary for the users’ choices. To disable user choice after setting the level with the policy, you will need to use the "Configure telemetry opt-in setting user interface" group policy. The remainder of this section describes how to use group policy to configure levels and settings interface.
 
 
 ### Manage your diagnostic data settings
@@ -340,7 +347,7 @@ The lowest diagnostic data setting level supported through management policies i
 
 ### Configure the operating system diagnostic data level
 
-You can configure your operating system diagnostic data settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy overrides any device level settings.
+You can configure your operating system diagnostic data settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
 
 Use the appropriate value in the table below when you configure the management policy.
 
@@ -351,6 +358,8 @@ Use the appropriate value in the table below when you configure the management p
 | Enhanced | Security data, basic system and quality data, and enhanced insights and advanced reliability data. | **2** |
 | Full | Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data. | **3** |
 
+   > [!NOTE] 
+   > When the User Configuration policy is set for Diagnostic Data, this will override the Computer Configuration setting.
 
 ### Use Group Policy to set the diagnostic data level
 
@@ -433,4 +442,4 @@ Web Pages
 
 - [Privacy at Microsoft](http://privacy.microsoft.com)
 
- 
\ No newline at end of file
+ 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index f411b5bc5e..7e48ef64a7 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -26,7 +26,7 @@ ms.date: 10/05/2017
 |None|System/AllowLocation|Specifies whether to allow app access to the Location service.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
 |None|Accounts/AllowMicrosoftAccountConnection|Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.<p>Use this setting if you only want to support Azure AD in your organization.|
 |Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location|Search/AllowSearchToUseLocation|Specifies whether Cortana can use your current location during searches and for location reminders.|
-|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search|Search/SafeSearchPermissions|Specifies what level of safe search (filtering adult content) is required.<p>**Note**<br>This setting only applies to Windows 10 Mobile.|
+|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search|Search/SafeSearchPermissions|Specifies what level of safe search (filtering adult content) is required.<p>**Note**<br>This setting only applies to Windows 10 Mobile. Other versions of Windows should use Don't search the web or display web results. |
 |User Configuration\Administrative Templates\Windows Components\File Explorer\Turn off display of recent search entries in the File Explorer search box|None|Specifies whether the search box can suggest recent queries and prevent entries from being stored in the registry for future reference.|
 |Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results|None|Specifies whether search can perform queries on the web and if the web results are displayed in search.<p>**In Windows 10 Pro edition**<br>This setting can’t be managed.<p>**In Windows 10 Enterprise edition**<br>Cortana won't work if this setting is turned off (disabled).|
 |Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana|Experience/AllowCortana|Specifies whether employees can use Cortana.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). However, employees can still perform local searches even with Cortana turned off.|
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index 7d84bee306..2b16353cf8 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -89,11 +89,11 @@ When you have the Start layout that you want your users to see, use the [Export-
 
 **To export the Start layout to an .xml file**
 
-1.  From Start, open **Windows PowerShell**.
+1.  Right Click Start, select **Windows PowerShell (Admin)**.
 
-2.  At the Windows PowerShell command prompt, enter the following command:
+2.  At the Administrator: Windows PowerShell command prompt, enter the following command:
 
-    `export-startlayout –path <path><file name>.xml `
+    `Export-StartLayout –path <path><file name>.xml `
 
     In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml).
 
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 2a03f2bf72..db93aea7b6 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -65,16 +65,17 @@ If you use a web browser as your assigned access app, consider the following tip
 
 ## Secure your information
 
-Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting this type of apps if they provide unnecessary data access.
+Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
 
 ## App configuration
 
-Some apps may require additional configurations before they can be used appropriately in assigned access . For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access. 
-Check the guidelines published by your selected app and do the setup accordingly. 
+Some apps may require additional configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access. 
+
+Check the guidelines published by your selected app and set up accordingly. 
 
 ## Develop your kiosk app
 
-Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above lock  . The kiosk app is actually running as an above lock screen app. 
+Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app. 
 
 Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/library/windows/hardware/mt633799%28v=vs.85%29.aspx). 
 
@@ -82,9 +83,6 @@ Follow the [best practices guidance for developing a kiosk app for assigned acce
 
 The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you have selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
 
- ## Learn more
-
-[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
 
 
 
diff --git a/windows/configuration/kiosk-shared-pc.md b/windows/configuration/kiosk-shared-pc.md
index e2c1689b92..e8eb951b8c 100644
--- a/windows/configuration/kiosk-shared-pc.md
+++ b/windows/configuration/kiosk-shared-pc.md
@@ -19,6 +19,6 @@ Some desktop devices in an enterprise serve a special purpose, such as a common
 | Topic | Description |
 | --- | --- |
 | [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) | Windows 10, version 1607, introduced *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail.  |
-| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | You can configure a device running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education as a kiosk device, so that users can only interact with a single application that you select.  |
+|  [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) | You can configure a device running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education as a kiosk device, so that users can only interact with a single application that you select.  |
 | [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience. This topic provides guidelines to help you choose an approprate app for a kiosk device.  |
 | [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to a kiosk device, but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings. |
\ No newline at end of file
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 94ac63a7a7..ef5ecb4d6b 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -18,7 +18,7 @@ ms.author: jdecker
 
 **Applies to**
 
--   Windows 10
+-   Windows 10 Pro, Enterprise, and Education
 
 A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. 
 
diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f37871b6d2..ddc0530800 100644
--- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.localizationpriority: high
 author: brianlic-msft
 ms.author: brianlic-msft
-ms.date: 01/29/2018
+ms.date: 03/22/2018
 ---
 
 # Manage connections from Windows operating system components to Microsoft services
@@ -77,14 +77,13 @@ Here's a list of changes that were made to this article for Windows 10, version
 
 ## <a href="" id="bkmk-othersettings"></a>Management options for each setting
 
-
 The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections.
 
 If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch.
 
 ### Settings for Windows 10 Enterprise edition 
 
-See the following table for a summary of the management settings for Windows 10 Enterprise, version 1709 and Windows 10 Enterprise, version 1703.
+The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1703.
 
 | Setting | UI | Group Policy | MDM policy | Registry | Command line |
 | - | :-: | :-: | :-: | :-: | :-: |
@@ -1516,6 +1515,8 @@ To turn off **Let apps run in the background**:
     -   **1**. Force allow
     -   **2**. Force deny
 
+> [!NOTE]
+> Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**.
 
 ### <a href="" id="bkmk-priv-motion"></a>17.18 Motion
 
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index 20fc7040aa..96078d1791 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
 ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/13/2018
 ---
 
 # Configure cellular settings for tablets and PCs
@@ -76,5 +76,39 @@ For users who work in different locations, you can configure one APN to connect
 9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md)
 
 
+## Confirm the settings
+
+After you apply the provisioning package, you can confirm that the settings have been applied.
+
+1. On the configured device, open a command prompt as an administrator.
+
+2. Run the following command:
+
+    ```
+    netsh mbn show profiles
+    ```
+
+3. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
+
+    ```
+    netsh mbn show profiles name="name"
+    ```
+
+    This command will list details for that profile, including Access Point Name.
+
+
+Alternatively, you can also use the command:
+
+```
+netsh mbn show interface
+```
+
+From the results of that command, get the name of the cellular/mobile broadband interface and run:
+
+```
+netsh mbn show connection interface="name"
+```
+
+The result of that command will show details for the cellular interface, including Access Point Name.
 
 
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 76176cb430..fe4f0b035a 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -41,7 +41,7 @@ You use Windows Configuration Designer to create a provisioning package (.ppkg)
     
         - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
         - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
-        - [Instructions for the kiosk wizard](../set-up-a-kiosk-for-windows-10-for-desktop-editions.md#wizard)
+        - [Instructions for the kiosk wizard](../setup-kiosk-digital-signage.md#wizard)
         - [Instructions for HoloLens wizard](https://technet.microsoft.com/itpro/hololens/hololens-provisioning)
         - [Instructions for Surface Hub wizard](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub)
         
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 2a0a5b4e8e..c61c9169d8 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -82,7 +82,7 @@ The following table describes settings that you can configure using the wizards
 
 - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
 - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
-- [Instructions for the kiosk wizard](../set-up-a-kiosk-for-windows-10-for-desktop-editions.md#wizard)
+- [Instructions for the kiosk wizard](../setup-kiosk-digital-signage.md#wizard)
 
 
 
diff --git a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/configuration/setup-kiosk-digital-signage.md
similarity index 60%
rename from windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
rename to windows/configuration/setup-kiosk-digital-signage.md
index d68048c98d..f8b3502b6d 100644
--- a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/configuration/setup-kiosk-digital-signage.md
@@ -1,44 +1,124 @@
 ---
-title: Set up a kiosk on Windows 10 Pro, Enterprise, or Education (Windows 10)
-description: A single-use device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education).
+title: Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education (Windows 10)
+description: A single-use device such as a digital sign is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-keywords: ["assigned access", "kiosk", "lockdown"]
+keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: high
-ms.date: 01/31/2018
+ms.date: 03/30/2018
 ---
 
-# Set up a kiosk on Windows 10 Pro, Enterprise, or Education
+# Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education
 
 
 **Applies to**
 
--   Windows 10
+-   Windows 10 Pro, Enterprise, and Education
 
->  **Looking for Windows Embedded 8.1 Industry information?** See [Assigned Access]( https://go.microsoft.com/fwlink/p/?LinkId=613653)
 
-A single-use or *kiosk* device is easy to set up in Windows 10 for desktop editions. 
 
-- Use the [Provision kiosk devices wizard](#wizard) in Windows Configuration Designer (Windows 10, version 1607 or later) to create a provisioning package that configures a kiosk device running either a Universal Windows app or a Classic Windows application (Windows 10 Enterprise or Education only). In Windows 10, version 1709, you can use the [Provision kiosk devices wizard](#wizard) to configure a kiosk device running a Universal Windows app for Windows 10 Pro.
+Some desktop devices in an enterprise serve a special purpose, such as a PC in the lobby that customers can use to view your product catalog or a PC displaying visual content as a digital sign. A single-use, kiosk device is easy to set up in Windows 10. (For kiosks that run more than one more app, see [Create a Windows 10 kiosk that runs multiple apps.](lock-down-windows-10-to-specific-apps.md).)
 
-    or
-    
-- For a kiosk device to run a Universal Windows app, use the [assigned access](#assigned-access) feature (Windows 10 Pro, Enterprise, or Education). 
 
-    or
-    
-- For a kiosk device to run a Classic Windows application, use [Shell Launcher](#shell-launcher) to set a custom user interface as the shell (Windows 10 Enterprise or Education only). 
+
+## Choose a method for configuring your kiosks and digitals signs
+
+**Which type of app will your kiosk run?** Your kiosk can run a Universal Windows Platform (UWP) app or a Classic Windows desktop application. When the kiosk account signs in, the kiosk app will launch automatically. If the kiosk app is closed, it will automatically restart.
 
 >[!TIP]
->To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
+>For **digital signage**, simply select a digital sign player as your kiosk app. 
 
->[!NOTE]
->A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.
+**Which type of user account will be the kiosk account?** The kiosk account can be a local standard user account, a local administrator account, a domain account, or an Azure Active Directory (Azure AD) account, depending on the method that you use to configure the kiosk. 
 
-## Using a local device as a kiosk
+>[!WARNING]
+>For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with least privilege, such as a local standard user account.
+>
+>Assigned access can be configured via Windows Mangement Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
+
+**Which edition of Windows 10 will the kiosk run?** All of the configuration methods work for Windows 10 Enterprise and Education; some of the methods work for Windows 10 Pro. Kiosk mode is not available on Windows 10 Home. 
+
+### Methods for kiosks and digital signs running a UWP app
+
+Choose this method | For this edition | For this kiosk account type 
+--- | --- | ---
+[Local settings](#local) (for 1 or a few devices) | Pro, Ent, Edu | Local standard user
+[PowerShell](#powershell)  | Pro, Ent, Edu | Local standard user
+[Provisioning](#wizard)  | Pro (version 1709), Ent, Edu | Local standard user 
+[Intune or other mobile device management (MDM)](#set-up-assigned-access-in-mdm)  | Pro (version 1709), Ent, Edu | Local standard user, Azure AD
+
+### Methods for kiosks and digital signs running a Classic Windows app
+
+Choose this method | For this edition | For this kiosk account type 
+--- | --- | ---
+[Provisioning](#wizard) | Ent, Edu | Local standard user 
+[ShellLauncher](#shelllauncher) | Ent, Edu | Local standard user or administrator, Active Directory, Azure AD
+
+
+
+
+
+### Other settings to lock down
+
+For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk:
+
+Recommendation | How to
+--- | ---
+Replace "blue screen" with blank screen for OS errors   | Add the following registry key as DWORD (32-bit) type with a value of `1`:</br></br>`HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled`</br></br>[Learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002)</br></br>You must restart the device after changing the registry.
+Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** &gt; **System** &gt; **Tablet mode** and choose **On.** Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign.
+Hide **Ease of access** feature on the logon screen. |     Go to **Control Panel** &gt; **Ease of Access** &gt; **Ease of Access Center**, and turn off all accessibility tools.
+Disable the hardware power button. |     Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
+Remove the power button from the sign-in screen. |     Go to **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt;**Security Options** &gt; **Shutdown: Allow system to be shut down without having to log on** and select **Disabled.**
+Disable the camera. |     Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**.
+Turn off app notifications on the lock screen. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
+Disable removable media. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.</br></br>**NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
+
+In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can log on the assigned access account manually or you can configure the device to log on to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic logon.
+
+
+**How to edit the registry to have an account automatically logged on**
+
+1.  Open Registry Editor (regedit.exe).
+
+    >[!NOTE]  
+    >If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).
+  
+
+2.  Go to
+
+    **HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\WindowsNT\CurrentVersion\Winlogon**
+
+3.  Set the values for the following keys.
+
+    -   *AutoAdminLogon*: set value as **1**.
+
+    -   *DefaultUserName*: set value as the account that you want logged in.
+
+    -   *DefaultPassword*: set value as the password for the account.
+
+       > [!NOTE]
+       > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** &gt; **String Value**.
+
+    -   *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, do not add this key.
+
+4.  Close Registry Editor. The next time the computer restarts, the account will be logged on automatically.
+
+>[!TIP]
+>You can also configure automatic logon [using the Autologon tool from Sysinternals](https://docs.microsoft.com/sysinternals/downloads/autologon).
+
+
+<span id="local"/>
+## Set up a kiosk or digital sign in local Settings
+
+>App type: UWP
+>
+>OS edition: Windows 10 Pro, Ent, Edu
+>
+>Account type: Local standard user
+
+You can use **Settings** to quickly configure one or a few devices as a kiosk. (Using **Settings** isn't practical for configuring a lot of devices, but it would work.) When you set up a kiosk (also known as *assigned access*) in **Settings**, you must select a local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
 
 When your kiosk is a local device that is not managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
 
@@ -48,99 +128,33 @@ If you do not want the kiosk account signed in automatically when the device res
 
 ![Screenshot of automatic sign-in setting](images/auto-signin.png)
 
-<span id="wizard" />
-## Set up a kiosk using Windows Configuration Designer
+**To set up assigned access in PC settings**
 
-When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Classic Windows application.
-
->[!IMPORTANT]
->When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
-
-[Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and click **Next**, configure the settings as shown in the following table.
-
-
-
-<table>
-<tr><td  style="width:45%" valign="top">![step one](images/one.png)![set up device](images/set-up-device.png)</br></br>Enable device setup if you want to configure settings on this page.</br></br>**If enabled:**</br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows 10 to a different edition. [See the permitted upgrades.](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades)</br></br>Toggle **Configure devices for shared use** off. This setting optimizes Windows 10 for shared use scenarios and isn't necessary for a kiosk scenario.</br></br>You can also select to remove pre-installed software from the device. </td><td>![device name, upgrade to enterprise, shared use, remove pre-installed software](images/set-up-device-details.png)</td></tr>
-<tr><td  style="width:45%" valign="top">![step two](images/two.png)  ![set up network](images/set-up-network.png)</br></br>Enable network setup if you want to configure settings on this page.</br></br>**If enabled:**</br></br>Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.</td><td>![Enter network SSID and type](images/set-up-network-details.png)</td></tr>
-<tr><td  style="width:45%" valign="top">![step three](images/three.png)  ![account management](images/account-management.png)</br></br>Enable account management if you want to configure settings on this page. </br></br>**If enabled:**</br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.</br></br>**Warning:** You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br>**Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td>![join Active Directory, Azure AD, or create a local admin account](images/account-management-details.png)</td></tr>
-<tr><td  style="width:45%" valign="top">![step four](images/four.png) ![add applications](images/add-applications.png)</br></br>You can provision the kiosk app in the **Add applications** step. You can install multiple applications, both Classic Windows (Win32) apps and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)</br></br>**Warning:** If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in **Installer Path**, and then a **Cancel** button becomes available, allowing you to complete the provisioning package without an application. </td><td>![add an application](images/add-applications-details.png)</td></tr>
-<tr><td  style="width:45%" valign="top">![step five](images/five.png) ![add certificates](images/add-certificates.png)</br></br>To provision the device with a certificate for the kiosk app, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td>![add a certificate](images/add-certificates-details.png)</td></tr> 
-<tr><td  style="width:45%" valign="top">![step six](images/six.png)  ![Configure kiosk account and app](images/kiosk-account.png)</br></br>**Important:** You must use the Windows Configuration Designer app from Microsoft Store to select a Classic Windows application as the kiosk app in a provisioning package.</br></br>You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.</br></br>If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts.</br></br>In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Classic Windows app) or the AUMID (for a Universal Windows app). For a Classic Windows app, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.</td><td>![Configure kiosk account and app](images/kiosk-account-details.png)</td></tr>
-<tr><td  style="width:45%" valign="top">![step seven](images/seven.png)  ![configure kiosk common settings](images/kiosk-common.png)</br></br>On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.</td><td>![set tablet mode and configure welcome and shutdown and turn off timeout settings](images/kiosk-common-details.png)</td></tr>
-<tr><td  style="width:45%" valign="top">  ![finish](images/finish.png)</br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td>![Protect your package](images/finish-details.png)</td></tr>
-</table>
-
-
->[!NOTE]
->If you want to use the advanced editor in Windows Configuration Designer, specify the user account and app (by AUMID) in **Runtime settings** &gt; **AssignedAccess** &gt; **AssignedAccessSettings**
-
-
-
-
-
-[Learn how to apply a provisioning package.](provisioning-packages/provisioning-apply-package.md)
-
-
-     
-<span id="assigned-access" />
-## Assigned access method for Universal Windows apps
-
-
-Using assigned access, Windows 10 runs the designated Universal Windows app above the lockscreen, so that the assigned access account has no access to any other functionality on the device. You have these choices for setting up assigned access:
-
-| Method | Account type | Windows 10 edition |
-| --- | --- | --- |
-| [Use Settings on the PC](#set-up-assigned-access-in-pc-settings) | Local standard | Pro, Enterprise, Education |
-| [Apply a mobile device management (MDM) policy](#set-up-assigned-access-in-mdm) | All (domain, local standard, local administrator, etc) | Pro (1709 only), Enterprise, Education |
-| [Create a provisioning package using Windows Configuration Designer](#wizard) | All (domain, local standard, local administrator, etc) | Pro (1709 only), Enterprise, Education |
-| [Run a PowerShell script](#set-up-assigned-access-using-windows-powershell) | Local standard | Pro, Enterprise, Education |
-
-
-
-### Requirements
-
--   A domain or local user account. 
-    
--   A Universal Windows app that is installed or provisioned for that account and is an above lock screen app. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](https://go.microsoft.com/fwlink/p/?LinkId=708386).
-
-    The app can be your own company app that you have made available in your own app Store. To set up assigned access using MDM or PowerShell, you also need the Application User Model ID (AUMID) for the app. [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867).
-
-    The Universal Windows app must be able to handle multiple views and cannot launch other apps or dialogs.
-
->[!NOTE]  
->Assigned access does not work on a device that is connected to more than one monitor.
-
- 
-
-### Set up assigned access in PC settings
-
-1.  Go to **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other users**.
+1.  Go to **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other people**.
 
 2.  Choose **Set up assigned access**.
 
 3.  Choose an account.
 
-4.  Choose an app. Only apps that can run above the lock screen will be displayed. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md).
+4.  Choose an app. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md).
 
 5.  Close **Settings** – your choices are saved automatically, and will be applied the next time that user account logs on.
 
 To remove assigned access, choose **Turn off assigned access and sign out of the selected account**.
 
-### Set up assigned access in MDM
-
-Assigned Access has one setting, KioskModeApp. In the KioskModeApp setting, you enter the user account name and AUMID for the app to run in kiosk mode.
-
-[Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867).
-
-[See the technical reference for the Assigned Access configuration service provider.](https://go.microsoft.com/fwlink/p/?LinkId=626608)
-
-<sp id="set-up-assigned-access-wcd" />
+>[!NOTE]  
+>Single-app kiosk configuration using assigned access does not work on a device that is connected to more than one monitor.
 
 
+<span id="powershell"/>
+## Set up a kiosk or digital sign using Windows PowerShell
 
-### Set up assigned access using Windows PowerShell
+ 
+>App type: UWP
+>
+>OS edition: Windows 10 Pro, Ent, Edu
+>
+>Account type: Local standard user
 
 You can use any of the following PowerShell cmdlets to set up assigned access on multiple devices. 
 
@@ -178,50 +192,91 @@ Clear-AssignedAccess
 ```
 
 
-### Set up automatic logon
+<span id="wizard" />
+## Set up a kiosk or digital sign using a provisioning package
 
-When your kiosk device restarts, whether from an update or power outage, you can log on the assigned access account manually or you can configure the device to log on to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic logon.
+>App type: UWP or Classic Windows
+>
+>OS edition: Windows 10 Pro (version 1709) for UWP only; Ent, Edu for both app types
+>
+>Account type: Local standard user 
 
-Edit the registry to have an account automatically logged on.
+When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Classic Windows application.
 
-1.  Open Registry Editor (regedit.exe).
+>[!IMPORTANT]
+>When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
-    >[!NOTE]  
-    >If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).
-  
 
-2.  Go to
+[Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and click **Next**, configure the settings as shown in the following table.
 
-    **HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\WindowsNT\CurrentVersion\Winlogon**
 
-3.  Set the values for the following keys.
 
-    -   *AutoAdminLogon*: set value as **1**.
+<table>
+<tr><td  style="width:45%" valign="top">![step one](images/one.png)![set up device](images/set-up-device.png)</br></br>Enable device setup if you want to configure settings on this page.</br></br>**If enabled:**</br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows 10 to a different edition. [See the permitted upgrades.](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades)</br></br>Toggle **Configure devices for shared use** off. This setting optimizes Windows 10 for shared use scenarios and isn't necessary for a kiosk scenario.</br></br>You can also select to remove pre-installed software from the device. </td><td>![device name, upgrade to enterprise, shared use, remove pre-installed software](images/set-up-device-details.png)</td></tr>
+<tr><td  style="width:45%" valign="top">![step two](images/two.png)  ![set up network](images/set-up-network.png)</br></br>Enable network setup if you want to configure settings on this page.</br></br>**If enabled:**</br></br>Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.</td><td>![Enter network SSID and type](images/set-up-network-details.png)</td></tr>
+<tr><td  style="width:45%" valign="top">![step three](images/three.png)  ![account management](images/account-management.png)</br></br>Enable account management if you want to configure settings on this page. </br></br>**If enabled:**</br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.</br></br>**Warning:** You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br>**Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td>![join Active Directory, Azure AD, or create a local admin account](images/account-management-details.png)</td></tr>
+<tr><td  style="width:45%" valign="top">![step four](images/four.png) ![add applications](images/add-applications.png)</br></br>You can provision the kiosk app in the **Add applications** step. You can install multiple applications, both Classic Windows (Win32) apps and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)</br></br>**Warning:** If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in **Installer Path**, and then a **Cancel** button becomes available, allowing you to complete the provisioning package without an application. </td><td>![add an application](images/add-applications-details.png)</td></tr>
+<tr><td  style="width:45%" valign="top">![step five](images/five.png) ![add certificates](images/add-certificates.png)</br></br>To provision the device with a certificate for the kiosk app, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td>![add a certificate](images/add-certificates-details.png)</td></tr> 
+<tr><td  style="width:45%" valign="top">![step six](images/six.png)  ![Configure kiosk account and app](images/kiosk-account.png)</br></br>You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.</br></br>If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts.</br></br>In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Classic Windows app) or the AUMID (for a Universal Windows app). For a Classic Windows app, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.</td><td>![Configure kiosk account and app](images/kiosk-account-details.png)</td></tr>
+<tr><td  style="width:45%" valign="top">![step seven](images/seven.png)  ![configure kiosk common settings](images/kiosk-common.png)</br></br>On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.</td><td>![set tablet mode and configure welcome and shutdown and turn off timeout settings](images/kiosk-common-details.png)</td></tr>
+<tr><td  style="width:45%" valign="top">  ![finish](images/finish.png)</br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td>![Protect your package](images/finish-details.png)</td></tr>
+</table>
 
-    -   *DefaultUserName*: set value as the account that you want logged in.
 
-    -   *DefaultPassword*: set value as the password for the account.
+>[!NOTE]
+>If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** &gt; **AssignedAccess** &gt; **AssignedAccessSettings**
 
-       > [!NOTE]
-       > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** &gt; **String Value**.
 
-    -   *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, do not add this key.
 
-4.  Close Registry Editor. The next time the computer restarts, the account will be logged on automatically.
 
-### Sign out of assigned access
 
-To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the login screen timeout, the kiosk app will be re-launched. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
+[Learn how to apply a provisioning package.](provisioning-packages/provisioning-apply-package.md)
 
-If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key:
 
-**HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI**
 
-To change the default time for assigned access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal.
 
-<span id="shell-launcher" />
-## Shell Launcher for Classic Windows applications
 
+ 
+
+
+
+## Set up a kiosk or digital sign in Intune or other MDM service
+
+>App type: UWP 
+>
+>OS edition: Windows 10 Pro (version 1709), Ent, Edu
+>
+>Account type: Local standard user, Azure AD
+
+Microsoft Intune and other MDM services enable kiosk configuration through the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Assigned Access has a KioskModeApp setting. In the KioskModeApp setting, you enter the user account name and [AUMID](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the app to run in kiosk mode.
+
+The following steps explain how to configure a kiosk in Microsoft Intune. For other MDM services, see the documentation for your provider.
+
+**To configure kiosk in Microsoft Intune**
+
+2. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
+3. Select **Device configuration**.
+4. Select **Profiles**.
+5. Select **Create profile**.
+6. Enter a friendly name for the profile.
+7. Select **Windows 10 and later** for the platform.
+8. Select **Device restrictions** for the profile type.
+9. Select **Kiosk**.
+10. In **Kiosk Mode**, select **Single app kiosk**.
+1. Enter the user account (Azure AD or a local standard user account).
+11. Enter the Application User Model ID for an installed app.
+14. Select **OK**, and then select **Create**.
+18. Assign the profile to a device group to configure the devices in that group as kiosks.
+
+
+<span id="shelllauncher" />
+## Set up a kiosk or digital sign using Shell Launcher 
+
+>App type: Classic Windows
+>
+>OS edition: Windows 10 Ent, Edu
+>
+>Account type: Local standard user or administrator, Active Directory, Azure AD
 
 Using Shell Launcher, you can configure a kiosk device that runs a Classic Windows application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on.
 
@@ -229,7 +284,8 @@ Using Shell Launcher, you can configure a kiosk device that runs a Classic Windo
 >You can also configure a kiosk device that runs a Classic Windows application by using the [Provision kiosk devices wizard](#wizard).
 
 >[!WARNING]
->Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.  
+>- Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
+>- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.  
 
 ### Requirements
 
@@ -239,6 +295,7 @@ Using Shell Launcher, you can configure a kiosk device that runs a Classic Windo
 
 [See the technical reference for the shell launcher component.](https://go.microsoft.com/fwlink/p/?LinkId=618603)
 
+
 ### Configure Shell Launcher
 
 To set a Classic Windows application as the shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell.
@@ -399,41 +456,15 @@ $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
 "`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
 ```
 
-## Other settings to lock down
+## Sign out of assigned access
 
+To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the login screen timeout, the kiosk app will be re-launched. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
 
-For a more secure kiosk experience, we recommend that you make the following configuration changes to the device:
+If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key:
 
--   Put device in **Tablet mode**.
+**HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI**
 
-    If you want users to be able to use the touch (on screen) keyboard, go to **Settings** &gt; **System** &gt; **Tablet mode** and choose **On.**
-
--   Hide **Ease of access** feature on the logon screen.
-
-    Go to **Control Panel** &gt; **Ease of Access** &gt; **Ease of Access Center**, and turn off all accessibility tools.
-
--   Disable the hardware power button.
-
-    Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
-
--   Remove the power button from the sign-in screen.
-
-    Go to **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt;**Security Options** &gt; **Shutdown: Allow system to be shut down without having to log on** and select **Disabled.**
-
--   Disable the camera.
-
-    Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**.
-
--   Turn off app notifications on the lock screen.
-
-    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
-
--   Disable removable media.
-
-    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.
-
-    >[!NOTE]  
-    >To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
+To change the default time for assigned access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal.
 
  
 ## Related topics
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index 318293c24d..af9099c374 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: store, mobile
 author: TrudyHa
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 4/16/2018
 ---
 
 # Configure access to Microsoft Store
@@ -77,6 +77,10 @@ You can also use Group Policy to manage access to Microsoft Store.
 
 4.  On the **Turn off Store application** setting page, click **Enabled**, and then click **OK**.
 
+> [!Important]
+> Enabling **Turn off Store application** policy turns off app updates from Microsoft Store.
+
+
 ## <a href="" id="block-store-mdm"></a>Block Microsoft Store using management tool
 
 
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index 5ec8571305..301f4a7b07 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -16,8 +16,8 @@ ms.date: 03/08/2018
 
 Follow the steps in this topic to deploy User Experience Virtualization (UE-V) for the first time in a test environment. Evaluate UE-V to determine whether it’s the right solution to manage user settings across multiple devices within your enterprise.
 
->**Note**
-The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md).
+>[!NOTE]
+>The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md).
 
 The standard installation of UE-V synchronizes the default Microsoft Windows and Office settings and many Windows applications settings. For best results, ensure that your test environment includes two or more user computers that share network access.
 
@@ -94,13 +94,13 @@ A storage path must be configured on the client-side to tell where the personali
 
 4.  Select **Enabled**, fill in the **Settings storage path**, and click **OK**.
 
-    - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder.
+    - Ensure that the storage path ends with **%username%** to ensure that each user gets a unique folder.
 
 **To set the storage path for UE-V with PowerShell**
 
 1.  In a PowerShell window, type **Set-uevConfiguration -SettingsStoragePath [StoragePath]** where **[StoragePath]** is the path to the location created in step 2 followed by **\%username%**.
 
-    - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder.
+    - Ensure that the storage path ends with **%username%** to ensure that each user gets a unique folder.
 
 With Windows 10, version 1607 and later, the UE-V service is installed on user devices when the operating system is installed. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
 
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 2df8e81ee7..de3f2b1d0f 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -29,7 +29,7 @@ The **Azure > Authority** and **Azure > BPRT** settings for bulk Azure Active Di
 
 - [Instructions for desktop wizard](../provisioning-packages/provision-pcs-for-initial-deployment.md)
 - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
-- [Instructions for the kiosk wizard](../set-up-a-kiosk-for-windows-10-for-desktop-editions.md#wizard)
+- [Instructions for the kiosk wizard](../setup-kiosk-digital-signage.md#wizard)
 
 ## ComputerAccount
 
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index 9be7d411e7..fdc91f9f6c 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 author: jdeckerMS
 ms.localizationpriority: medium
 ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 03/30/2018
 ---
 
 # SMISettings (Windows Configuration Designer reference)
@@ -94,6 +94,9 @@ When you **enable** KeyboardFilter, a number of other settings become available
 
 Use ShellLauncher to specify the application or executable to use as the default custom shell. One use of ShellLauncher is to [create a kiosk (fixed-purpose) device running a Classic Windows application](https://docs.microsoft.com/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions#shell-launcher-for-classic-windows-applications).
 
+>[!WARNING]
+>Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
+
 You can also configure ShellLauncher to launch different shell applications for different users or user groups.
 
 >[!IMPORTANT]  
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 60b97c2e42..b0f27ea80e 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -8,6 +8,13 @@
 ### [Configure VDA for Subscription Activation](vda-subscription-activation.md)
 ### [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md)
 ## [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md)
+### [Quick fixes](upgrade\quick-fixes.md)
+### [SetupDiag](upgrade/setupdiag.md)
+### [Troubleshooting upgrade errors](upgrade/troubleshoot-upgrade-errors.md)
+### [Windows error reporting](upgrade/windows-error-reporting.md)
+### [Upgrade error codes](upgrade/upgrade-error-codes.md)
+### [Log files](upgrade/log-files.md)
+### [Resolution procedures](upgrade/resolution-procedures.md)
 ### [Submit Windows 10 upgrade errors](upgrade/submit-errors.md)
 
 ## [Deploy Windows 10](deploy.md)
@@ -223,6 +230,7 @@
 ### [Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md)
 ### [Manage device restarts after updates](update/waas-restart.md)
 ### [Manage additional Windows Update settings](update/waas-wu-settings.md)
+### [Determine the source of Windows updates](update/windows-update-sources.md)
 ### [Windows Insider Program for Business](update/waas-windows-insider-for-business.md)
 #### [Introduction to the Windows Insider Program for Business](update/WIP4Biz-intro.md)
 #### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
@@ -230,6 +238,7 @@
 ### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
 
 ## [Windows Analytics](update/windows-analytics-overview.md)
+### [Windows Analytics and privacy](update/windows-analytics-privacy.md)
 ### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
 #### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
 #### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
@@ -241,7 +250,6 @@
 ##### [Step 2: Resolve issues](upgrade/upgrade-readiness-resolve-issues.md)
 ##### [Step 3: Deploy Windows](upgrade/upgrade-readiness-deploy-windows.md)
 ##### [Additional insights](upgrade/upgrade-readiness-additional-insights.md)
-#### [Troubleshoot Upgrade Readiness](upgrade/troubleshoot-upgrade-readiness.md)
 ### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
 #### [Get started with Update Compliance](update/update-compliance-get-started.md)
 #### [Use Update Compliance](update/update-compliance-using.md)
@@ -249,6 +257,7 @@
 ##### [Security Update Status report](update/update-compliance-security-update-status.md)
 ##### [Feature Update Status report](update/update-compliance-feature-update-status.md)
 ##### [Windows Defender AV Status report](update/update-compliance-wd-av-status.md)
+##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md)
 ##### [Update Compliance Perspectives](update/update-compliance-perspectives.md)
 ### [Device Health](update/device-health-monitor.md)
 #### [Get started with Device Health](update/device-health-get-started.md)
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index 40c3fdf557..626dd39323 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
-author: mtniehaus
-ms.date: 11/09/2017
+author: greg-lindsay
+ms.date: 04/18/2018
 ---
 
 # Create a Windows 10 reference image
@@ -20,7 +20,7 @@ ms.date: 11/09/2017
 Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you will learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you will have a Windows 10 reference image that can be used in your deployment solution.
 For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, PC0001 is a Windows 10 Enterprise x64 client, and MDT01 is a Windows Server 2012 R2 standard server. HV01 is a Hyper-V host server, but HV01 could be replaced by PC0001 as long as PC0001 has enough memory and is capable of running Hyper-V. MDT01, HV01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation.
 
->{!NOTE]}  
+>[!NOTE]
 >For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
  
 ![figure 1](../images/mdt-08-fig01.png)
diff --git a/windows/deployment/images/cleanup.PNG b/windows/deployment/images/cleanup.PNG
new file mode 100644
index 0000000000..783a069a36
Binary files /dev/null and b/windows/deployment/images/cleanup.PNG differ
diff --git a/windows/deployment/images/drive.PNG b/windows/deployment/images/drive.PNG
new file mode 100644
index 0000000000..fa0970ab02
Binary files /dev/null and b/windows/deployment/images/drive.PNG differ
diff --git a/windows/deployment/images/update.jpg b/windows/deployment/images/update.jpg
new file mode 100644
index 0000000000..d5ba862300
Binary files /dev/null and b/windows/deployment/images/update.jpg differ
diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md
index 70a781cb0d..4a72395427 100644
--- a/windows/deployment/update/device-health-get-started.md
+++ b/windows/deployment/update/device-health-get-started.md
@@ -5,7 +5,7 @@ keywords: Device Health, oms, operations management suite, prerequisites, requir
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.date: 03/15/2018
+ms.date: 03/20/2018
 ms.pagetype: deploy
 author: jaimeo
 ---
@@ -72,7 +72,7 @@ Once you've added Update Compliance to Microsoft Operations Management Suite, yo
 
 ## Use Device Health to monitor frequency and causes of device crashes
 
-Once your devices are enrolled, you can move on to [Use Device Health](device-health-using.md).
+Once your devices are enrolled, you can move on to [Using Device Health](device-health-using.md).
 
 
 ## Related topics
diff --git a/windows/deployment/update/device-health-using.md b/windows/deployment/update/device-health-using.md
index 3526ae3850..19e2365401 100644
--- a/windows/deployment/update/device-health-using.md
+++ b/windows/deployment/update/device-health-using.md
@@ -4,7 +4,7 @@ description: Explains how to begin usihg Device Health.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.date: 10/10/2017
+ms.date: 03/30/2018
 ms.pagetype: deploy
 author: jaimeo
 ---
@@ -90,6 +90,144 @@ Clicking a listed driver on the Driver-Induced OS Crashes blade opens a driver p
 The driver version table can help you determine whether deploying a newer version of the driver might help you reduce the crash rate. In the example shown above, the most commonly installed driver version (19.15.1.5) has a crash rate of about one-half of one percent--this is low, so this driver is probably fine. However, driver version 19.40.0.3 has a crash rate of almost 20%. If that driver had been widely deployed, updating it would substantially reduce the overal number of crashes in your organization.
 
 
+## App Reliability
+
+The App Reliability report shows you useful data on app usage and behavior so that you can identify apps that are misbehaving and then take steps to resolve the problem.
+
+### App reliability events
+
+The default view includes the **Devices with events** count, which shows the number of devices in your organization that have logged a reliability event for a given app over the last 14 days. A "reliability event" occurs when an app either exits unexpectedly or stops responding. The table also includes a **Devices with Usage** count. This enables you to see how widely used the app was over the same period to put the Devices with Events count into perspective.
+
+![Main App Reliability view](images/app-reliability-main.png)
+
+When you click a particular app, the detailed **App reliability** view opens. The first element in the view is the App Information summary:
+
+![App reliability view with columns for app name, publisher, devices with usage, devices with events, percentage of devices with events logged for that app, and percentage of devices with events as a "commercial average"](images/app-reliability-app-detail.png)
+
+This table contains:
+
+- App name
+- Publisher
+- Devices with usage: the number of unique devices that logged any usage of the app
+- Devices with events: the number of unique devices that logged any reliability event for the app
+- % with events: the ratio of "devices with events" to "devices with usage"
+- % with events (commercial average): the ratio of "devices with events" to "devices with usage" in data collected from deployments with a mix of operating system versions and device models that is similar to yours. This can help you decide if a given app is having problems specifically in your environment or more generally in many environments.
+
+#### Trend section
+Following the App Information summary is the trend section:
+
+![Trend view](images/app-reliability-trend-view.png)
+
+With these trend graphs you can more easily detect if an issue is growing, shrinking, or steady. The trend graph on the left shows the number of devices that logged any reliability event for the app. The trend graph on the right shows the ratio of "devices with events" to "devices with usage."
+
+Each graph displays two lines:
+
+- Trailing window: in this line, each day’s value reflects reliability events that occurred in the 14 days leading up to that day. This is useful for gauging the long-term trend with reduced volatility due to weekends and small populations.
+- Single day: Each day’s value reflects reliability events that occurred in a single day. This is useful if an issue is quickly emerging (or being resolved).
+
+#### App and OS versions table
+The next element in the view is the App and OS versions table:
+
+
+![App/OS version view](images/app-reliability-app-OS-version.png)
+
+This table breaks out the metrics by combinations of App and OS version. This enables you to identify patterns in that might indicate devices needing an update or configuration change.
+
+For example, if the table shows that a later version of an app is more reliable than an earlier version in your environment, then prioritizing deployment of the later version is likely the best path forward. If you are already running the latest version of the app, but reliability events are increasing, then you might need to do some troubleshooting, or seek support from Microsoft or the app vendor.
+
+By default the table is limited to the most-used version combinations in your environment. To see all version combinations click anywhere in the table.
+
+
+#### Reliability event history table
+
+The next element in the view is the reliability event history table:
+
+![event history view](images/app-reliability-event-history.png)
+
+This table shows the most detailed information. Although Device Health is not a debugging tool, the details available in this table can help with troubleshooting by providing the specific devices, versions, and dates of the reliability events.
+
+This view also includes the **Diagnostic Signature** column. This value can be helpful when you are working with product support or troubleshooting on your own. The value (also known as Failure ID or Failure Name) is the same identifier used to summarize crash statistics for Microsoft and partner developers.
+
+The Diagnostic Signature value contains the type of reliability event, error code, DLL name, and function name involved. You can use this information to narrow the scope of troubleshooting. For example, a value like *APPLICATION_HANG_ThreadHang_Contoso-Add-In.dll!GetRegistryValue()* implies that the app stopped responding when Contoso-Add-In was trying to read a registry value. In this case you might prioritize updating or disabling the add-in, or using Process Monitor to identify the registry value it was trying to read, which could lead to a resolution through antivirus exclusions, fixing missing keys, or similar remedies.
+
+
+By default the table is limited to a few recent rows. To see all rows click anywhere in the table.
+
+
+### FAQs and limitations
+
+#### Why does a particular app not appear in the views?
+When we allow reliability events from all processes, the list of apps fills with noisy processes which don't feel like meaningful end-user apps (for example, taskhost.exe or odd-test-thing.exe). In order to draw focus to the apps which matter most to users, App Reliability uses a series of filters to limit what appears in the list. The filter criteria include the following:
+
+- Filter out background processes which have no detected user interaction.
+- Filter out operating system processes which, despite having user interaction, do not feel like apps (for example, Logonui.exe, Winlogon.exe). **Known limitation:** Some processes which may feel like apps are not currently detected as such (and are therefore filtered out as OS processes). These include Explorer.exe, Iexplore.exe, Microsoftedge.exe, and several others.
+- Remove apps which are not widely used in your environment. **Known limitation:** This might result in an app that you consider important being filtered out when that app is not among the 30 most widely used in your environment.
+
+
+We welcome your suggestions and feedback on this filtering process at the [Device Health Tech Community](https://aka.ms/community/DeviceHealth).
+
+#### Why are there multiple names and entries for the same app?
+For example, you might see *Skype for Business*, *‘skype for business’*, and *Lync* listed separately, but you only use *Skype for Business*. Or you might see *MyApp Pro* and *MyApp Professional* listed separately, even though they feel like the same thing.
+
+Apps have many elements of metadata which describe them. These include an Add/Remove programs title (“Contoso Suite 12”), executable file names (“ContosoCRM.exe”), executable display name (“Contoso CRM”), and others. App publishers (and in some cases app re-packagers) set these values. For the most part we leave the data as set by the publisher which can lead to some report splitting. In certain cases we apply transformations to reduce splitting, for example we (by design) convert many values to lower case so that incoming data such as "Contoso CRM" and "CONTOSO CRM" become the same app name for reporting. 
+ 
+
+
+#### Clicking an app in the App Reliability Events blade sometimes results a List view of records instead of the App Reliability view
+To work around this, click the **App Reliability** tab above the results to see the expected view.
+ 
+![Click app reliability tab](images/app-reliability-tab.png)
+
+
+#### Clicking "See all…" from the App Reliability Events blade followed by clicking an app from the expanded list results in raw records instead of the App Reliability view
+To work around this, replace all of the text in the Log Search query box with the following:
+
+*DHAppReliability | where AppFileDisplayName == "<Name of app as it appeared in the list>"*
+
+For example:
+
+*DHAppReliability | where AppFileDisplayName == "Microsoft Outlook"*
+
+
+
+## Login Health
+
+Login Health provides reports on Windows login attempts in your environment, including metrics on the login methods being used (such as Windows Hello, face recognition, fingerprint recognition, PIN, or password), the rates and patterns of login success and failure, and the specific reasons logins have failed.
+
+The Login Health blades appear in the Device Health dashboard:
+
+
+![Main Login health view](images/login-health.png)
+
+### Login Errors
+The **Login errors** blade displays data on the frequency and type of errors, with statistics on specific errors. They are generally categorized into user-generated (caused by bad input) or non-user-generated (might need IT intervention) errors. Click any individual error to see all instances of the error's occurence for the specified time period.
+
+### Login Metrics by Type
+The **Login metrics by type** blade shows the success rate for your devices, as well as the success rate for other environments with a mix of operating system versions and device models similar to yours (the **Commercial average success rate**).
+
+In the table (by type) you can gauge how broadly each login type is attempted, the number of devices that prefer the type (most used), and the success rate. If migration from passwords to an alternative such as Hello: PIN is going well, you would see high usage and high success rates for the new type.
+
+Click any of the login types to see detailed login health data for that type:
+
+![Login type detail](images/login-health-detail.png)
+
+This view shows trends over time of usage, preferred credentials, and success rate along with the most frequent errors and frequently failing devices for that login type.
+
+Click a specific login error in this view to see a list of all instances for that error and login type within the specified time range:
+
+![Login error detail](images/login-health-detail-failure.png)
+
+Included in this view are device attributes and error attributes such as the following:
+
+- LogonStatus/LogonSubStatus: Status code for the login attempt
+- SignInFailureReason: Known failure reasons evaluated from status or sub-status
+- SuggestedSignInRemediation: Suggested remediation that was presented to the user at the time of error
+
+The filters in the left pane allow you to filter errors to a particular operating system, device model, or other parameters. Alternatively, clicking the most frequently failing models from the Login Health perspective will take you to a list of error instances filtered to the login type and specified device model within the specified time range.
+
+>[!NOTE]
+> Windows Hello: Face authentication errors are not currently included in the login health reports.
+
 
 
 
diff --git a/windows/deployment/update/images/WA-data-flow-v1.png b/windows/deployment/update/images/WA-data-flow-v1.png
new file mode 100644
index 0000000000..072502b2c7
Binary files /dev/null and b/windows/deployment/update/images/WA-data-flow-v1.png differ
diff --git a/windows/deployment/update/images/app-reliability-app-OS-version.png b/windows/deployment/update/images/app-reliability-app-OS-version.png
new file mode 100644
index 0000000000..c281dcc316
Binary files /dev/null and b/windows/deployment/update/images/app-reliability-app-OS-version.png differ
diff --git a/windows/deployment/update/images/app-reliability-app-detail.png b/windows/deployment/update/images/app-reliability-app-detail.png
new file mode 100644
index 0000000000..8c402bb91f
Binary files /dev/null and b/windows/deployment/update/images/app-reliability-app-detail.png differ
diff --git a/windows/deployment/update/images/app-reliability-event-history.png b/windows/deployment/update/images/app-reliability-event-history.png
new file mode 100644
index 0000000000..f28ab02908
Binary files /dev/null and b/windows/deployment/update/images/app-reliability-event-history.png differ
diff --git a/windows/deployment/update/images/app-reliability-main.png b/windows/deployment/update/images/app-reliability-main.png
new file mode 100644
index 0000000000..abbcc72690
Binary files /dev/null and b/windows/deployment/update/images/app-reliability-main.png differ
diff --git a/windows/deployment/update/images/app-reliability-tab.png b/windows/deployment/update/images/app-reliability-tab.png
new file mode 100644
index 0000000000..17eae401f4
Binary files /dev/null and b/windows/deployment/update/images/app-reliability-tab.png differ
diff --git a/windows/deployment/update/images/app-reliability-trend-view.png b/windows/deployment/update/images/app-reliability-trend-view.png
new file mode 100644
index 0000000000..2d26df93d3
Binary files /dev/null and b/windows/deployment/update/images/app-reliability-trend-view.png differ
diff --git a/windows/deployment/update/images/login-health-detail-failure.png b/windows/deployment/update/images/login-health-detail-failure.png
new file mode 100644
index 0000000000..76865225a1
Binary files /dev/null and b/windows/deployment/update/images/login-health-detail-failure.png differ
diff --git a/windows/deployment/update/images/login-health-detail.png b/windows/deployment/update/images/login-health-detail.png
index 2d3871fc42..45867cefc5 100644
Binary files a/windows/deployment/update/images/login-health-detail.png and b/windows/deployment/update/images/login-health-detail.png differ
diff --git a/windows/deployment/update/images/login-health.png b/windows/deployment/update/images/login-health.png
index fd4f6740bd..e250351fb5 100644
Binary files a/windows/deployment/update/images/login-health.png and b/windows/deployment/update/images/login-health.png differ
diff --git a/windows/deployment/update/images/uc-DO-status.png b/windows/deployment/update/images/uc-DO-status.png
new file mode 100644
index 0000000000..d4b47be324
Binary files /dev/null and b/windows/deployment/update/images/uc-DO-status.png differ
diff --git a/windows/deployment/update/images/upgrade-analytics-unsubscribe.png b/windows/deployment/update/images/upgrade-analytics-unsubscribe.png
new file mode 100644
index 0000000000..402db94d6f
Binary files /dev/null and b/windows/deployment/update/images/upgrade-analytics-unsubscribe.png differ
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index a9805be280..0cd39373d7 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -1,16 +1,16 @@
 ---
-title: Update Windows 10 in the enterprise (Windows 10)
+title: Update Windows 10 in enterprise deployments (Windows 10)
 description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows 10.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: DaniHalfin
+author: Jaimeo
 ms.localizationpriority: high
-ms.author: daniha
-ms.date: 11/17/2017
+ms.author: jaimeo
+ms.date: 04/06/2018
 ---
 
-# Update Windows 10 in the enterprise
+# Update Windows 10 in enterprise deployments
 
 
 **Applies to**
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
new file mode 100644
index 0000000000..dce1b56274
--- /dev/null
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -0,0 +1,51 @@
+---
+title: Delivery Optimization in Update Compliance (Windows 10)
+description: new Delivery Optimization data displayed in Update Compliance
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: jaimeo
+ms.author: jaimeo
+ms.date: 03/27/2018
+---
+
+# Delivery Optimization in Update Compliance
+The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
+
+>[!Note]
+>Delivery Optimization Status is currently in development. See the [Known Issues](#known-issues) section for issues we are aware of and potential workarounds. 
+
+
+## Delivery Optimization Status
+ 
+The Delivery Optimization Status section includes three blades:
+
+- The **Device Configuration** blade shows a breakdown of download configuration for each device
+- The **Content Distribution (%)** blade shows the percentage of bandwidth savings for each category
+- The **Content Distribution (GB)** blade shows the total amount of data seen from each content type broken down by the download source (peers vs non-peers).
+
+![DO status](images/uc-DO-status.png)
+
+ 
+## Device Configuration blade
+Devices can be set to use different download modes; these download modes determine in what situations Delivery Optimization will use peer-to-peer distribution to accomplish the downloads. The top section shows the number of devices configured to use peer-to-peer distribution in *Peering On* compared to *Peering Off* modes. The table shows a breakdown of the various download mode configurations seen in your environment. For more information about the different configuration options, see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md#download-mode).
+ 
+## Content Distribution (%) blade
+The first of two blades showing information on content breakdown, this blade shows a ring chart summarizing **Bandwidth Savings %**, which is the percentage of data received from peer sources out of the total data downloaded (for any device that used peer-to-peer distribution).
+The table breaks down the Bandwidth Savings % into specific content categories along with the number of devices seen downloading the given content type that used peer-to-peer distribution.
+ 
+## Content Distribution (GB) blade
+The second of two blades showing information on content breakdown, this blade shows a ring chart summarizing the total bytes downloaded by using peer-to-peer distribution compared to HTTP distribution. 
+The table breaks down the number of bytes from each download source into specific content categories, along with the number of devices seen downloading the given content type that used peer-to-peer distribution.
+
+The download sources that could be included are:
+- LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network
+- Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the “Group” download mode is used)
+- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates. 
+
+## Known Issues
+Delivery Optimization is currently in development. The following issues are known:
+
+- DO Download Mode is not accurately portrayed in the Device Configuration blade. There is no workaround at this time. 
+
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 59660993ae..f2ecc2a75b 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -5,8 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-author: DaniHalfin
-ms.author: daniha
+author: jaimeo
+ms.author: jaimeo
 ms.date: 10/13/2017
 ---
 
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index 24c89c24be..0967178c16 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -90,7 +90,7 @@ For Windows 10, version 1607, organizations already managing their systems with
 
 ![Example of unknown devices](images/wufb-sccm.png)
 
-
+For more information, see [Integration with Windows Update for Business in Windows 10](https://docs.microsoft.com/en-us/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10).
 
 ## Related topics
 
diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index 52a170184a..dc35477a1b 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -145,6 +145,7 @@ The Slow Windows Insider level is for users who prefer to see new builds of Wind
 * Builds are sent to the Slow Ring after feedback has been received from Windows Insiders within the Fast Ring and analyzed by our Engineering teams.  
 * These builds will include updates to fix key issues that would prevent many Windows Insiders from being able to use the build on a daily basis.  
 * These builds still might have issues that would be addressed in a future flight.
+* These builds are typically released once a month.
 
 ### Fast
 
@@ -154,6 +155,7 @@ Best for Windows Insiders who prefer being the first to get access to builds and
 * Because we are also validating a build on a smaller set of devices before going to Fast, there is also a chance that some features might work on some devices but might fail in other device configurations. 
 * Windows Insiders should be ready to reinstall Windows using the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) when you are significantly blocked.
 * Remember to report any issue to us through the Windows Insider Feedback Hub or the Windows Insider community forum.
+* These builds are typically released once a week.
 
 >[!NOTE]
 >Once your device is updated to Windows 10 and you select your desired flight ring, the process known as "Compatibility check" will need to run in the background. There is no manual way to force this process to run. This process allows for the discovery of your OS type (32-bit, 64-bit), build edition (Home, Pro, Enterprise), country and language settings, and other required information. Once this process is complete, your device will be auto-targeted for the next available flight for your selected ring. For the first build on any given device, this might take up to 24 hours to complete.
diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index bfb7bc57df..0b01d6d615 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -8,12 +8,12 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 03/16/2018
+ms.date: 04/05/2018
 ---
 
 # Frequently asked questions and troubleshooting Windows Analytics
 
-This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions.
+This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions. This FAQ, along with the [Windows Analytics Technical Community](https://techcommunity.microsoft.com/t5/Windows-Analytics/ct-p/WindowsAnalytics), are recommended resources to consult before contacting Microsoft support.
 
 ## Troubleshooting common problems
 
@@ -25,18 +25,24 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
 
 [Upgrade Readiness reports outdated updates](#upgrade-readiness-reports-outdated-updates)
 
-[Upgrade Readiness reports incomplete inventory](#upgrade-readiness-reports-incomplete-inventory)
+[Upgrade Readiness shows many "Computers with outdated KB"](#upgrade-readiness-shows-many-computers-with-outdated-kb)
 
 [Upgrade Readiness doesn't show app inventory data on some devices](#upgrade-readiness-doesnt-show-app-inventory-data-on-some-devices)
 
 [Upgrade Readiness doesn't show IE site discovery data from some devices](#upgrade-readiness-doesnt-show-ie-site-discovery-data-from-some-devices)
 
+[Disable Upgrade Readiness](#disable-upgrade-readiness)
+
+[Exporting large data sets](#exporting-large-data-sets)
+
 
 ### Devices not showing up
 
 In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use.
 
 Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices with a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/) on the Windows Analytics blog.
+>[!NOTE]
+> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," please go to **Settings > Connected sources > Windows telemetry** and unsubscribe, wait a minute and then re-subscribe to Upgrade Readiness. This is a known issue and we are working on a fix.
  
 If devices are not showing up as expected, find a representative device and follow these steps to run the latest pilot version of the Upgrade Readiness deployment script on it to troubleshoot issues:
 
@@ -49,9 +55,14 @@ If devices are not showing up as expected, find a representative device and foll
 
 If you want to check a large number of devices, you should run the latest script at scale from your management tool of choice (for example, System Center Configuration Manager) and check the results centrally.
 
-
 If you think the issue might be related to a network proxy, check "Enable data sharing" section of the [Enrolling devices in Windows Analytics](windows-analytics-get-started.md) topic. Also see [Understanding connectivity scenarios and the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog.
 
+If you have deployed images that have not been generalized, then many of them might have the same ID and so analytics will see them as one device. If you suspect this is the issue, then you can reset the IDs on the non-generalized devices by performing these steps:
+1. Net stop diagtrack
+2. Reg delete hklm\software\microsoft\sqmclient /v MachineId /f
+3. Net start diagtrack
+
+
 ### Device Health crash data not appearing
 
 #### Is WER disabled?
@@ -151,47 +162,62 @@ Double-check that IE site discovery opt-in has been configured in the deployment
 Also, on Windows 10 devices remember that IE site discovery requires data diagnostics set to the Enhanced level.
 Finally, Upgrade Readiness only collects IE site discovery data on devices that are not yet upgraded to the target operating system version specified in the Upgrade Readiness Overview blade. This is because Upgrade Readiness targets upgrade planning (for devices not yet upgraded).
 
-[comment]: # (Device names are not showing up properly? Starting with Windows 10 1803, the device name is no longer collected by default and requires a separate opt-in by setting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowDeviceNameInTelemetry:DWORD == 1. This is done by default if you run the latest version of the deployment script, or can be set via policy. If the policy is not set, then the device name will show up as "Unknown (aka.ms/analyticsDeviceName)")
+### Device Names don't show up on Windows 10 devices
+Starting with the build currently available in the Windows Insider Program, the device name is no longer collected by default and requires a separate opt-in. For more information, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
+
+### Disable Upgrade Readiness
+
+If you want to stop using Upgrade Readiness and stop sending diagnostic data data to Microsoft, follow these steps:
+
+1.  Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
+
+  ![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png)
+
+2.  Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**:
+
+  **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
+  **Windows 10**: Follow the instructions in the [Configure Windows diagnostic data in your organization](/configuration/configure-windows-diagnostic-data-in-your-organization.md) topic.
+
+3.	If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0".  The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
+4.	**Optional step:** You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". 
+
+### Exporting large data sets
+
+Azure Log Analytics is optimized for advanced analytics of large data sets and can efficiently generate summaries and analytics for them. The query language is not optimized (or intended) for returning large raw data sets and has built-in limits to protect against overuse. There are times when it might be necessary to get more data than this, but that should be done sparingly since this is not the intended way to use Azure Log Analytics. The following code snippet shows how to retrieve data from UAApp one “page” at a time:
+
+```
+let snapshot = toscalar(UAApp | summarize max(TimeGenerated));
+let pageSize = 100000;
+let pageNumber = 0;
+ 
+UAApp
+| where TimeGenerated == snapshot and IsRollup==true and RollupLevel=="Granular" and Importance == "Low install count"
+| order by AppName, AppVendor, AppVersion desc
+| serialize
+| where row_number(0) >= (pageSize * pageNumber)
+| take pageSize
+```
+
+ 
 
 ## Other common questions
 
 ### What are the requirements and costs for Windows Analytics solutions?
-| Windows Analytics solution| Windows license requirements | Windows version requirements | Diagnostic data requirements |
+| Windows Analytics solution| Windows license requirements | Windows version requirements | Minimum diagnostic data requirements |
 |----------------------|-----------------------------------|------------------------------|------------------------------|
 | Upgrade Readiness | No additional requirements  |  Windows 7 with Service Pack 1, Windows 8.1, Windows 10 | Basic level in most cases; Enhanced level to support Windows 10 app usage data and IE site discovery |
 |  Update Compliance | No additional requirements | Windows 10 | Basic level |
-| Device Health  | No additional requirements  | - Windows 10 Enterprise or Windows 10 Education per-device with active Software Assurance<br>- Windows 10 Enterprise E3 or E5 per-device or per-user subscription (including Microsoft 365 F1, E3, or E5)<br>- Windows 10 Education A3 or A5 (including Microsoft 365 Education A3 or A5)<br>- Windows VDA E3 or E5 per-device or per-user subscription<br>- Windows Server 2016 or later  | Windows 10 | Enhanced level |
+| Device Health  |  **Any** of the following licenses: <br>- Windows 10 Enterprise or Windows 10 Education per-device with active Software Assurance<br>- Windows 10 Enterprise E3 or E5 per-device or per-user subscription (including Microsoft 365 F1, E3, or E5)<br>- Windows 10 Education A3 or A5 (including Microsoft 365 Education A3 or A5)<br>- Windows VDA E3 or E5 per-device or per-user subscription<br>- Windows Server 2016 or later    | Windows 10 | - For Windows 10 version 1709 or later: Enhanced (Limited)<br>- For earlier versions: Enhanced
 
 >[!NOTE]
 > Regarding licensing requirements for Device Health, you do not need per-seat licensing, but only enough licenses to cover your total device usage. For example, if you have 100 E3 licenses, you can monitor 100 devices with Device Health.
 
-Beyond the cost of Windows operating system licenses, there is no additional cost for using Windows Analytics. In Azure Log Analytics, Windows Analytics is "zero-rated;" this means it is excluded from data limits and costs regardless of the Azure Log Analytics pricing tier you have chosen.
+Beyond the cost of Windows operating system licenses, there is no additional cost for using Windows Analytics. Within Azure Log Analytics, Windows Analytics is "zero-rated;" this means it is excluded from data limits and costs regardless of the Azure Log Analytics pricing tier you have chosen. To be more specific, Azure Log Analytics is available in different pricing tiers as described in [Pricing - Log Analytics](https://azure.microsoft.com/pricing/details/log-analytics/).
+- If you are using the free tier, which has a cap on the amount of data collected per day, the Windows Analytics data will not count towards this cap. You will be able to collect all the Windows Analytics data from your devices and still have the full cap available for collecting additional data from other sources.
+- If you are using a paid tier that charges per GB of data collected, the Windows Analytics data will not be charged. You will be able to collect all the Windows Analytics data from your devices and not incur any costs.
 
-### How does Windows Analytics support privacy?
+Note that different Azure Log Analytics plans have different data retention periods, and the Windows Analytics solutions inherit the workspace's data retention policy. So, for example, if your workspace is on the free plan then Windows Analytics will retain the last week's worth of "daily snapshots" that are collected in the workspace.
 
-Windows Analytics is fully committed to privacy, centering on these tenets:
-
-- **Transparency:** We fully document the Windows Analytics diagnostic events (see the links for additional information) so you can review them with your company’s security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) for details).
-- **Control:** You ultimately control the level of diagnostic data you wish to share. In Windows 10 1709 we added a new policy to Limit enhanced diagnostic data to the minimum required by Windows Analytics
-- **Security:** Your data is protected with strong security and encryption
-- **Trust:** Windows Analytics supports the Microsoft Online Service Terms
-
-See these topics for additional background information about related privacy issues:
-
-- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windowsconfiguration/configure-windows-diagnostic-data-in-your-organization)
-- [Windows 7, Windows 8, and Windows 8.1 Appraiser Telemetry Events, and Fields](https://go.microsoft.com/fwlink/?LinkID=822965) (link downloads a PDF file)
-- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703)
-- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields)
-- [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview)
-- [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
-- [Learn about security and privacy at Microsoft datacenters](http://www.microsoft.com/datacenters)
-- [Confidence in the trusted cloud](https://azure.microsoft.com/en-us/support/trust-center/) 
-
-### Can Windows Analytics be used without a direct client connection to the Microsoft Data Management Service?
-No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity.
-
-### Can I choose the data center location?
-Yes for Azure Log Analytics, but no for the Microsoft Data Management Service (which is hosted in the US).
 
 ### Why do SCCM and Upgrade Readiness show different counts of devices that are ready to upgrade?
 System Center Configuration Manager (SCCM) considers a device ready to upgrade if *no installed app* has an upgrade decision of “not ready” (that is, they are all "ready" or "in progress"), while Upgrade Readiness considers a device ready to upgrade only if *all* installed apps are marked “ready”.
diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index de69f455fc..cec30d4e05 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -44,21 +44,22 @@ To enable data sharing, configure your proxy sever to whitelist the following en
 
 | **Endpoint**  | **Function**  |
 |---------------------------------------------------------|-----------|
-| `https://v10.events.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10, version 1803|
-| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10, version 1709 or earlier |
-| `https://vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for operating systems older than Windows 10 |
+| `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with the build of Windows 10 available in the Windows Insider Program|
+| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier |
+| `https://vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for operating systems older than Windows 10 |
 | `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. 
 | `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
 | `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
 | `https://oca.telemetry.microsoft.com`  | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
 
 
-
+>[!NOTE]
+>If you have SSL Inspection enabled on your proxy server, you might need to add the above URLs to your SSL inspection exclusion list to allow data to reach Microsoft endpoints.
 
 ### Configuring endpoint access with proxy servers
 If your organization uses proxy server authentication for outbound traffic, use one or more of the following approaches to ensure that the diagnostic data is not blocked by proxy authentication:
 
-- **Best option:** Configure your proxy servers to **not** require proxy authentication for any traffic to the diagnostic data endpoints. This is the most comprehensive solution and it works for all versions of Windows 10.
+- **Best option:** Configure your proxy servers to **not** require proxy authentication for any traffic to the diagnostic data endpoints. In particular, disable SSL inspection. Windows checks for a Microsoft SSL certificate on the site, and this will be stripped and replaced if the proxy performs inspection. This is the most comprehensive solution and it works for all versions of Windows 10.
 - **User proxy authentication:** Alternatively, you can configure devices on the user side. First, update the devices to Windows 10, version 1703 or later. Then, ensure that users of the devices have proxy permission to reach the diagnostic data endpoints. This requires that the devices have console users with proxy permissions, so you couldn't use this method with headless devices.
 - **Device proxy authentication:** Another option--the most complex--is as follows: First, configure a system level proxy server on the devices. Then, configure these devices to use machine-account-based outbound proxy authentication. Finally, configure proxy servers to allow the machine accounts access to the diagnostic data endpoints. 
 
@@ -69,13 +70,16 @@ The compatibility update scans your devices and enables application usage tracki
 
 | **Operating System** | **Updates** |
 |----------------------|-----------------------------------------------------------------------------|
-| Windows 10        | The latest cumulative updates must be installed on Windows 10 devices to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com) <P>Note: Windows 10 LTSB is not supported by Upgrade Readiness. See [Upgrade readiness requirements](../upgrade/upgrade-readiness-requirements.md) for more information. |
-| Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2976978><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>**NOTE:** KB2976978 is a critical update, so it should already be installed by your management tool. You should, however, verify that it was deployed.   |
-| Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2952664><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this update, see <https://support.microsoft.com/kb/3150513><br>**NOTE:** If KB 3510513 is reported as out of date, you should manually find a recent version at [KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513) and ensure that it is installed and deployed. |
+| Windows 10        | Windows 10 includes the compatibility update, so you will automatically have the latest compatibility update so long as you continue to keep your Windows 10 devices up-to-date with cummulative updates. <P>Note: Windows 10 LTSB is not supported by Upgrade Readiness. See [Upgrade readiness requirements](../upgrade/upgrade-readiness-requirements.md) for more information. |
+| Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2976978>|
+| Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2952664>|
 
 >[!IMPORTANT] 
 >Restart devices after you install the compatibility updates for the first time.
 
+>[!NOTE] 
+>We recommend you configure your update management tool to automatically install the latest version of these updates. There is a related optional update, [KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513), which can provide updated configuration and definitions for older compatibiltiy updates. For more information about this optional update, see <https://support.microsoft.com/kb/3150513>.
+
 
 
 If you are planning to enable IE Site Discovery in Upgrade Readiness, you will need to install a few additional updates.
@@ -123,7 +127,6 @@ Use a software distribution system such as System Center Configuration Manager t
 
 ### Distributing policies at scale
 There are a number of policies that can be centrally managed to control Windows Analytics device configuration. All of these policies have *preference* registry key equivalents that can be set by using the deployment script. Policy settings override preference settings if both are set.
-
 >[!NOTE]
 >You can only set the diagnostic data level to Enhanced by using policy. For example, this is necessary for using Device Health.
 
@@ -134,6 +137,7 @@ These policies are under Microsoft\Windows\DataCollection:
 | CommercialId | In order for your devices to show up in Windows Analytics, they must be configured with your organization’s Commercial ID. |
 | AllowTelemetry (in Windows 10) |	1 (Basic), 2 (Enhanced) or 3 (Full) diagnostic data. Windows Analytics will work with basic diagnostic data, but more features are available when you use the Enhanced level (for example, Device Health requires Enhanced diagnostic data and Upgrade Readiness only collects app usage and site discovery data on Windows 10 devices with Enhanced diagnostic data). For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). |
 | LimitEnhancedDiagnosticDataWindowsAnalytics (in Windows 10) |	Only applies when AllowTelemetry=2. Limits the Enhanced diagnostic data events sent to Microsoft to just those needed by Windows Analytics. For more information, see [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields).|
+| AllowDeviceNameInTelemetry (in Windows 10) |	In the build currently available in the Windows Insider Program for Windows 10, a separate opt-in is required to enable devices to continue to send the device name. |
 | CommercialDataOptIn (in Windows 7 and Windows 8) |	1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. |
 
 
@@ -150,4 +154,10 @@ For more information about Internet Explorer Security Zones, see [About URL Secu
 
 ### Distribution at scale without using the deployment script
 
-We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan.
\ No newline at end of file
+We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you won't benefit from its error checking, and you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan.
+
+Note that it is possible to intiate a full inventory scan on a device by calling these commands:
+- CompatTelRunner.exe -m:generaltel.dll -f:DoCensusRun
+- CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun ent
+
+For details on how to run these and how to check results, see the deployment script.
diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md
new file mode 100644
index 0000000000..89e9d3bc49
--- /dev/null
+++ b/windows/deployment/update/windows-analytics-privacy.md
@@ -0,0 +1,52 @@
+---
+title: Windows Analytics and privacy
+description: How Windows Analytics uses data
+keywords: windows analytics, oms, privacy, data, diagnostic, operations management suite, prerequisites, requirements, updates, upgrades, log analytics, health, FAQ, problems, troubleshooting, error
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: jaimeo
+ms.author: jaimeo
+ms.date: 04/05/2018
+---
+
+# Windows Analytics and privacy
+
+Windows Analytics is fully committed to privacy, centering on these tenets:
+
+- **Transparency:** We fully document the Windows Analytics diagnostic events (see the links for additional information) so you can review them with your company’s security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) for details).
+- **Control:** You ultimately control the level of diagnostic data you wish to share. In Windows 10 1709 we added a new policy to Limit enhanced diagnostic data to the minimum required by Windows Analytics
+- **Security:** Your data is protected with strong security and encryption
+- **Trust:** Windows Analytics supports the Microsoft Online Service Terms
+
+The following illustration shows how diagnostic data flows from individual devices through the Diagnostic Data Service, Azure Log Analytics storage, and to your Log Analytics workspace:
+
+[![Diagram illustrating flow of diagnostic data from devices](images/WA-data-flow-v1.png)](images/WA-data-flow-v1.png)
+
+The data flow sequence is as follows:
+
+1.	Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
+2.	An IT administrator creates an Azure Log Analytics workspace. The administrator chooses the location, copies the Commercial ID (which identifies that workspace), and then pushes Commercial ID to devices they want to monitor. This is the mechanism that specifies which devices appear in which workspaces.
+3.	Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management service.
+4.	These snapshots are copied to transient storage which is used only by Windows Analytics (also hosted in US data centers) where they are segregated by Commercial ID.
+5.	The snapshots are then copied to the appropriate Azure Log Analytics workspace.
+6.	If the IT administrator is using the Upgrade Readiness solution, user input from the IT administrator (specifically, the target operating system release and the importance and upgrade readiness per app) is stored in the Windows Analytics Azure Storage. (Upgrade Readiness is the only Windows Analytics solution that takes such user input.)
+
+
+See these topics for additional background information about related privacy issues:
+
+- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
+- [Windows 7, Windows 8, and Windows 8.1 Appraiser Telemetry Events, and Fields](https://go.microsoft.com/fwlink/?LinkID=822965) (link downloads a PDF file)
+- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703)
+- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields)
+- [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview)
+- [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
+- [Learn about security and privacy at Microsoft datacenters](http://www.microsoft.com/datacenters)
+- [Confidence in the trusted cloud](https://azure.microsoft.com/en-us/support/trust-center/) 
+
+### Can Windows Analytics be used without a direct client connection to the Microsoft Data Management Service?
+No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity.
+
+### Can I choose the data center location?
+Yes for Azure Log Analytics, but no for the Microsoft Data Management Service (which is hosted in the US).
diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md
new file mode 100644
index 0000000000..2fd8f9c79a
--- /dev/null
+++ b/windows/deployment/update/windows-update-sources.md
@@ -0,0 +1,37 @@
+---
+title: Determine the source of Windows updates
+description: Determine the source that Windows Update service is currently using.
+ms.prod: w10
+ms.mktglfcycl: 
+ms.sitesec: library
+author: kaushika-msft
+ms.localizationpriority: high
+ms.author: jaimeo
+ms.date: 04/05/2018
+---
+
+# Determine the source of Windows updates
+
+Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps: 
+
+1.  Start Windows PowerShell as an administrator
+2.  Run  `\$MUSM = New-Object -ComObject   “Microsoft.Update.ServiceManager”`.
+3.  Run `\$MUSM.Services`. Check the resulting output for the **Name** and **OffersWindowsUPdates** parameters, which you can intepret according to this table:
+
+| Output          | Interpretation |
+|-----------------------------------------------------|-----------------------------------|
+| - Name: **Microsoft Update**<br>-OffersWindowsUpdates: **True** | - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.<br>-  Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.)|
+|- Name: **DCat Flighting Prod** <br>-  OffersWindowsUpdates: **False**|- The update source is the Windows Insider Program.<br>- Indicates that the client will not receive or is not configured to receive these updates. |
+| - Name: **Windows Store (DCat Prod)**<br>- OffersWindowsUpdates: **False** |-The update source is Insider Updates for Store Apps.<br>- Indicates that the client will not receive or is not configured to receive these updates.| 
+|-  Name: **Windows Server Update Service**<br>-  OffersWindowsUpdates: **True**  |- The source is a Windows Server Updates Services server.<br>- The client is configured to receive updates from WSUS.|
+|- Name: **Windows Update**<br>- OffersWindowsUpdates: **True** |- The source is Windows Update.<br>- The client is configured to receive updates from Windows Update Online.|
+
+
+
+See also:
+
+[Understanding the Windowsupdate.log file for advanced users](https://support.microsoft.com/help/4035760)
+
+[You can't install updates on a Windows-based computer](https://support.microsoft.com/help/2509997/you-can-t-install-updates-on-a-windows-based-computer)
+
+[How to read the Windowsupdate.log file on Windows 7 and earlier OS versions](https://support.microsoft.com/help/902093/how-to-read-the-windowsupdate-log-file)
diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md
new file mode 100644
index 0000000000..72d23e920b
--- /dev/null
+++ b/windows/deployment/upgrade/log-files.md
@@ -0,0 +1,168 @@
+---
+title: Log files - Windows IT Pro
+description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.date: 03/30/2018
+ms.localizationpriority: high
+---
+
+# Log files
+
+**Applies to**
+-   Windows 10
+
+>[!NOTE]
+>This is a 400 level topic (advanced).<br>
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+
+
+Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code. 
+
+Note: Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. 
+
+The following table describes some log files and how to use them for troubleshooting purposes:<br>
+
+<br>
+
+<table>
+<tr><td BGCOLOR="#a0e4fa"><B>Log file</td><td BGCOLOR="#a0e4fa"><B>Phase: Location</td><td BGCOLOR="#a0e4fa"><B>Description</td><td BGCOLOR="#a0e4fa"><B>When to use</td>
+<tr><td rowspan="5">setupact.log</td><td>Down-Level:<br>$Windows.~BT\Sources\Panther</td><td>Contains information about setup actions during the downlevel phase. </td>
+<td>All down-level failures and starting point for rollback investigations.<br> This is the most important log for diagnosing setup issues.</td>
+<tr><td>OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC</td>
+<td>Contains information about actions during the OOBE phase.</td><td>Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.</td>
+<tr><td>Rollback:<br>$Windows.~BT\Sources\Rollback<td>Contains information about actions during rollback.<td>Investigating generic rollbacks - 0xC1900101.</td>
+<tr><td>Pre-initialization (prior to downlevel):<br>Windows</td><td>Contains information about initializing setup.<td>If setup fails to launch.</td>
+<tr><td>Post-upgrade (after OOBE):<br>Windows\Panther<td>Contains information about setup actions during the installation.<td>Investigate post-upgrade related issues.</td>
+<tr><td>setuperr.log<td>Same as setupact.log<td>Contains information about setup errors during the installation.<td>Review all errors encountered during the installation phase.</td>
+<tr><td>miglog.xml<td>Post-upgrade (after OOBE):<br>Windows\Panther<td>Contains information about what was migrated during the installation.<td>Identify post upgrade data migration issues.</td>
+<tr><td>BlueBox.log<td>Down-Level:<br>Windows\Logs\Mosetup<td>Contains information communication between setup.exe and Windows Update.<td>Use during WSUS and WU down-level failures or for 0xC1900107.</td>
+<tr><td>Supplemental rollback logs:<br>
+Setupmem.dmp<br>
+setupapi.dev.log<br>
+Event logs (*.evtx)</td>
+<td>$Windows.~BT\Sources\Rollback<td>Additional logs collected during rollback.</td>
+<td>
+Setupmem.dmp: If OS bugchecks during upgrade, setup will attempt to extract a mini-dump.<br>
+Setupapi: Device install issues - 0x30018<br>
+Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.</td>
+</table>
+
+## Log entry structure
+
+A setupact.log or setuperr.log entry includes the following elements:
+
+<ol>
+<LI><B>The date and time</B> - 2016-09-08 09:20:05.
+<LI><B>The log level</B> - Info, Warning, Error, Fatal Error.
+<LI><B>The logging component</B> - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
+<UL>
+<LI>The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors.
+</UL>
+<LI><B>The message</B> - Operation completed successfully.
+</OL>
+
+See the following example:
+
+| Date/Time | Log level | Component | Message |
+|------|------------|------------|------------|
+|2016-09-08 09:23:50,|  Warning |         MIG  |   Could not replace object C:\Users\name\Cookies. Target Object cannot be removed.|
+
+
+## Analyze log files
+
+>The following instructions are meant for IT professionals. Also see the [Upgrade error codes](upgrade-error-codes.md) section in this guide to familiarize yourself with [result codes](upgrade-error-codes.md#result-codes) and [extend codes](upgrade-error-codes.md#extend-codes).
+
+<br>To analyze Windows Setup log files:
+
+<ol>
+<LI>Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process.
+<LI>Based on the [extend code](upgrade-error-codes.md#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
+<LI>Open the log file in a text editor, such as notepad.
+<LI>Using the [result code](upgrade-error-codes.md#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
+<LI>To find the last occurrence of the result code:
+  <OL type="a">
+  <LI>Scroll to the bottom of the file and click after the last character.
+  <LI>Click <B>Edit</B>.
+  <LI>Click <B>Find</B>.
+  <LI>Type the result code.
+  <LI>Under <B>Direction</B> select <b>Up</b>.
+  <LI>Click <b>Find Next</b>.
+  </OL>
+<LI> When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code.
+<LI> Search for the following important text strings:
+  <UL>
+  <LI><B>Shell application requested abort</B>
+  <LI><B>Abandoning apply due to error for object</B>
+  </UL>
+<LI> Decode Win32 errors that appear in this section.
+<LI> Write down the timestamp for the observed errors in this section.
+<LI> Search other log files for additional information matching these timestamps or errors.
+</OL>
+
+For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file:
+
+>Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN."
+
+<br><B>setuperr.log</B> content:
+
+<pre style="font-size: 10px; overflow-y: visible">
+27:08, Error           SP     Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
+27:08, Error           MIG    Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
+27:08, Error                  Gather failed. Last error: 0x00000000
+27:08, Error           SP     SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
+27:09, Error           SP     CMigrateFramework: Gather framework failed. Status: 44
+27:09, Error           SP     Operation failed: Migrate framework (Full). Error: 0x8007042B[gle=0x000000b7]
+27:09, Error           SP     Operation execution failed: 13. hr = 0x8007042B[gle=0x000000b7]
+27:09, Error           SP     CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7]
+</PRE>
+
+The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below):
+
+<pre style="font-size: 10px; overflow-y: visible">
+27:08, Error           SP     Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
+</PRE>
+
+</B>The error 0x00000570 is a [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
+
+Therefore, Windows Setup failed because it was not able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**.  This file is a local system certificate and can be safely deleted. Searching the setupact.log file for additional details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
+
+<br><B>setupact.log</B> content:
+
+<pre style="font-size: 10px; overflow-y: visible">
+27:00, Info                   Gather started at 10/5/2016 23:27:00
+27:00, Info [0x080489] MIG    Setting system object filter context (System)
+27:00, Info [0x0803e5] MIG    Not unmapping HKCU\Software\Classes; it is not mapped
+27:00, Info [0x0803e5] MIG    Not unmapping HKCU; it is not mapped
+27:00, Info            SP     ExecuteProgress: Elapsed events:1 of 4, Percent: 12
+27:00, Info [0x0802c6] MIG    Processing GATHER for migration unit: <System>\UpgradeFramework (CMXEAgent)
+27:08, Error           SP     Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
+27:08, Error           MIG    Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
+27:08, Info            SP     ExecuteProgress: Elapsed events:2 of 4, Percent: 25
+27:08, Info            SP     ExecuteProgress: Elapsed events:3 of 4, Percent: 37
+27:08, Info [0x080489] MIG    Setting system object filter context (System)
+27:08, Info [0x0803e5] MIG    Not unmapping HKCU\Software\Classes; it is not mapped
+27:08, Info [0x0803e5] MIG    Not unmapping HKCU; it is not mapped
+27:08, Info            MIG    COutOfProcPluginFactory::FreeSurrogateHost: Shutdown in progress.
+27:08, Info            MIG    COutOfProcPluginFactory::LaunchSurrogateHost::CommandLine: -shortened-
+27:08, Info            MIG    COutOfProcPluginFactory::LaunchSurrogateHost: Successfully launched host and got control object.
+27:08, Error                  Gather failed. Last error: 0x00000000
+27:08, Info                   Gather ended at 10/5/2016 23:27:08 with result 44
+27:08, Info                   Leaving MigGather method
+27:08, Error           SP     SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
+</pre>
+
+
+<br>This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is  C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. 
+
+## Related topics
+
+[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx)
+<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+<br>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
+<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
new file mode 100644
index 0000000000..97d6d61817
--- /dev/null
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -0,0 +1,234 @@
+---
+title: Quick fixes - Windows IT Pro
+description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.date: 04/18/2018
+ms.localizationpriority: high
+---
+
+# Quick fixes
+
+**Applies to**
+-   Windows 10
+
+>[!NOTE]
+>This is a 100 level topic (basic).<br>
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+
+The following list of fixes can resolve many Windows upgrade problems. You should try these steps before contacting Microsoft support, or attempting a more advanced analysis of a Windows upgrade failure. Also review information at [Windows 10 help](https://support.microsoft.com/en-us/products/windows?os=windows-10).
+
+The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. To talk to a person about your issue, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times. 
+
+You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can also just download the tool and run it with no advanced options. You must understand how to download and then run the program from an [elevated command prompt](#open-an-elevated-command-prompt).
+
+## List of fixes
+
+<ol>
+<li>Remove nonessential external hardware, such as docks and USB devices. [More information](#remove-external-hardware).</li>
+<li>Check the system drive for errors and attempt repairs. [More information](#repair-the-system-drive).</li>
+<li>Run the Windows Update troubleshooter. [More information](#windows-update-troubleshooter).</li>
+<li>Attempt to restore and repair system files. [More information](#repair-system-files).</li>
+<li>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. [More information](#update-windows).</li>
+<li>Temporarily uninstall non-Microsoft antivirus software.
+  [More information](#uninstall-non-microsoft-antivirus-software).</li>
+
+<li>Uninstall all nonessential software. [More information](#uninstall-non-essential-software).</li>
+<li>Update firmware and drivers. [More information](#update-firmware-and-drivers)</li>
+<li>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. [More information](#ensure-that-download-and-install-updates-is-selected).</li>
+<li>Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. [More information](#verify-disk-space).</li>
+</ol>
+
+## Step by step instructions
+
+### Remove external hardware
+
+If the computer is portable and it is currently in a docking station, [undock the computer](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754084(v=ws.11)).
+
+Unplug nonessential external hardware devices from the computer, such as:
+- Headphones
+- Joysticks
+- Printers
+- Plotters
+- Projectors
+- Scanners
+- Speakers
+- USB flash drives
+- Portable hard drives
+- Portable CD/DVD/Blu-ray drives
+- Microphones
+- Media card readers
+- Cameras/Webcams
+- Smart phones
+- Secondary monitors, keyboards, mice
+
+For more information about disconnecting external devices, see [Safely remove hardware in Windows 10](https://support.microsoft.com/en-us/help/4051300/windows-10-safely-remove-hardware)
+
+### Repair the system drive
+
+The system drive is the drive that contains the [system partition](https://docs.microsoft.com/windows-hardware/manufacture/desktop/hard-drives-and-partitions#span-idpartitionsspanspan-idpartitionsspanspan-idpartitionsspanpartitions). This is usually the **C:** drive.
+
+To check and repair errors on the system drive:
+
+1. Click **Start**.
+2. Type **command**.
+3. Right-click **Command Prompt** and then left-click **Run as administrator**.
+4. If you are prompted by UAC, click **Yes**.
+5. Type **chkdsk /F** and press ENTER.
+6. When you are prompted to schedule a check the next time the system restarts, type **Y**.
+7. See the following example
+
+    ```
+    C:\WINDOWS\system32>chkdsk /F
+    The type of the file system is NTFS.
+    Cannot lock current drive.
+    
+    Chkdsk cannot run because the volume is in use by another
+    process.  Would you like to schedule this volume to be
+    checked the next time the system restarts? (Y/N) Y
+
+    This volume will be checked the next time the system restarts.
+    ```
+
+8. Restart the computer. The computer will pause before loading Windows and perform a repair of your hard drive.
+
+### Windows Update Troubleshooter
+
+The Windows Update troubleshooter tool will automatically analyze and fix problems with Windows Update, such as a corrupted download. It will also tell you if there is a pending reboot that is preventing Windows from updating.
+
+For Windows 7 and 8.1, the tool is [here](https://aka.ms/diag_wu).
+
+For Windows 10, the tool is [here](https://aka.ms/wudiag).
+
+To run the tool, click the appropriate link above. Your web browser will prompt you to save or open the file. Select **open** and the tool will automatically start. The tool will walk you through analyzing and fixing some common problems.
+
+You can also download the Windows Update Troubleshooter by starting the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/), typing **update Windows**, selecting the version of Windows you are running, and then answering **Yes** when asked "Do you need help troubleshooting Windows Update?"
+
+If any errors are displayed in the Windows Update Troubleshooter, use the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) to ask about these errors. The Virtual Agent will perform a search and provide a list of helpful links.
+
+### Repair system files
+
+This fix is also described in detail at [answers.microsoft.com](https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93).
+
+To check and repair system files:
+
+1. Click **Start**.
+2. Type **command**.
+3. Right-click **Command Prompt** and then left-click **Run as administrator**.
+4. If you are prompted by UAC, click **Yes**.
+5. Type **sfc /scannow** and press ENTER. See the following example:
+
+    ```
+    C:\>sfc /scannow
+
+    Beginning system scan.  This process will take some time.
+
+    Beginning verification phase of system scan.
+    Verification 100% complete.
+
+    Windows Resource Protection did not find any integrity violations.
+    ```
+6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example:
+
+    ```
+    C:\>DISM.exe /Online /Cleanup-image /Restorehealth
+
+    Deployment Image Servicing and Management tool
+    Version: 10.0.16299.15
+
+    Image Version: 10.0.16299.309
+
+    [==========================100.0%==========================] The restore operation completed successfully.
+    The operation completed successfully.
+
+    ```
+    >It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). 
+
+
+### Update Windows
+
+You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer.
+
+The Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) can walk you through the process of making sure that Windows is updated. 
+
+Start the [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) and then type "update windows."
+
+Answer questions that the agent asks, and follow instructions to ensure that Windows is up to date. You can also run the [Windows Update Troubleshooter](#windows-update-troubleshooter) described above.
+
+Click **Start**, click power options, and then restart the computer.
+
+### Uninstall non-Microsoft antivirus software
+
+Use Windows Defender for protection during the upgrade.
+
+Verify compatibility information, and if desired re-install antivirus applications after the upgrade. If you plan to re-install the application after upgrading, be sure that you have the installation media and all required activation information before removing the program.
+
+To remove the application, go to **Control Panel\Programs\Programs and Features** and click the antivirus application, then click Uninstall. Choose **Yes** when you are asked to confirm program removal.
+
+For more information, see [Windows 7 - How to properly uninstall programs](https://support.microsoft.com/help/2601726) or [Repair or remove programs in Windows 10](https://support.microsoft.com/help/4028054/windows-repair-or-remove-programs-in-windows-10).
+
+### Uninstall non-essential software
+
+Outdated applications can cause problems with a Windows upgrade. Removing old or non-essential applications from the computer can therefore help.
+
+If you plan to reinstall the application later, be sure that you have the installation media and all required activation information before removing it.
+
+To remove programs, use the same steps as are provided [above](#uninstall-non-microsoft-antivirus-software) for uninstalling non-Microsoft antivirus software, but instead of removing the antivirus application repeat the steps for all your non-essential, unused, or out-of-date software.
+
+### Update firmware and drivers
+
+Updating firmware (such as the BIOS) and installing hardware drivers is a somewhat advanced task.  Do not attempt to update BIOS if you aren't familiar with BIOS settings or are not sure how to restore the previous BIOS version if there are problems. Most BIOS updates are provided as a "flash" update. Your manufacturer might provide a tool to perform the update, or you might be required to enter the BIOS and update it manually. Be sure to save your working BIOS settings, since some updates can reset your configuration and make the computer fail to boot if (for example) a RAID configuration is changed.
+
+Most BIOS and other hardware updates can be obtained from a website maintained by your computer manufacturer. For example, Microsoft Surface device drivers can be obtained at: [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/en-us/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
+
+To obtain the proper firmware drivers, search for the most updated driver version provided by your computer manufacturer. Install these updates and reboot the computer after installation. Request assistance from the manufacturer if you have any questions.
+
+### Ensure that "Download and install updates" is selected
+
+When you begin a Windows Update, the setup process will ask you to **Get important updates**. Answer **Yes** if the computer you are updating is connected to the Internet. See the following example:
+
+![Get important updates](../images/update.jpg)
+
+### Verify disk space
+
+You can see a list of requirements for Windows 10 at [Windows 10 Specifications & System Requirements](https://www.microsoft.com/windows/windows-10-specifications). One of the requirements is that enough hard drive space be available for the installation to take place. At least 16 GB of free space must be available on the system drive to upgrade a 32-bit OS, or 20 GB for a 64-bit OS.
+
+To view how much hard drive space is available on your computer, open [File Explorer](https://support.microsoft.com/help/4026617/windows-windows-explorer-has-a-new-name). In Windows 7, this was called Windows Explorer.
+
+In File Explorer, click on **Computer** or **This PC** on the left, then look under **Hard Disk Drives** or under **Devices and drives**. If there are multiple drives listed, the system drive is the drive that includes a Microsoft Windows logo above the drive icon. 
+
+The amount of space available on the system drive will be displayed under the drive. See the following example:
+
+![System drive](../images/drive.png)
+
+In the previous example, there is 703 GB of available free space on the system drive (C:).
+
+To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example:
+
+![Disk cleanup](../images/cleanup.png)
+
+For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space).
+
+When you run Disk Cleanup and enable the option to Clean up system files, you can remove previous Windows installations which can free a large amount of space. You should only do this if you do not plan to restore the old OS version. 
+
+### Open an elevated command prompt
+
+To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). 
+
+Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23).
+
+If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder.
+
+If you downloaded the SetupDiag.exe program to your computer, then copied it to the folder C:\new, and you opened an elevated command prompt then typed cd c:\new to change to this directory, you can just type setupdiag and press ENTER to run the program. This program will analyze the files on your computer to see why a Windows Upgrade failed and if the reason was a common one, it will report this reason. It will not fix the problem for you but knowing why the upgrade failed enables you to take steps to fix the problem.
+
+## Related topics
+
+[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx)
+<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+<br>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
+<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
\ No newline at end of file
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
new file mode 100644
index 0000000000..ae8d50adda
--- /dev/null
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -0,0 +1,684 @@
+---
+title: Resolution procedures - Windows IT Pro
+description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.date: 03/30/2018
+ms.localizationpriority: high
+---
+
+# Resolution procedures
+
+**Applies to**
+-   Windows 10
+
+>[!NOTE]
+>This is a 200 level topic (moderate).<br>
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+
+
+## 0xC1900101
+
+A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:<br>
+
+- The minidump file: $Windows.~bt\Sources\Rollback\setupmem.dmp, 
+- Event logs: $Windows.~bt\Sources\Rollback\*.evtx 
+- The device install log: $Windows.~bt\Sources\Rollback\setupapi\setupapi.dev.log
+
+The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018).  To resolve a rollback due to driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/en-us/kb/929135) before initiating the upgrade process. 
+
+<br>See the following general troubleshooting procedures associated with a result code of 0xC1900101:
+
+
+<table border="1" cellspacing="0" cellpadding="0">
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x20004</B>
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation
+<br>This is generally caused by out-of-date drivers. 
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Uninstall antivirus applications.
+<br>Remove all unused SATA devices.
+<br>Remove all unused devices and drivers.
+<br>Update drivers and BIOS.
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x2000c</B>
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.
+<br>This is generally caused by out-of-date drivers. 
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
+<br>Contact your hardware vendor to obtain updated device drivers.
+<br>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. 
+</table>
+</td>
+</tr>
+
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x20017
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A driver has caused an illegal operation.
+<br>Windows was not able to migrate the driver, resulting in a rollback of the operating system.
+<br>This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. 
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+Ensure that all that drivers are updated.<br>
+Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
+<br>For more information, see [Understanding Failures and Log Files](https://technet.microsoft.com/en-us/library/ee851579.aspx).
+<br>Update or uninstall the problem drivers.
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x30018</B>
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A device driver has stopped responding to setup.exe during the upgrade process.
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
+<br>Contact your hardware vendor to obtain updated device drivers.
+<br>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. 
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x3000D</B>
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
+<br>This can occur due to a problem with a display driver.
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
+<br>Update or uninstall the display driver.
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x4000D</B>
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A rollback occurred due to a driver configuration issue.
+<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.  
+
+<br>This can occur due to incompatible drivers.  
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+<br>Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors. 
+<br>Review the rollback log and determine the stop code.
+<br>The rollback log is located in the **C:\$Windows.~BT\Sources\Panther** folder.  An example analysis is shown below. This example is not representative of all cases:
+<br>Info SP     Crash 0x0000007E detected
+<br>Info SP       Module name           : 
+<br>Info SP       Bugcheck parameter 1  : 0xFFFFFFFFC0000005
+<br>Info SP       Bugcheck parameter 2  : 0xFFFFF8015BC0036A
+<br>Info SP       Bugcheck parameter 3  : 0xFFFFD000E5D23728
+<br>Info SP       Bugcheck parameter 4  : 0xFFFFD000E5D22F40
+<br>Info SP     Cannot recover the system.
+<br>Info SP     Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
+
+
+<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>
+
+1. Make sure you have enough disk space.<br>
+2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>
+3. Try changing video adapters.<br>
+4. Check with your hardware vendor for any BIOS updates.<br>
+5. Disable BIOS memory options such as caching or shadowing.
+</p>
+</table>
+</td>
+</tr>
+
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x40017</B>
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows 10 upgrade failed after the second reboot.
+<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers.
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Clean boot into Windows, and then attempt the upgrade to Windows 10.<br>
+
+For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/kb/929135).
+
+<br><br>Ensure you select the option to "Download and install updates (recommended)."
+</table>
+</td>
+</tr>
+
+</table>
+
+<h2 id="0x800xxxxx">0x800xxxxx</h2>
+
+<br>Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
+
+<br>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:<br>
+
+<br><table border="1" cellspacing="0" cellpadding="0">
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+80040005 - 0x20007
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+An unspecified error occurred with a driver during the SafeOS phase.
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+This error has more than one possible cause. Attempt [quick fixes](quick-fixes.md), and if not successful, [analyze log files](log-files.md#analyze-log-files) in order to determine the problem and solution.
+
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+0x80073BC3 - 0x20009<br>
+0x8007002 - 0x20009<br>
+0x80073B92 - 0x20009
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+The requested system device cannot be found, there is a sharing violation, or there are multiple devices matching the identification criteria.
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+These errors occur during partition analysis and validation, and can be caused by the presence of multiple system partitions. For example, if you installed a new system drive but left the previous system drive connected, this can cause a conflict. To resolve the errors, disconnect or temporarily disable drives that contain the unused system partition. You can reconnect the drive after the upgrade has completed. Alternatively, you can delete the unused system partition.
+
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+800704B8 - 0x3001A
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+An extended error has occurred during the first boot phase.
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+Disable or uninstall non-Microsoft antivirus applications, disconnect all unnecessary devices, and perform a [clean boot](https://support.microsoft.com/en-us/kb/929135).
+
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+8007042B - 0x4000D
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+The installation failed during the second boot phase while attempting the MIGRATE_DATA operation. 
+<br>This issue can occur due to file system, application, or driver issues.
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+[Analyze log files](log-files.md#analyze-log-files) in order to determine the file, application, or driver that is not able to be migrated. Disconnect, update, remove, or replace the device or object.
+
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+8007001F - 0x3000D
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DATA operation.  
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+[Analyze log files](log-files.md#analyze-log-files) in order to determine the files or registry entries that are blocking data migration. 
+
+This error can be due to a problem with user profiles. It can occur due to corrupt registry entries under **HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList** or invalid files in the **\\Users** directory. 
+
+Note: If a previous upgrade did not complete, invalid profiles might exist in the **Windows.old\\Users** directory.
+
+To repair this error, ensure that deleted accounts are not still present in the Windows registry and that files under the \\Users directory are valid. Delete the invalid files or user profiles that are causing this error. The specific files and profiles that are causing the error will be recorded in the Windows setup log files.  
+
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+8007001F - 0x4000D
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+General failure, a device attached to the system is not functioning.  
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+[Analyze log files](log-files.md#analyze-log-files) in order to determine the device that is not functioning properly. Disconnect, update, or replace the device.
+
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+8007042B - 0x4001E
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+The installation failed during the second boot phase while attempting the PRE_OOBE operation.
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+This error has more than one possible cause. Attempt [quick fixes](quick-fixes.md), and if not successful, [analyze log files](log-files.md#analyze-log-files) in order to determine the problem and solution.
+
+</table>
+</td>
+</tr>
+
+</table>
+
+
+## Other result codes
+
+<table>
+
+<tr>
+<td BGCOLOR="#a0e4fa"><B>Error code</th>
+<td BGCOLOR="#a0e4fa"><B>Cause</th>
+<td BGCOLOR="#a0e4fa"><B>Mitigation</th>
+</tr>
+
+<tr>
+<td>0xC1800118</td>
+<td>WSUS has downloaded content that it cannot use due to a missing decryption key.</td>
+<td>See [Steps to resolve error 0xC1800118](https://blogs.technet.microsoft.com/wsus/2016/09/21/resolving-error-0xc1800118/) for information.</td>
+</tr>
+
+<tr>
+<td>0xC1900200</td>
+<td>Setup.exe has detected that the machine does not meet the minimum system requirements.</td>
+<td>Ensure the system you are trying to upgrade meets the minimum system requirements. <br>See [Windows 10 specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications)  for information.</td>
+</tr>
+
+
+<tr>
+<td>0x80090011</td>
+<td>A device driver error occurred during user data migration.</td>
+<td>Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process. 
+<br>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.</td>
+</tr>
+<tr>
+<td>0xC7700112</td>
+<td>Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk.</td>
+<td>This issue is resolved in the latest version of Upgrade Assistant. 
+<br>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.</td>
+</tr>
+
+<tr>
+<td>0x80190001</td>
+<td>An unexpected error was encountered while attempting to download files required for upgrade.</td>
+<td>To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10).
+</td>
+</tr>
+<tr>
+<td>0x80246007</td>
+<td>The update was not downloaded successfully.</td>
+<td>Attempt other methods of upgrading the operating system.<br>
+Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10). 
+<br>Attempt to upgrade using .ISO or USB.<br>
+**Note**: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx).
+</td>
+</tr>
+<tr>
+<td>0xC1900201</td>
+<td>The system did not pass the minimum requirements to install the update.</td>
+<td>Contact the hardware vendor to get the latest updates.</td>
+</tr>
+<tr>
+<td>0x80240017</td>
+<td>The upgrade is unavailable for this edition of Windows.</td>
+<td>Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator.</td>
+</tr>
+
+<tr>
+<td>0x80070020</td>
+<td>The existing process cannot access the file because it is being used by another process.</td>
+<td>Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/kb/929135).</td>
+</tr>
+<tr>
+<td>0x80070522</td>
+<td>The user doesn’t have required privilege or credentials to upgrade.</td>
+<td>Ensure that you have signed in as a local administrator or have local administrator privileges.</td>
+</tr>
+<tr>
+<td>0xC1900107</td>
+<td>A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.
+</td>
+<td>Reboot the device and run setup again. If restarting device does not resolve the issue, then use the Disk Cleanup utility and cleanup the temporary as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/en-us/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10).</td>
+</tr>
+<tr>
+<td>0xC1900209</td>
+<td>The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.</td>
+<td>Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](https://blogs.technet.microsoft.com/mniehaus/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe/) for more information.
+
+<br>You can also download the [Windows Assessment and Deployment Kit (ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740) and install Application Compatibility Tools.
+</td>
+</tr>
+
+
+<tr>
+<td>0x8007002 </td>
+<td>This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403)</td>
+<td>Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
+
+<br>The error 80072efe means that the connection with the server was terminated abnormally.
+
+<br>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
+</td>
+</tr>
+
+<tr>
+<td>0x80240FFF </td>
+<td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/en-us">hotfix 3095113</a>, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
+<td> You can prevent this by installing <a href="http://blogs.technet.com/b/wsus/archive/2015/12/04/important-update-for-wsus-4-0-kb-3095113.aspx">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following: 
+
+<ol>
+<li>Disable the Upgrades classification.</li>
+<li>Install hotfix 3095113.</li>
+<li>Delete previously synched updates.</li>
+<li>Enable the Upgrades classification.</li>
+<li>Perform a full synch.</li>
+</ol>
+<br>For detailed information on how to run these steps check out <a href="http://blogs.technet.com/b/wsus/archive/2016/01/30/quot-help-i-synched-upgrades-too-soon-quot.aspx">How to delete upgrades in WSUS</a>.</p>
+</td>
+</tr>
+
+<tr>
+<td>0x8007007E</td>
+<td>Occurs when update synchronization fails because you do not have <a href="https://support.microsoft.com/help/3095113/en-us">hotfix 3095113</a> installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager.</td>
+<td> Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
+
+<ol>
+<li>Stop the Windows Update service. Sign in as a user with administrative privileges, and then do the following:
+<ol>
+<li>Open <b>Administrative Tools</b> from the Control Panel.</li>
+<li>Double-click <b>Services</b>.</li>
+<li>Find the <b>Windows Update</b> service, right-click it, and then click <b>Stop</b>. If prompted, enter your credentials.</li>
+</ol>
+</li>
+<li>Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.</li>
+<li>Restart the Windows Update service.</li>
+</ol>
+</td>
+</tr>
+
+</table>
+
+## Other error codes
+
+<table>
+
+<tr><td BGCOLOR="#a0e4fa">Error Codes<td BGCOLOR="#a0e4fa">Cause<td BGCOLOR="#a0e4fa">Mitigation</td></tr>
+<tr><td>0x80070003- 0x20007
+<td>This is a failure during SafeOS phase driver installation. 
+
+<td>[Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.
+</td></tr>
+<tr><td>0x8007025D - 0x2000C
+<td>This error occurs if the ISO file's metadata is corrupt.<td>"Re-download the ISO/Media and re-attempt the upgrade.
+
+Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/en-us/software-download/windows10).
+
+</td></tr>
+<tr><td>0x80070490 - 0x20007<td>An incompatible device driver is present.
+
+<td>[Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.
+
+</td></tr>
+<tr><td>0xC1900101 - 0x2000c
+<td>An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.
+<td>Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide.
+<br>Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.</td></tr>
+<tr><td>0xC1900200 - 0x20008
+
+<td>The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.
+
+<td>See [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) and verify the computer meets minimum requirements.
+
+<br>Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/).</td></tr>
+<tr><td>0x80070004 - 0x3000D
+<td>This is a problem with data migration during the first boot phase. There are multiple possible causes.
+
+<td>[Analyze log files](log-files.md#analyze-log-files) to determine the issue.</td></tr>
+<tr><td>0xC1900101 - 0x4001E
+<td>Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.
+<td>This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section.</td></tr>
+<tr><td>0x80070005 - 0x4000D
+<td>The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.
+<td>[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access denied.</td></tr>
+<tr><td>0x80070004 - 0x50012
+<td>Windows Setup failed to open a file. 
+<td>[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access problems.</td></tr>
+<tr><td>0xC190020e 
+<br>0x80070070 - 0x50011
+<br>0x80070070 - 0x50012
+<br>0x80070070 - 0x60000
+<td>These errors indicate the computer does not have enough free space available to install the upgrade.
+<td>To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space) before proceeding with the upgrade.
+ 
+<br>Note: If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS.  Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.
+</td></tr>
+
+</table>
+
+## Related topics
+
+[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx)
+<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+<br>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
+<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
index d3d5edf9a2..8c1c9c5f20 100644
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 02/22/2018
+ms.date: 04/18/2018
 ms.localizationpriority: high
 ---
 
@@ -16,1075 +16,40 @@ ms.localizationpriority: high
 **Applies to**
 -   Windows 10
 
->**Important**: This topic contains technical instructions for IT administrators. If you are not an IT administrator, see the following topic: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
-
-## In this topic
-
-This topic contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. The following sections and procedures are provided in this guide:
-
-- [Troubleshooting upgrade errors](#troubleshooting-upgrade-errors): General advice and techniques for troubleshooting Windows 10 upgrade errors.<br>
-- [The Windows 10 upgrade process](#the-windows-10-upgrade-process): An explanation of phases used during the upgrade process.<br>
-- [Quick fixes](#quick-fixes): Steps you can take to eliminate many Windows upgrade errors.<br>
-- [Upgrade error codes](#upgrade-error-codes): The components of an error code are explained.
-    - [Result codes](#result-codes): Information about result codes.
-    - [Extend codes](#extend-codes): Information about extend codes.
-- [Windows Error Reporting](#windows-error-reporting): How to use Event Viewer to review details about a Windows 10 upgrade.
-- [Log files](#log-files): A list and description of log files useful for troubleshooting.
-    - [Log entry structure](#log-entry-structure): The format of a log entry is described.
-    - [Analyze log files](#analyze-log-files): General procedures for log file analysis, and an example.
-- [Resolution procedures](#resolution-procedures): Causes and mitigation procedures associated with specific error codes.
-    - [0xC1900101](#0xc1900101): Information about the 0xC1900101 result code.
-    - [0x800xxxxx](#0x800xxxxx): Information about result codes that start with 0x800.
-    - [Other result codes](#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
-    - [Other error codes](#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
-
-## Troubleshooting upgrade errors
-
-If a Windows 10 upgrade is not successful, it can be very helpful to understand *when* an error occurred in the upgrade process. 
-
-Briefly, the upgrade process consists of four phases: **Downlevel**, **SafeOS**, **First boot**, and **Second boot**. The computer will reboot once between each phase. 
-
-These phases are explained in greater detail [below](#the-windows-10-upgrade-process). First, let's summarize the actions performed during each phase because this affects the type of errors that can be encountered.
-
-1. **Downlevel phase**: Because this phase runs on the source OS, upgrade errors are not typically seen. If you do encounter an error, ensure the source OS is stable. Also ensure the Windows setup source and the destination drive are accessible. 
-
-2. **SafeOS phase**: Errors most commonly occur during this phase due to hardware issues, firmware issues, or non-microsoft disk encryption software.
-
-    Since the computer is booted into Windows PE during the SafeOS phase, a useful troubleshooting technique is to boot into [Windows PE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-intro) using installation media. You can use the [media creation tool](https://www.microsoft.com/software-download/windows10) to create bootable media, or you can use tools such as the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), and then boot your device from this media to test for hardware and firmware compatibility issues.
-
-    **Do not proceed with the Windows 10 installation after booting from this media**. This method can only be used to perform a clean install which will not migrate any of your apps and settings, and you will be required re-enter your Windows 10 license information.
-
-    If the computer does not successfully boot into Windows PE using the media that you created, this is likely due to a hardware or firmware issue. Check with your hardware manufacturer and apply any recommended BIOS and firmware updates. If you are still unable to boot to installation media after applying updates, disconnect or replace legacy hardware.
-
-    If the computer successfully boots into Windows PE, but you are not able to browse the system drive on the computer, it is possible that non-Microsoft disk encryption software is blocking your ability to perform a Windows 10 upgrade. Update or temporarily remove the disk encryption.
-
-3. **First boot phase**: Boot failures in this phase are relatively rare, and almost exclusively caused by device drivers.  Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade.
-
-4. **Second boot phase**: In this phase, the system is running under the target OS with new drivers. Boot failures are most commonly due to anti-virus software or filter drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, temporarily uninstall anti-virus software, then retry the upgrade.
- 
-If the general troubleshooting techniques described above or the [quick fixes](#quick-fixes) detailed below do not resolve your issue, you can attempt to analyze [log files](#log-files) and interpret [upgrade error codes](#upgrade-error-codes). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md) so that Microsoft can diagnose your issue.
-
-## The Windows 10 upgrade process
-
-The **Windows Setup** application is used to upgrade a computer to Windows 10, or to perform a clean installation. Windows Setup starts and restarts the computer, gathers information, copies files, and creates or adjusts configuration settings. 
-
-When performing an operating system upgrade, Windows Setup uses phases described below. A reboot occurs between each of the phases. After the first reboot, the user interface will remain the same until the upgrade is completed. Percent progress is displayed and will advance as you move through each phase, reaching 100% at the end of the second boot phase.
-
-1. **Downlevel phase**: The downlevel phase is run within the previous operating system. Windows files are copied and installation components are gathered.
-
-    ![downlevel phase](../images/downlevel.png)  
-
-2. **Safe OS phase**: A recovery partition is configured, Windows files are expanded, and updates are installed. An OS rollback is prepared if needed. Example error codes: 0x2000C, 0x20017.
-
-    ![safeOS phase](../images/safeos.png) 
-
-3. **First boot phase**: Initial settings are applied. Example error codes: 0x30018, 0x3000D.
-
-    ![first boot phase](../images/firstboot.png) 
-
-4. **Second boot phase**: Final settings are applied. This is also called the **OOBE boot phase**. Example error codes: 0x4000D, 0x40017. 
-
-    At the end of the second boot phase, the **Welcome to Windows 10** screen is displayed, preferences are configured, and the Windows 10 sign-in prompt is displayed.
-
-    ![second boot phase](../images/secondboot.png) 
-
-    ![second boot phase](../images/secondboot2.png) 
-
-    ![second boot phase](../images/secondboot3.png) 
-
-5. **Uninstall phase**: This phase occurs if upgrade is unsuccessful (image not shown). Example error codes: 0x50000, 0x50015.
-
-**Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown):
-
-![Upgrade process](../images/upgrade-process.png)
-
-DU = Driver/device updates.<br>
-OOBE = Out of box experience.<br>
-WIM = Windows image (Microsoft)
-
-
-## Quick fixes
-
-The following steps can resolve many Windows upgrade problems.
-
-<ol>
-<LI>Remove nonessential external hardware, such as docks and USB devices.</LI> 
-<LI>Check all hard drives for errors and attempt repairs. To automatically repair hard drives, open an elevated command prompt, switch to the drive you wish to repair, and type the following command. You will be required to reboot the computer if the hard drive being repaired is also the system drive.
-<UL>
-<LI>chkdsk /F</LI>
-</UL>
-</LI>
-<LI>Attempt to restore and repair system files by typing the following commands at an elevated command prompt. It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image).
-<UL>
-<LI>DISM.exe /Online /Cleanup-image /Restorehealth</LI>
-<LI>sfc /scannow</LI>
-</UL>
-</LI>
-<LI>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update.</LI>
-<LI>Uninstall non-Microsoft antivirus software.
-  <UL> 
-  <LI>Use Windows Defender for protection during the upgrade. 
-  <LI>Verify compatibility information and re-install antivirus applications after the upgrade.</LI></LI>
-  </UL>
-<LI>Uninstall all nonessential software.</LI>
-<LI>Update firmware and drivers.</LI>
-<LI>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.</LI>
-<LI>Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS.
-</OL>
-
-
-## Upgrade error codes
-
-If the upgrade process is not successful, Windows Setup will return two codes:
-
-1. **A result code**: The result code corresponds to a specific Win32 or NTSTATUS error.
-2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred.
-
->For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**.
-
-Note: If only a result code is returned, this can be because a tool is being used that was not able to capture the extend code. For example, if you are using the [Windows 10 Upgrade Assistant](https://support.microsoft.com/en-us/kb/3159635) then only a result code might be returned.
-
->[!TIP]
->If you are unable to locate the result and extend error codes, you can attempt to find these codes using Event Viewer.  For more information, see [Windows Error Reporting](#windows-error-reporting).
-
-### Result codes
-
->A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue. <br>To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](#resolution-procedures) section later in this topic.
-
-Result codes can be matched to the type of error encountered. To match a result code to an error:
-
-1. Identify the error code type as either Win32 or NTSTATUS using the first hexadecimal digit:
-        <br>**8** = Win32 error code (ex: 0x**8**0070070)
-        <br>**C** = NTSTATUS value (ex: 0x**C**1900107)
-2. Write down the last 4 digits of the error code (ex: 0x8007**0070** = 0070). These digits are the actual error code type as defined in the [HRESULT](https://msdn.microsoft.com/en-us/library/cc231198.aspx) or the [NTSTATUS](https://msdn.microsoft.com/en-us/library/cc231200.aspx) structure. Other digits in the code identify things such as the device type that produced the error.
-3. Based on the type of error code determined in the first step (Win32 or NTSTATUS), match the 4 digits derived from the second step to either a Win32 error code or NTSTATUS value using the following links:
-    - [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx)
-    - [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx)
-
-Examples:
-- 0x80070070 
-    - Based on the "8" this is a Win32 error code 
-    - The last four digits are 0070, so look up 0x00000070 in the [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) table
-    - The error is: **ERROR_DISK_FULL**
-- 0xC1900107 
-    - Based on the "C" this is an NTSTATUS error code
-    - The last four digits are 0107, so look up 0x00000107 in the [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx) table 
-    - The error is: **STATUS_SOME_NOT_MAPPED**
-
-Some result codes are self-explanatory, whereas others are more generic and require further analysis. In the examples shown above, ERROR_DISK_FULL indicates that the hard drive is full and additional room is needed to complete Windows upgrade. The message STATUS_SOME_NOT_MAPPED is more ambiguous, and means that an action is pending. In this case, the action pending is often the cleanup operation from a previous installation attempt, which can be resolved with a system reboot. 
-
-### Extend codes
-
->**Important**: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update.
-
-Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation:
-
-1. Use the first digit to identify the phase (ex: 0x4000D  = 4).
-2. Use the last two digits to identify the operation (ex: 0x4000D  = 0D).
-3. Match the phase and operation to values in the tables provided below.
-
-The following tables provide the corresponding phase and operation for values of an extend code:
-
-<br>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><b>Extend code: phase</b></td>
-<tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 5.4pt 0in 5.4pt'><b>Phase</b>
-<tr><td style='padding:0in 4pt 0in 4pt'>0<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_UNKNOWN
-<tr><td style='padding:0in 4pt 0in 4pt'>1<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_DOWNLEVEL
-<tr><td style='padding:0in 4pt 0in 4pt'>2<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_SAFE_OS
-<tr><td style='padding:0in 4pt 0in 4pt'>3<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_FIRST_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'>4<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_OOBE_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'>5<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_UNINSTALL
-</table>
-
-
-<table border="0" style='border-collapse:collapse;border:none'>
-<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><B>Extend code: operation</B></td>
-<tr><td align="left" valign="top" style='border:dotted #A6A6A6 1.0pt;'>
-<table>
-<tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 4pt 0in 4pt'><span style='padding:0in 5.4pt 0in 5.4pt;'><b>Operation</b>
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>0<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_UNKNOWN
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_COPY_PAYLOAD
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>2<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_DOWNLOAD_UPDATES
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>3<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_INSTALL_UPDATES
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>4<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_INSTALL_RECOVERY_ENVIRONMENT
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>5<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_INSTALL_RECOVERY_IMAGE
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>6<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_REPLICATE_OC
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>7<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_INSTALL_DRVIERS
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>8<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PREPARE_SAFE_OS
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>9<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PREPARE_ROLLBACK
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>A<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PREPARE_FIRST_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>B<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PREPARE_OOBE_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>C<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_APPLY_IMAGE
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>D<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_MIGRATE_DATA
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>E<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_SET_PRODUCT_KEY
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>F<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_ADD_UNATTEND
-</table>
-</td>
-<td align="left" valign="top" style='border:dotted #A6A6A6 1.0pt;'>
-<table>
-<tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 4pt 0in 4pt'><b>Operation</b>
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>10<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_ADD_DRIVER
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>11<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_ENABLE_FEATURE
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>12<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_DISABLE_FEATURE
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>13<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_REGISTER_ASYNC_PROCESS
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>14<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_REGISTER_SYNC_PROCESS
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>15<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_CREATE_FILE
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>16<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_CREATE_REGISTRY
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>17<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>18<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_SYSPREP
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>19<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_OOBE
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1A<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_BEGIN_FIRST_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1B<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_END_FIRST_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1C<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_BEGIN_OOBE_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1D<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_END_OOBE_BOOT
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1E<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PRE_OOBE
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1F<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_POST_OOBE
-<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>20<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_ADD_PROVISIONING_PACKAGE
-</table>
-</td>
-</tr>
-</table>
-
-For example: An extend code of **0x4000D**, represents a problem during phase 4 (**0x4**) with data migration (**000D**).
-
-## Windows Error Reporting
-
-When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**.  You can use Event Viewer to review this event, or you can use Windows PowerShell.
-
-To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt:
-
-```
-$events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"}
-$event = [xml]$events[0].ToXml()
-$event.Event.EventData.Data
-```
-
-To use Event Viewer: 
-1. Open Event Viewer and navigate to **Windows Logs\Application**.
-2. Click **Find**, and then search for **winsetupdiag02**.
-3. Double-click the event that is highlighted.
-
-Note: For legacy operating systems, the Event Name was WinSetupDiag01. 
-
-Ten parameters are listed in the event:
-<br>
-<table border="0">
-<tr><td>P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool)</td></tr>
-<tr><td>P2: Setup Mode (x=default,1=Downlevel,5=Rollback)</td></tr>
-<tr><td>P3: New OS Architecture (x=default,0=X86,9=AMD64)</td></tr>
-<tr><td>P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked)</td></tr>
-<tr><td><b>P5: Result Error Code</b>  (Ex: 0xc1900101)</td></tr>
-<tr><td><b>P6: Extend Error Code</b>  (Ex: 0x20017)</td></tr>
-<tr><td>P7: Source OS build (Ex: 9600)</td></tr>
-<tr><td>P8: Source OS branch (not typically available)</td></tr>
-<tr><td>P9: New OS build (Ex: 16299}</td></tr>
-<tr><td>P10: New OS branch (Ex: rs3_release}</td></tr>
-</table>
-
-The event will also contain links to log files that can be used to perform a detailed diagnosis of the error.  An example of this event from a successful upgrade is shown below.
-
-![Windows Error Reporting](../images/event.png)
-
-## Log files
-
-Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code. 
-
-Note: Also see the [Windows Error Reporting](#windows-error-reporting) section in this document for help locating error codes and log files. 
-
-The following table describes some log files and how to use them for troubleshooting purposes:<br>
-
-<br>
-
-<table>
-<tr><td BGCOLOR="#a0e4fa"><B>Log file</td><td BGCOLOR="#a0e4fa"><B>Phase: Location</td><td BGCOLOR="#a0e4fa"><B>Description</td><td BGCOLOR="#a0e4fa"><B>When to use</td>
-<tr><td rowspan="5">setupact.log</td><td>Down-Level:<br>$Windows.~BT\Sources\Panther</td><td>Contains information about setup actions during the downlevel phase. </td>
-<td>All down-level failures and starting point for rollback investigations.<br> This is the most important log for diagnosing setup issues.</td>
-<tr><td>OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC</td>
-<td>Contains information about actions during the OOBE phase.</td><td>Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.</td>
-<tr><td>Rollback:<br>$Windows.~BT\Sources\Rollback<td>Contains information about actions during rollback.<td>Investigating generic rollbacks - 0xC1900101.</td>
-<tr><td>Pre-initialization (prior to downlevel):<br>Windows</td><td>Contains information about initializing setup.<td>If setup fails to launch.</td>
-<tr><td>Post-upgrade (after OOBE):<br>Windows\Panther<td>Contains information about setup actions during the installation.<td>Investigate post-upgrade related issues.</td>
-<tr><td>setuperr.log<td>Same as setupact.log<td>Contains information about setup errors during the installation.<td>Review all errors encountered during the installation phase.</td>
-<tr><td>miglog.xml<td>Post-upgrade (after OOBE):<br>Windows\Panther<td>Contains information about what was migrated during the installation.<td>Identify post upgrade data migration issues.</td>
-<tr><td>BlueBox.log<td>Down-Level:<br>Windows\Logs\Mosetup<td>Contains information communication between setup.exe and Windows Update.<td>Use during WSUS and WU down-level failures or for 0xC1900107.</td>
-<tr><td>Supplemental rollback logs:<br>
-Setupmem.dmp<br>
-setupapi.dev.log<br>
-Event logs (*.evtx)</td>
-<td>$Windows.~BT\Sources\Rollback<td>Additional logs collected during rollback.</td>
-<td>
-Setupmem.dmp: If OS bugchecks during upgrade, setup will attempt to extract a mini-dump.<br>
-Setupapi: Device install issues - 0x30018<br>
-Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.</td>
-</table>
-
-### Log entry structure
-
-A setupact.log or setuperr.log entry includes the following elements:
-
-<ol>
-<LI><B>The date and time</B> - 2016-09-08 09:20:05.
-<LI><B>The log level</B> - Info, Warning, Error, Fatal Error.
-<LI><B>The logging component</B> - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
-<UL>
-<LI>The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors.
-</UL>
-<LI><B>The message</B> - Operation completed successfully.
-</OL>
-
-See the following example:
-
-| Date/Time | Log level | Component | Message |
-|------|------------|------------|------------|
-|2016-09-08 09:23:50,|  Warning |         MIG  |   Could not replace object C:\Users\name\Cookies. Target Object cannot be removed.|
-
-
-### Analyze log files
-
->The following instructions are meant for IT professionals. Also see the [Upgrade error codes](#upgrade-error-codes) section in this guide to familiarize yourself with [result codes](#result-codes) and [extend codes](#extend-codes).
-
-<br>To analyze Windows Setup log files:
-
-<ol>
-<LI>Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process.
-<LI>Based on the [extend code](#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
-<LI>Open the log file in a text editor, such as notepad.
-<LI>Using the [result code](#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
-<LI>To find the last occurrence of the result code:
-  <OL type="a">
-  <LI>Scroll to the bottom of the file and click after the last character.
-  <LI>Click <B>Edit</B>.
-  <LI>Click <B>Find</B>.
-  <LI>Type the result code.
-  <LI>Under <B>Direction</B> select <b>Up</b>.
-  <LI>Click <b>Find Next</b>.
-  </OL>
-<LI> When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code.
-<LI> Search for the following important text strings:
-  <UL>
-  <LI><B>Shell application requested abort</B>
-  <LI><B>Abandoning apply due to error for object</B>
-  </UL>
-<LI> Decode Win32 errors that appear in this section.
-<LI> Write down the timestamp for the observed errors in this section.
-<LI> Search other log files for additional information matching these timestamps or errors.
-</OL>
-
-For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file:
-
->Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN."
-
-<br><B>setuperr.log</B> content:
-
-<pre style="font-size: 10px; overflow-y: visible">
-27:08, Error           SP     Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
-27:08, Error           MIG    Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
-27:08, Error                  Gather failed. Last error: 0x00000000
-27:08, Error           SP     SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
-27:09, Error           SP     CMigrateFramework: Gather framework failed. Status: 44
-27:09, Error           SP     Operation failed: Migrate framework (Full). Error: 0x8007042B[gle=0x000000b7]
-27:09, Error           SP     Operation execution failed: 13. hr = 0x8007042B[gle=0x000000b7]
-27:09, Error           SP     CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7]
-</PRE>
-
-The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below):
-
-<pre style="font-size: 10px; overflow-y: visible">
-27:08, Error           SP     Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
-</PRE>
-
-</B>The error 0x00000570 is a [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
-
-Therefore, Windows Setup failed because it was not able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**.  This file is a local system certificate and can be safely deleted. Searching the setupact.log file for additional details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
-
-<br><B>setupact.log</B> content:
-
-<pre style="font-size: 10px; overflow-y: visible">
-27:00, Info                   Gather started at 10/5/2016 23:27:00
-27:00, Info [0x080489] MIG    Setting system object filter context (System)
-27:00, Info [0x0803e5] MIG    Not unmapping HKCU\Software\Classes; it is not mapped
-27:00, Info [0x0803e5] MIG    Not unmapping HKCU; it is not mapped
-27:00, Info            SP     ExecuteProgress: Elapsed events:1 of 4, Percent: 12
-27:00, Info [0x0802c6] MIG    Processing GATHER for migration unit: <System>\UpgradeFramework (CMXEAgent)
-27:08, Error           SP     Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
-27:08, Error           MIG    Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
-27:08, Info            SP     ExecuteProgress: Elapsed events:2 of 4, Percent: 25
-27:08, Info            SP     ExecuteProgress: Elapsed events:3 of 4, Percent: 37
-27:08, Info [0x080489] MIG    Setting system object filter context (System)
-27:08, Info [0x0803e5] MIG    Not unmapping HKCU\Software\Classes; it is not mapped
-27:08, Info [0x0803e5] MIG    Not unmapping HKCU; it is not mapped
-27:08, Info            MIG    COutOfProcPluginFactory::FreeSurrogateHost: Shutdown in progress.
-27:08, Info            MIG    COutOfProcPluginFactory::LaunchSurrogateHost::CommandLine: -shortened-
-27:08, Info            MIG    COutOfProcPluginFactory::LaunchSurrogateHost: Successfully launched host and got control object.
-27:08, Error                  Gather failed. Last error: 0x00000000
-27:08, Info                   Gather ended at 10/5/2016 23:27:08 with result 44
-27:08, Info                   Leaving MigGather method
-27:08, Error           SP     SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
-</pre>
-
-
-<br>This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is  C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. 
-
-## Resolution procedures
-
-### 0xC1900101
-
-A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:<br>
-
-- The minidump file: $Windows.~bt\Sources\Rollback\setupmem.dmp, 
-- Event logs: $Windows.~bt\Sources\Rollback\*.evtx 
-- The device install log: $Windows.~bt\Sources\Rollback\setupapi\setupapi.dev.log
-
-The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018).  To resolve a rollback due to driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/en-us/kb/929135) before initiating the upgrade process. 
-
-<br>See the following general troubleshooting procedures associated with a result code of 0xC1900101:
-
-
-<table border="1" cellspacing="0" cellpadding="0">
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x20004</B>
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation
-<br>This is generally caused by out-of-date drivers. 
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Uninstall antivirus applications.
-<br>Remove all unused SATA devices.
-<br>Remove all unused devices and drivers.
-<br>Update drivers and BIOS.
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x2000c</B>
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.
-<br>This is generally caused by out-of-date drivers. 
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
-<br>Contact your hardware vendor to obtain updated device drivers.
-<br>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. 
-</table>
-</td>
-</tr>
-
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x20017
-
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A driver has caused an illegal operation.
-<br>Windows was not able to migrate the driver, resulting in a rollback of the operating system.
-<br>This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. 
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-Ensure that all that drivers are updated.<br>
-Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
-<br>For more information, see [Understanding Failures and Log Files](https://technet.microsoft.com/en-us/library/ee851579.aspx).
-<br>Update or uninstall the problem drivers.
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x30018</B>
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A device driver has stopped responding to setup.exe during the upgrade process.
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
-<br>Contact your hardware vendor to obtain updated device drivers.
-<br>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. 
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x3000D</B>
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
-<br>This can occur due to a problem with a display driver.
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
-<br>Update or uninstall the display driver.
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x4000D</B>
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A rollback occurred due to a driver configuration issue.
-<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.  
-
-<br>This can occur due to incompatible drivers.  
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-<br>Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors. 
-<br>Review the rollback log and determine the stop code.
-<br>The rollback log is located in the **C:\$Windows.~BT\Sources\Panther** folder.  An example analysis is shown below. This example is not representative of all cases:
-<br>Info SP     Crash 0x0000007E detected
-<br>Info SP       Module name           : 
-<br>Info SP       Bugcheck parameter 1  : 0xFFFFFFFFC0000005
-<br>Info SP       Bugcheck parameter 2  : 0xFFFFF8015BC0036A
-<br>Info SP       Bugcheck parameter 3  : 0xFFFFD000E5D23728
-<br>Info SP       Bugcheck parameter 4  : 0xFFFFD000E5D22F40
-<br>Info SP     Cannot recover the system.
-<br>Info SP     Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
-
-
-<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>
-
-1. Make sure you have enough disk space.<br>
-2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>
-3. Try changing video adapters.<br>
-4. Check with your hardware vendor for any BIOS updates.<br>
-5. Disable BIOS memory options such as caching or shadowing.
-</p>
-</table>
-</td>
-</tr>
-
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x40017</B>
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows 10 upgrade failed after the second reboot.
-<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers.
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Clean boot into Windows, and then attempt the upgrade to Windows 10.<br>
-
-For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/kb/929135).
-
-<br><br>Ensure you select the option to "Download and install updates (recommended)."
-</table>
-</td>
-</tr>
-
-</table>
-
-<h3 id="0x800xxxxx">0x800xxxxx</h3>
-
-<br>Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
-
-<br>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:<br>
-
-<br><table border="1" cellspacing="0" cellpadding="0">
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-80040005 - 0x20007
-
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-An unspecified error occurred with a driver during the SafeOS phase.
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-This error has more than one possible cause. Attempt [quick fixes](#quick-fixes), and if not successful, [analyze log files](#analyze-log-files) in order to determine the problem and solution.
-
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-0x80073BC3 - 0x20009<br>
-0x8007002 - 0x20009<br>
-0x80073B92 - 0x20009
-
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-The requested system device cannot be found, there is a sharing violation, or there are multiple devices matching the identification criteria.
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-These errors occur during partition analysis and validation, and can be caused by the presence of multiple system partitions. For example, if you installed a new system drive but left the previous system drive connected, this can cause a conflict. To resolve the errors, disconnect or temporarily disable drives that contain the unused system partition. You can reconnect the drive after the upgrade has completed. Alternatively, you can delete the unused system partition.
-
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-800704B8 - 0x3001A
-
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-An extended error has occurred during the first boot phase.
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-Disable or uninstall non-Microsoft antivirus applications, disconnect all unnecessary devices, and perform a [clean boot](https://support.microsoft.com/en-us/kb/929135).
-
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-8007042B - 0x4000D
-
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-The installation failed during the second boot phase while attempting the MIGRATE_DATA operation. 
-<br>This issue can occur due to file system, application, or driver issues.
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-[Analyze log files](#analyze-log-files) in order to determine the file, application, or driver that is not able to be migrated. Disconnect, update, remove, or replace the device or object.
-
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-8007001F - 0x3000D
-
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DATA operation.  
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-[Analyze log files](#analyze-log-files) in order to determine the files or registry entries that are blocking data migration. 
-
-This error can be due to a problem with user profiles. It can occur due to corrupt registry entries under **HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList** or invalid files in the **\\Users** directory. 
-
-Note: If a previous upgrade did not complete, invalid profiles might exist in the **Windows.old\\Users** directory.
-
-To repair this error, ensure that deleted accounts are not still present in the Windows registry and that files under the \\Users directory are valid. Delete the invalid files or user profiles that are causing this error. The specific files and profiles that are causing the error will be recorded in the Windows setup log files.  
-
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-8007001F - 0x4000D
-
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-General failure, a device attached to the system is not functioning.  
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-[Analyze log files](#analyze-log-files) in order to determine the device that is not functioning properly. Disconnect, update, or replace the device.
-
-</table>
-</td>
-</tr>
-
-<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-8007042B - 0x4001E
-
-</table>
-
-<br><table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-The installation failed during the second boot phase while attempting the PRE_OOBE operation.
-
-</table>
-</td>
-
-<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
-
-<table cellspacing="0" cellpadding="0">
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
-<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
-
-This error has more than one possible cause. Attempt [quick fixes](#quick-fixes), and if not successful, [analyze log files](#analyze-log-files) in order to determine the problem and solution.
-
-</table>
-</td>
-</tr>
-
-</table>
-
-
-### Other result codes
-
-<table>
-
-<tr>
-<td BGCOLOR="#a0e4fa"><B>Error code</th>
-<td BGCOLOR="#a0e4fa"><B>Cause</th>
-<td BGCOLOR="#a0e4fa"><B>Mitigation</th>
-</tr>
-
-<tr>
-<td>0xC1800118</td>
-<td>WSUS has downloaded content that it cannot use due to a missing decryption key.</td>
-<td>See [Steps to resolve error 0xC1800118](https://blogs.technet.microsoft.com/wsus/2016/09/21/resolving-error-0xc1800118/) for information.</td>
-</tr>
-
-<tr>
-<td>0xC1900200</td>
-<td>Setup.exe has detected that the machine does not meet the minimum system requirements.</td>
-<td>Ensure the system you are trying to upgrade meets the minimum system requirements. <br>See [Windows 10 specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications)  for information.</td>
-</tr>
-
-
-<tr>
-<td>0x80090011</td>
-<td>A device driver error occurred during user data migration.</td>
-<td>Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process. 
-<br>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.</td>
-</tr>
-<tr>
-<td>0xC7700112</td>
-<td>Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk.</td>
-<td>This issue is resolved in the latest version of Upgrade Assistant. 
-<br>Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.</td>
-</tr>
-
-<tr>
-<td>0x80190001</td>
-<td>An unexpected error was encountered while attempting to download files required for upgrade.</td>
-<td>To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10).
-</td>
-</tr>
-<tr>
-<td>0x80246007</td>
-<td>The update was not downloaded successfully.</td>
-<td>Attempt other methods of upgrading the operating system.<br>
-Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10). 
-<br>Attempt to upgrade using .ISO or USB.<br>
-**Note**: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx).
-</td>
-</tr>
-<tr>
-<td>0xC1900201</td>
-<td>The system did not pass the minimum requirements to install the update.</td>
-<td>Contact the hardware vendor to get the latest updates.</td>
-</tr>
-<tr>
-<td>0x80240017</td>
-<td>The upgrade is unavailable for this edition of Windows.</td>
-<td>Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator.</td>
-</tr>
-
-<tr>
-<td>0x80070020</td>
-<td>The existing process cannot access the file because it is being used by another process.</td>
-<td>Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/kb/929135).</td>
-</tr>
-<tr>
-<td>0x80070522</td>
-<td>The user doesn’t have required privilege or credentials to upgrade.</td>
-<td>Ensure that you have signed in as a local administrator or have local administrator privileges.</td>
-</tr>
-<tr>
-<td>0xC1900107</td>
-<td>A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.
-</td>
-<td>Reboot the device and run setup again. If restarting device does not resolve the issue, then use the Disk Cleanup utility and cleanup the temporary as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/en-us/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10).</td>
-</tr>
-<tr>
-<td>0xC1900209</td>
-<td>The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.</td>
-<td>Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](https://blogs.technet.microsoft.com/mniehaus/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe/) for more information.
-
-<br>You can also download the [Windows Assessment and Deployment Kit (ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740) and install Application Compatibility Tools.
-</td>
-</tr>
-
-
-<tr>
-<td>0x8007002 </td>
-<td>This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403)</td>
-<td>Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
-
-<br>The error 80072efe means that the connection with the server was terminated abnormally.
-
-<br>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
-</td>
-</tr>
-
-<tr>
-<td>0x80240FFF </td>
-<td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/en-us">hotfix 3095113</a>, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
-<td> You can prevent this by installing <a href="http://blogs.technet.com/b/wsus/archive/2015/12/04/important-update-for-wsus-4-0-kb-3095113.aspx">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following: 
-
-<ol>
-<li>Disable the Upgrades classification.</li>
-<li>Install hotfix 3095113.</li>
-<li>Delete previously synched updates.</li>
-<li>Enable the Upgrades classification.</li>
-<li>Perform a full synch.</li>
-</ol>
-<br>For detailed information on how to run these steps check out <a href="http://blogs.technet.com/b/wsus/archive/2016/01/30/quot-help-i-synched-upgrades-too-soon-quot.aspx">How to delete upgrades in WSUS</a>.</p>
-</td>
-</tr>
-
-<tr>
-<td>0x8007007E</td>
-<td>Occurs when update synchronization fails because you do not have <a href="https://support.microsoft.com/help/3095113/en-us">hotfix 3095113</a> installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager.</td>
-<td> Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
-
-<ol>
-<li>Stop the Windows Update service. Sign in as a user with administrative privileges, and then do the following:
-<ol>
-<li>Open <b>Administrative Tools</b> from the Control Panel.</li>
-<li>Double-click <b>Services</b>.</li>
-<li>Find the <b>Windows Update</b> service, right-click it, and then click <b>Stop</b>. If prompted, enter your credentials.</li>
-</ol>
-</li>
-<li>Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.</li>
-<li>Restart the Windows Update service.</li>
-</ol>
-</td>
-</tr>
-
-</table>
-
-### Other error codes
-
-<table>
-
-<tr><td BGCOLOR="#a0e4fa">Error Codes<td BGCOLOR="#a0e4fa">Cause<td BGCOLOR="#a0e4fa">Mitigation</td></tr>
-<tr><td>0x80070003- 0x20007
-<td>This is a failure during SafeOS phase driver installation. 
-
-<td>[Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](#analyze-log-files) to determine the problem driver.
-</td></tr>
-<tr><td>0x8007025D - 0x2000C
-<td>This error occurs if the ISO file's metadata is corrupt.<td>"Re-download the ISO/Media and re-attempt the upgrade.
-
-Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/en-us/software-download/windows10).
-
-</td></tr>
-<tr><td>0x80070490 - 0x20007<td>An incompatible device driver is present.
-
-<td>[Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](#analyze-log-files) to determine the problem driver.
-
-</td></tr>
-<tr><td>0xC1900101 - 0x2000c
-<td>An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.
-<td>Run checkdisk to repair the file system. For more information, see the [quick fixes](#quick-fixes) section in this guide.
-<br>Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.</td></tr>
-<tr><td>0xC1900200 - 0x20008
-
-<td>The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.
-
-<td>See [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) and verify the computer meets minimum requirements.
-
-<br>Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/).</td></tr>
-<tr><td>0x80070004 - 0x3000D
-<td>This is a problem with data migration during the first boot phase. There are multiple possible causes.
-
-<td>[Analyze log files](#analyze-log-files) to determine the issue.</td></tr>
-<tr><td>0xC1900101 - 0x4001E
-<td>Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.
-<td>This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section.</td></tr>
-<tr><td>0x80070005 - 0x4000D
-<td>The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.
-<td>[Analyze log files](#analyze-log-files) to determine the data point that is reporting access denied.</td></tr>
-<tr><td>0x80070004 - 0x50012
-<td>Windows Setup failed to open a file. 
-<td>[Analyze log files](#analyze-log-files) to determine the data point that is reporting access problems.</td></tr>
-<tr><td>0xC190020e 
-<br>0x80070070 - 0x50011
-<br>0x80070070 - 0x50012
-<br>0x80070070 - 0x60000
-<td>These errors indicate the computer does not have enough free space available to install the upgrade.
-<td>To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space) before proceeding with the upgrade.
- 
-<br>Note: If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS.  Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.
-</td></tr>
-
-</table>
-
-
-
+>[!IMPORTANT]
+>This article contains technical instructions for IT administrators. If you are not an IT administrator, try some of the [quick fixes](quick-fixes.md) described in this article then contact [Microsoft Support](https://support.microsoft.com/contactus/) starting with the Virtual Agent. To talk to a person about your issue, click **Get started** to interact with the Virtual Agent, then enter "Talk to a person" two times. The Virtual Agent can also help you to resolve many Windows upgrade issues. Also see: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors) and [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
+
+This article contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. 
+
+The article was originally one page, but has been divided into sub-topics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
+
+The following four levels are assigned:
+
+Level 100: Basic <br>
+Level 200: Moderate <br>
+Level 300: Moderate advanced <br>
+Level 400: Advanced <br>
+
+## In this guide
+
+See the following topics in this article:
+
+- [Quick fixes](quick-fixes.md): \Level 100\ Steps you can take to eliminate many Windows upgrade errors.<br>
+- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help you isolate the root cause of an upgrade failure.
+- [Troubleshooting upgrade errors](troubleshoot-upgrade-errors.md): \Level 300\ General advice and techniques for troubleshooting Windows 10 upgrade errors, and an explanation of phases used during the upgrade process.<br>
+- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows 10 upgrade.
+- [Upgrade error codes](upgrade-error-codes.md): \Level 400\ The components of an error code are explained.
+    - [Result codes](upgrade-error-codes.md#result-codes): Information about result codes.
+    - [Extend codes](upgrade-error-codes.md#extend-codes): Information about extend codes.
+- [Log files](log-files.md): \Level 400\ A list and description of log files useful for troubleshooting.
+    - [Log entry structure](log-files.md#log-entry-structure): The format of a log entry is described.
+    - [Analyze log files](log-files.md#analyze-log-files): General procedures for log file analysis, and an example.
+- [Resolution procedures](resolution-procedures.md): \Level 200\ Causes and mitigation procedures associated with specific error codes.
+    - [0xC1900101](resolution-procedures.md#0xc1900101): Information about the 0xC1900101 result code.
+    - [0x800xxxxx](resolution-procedures.md#0x800xxxxx): Information about result codes that start with 0x800.
+    - [Other result codes](resolution-procedures.md#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
+    - [Other error codes](resolution-procedures.md#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
+- [Submit Windows 10 upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis.
 
 ## Related topics
 
@@ -1093,3 +58,4 @@ Alternatively, re-create installation media the [Media Creation Tool](https://ww
 <br>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
 <br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
 <br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
+<br>
\ No newline at end of file
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
new file mode 100644
index 0000000000..32859c06fe
--- /dev/null
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -0,0 +1,251 @@
+---
+title: SetupDiag
+description: How to use the SetupDiag tool to diagnose Windows Setup errors
+keywords: deploy, troubleshoot, windows, 10, upgrade, update, setup, diagnose
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.date: 04/11/2018
+ms.localizationpriority: high
+---
+
+# SetupDiag
+
+**Applies to**
+-   Windows 10
+
+>[!NOTE]
+>This is a 300 level topic (moderate advanced).<br>
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+
+[SetupDiag.exe](https://go.microsoft.com/fwlink/?linkid=870142) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
+
+SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.
+
+See the [Release notes](#release-notes) section at the bottom of this topic for information about updates to this tool. 
+
+## Requirements
+
+1. The destination OS must be Windows 10.
+2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you are not sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](https://docs.microsoft.com/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions:
+
+    ```
+    reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s
+    ```
+
+## Parameters
+
+| Parameter | Description |
+| --- | --- |
+| /? | <ul><li>Displays interactive help</ul> |
+| /Output:\<path to results file\> | <ul><li>This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine.  Only text format output is supported.  UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path.  If the path has a space in it, you must enclose the entire path in double quotes (see the example section below). <li>Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same  directory where SetupDiag.exe is run.</ul> |
+| /Mode:\<Offline \| Online\>  |  <ul><li>This optional parameter allows you to specify the mode in which SetupDiag will operate: Offline or Online.<li>Offline: tells SetupDiag to run against a set of log files already captured from a failed system.  In this mode you can run anywhere you have access to the log files.  This mode does not require SetupDiag to be run on the computer that failed to update. When you specify offline mode, you must also specify the /LogsPath: parameter.<li>Online: tells SetupDiag that it is being run on the computer that failed to update. SetupDiag will attempt find log files and resources in standard Windows locations, such as the **%SystemDrive%\$Windows.~bt** directory for setup log files.<li>Log file search paths are configurable in the SetupDiag.exe.config file, under the SearchPath key.  Search paths are comma separated.  Note: A large number of search paths will extend the time required for SetupDiag to return results.<li>Default: If not specified, SetupDiag will run in Online mode.</ul> |
+| /LogsPath:\<Path to logs\> | <ul><li>This optional parameter is required only when **/Mode:Offline** is specified.  This tells SetupDiag.exe where to find the log files. These log files can be in a flat folder format, or containing multiple subdirectories.  SetupDiag will recursively search all child directories. This parameter should be omitted when the **/Mode:Online** is specified.</ul> |
+| /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file continuing its results and all the log files it parsed.  The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
+| /Verbose | <ul><li>This optional parameter will output much more data to the log file produced by SetupDiag.exe.  By default SetupDiag will only produce a log file entry for serious errors.  Using **/Verbose** will cause SetupDiag to always produce a log file with debugging details, which can be useful when reporting a problem with SetupDiag.</ul> |
+
+### Examples:
+
+In the following example, SetupDiag is run with default parameters (online mode, results file is SetupDiagResults.log in the same folder where SetupDiag is run).
+
+```
+SetupDiag.exe
+```
+
+In the following example, SetupDiag is specified to run in Online mode (this is the default).  It will know where to look for logs on the current (failing) system, so there is no need to gather logs ahead of time. A custom location for results is specified.
+
+```
+SetupDiag.exe /Output:C:\SetupDiag\Results.log /Mode:Online
+```
+
+The following example uses the /Output parameter to save results to a path name that contains a space:
+
+```
+SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log"
+```
+
+The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**.
+
+```
+SetupDiag.exe /Output:C:\SetupDiag\Results.log /Mode:Offline /LogsPath:D:\Temp\Logs\LogSet1
+```
+
+## Log files
+
+[Windows Setup Log Files and Event Logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location:
+
+\\$Windows.~bt\sources\panther
+<br>\\$Windows.~bt\Sources\Rollback
+<br>\Windows\Panther
+<br>\Windows\Panther\NewOS
+
+If you copy the parent folder and all sub-folders, SetupDiag will automatically search for log files in all subdirectories.
+
+## Setup bug check analysis
+
+When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error.
+
+If crash dumps [are enabled](https://docs.microsoft.com/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup related minidumps.
+
+To debug a setup related bug check, you must:
+- Specify the **/Mode:Offline** and **/LogsPath** parameters. You cannot debug memory dumps in online mode. 
+- Gather the setup memory dump file (setupmem.dmp) from the failing system. 
+    - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs.
+- Install the [Windows Debugging Tools](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag.
+
+In the following example, the **setupmem.dmp** file is copied to the **D:\Dump** directory and the Windows Debugging Tools are installed prior to running SetupDiag:
+
+```
+SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /Mode:Offline /LogsPath:D:\Dump
+```
+
+## Known issues
+
+1. Some rules can take a long time to process if the log files involved are large.
+2. SetupDiag only outputs data in a text format. If another format is desired, please provide this [feedback](#feedback).
+3. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause.  In this case, try gathering the log files and running SetupDiag in offline mode.
+
+
+## Sample output
+
+The following is an example where SetupDiag is run in offline mode. In this example, it is found that disk space is not sufficient to complete Windows Setup:
+
+```
+C:\setupdiag>SetupDiag /Output:C:\setupdiag\results.log /Mode:Offline /LogsPath:C:\setupdiag\logfiles
+
+
+SetupDiag v1.00
+Copyright (c) Microsoft Corporation. All rights reserved.
+
+
+Searching for setup logs, this can take a minute or more depending on the number and size of the logs...please wait.
+        Found 1 setupact.logs.
+        Processing setupact.log 1 of 1
+Gathering information from setup logs.
+
+SetupDiag: processing rule: CompatScanOnly.
+...No match.
+
+
+SetupDiag: processing rule: BitLockerHardblock.
+...No match.
+
+
+SetupDiag: processing rule: VHDHardblock.
+...No match.
+
+
+SetupDiag: processing rule: PortableWorkspaceHardblock.
+...No match.
+
+
+SetupDiag: processing rule: AuditModeHardblock.
+...No match.
+
+
+SetupDiag: processing rule: SafeModeHardblock.
+...No match.
+
+
+SetupDiag: processing rule: InsufficientSystemPartitionDiskSpaceHardblock.
+...No match.
+
+
+SetupDiag: processing rule: HardblockApplication.
+...No match.
+
+
+SetupDiag: processing rule: HardblockDeviceOrDriver.
+...No match.
+
+
+SetupDiag: processing rule: HardblockMismatchedLanguage.
+..No match.
+
+
+SetupDiag: processing rule: HardblockFlightSigning.
+..No match.
+
+
+SetupDiag: processing rule: DiskSpaceBlockInDownLevel.
+...
+
+Matching Profile found: DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E
+Warning: Found Disk Space Hard Block.
+Warning: You must free up at least 6603 MB of space on the System Drive, and try again.
+
+SetupDiag found 1 matching issue.
+SetupDiag results were logged to: c:\setupdiag\results.log
+Logs ZipFile created at: c:\setupdiag\Logs.zip
+
+```
+
+## Rules
+
+When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file which is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. See [Release notes](#release-notes) for more information.
+
+Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS.
+
+1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D
+    - This rule indicates that setup.exe was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade.
+2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE
+    - This is a block when the target OS does not support BitLocker, yet the host OS has BitLocker enabled.
+3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC
+    - This block happens when the host OS is booted to a VHD image.  Upgrade is not supported when the host OS is booted from a VHD image.
+4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280
+    - This indicates that the host OS is booted from a Windows To-Go device (USB key).  Upgrade is not supported in the Windows To-Go environment.
+5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90
+    - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state.  Upgrade is not supported from this state.
+6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B
+    - This block indicates that the host OS is booted to Safe Mode, where upgrade is not supported.
+7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1
+    - This block is encountered when setup determines the system partition (where the boot loader files are stored) does not have enough space to be serviced with the newer boot files required during the upgrade process.
+8. HardblockApplication - D6FBF046-5927-4FCD-B998-FE21CA7F6AC9
+    - This rule indicates the host OS had one or more hard blocked applications that need to be uninstalled prior to continuing.  This typically is only a problem when /Quiet is specified on the command line.
+9. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B
+    - This indicates a device driver that is loaded on the host OS is not compatible with the newer OS version and needs to be removed prior to the upgrade.
+10. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45
+    - This rule indicates the host OS and the target OS language editions do not match.
+11. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8
+    - This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled.  This will block the pre-release signed build from booting if installed on the machine.
+12. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E
+    - This failure indicates the system ran out of disk space during the down-level operations of upgrade.
+13. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191
+    - This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade.
+14. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6
+    - This failure rule indicates the system hung or bug checked during the device installation phase of upgrade. 
+15. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6
+    - This offline only rule indicates a bug check occurred during setup.  If the debugger tools are available on the system, SetupDiag will debug the memory dump and provide details.
+16. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1
+    - This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump.  If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details.
+17. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C
+    - This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation.  If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details.
+18. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37
+    - This rule will determine and give details when a bug check occurs during the setup/upgrade process that resulted in a memory dump, but without the requirement of the debugger package being on the executing machine.
+19. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
+    - Finds fatal advanced installer operations that cause setup failures.
+20. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E
+    - Determines if the given setup was a success or not based off the logs.
+21. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC
+    - Gives information about failures surfaced early in the upgrade process by setuphost.exe
+22. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55
+    - Gives failure information surfaced by SetupPlatform, later in the down-level phase.
+23. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD
+    - Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly.
+24. FindSetupPlatformDownlevelFailure - 307A0133-F06B-4B75-AEA8-116C3B53C2D1
+    - Gives last operation and phase failure information when Setup indicates a down-level failure.
+25. FindSetupPlatformDownlevelFailedOperation - 087610ED-329A-4DE9-A54C-38A3A07B5B8B
+    - Gives last phase and error information when Setup indicates a down-level failure.
+26. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48
+    - Gives last operation, failure phase and error information when a rollback occurs.
+
+
+## Release notes
+
+03/30/2018 - SetupDiag v1.00 released with 26 rules, as a standalone tool available from the Download Center.
+
+## Related topics
+
+[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)
\ No newline at end of file
diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md
index 2118867a21..32eddd5c45 100644
--- a/windows/deployment/upgrade/submit-errors.md
+++ b/windows/deployment/upgrade/submit-errors.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 02/01/2018
+ms.date: 03/16/2018
 ms.localizationpriority: high
 ---
 
@@ -16,6 +16,10 @@ ms.localizationpriority: high
 **Applies to**
 -   Windows 10
 
+>[!NOTE]
+>This is a 100 level topic (basic).<br>
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+
 ## In this topic
 
 This topic describes how to submit problems with a Windows 10 upgrade to Microsoft using the Windows 10 Feedback Hub.
@@ -47,7 +51,7 @@ The Feedback Hub will open.
     - Are there any external devices connected? 
 - If you used the link above, the category and subcategory will be automatically selected. If it is not selected, choose **Install and Update** and **Windows Installation**. 
 
-You can attach a screenshot or file if desired. This is optional.
+You can attach a screenshot or file if desired. This is optional, but can be extremely helpful when diagnosing your upgrade issue. The location of these files is described here: [Windows Setup log files and event logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
 
 Click **Submit** to send your feedback.
 
diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
new file mode 100644
index 0000000000..9ebd8766d6
--- /dev/null
+++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
@@ -0,0 +1,94 @@
+---
+title: Troubleshoot Windows 10 upgrade errors - Windows IT Pro
+description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.date: 03/30/2018
+ms.localizationpriority: high
+---
+
+# Troubleshooting upgrade errors
+
+**Applies to**
+-   Windows 10
+
+>[!NOTE]
+>This is a 300 level topic (moderately advanced).<br>
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+
+If a Windows 10 upgrade is not successful, it can be very helpful to understand *when* an error occurred in the upgrade process. 
+
+Briefly, the upgrade process consists of four phases: **Downlevel**, **SafeOS**, **First boot**, and **Second boot**. The computer will reboot once between each phase. 
+
+These phases are explained in greater detail [below](#the-windows-10-upgrade-process). First, let's summarize the actions performed during each phase because this affects the type of errors that can be encountered.
+
+1. **Downlevel phase**: Because this phase runs on the source OS, upgrade errors are not typically seen. If you do encounter an error, ensure the source OS is stable. Also ensure the Windows setup source and the destination drive are accessible. 
+
+2. **SafeOS phase**: Errors most commonly occur during this phase due to hardware issues, firmware issues, or non-microsoft disk encryption software.
+
+    Since the computer is booted into Windows PE during the SafeOS phase, a useful troubleshooting technique is to boot into [Windows PE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-intro) using installation media. You can use the [media creation tool](https://www.microsoft.com/software-download/windows10) to create bootable media, or you can use tools such as the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), and then boot your device from this media to test for hardware and firmware compatibility issues.
+
+    >[!TIP]
+    >If you attempt to use the media creation tool with a USB drive and this fails with error 0x80004005 - 0xa001a, this is because the USB drive is using GPT partition style. The tool requires that you use MBR partition style. You can use the DISKPART command to convert the USB drive from GPT to MBR. For more information, see [Change a GUID Partition Table Disk into a Master Boot Record Disk](https://go.microsoft.com/fwlink/?LinkId=207050).
+
+    **Do not proceed with the Windows 10 installation after booting from this media**. This method can only be used to perform a clean install which will not migrate any of your apps and settings, and you will be required re-enter your Windows 10 license information.
+
+    If the computer does not successfully boot into Windows PE using the media that you created, this is likely due to a hardware or firmware issue. Check with your hardware manufacturer and apply any recommended BIOS and firmware updates. If you are still unable to boot to installation media after applying updates, disconnect or replace legacy hardware.
+
+    If the computer successfully boots into Windows PE, but you are not able to browse the system drive on the computer, it is possible that non-Microsoft disk encryption software is blocking your ability to perform a Windows 10 upgrade. Update or temporarily remove the disk encryption.
+
+3. **First boot phase**: Boot failures in this phase are relatively rare, and almost exclusively caused by device drivers.  Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade.
+
+4. **Second boot phase**: In this phase, the system is running under the target OS with new drivers. Boot failures are most commonly due to anti-virus software or filter drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, temporarily uninstall anti-virus software, then retry the upgrade.
+ 
+If the general troubleshooting techniques described above or the [quick fixes](quick-fixes.md) detailed below do not resolve your issue, you can attempt to analyze [log files](log-files.md) and interpret [upgrade error codes](upgrade-error-codes.md). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md) so that Microsoft can diagnose your issue.
+
+## The Windows 10 upgrade process
+
+The **Windows Setup** application is used to upgrade a computer to Windows 10, or to perform a clean installation. Windows Setup starts and restarts the computer, gathers information, copies files, and creates or adjusts configuration settings. 
+
+When performing an operating system upgrade, Windows Setup uses phases described below. A reboot occurs between each of the phases. After the first reboot, the user interface will remain the same until the upgrade is completed. Percent progress is displayed and will advance as you move through each phase, reaching 100% at the end of the second boot phase.
+
+1. **Downlevel phase**: The downlevel phase is run within the previous operating system. Windows files are copied and installation components are gathered.
+
+    ![downlevel phase](../images/downlevel.png)  
+
+2. **Safe OS phase**: A recovery partition is configured, Windows files are expanded, and updates are installed. An OS rollback is prepared if needed. Example error codes: 0x2000C, 0x20017.
+
+    ![safeOS phase](../images/safeos.png) 
+
+3. **First boot phase**: Initial settings are applied. Example error codes: 0x30018, 0x3000D.
+
+    ![first boot phase](../images/firstboot.png) 
+
+4. **Second boot phase**: Final settings are applied. This is also called the **OOBE boot phase**. Example error codes: 0x4000D, 0x40017. 
+
+    At the end of the second boot phase, the **Welcome to Windows 10** screen is displayed, preferences are configured, and the Windows 10 sign-in prompt is displayed.
+
+    ![second boot phase](../images/secondboot.png) 
+
+    ![second boot phase](../images/secondboot2.png) 
+
+    ![second boot phase](../images/secondboot3.png) 
+
+5. **Uninstall phase**: This phase occurs if upgrade is unsuccessful (image not shown). Example error codes: 0x50000, 0x50015.
+
+**Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown):
+
+![Upgrade process](../images/upgrade-process.png)
+
+DU = Driver/device updates.<br>
+OOBE = Out of box experience.<br>
+WIM = Windows image (Microsoft)
+
+## Related topics
+
+[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx)
+<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+<br>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
+<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md b/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md
index a837d861dc..e020be4aad 100644
--- a/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md
+++ b/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md
@@ -1,39 +1,3 @@
 ---
-title: Troubleshoot Upgrade Readiness (Windows 10)
-description: Provides troubleshooting information for Upgrade Readiness.
-ms.prod: w10
-author: greg-lindsay
-ms.date: 04/19/2017
----
-
-# Troubleshoot Upgrade Readiness
-
-If you’re having issues seeing data in Upgrade Readiness after running the Upgrade Readiness Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error.
-
-If you still don’t see data in Upgrade Readiness, follow these steps:
-
-1.  Download and extract the [Upgrade Readiness Deployment Script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409). Ensure the “Pilot/Diagnostics” folder is included .
-
-2.  Edit the script as described in [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md).
-
-3.  Check that isVerboseLogging is set to $true.
-
-4.  Run the script again. Log files will be saved to the directory specified in the script.
-
-5.  Open a support case with Microsoft Support through your regular channel and provide this information.
-
-## Disable Upgrade Readiness
-
-If you want to stop using Upgrade Readiness and stop sending diagnostic data data to Microsoft, follow these steps:
-
-1.  Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
-
-  ![Upgrade Readiness unsubscribe](../images/upgrade-analytics-unsubscribe.png)
-
-2.  Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**:
-
-  **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
-  **Windows 10**: Follow the instructions in the [Configure Windows diagnostic data in your organization](/configuration/configure-windows-diagnostic-data-in-your-organization.md) topic.
-
-3.	If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0".  The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
-4.	You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**.
+redirect_url: /windows/deployment/update/windows-analytics-FAQ-troubleshooting
+---
\ No newline at end of file
diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md
new file mode 100644
index 0000000000..cdd4fe37c9
--- /dev/null
+++ b/windows/deployment/upgrade/upgrade-error-codes.md
@@ -0,0 +1,144 @@
+---
+title: Upgrade error codes - Windows IT Pro
+description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.date: 03/30/2018
+ms.localizationpriority: high
+---
+
+# Upgrade error codes
+
+**Applies to**
+-   Windows 10
+
+>[!NOTE]
+>This is a 400 level topic (advanced).<br>
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+
+
+If the upgrade process is not successful, Windows Setup will return two codes:
+
+1. **A result code**: The result code corresponds to a specific Win32 or NTSTATUS error.
+2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred.
+
+>For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**.
+
+Note: If only a result code is returned, this can be because a tool is being used that was not able to capture the extend code. For example, if you are using the [Windows 10 Upgrade Assistant](https://support.microsoft.com/en-us/kb/3159635) then only a result code might be returned.
+
+>[!TIP]
+>If you are unable to locate the result and extend error codes, you can attempt to find these codes using Event Viewer.  For more information, see [Windows Error Reporting](windows-error-reporting.md).
+
+## Result codes
+
+>A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue. <br>To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article.
+
+Result codes can be matched to the type of error encountered. To match a result code to an error:
+
+1. Identify the error code type as either Win32 or NTSTATUS using the first hexadecimal digit:
+        <br>**8** = Win32 error code (ex: 0x**8**0070070)
+        <br>**C** = NTSTATUS value (ex: 0x**C**1900107)
+2. Write down the last 4 digits of the error code (ex: 0x8007**0070** = 0070). These digits are the actual error code type as defined in the [HRESULT](https://msdn.microsoft.com/en-us/library/cc231198.aspx) or the [NTSTATUS](https://msdn.microsoft.com/en-us/library/cc231200.aspx) structure. Other digits in the code identify things such as the device type that produced the error.
+3. Based on the type of error code determined in the first step (Win32 or NTSTATUS), match the 4 digits derived from the second step to either a Win32 error code or NTSTATUS value using the following links:
+    - [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx)
+    - [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx)
+
+Examples:
+- 0x80070070 
+    - Based on the "8" this is a Win32 error code 
+    - The last four digits are 0070, so look up 0x00000070 in the [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) table
+    - The error is: **ERROR_DISK_FULL**
+- 0xC1900107 
+    - Based on the "C" this is an NTSTATUS error code
+    - The last four digits are 0107, so look up 0x00000107 in the [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx) table 
+    - The error is: **STATUS_SOME_NOT_MAPPED**
+
+Some result codes are self-explanatory, whereas others are more generic and require further analysis. In the examples shown above, ERROR_DISK_FULL indicates that the hard drive is full and additional room is needed to complete Windows upgrade. The message STATUS_SOME_NOT_MAPPED is more ambiguous, and means that an action is pending. In this case, the action pending is often the cleanup operation from a previous installation attempt, which can be resolved with a system reboot. 
+
+## Extend codes
+
+>**Important**: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update.
+
+Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation:
+
+1. Use the first digit to identify the phase (ex: 0x4000D  = 4).
+2. Use the last two digits to identify the operation (ex: 0x4000D  = 0D).
+3. Match the phase and operation to values in the tables provided below.
+
+The following tables provide the corresponding phase and operation for values of an extend code:
+
+<br>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><b>Extend code: phase</b></td>
+<tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 5.4pt 0in 5.4pt'><b>Phase</b>
+<tr><td style='padding:0in 4pt 0in 4pt'>0<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_UNKNOWN
+<tr><td style='padding:0in 4pt 0in 4pt'>1<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_DOWNLEVEL
+<tr><td style='padding:0in 4pt 0in 4pt'>2<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_SAFE_OS
+<tr><td style='padding:0in 4pt 0in 4pt'>3<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_FIRST_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'>4<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_OOBE_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'>5<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_UNINSTALL
+</table>
+
+
+<table border="0" style='border-collapse:collapse;border:none'>
+<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><B>Extend code: operation</B></td>
+<tr><td align="left" valign="top" style='border:dotted #A6A6A6 1.0pt;'>
+<table>
+<tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 4pt 0in 4pt'><span style='padding:0in 5.4pt 0in 5.4pt;'><b>Operation</b>
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>0<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_UNKNOWN
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_COPY_PAYLOAD
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>2<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_DOWNLOAD_UPDATES
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>3<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_INSTALL_UPDATES
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>4<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_INSTALL_RECOVERY_ENVIRONMENT
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>5<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_INSTALL_RECOVERY_IMAGE
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>6<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_REPLICATE_OC
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>7<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_INSTALL_DRVIERS
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>8<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PREPARE_SAFE_OS
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>9<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PREPARE_ROLLBACK
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>A<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PREPARE_FIRST_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>B<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PREPARE_OOBE_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>C<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_APPLY_IMAGE
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>D<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_MIGRATE_DATA
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>E<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_SET_PRODUCT_KEY
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>F<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_ADD_UNATTEND
+</table>
+</td>
+<td align="left" valign="top" style='border:dotted #A6A6A6 1.0pt;'>
+<table>
+<tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 4pt 0in 4pt'><b>Operation</b>
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>10<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_ADD_DRIVER
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>11<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_ENABLE_FEATURE
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>12<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_DISABLE_FEATURE
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>13<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_REGISTER_ASYNC_PROCESS
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>14<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_REGISTER_SYNC_PROCESS
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>15<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_CREATE_FILE
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>16<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_CREATE_REGISTRY
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>17<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>18<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_SYSPREP
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>19<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_OOBE
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1A<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_BEGIN_FIRST_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1B<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_END_FIRST_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1C<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_BEGIN_OOBE_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1D<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_END_OOBE_BOOT
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1E<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_PRE_OOBE
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>1F<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_POST_OOBE
+<tr><td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>20<td style='padding:0in 4pt 0in 4pt'><span style='font-size:9.0pt'>SP_EXECUTION_OP_ADD_PROVISIONING_PACKAGE
+</table>
+</td>
+</tr>
+</table>
+
+For example: An extend code of **0x4000D**, represents a problem during phase 4 (**0x4**) with data migration (**000D**).
+
+## Related topics
+
+[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx)
+<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+<br>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
+<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
index fb04dd5bf6..7b45c2ed1b 100644
--- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
+++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
@@ -66,7 +66,7 @@ To run the Upgrade Readiness deployment script:
     >
     > *IEOptInLevel = 3 Data collection is enabled for all sites*
 
-4. The latest version (03.02.17) of the deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**.
+4. A recent version (03.02.17) of the deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**.
 
     The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**.
 
@@ -75,7 +75,9 @@ To run the Upgrade Readiness deployment script:
     \*vortex\*.data.microsoft.com<BR>
     \*settings\*.data.microsoft.com
 
-5.  After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
+5. The latest version (03.28.2018) of the deployment script configures insider builds to continue to send the device name to the diagnostic data management service and the analytics portal. If you do not want to have insider builds send the device name sent to analytics and be available in the analytics portal, set **DeviceNAmeOptIn = false**. By default it is true, which preserves the behavior on previous versions of Windows. This setting only applies to insider builds. Note that the device name is also sent to AppInsights, so to ensure the device name is not sent to either place you would need to also set **AppInsightsOptIn = false**.
+
+6.  After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
 
 ## Exit codes
 
diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md
index c7fa20adf6..8468224bf5 100644
--- a/windows/deployment/upgrade/upgrade-readiness-get-started.md
+++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
-ms.date: 03/18/2018
+ms.date: 03/20/2018
 ---
 
 # Get started with Upgrade Readiness
@@ -30,14 +30,14 @@ When you are ready to begin using Upgrade Readiness, perform the following steps
 
 ## Data collection and privacy 
 
-To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see the following topics, refer to [Frequently asked questions and troubleshooting Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md), which discusses the issues and provides links to still more detailed information.
+To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see the following topics, refer to [Frequently asked questions and troubleshooting Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-FAQ-troubleshooting), which discusses the issues and provides links to still more detailed information.
 
 ## Add Upgrade Readiness to Operations Management Suite
 
 Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
 
 >[!IMPORTANT]
->Upgrade Readiness is a free solution for Azure subsribers. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data **do not** count toward OMS daily upload limits.
+>Upgrade Readiness is a free solution for Azure subscribers. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data **do not** count toward OMS daily upload limits. The Upgrade Readiness service will ingest a full snapshot of your data into your OMS workspace on a daily basis. Each snapshot includes all of your devices that have been active within the past 30 days regardless of your OMS retention period.
 
 If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. While you have this dialog open, you should also consider adding the [Device Health](../update/device-health-monitor.md) and [Update Compliance](../update/update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions.
 
@@ -54,7 +54,7 @@ If you are not using OMS:
 
 ## Enroll devices in Windows Analytics
 
-Once you've added Update Compliance to Microsoft Operations Management Suite, you can now start enrolling the devices in your organization. For full instructions, see [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started.md).
+Once you've added Update Compliance to Microsoft Operations Management Suite, you can now start enrolling the devices in your organization. For full instructions, see [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started).
 
 
 
diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md
index 252ed481b1..2c73760c08 100644
--- a/windows/deployment/upgrade/upgrade-readiness-requirements.md
+++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md
@@ -31,7 +31,7 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1
 Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
 The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed.  You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). 
 
-Windows 10 LTSB is not supported by Upgrade Readiness. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness.  See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSB.
+While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness.  See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC.
 
 ## Operations Management Suite
 
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
new file mode 100644
index 0000000000..e8c3251320
--- /dev/null
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -0,0 +1,66 @@
+---
+title: Windows error reporting - Windows IT Pro
+description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.date: 03/30/2018
+ms.localizationpriority: high
+---
+
+# Windows error reporting
+
+**Applies to**
+-   Windows 10
+
+>[!NOTE]
+>This is a 300 level topic (moderately advanced).<br>
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+
+
+When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**.  You can use Event Viewer to review this event, or you can use Windows PowerShell.
+
+To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt:
+
+```
+$events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"}
+$event = [xml]$events[0].ToXml()
+$event.Event.EventData.Data
+```
+
+To use Event Viewer: 
+1. Open Event Viewer and navigate to **Windows Logs\Application**.
+2. Click **Find**, and then search for **winsetupdiag02**.
+3. Double-click the event that is highlighted.
+
+Note: For legacy operating systems, the Event Name was WinSetupDiag01. 
+
+Ten parameters are listed in the event:
+<br>
+<table border="0">
+<tr><td>P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool)</td></tr>
+<tr><td>P2: Setup Mode (x=default,1=Downlevel,5=Rollback)</td></tr>
+<tr><td>P3: New OS Architecture (x=default,0=X86,9=AMD64)</td></tr>
+<tr><td>P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked)</td></tr>
+<tr><td><b>P5: Result Error Code</b>  (Ex: 0xc1900101)</td></tr>
+<tr><td><b>P6: Extend Error Code</b>  (Ex: 0x20017)</td></tr>
+<tr><td>P7: Source OS build (Ex: 9600)</td></tr>
+<tr><td>P8: Source OS branch (not typically available)</td></tr>
+<tr><td>P9: New OS build (Ex: 16299}</td></tr>
+<tr><td>P10: New OS branch (Ex: rs3_release}</td></tr>
+</table>
+
+The event will also contain links to log files that can be used to perform a detailed diagnosis of the error.  An example of this event from a successful upgrade is shown below.
+
+![Windows Error Reporting](../images/event.png)
+
+## Related topics
+
+[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx)
+<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+<br>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
+<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
index a1e9503aee..a937437e02 100644
--- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md
+++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
@@ -31,8 +31,8 @@ ms.date: 09/27/2017
 
 During the activation process, information about the specific installation is examined. In the case of online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization.
 
-**Note**  
-The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
+>[!NOTE] 
+>The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
 
 ## Distribution channels and activation
 
@@ -185,7 +185,7 @@ When you know which keys you need, you must obtain them. Generally speaking, vol
 
 ### KMS host keys
 
-A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Support Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
+A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
 
 A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation.
 
diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md
index 51a8bd92fe..2dced411ff 100644
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.sitesec: library
-ms.date: 03/16/2018
+ms.date: 04/03/2018
 author: greg-lindsay
 ---
 
@@ -23,7 +23,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
 - Dynamic deployment methods enable you to configure applications and settings for specific use cases. 
 - Traditional deployment methods use tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.<br>&nbsp;
 
-<table border="1">
+<table border="0">
   <tr><td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Category</b></td>
      <td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Scenario</b></td>
      <td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Description</b></td>
diff --git a/windows/hub/index.md b/windows/hub/index.md
index 73eff095ff..40d4c2db5e 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -8,13 +8,14 @@ author: greg-lindsay
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.date: 02/02/2018
+ms.date: 03/28/2018
 ---
 
 # Windows 10 and Windows 10 Mobile
 
 Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10 or Windows 10 Mobile.
 
+
 &nbsp;
 
 > [!video https://www.microsoft.com/en-us/videoplayer/embed/43942201-bec9-4f8b-8ba7-2d9bfafa8bba?autoplay=false]
@@ -56,6 +57,9 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
   </tr>
 </table>
 
+>[!TIP]
+> Looking for information about older versions of Windows? Check out our other [Windows libraries](/previous-versions/windows/) on docs.microsoft.com. You can also search this site to find specific information, like this [Windows 8.1 content](https://docs.microsoft.com/search/index?search=Windows+8.1&dataSource=previousVersions).
+
 ## Get to know Windows as a Service (WaaS)
 
 ![Get to know Windows as a Service (WaaS)](images/w10-WaaS-poster.png)
diff --git a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index ea9f6e17a8..bcb246ccb6 100644
--- a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -22,7 +22,7 @@ The Group Policy settings for TPM services are located at:
 
 **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
 
-The following Group Policy settings were introduced in Window 10:
+The following Group Policy settings were introduced in Window 10.
 
 ## Configure the list of blocked TPM commands
 
@@ -36,17 +36,11 @@ If you disable or do not configure this policy setting, only those TPM commands
 
 -   The local list of blocked TPM commands is configured outside of Group Policy by running the TPM Management Console or scripting using the **Win32\_Tpm** interface.
 
-For information how to enforce or ignore the default and local lists of blocked TPM commands, see
-
--   [Ignore the default list of blocked TPM commands](#ignore-the-default-list-of-blocked-tpm-commands)
-
--   [Ignore the local list of blocked TPM commands](#ignore-the-local-list-of-blocked-tpm-commands)
-
 ## Ignore the default list of blocked TPM commands
 
 This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
 
-The default list of blocked TPM commands is preconfigured by Windows. You can view the default list by typing **tpm.msc** at the command prompt to open the TPM Management Console, navigating to the **Command Management** section, and exposing the **On Default Block List** column. Also see the related policy setting, [Configure the list of blocked TPM commands](#configure-the-list-of-blocked-tpm-commands).
+The default list of blocked TPM commands is preconfigured by Windows. You can view the default list by typing **tpm.msc** at the command prompt to open the TPM Management Console, navigating to the **Command Management** section, and exposing the **On Default Block List** column. 
 
 If you enable this policy setting, the Windows operating system will ignore the computer's default list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the local list.
 
@@ -56,7 +50,8 @@ If you disable or do not configure this policy setting, Windows will block the T
 
 This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
 
-The local list of blocked TPM commands is configured outside of Group Policy by typing **tpm.msc** at the command prompt to open the TPM Management Console, or scripting using the **Win32\_Tpm** interface. (The default list of blocked TPM commands is preconfigured by Windows.) Also see the related policy setting, [Configure the list of blocked TPM commands](#configure-the-list-of-blocked-tpm-commands).
+The local list of blocked TPM commands is configured outside of Group Policy by typing **tpm.msc** at the command prompt to open the TPM Management Console, or scripting using the **Win32\_Tpm** interface. (The default list of blocked TPM commands is preconfigured by Windows.) 
+
 
 If you enable this policy setting, the Windows operating system will ignore the computer's local list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the default list.
 
@@ -64,10 +59,9 @@ If you disable or do not configure this policy setting, Windows will block the T
 
 ## Configure the level of TPM owner authorization information available to the operating system
 
-This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM-based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.
+Beginning with Windows 10 version 1607 and Windows Server 2016, this policy setting is no longer used by Windows, but it continues to appear in GPEdit.msc for compatibility with previous versions. 
 
-> [!IMPORTANT]
-> This policy setting is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
+This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM-based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.
 
 There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
 
@@ -143,13 +137,6 @@ An administrator with the TPM owner password can fully reset the TPM's hardware
 
 If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
 
-> [!IMPORTANT]
-> The **Turn on TPM backup to Active Directory Domain Services** is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
-
-If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
-
-If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS.
-
 ## Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0
 
 Introduced in Windows 10, version 1703, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. 
@@ -167,6 +154,6 @@ Introduced in Windows 10, version 1703, this policy setting configures the TPM t
 
 ## Related topics
 
-- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
-- [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx)
-- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://technet.microsoft.com/itpro/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
\ No newline at end of file
+- [Trusted Platform Module](trusted-platform-module-top-node.md) 
+- [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps)
+- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
\ No newline at end of file
diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index ea5e2203dd..4d1ebc58cb 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -312,211 +312,218 @@ The following tables provide descriptions of the default groups that are located
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-</tr>
+</tr>    
 <tr class="even">
+<td><p>[Enterprise Key Admins](#bkmk-enterprise-key-admins)</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+<td><p></p></td>
+<td><p></p></td>
+</tr>    
+<tr class="odd">
 <td><p>[Enterprise Read-only Domain Controllers](#bkmk-entrodc)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Event Log Readers](#bkmk-eventlogreaders)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Group Policy Creator Owners](#bkmk-gpcreatorsowners)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Guests](#bkmk-guests)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Hyper-V Administrators](#bkmk-hypervadministrators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[IIS_IUSRS](#bkmk-iis-iusrs)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Incoming Forest Trust Builders](#bkmk-inforesttrustbldrs)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Key Admins](#key-admins)</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 <td><p></p></td>
 <td><p></p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Network Configuration Operators](#bkmk-networkcfgoperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Performance Log Users](#bkmk-perflogusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Performance Monitor Users](#bkmk-perfmonitorusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Pre–Windows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Print Operators](#bkmk-printoperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Protected Users](#bkmk-protectedusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 <td><p></p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[RAS and IAS Servers](#bkmk-rasandias)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[RDS Endpoint Servers](#bkmk-rdsendpointservers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Read-only Domain Controllers](#bkmk-rodc)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Remote Desktop Users](#bkmk-remotedesktopusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Remote Management Users](#bkmk-remotemanagementusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Replicator](#bkmk-replicator)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Schema Admins](#bkmk-schemaadmins)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Server Operators](#bkmk-serveroperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Storage Replica Administrators](#storage-replica-administrators)</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 <td><p></p></td>
 <td><p></p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[System Managed Accounts Group](#system-managed-accounts-group)</p></td>
 <td><p>Yes</p></td>
 <td><p></p></td>
 <td><p></p></td>
 <td><p></p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Terminal Server License Servers](#bkmk-terminalserverlic)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Users](#bkmk-users)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Windows Authorization Access Group](#bkmk-winauthaccess)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)</p></td>
 <td><p></p></td>
 <td><p>Yes</p></td>
@@ -1756,8 +1763,25 @@ This security group has not changed since Windows Server 2008.
 </tbody>
 </table>
 
- 
+### Enterprise Key Admins
 
+Members of this group can perform administrative actions on key objects within the forest.
+
+The Enterprise Key Admins group was introduced in Windows Server 2016.
+
+| Attribute | Value |
+|-----------|-------|
+| Well-Known SID/RID | S-1-5-21-&lt;domain&gt;-527 |
+| Type | Global |
+| Default container | CN=Users, DC=&lt;domain&gt;, DC= |
+| Default members | None |
+| Default member of | None |
+| Protected by ADMINSDHOLDER? | No |
+| Safe to move out of default container? | Yes |
+| Safe to delegate management of this group to non-Service admins? | No |
+| Default User Rights | None |
+
+ 
 ### <a href="" id="bkmk-entrodc"></a>Enterprise Read-Only Domain Controllers
 
 Members of this group are Read-Only Domain Controllers in the enterprise. Except for account passwords, a Read-only domain controller holds all the Active Directory objects and attributes that a writable domain controller holds. However, changes cannot be made to the database that is stored on the Read-only domain controller. Changes must be made on a writable domain controller and then replicated to the Read-only domain controller.
@@ -2226,7 +2250,7 @@ The Key Admins group applies to versions of the Windows Server operating system
 
 | Attribute | Value |
 |-----------|-------|
-| Well-Known SID/RID | S-1-5-21-4195037842-338827918-94892514-526 |
+| Well-Known SID/RID | S-1-5-21-&lt;domain&gt;-526 |
 | Type | Global |
 | Default container | CN=Users, DC=&lt;domain&gt;, DC= |
 | Default members | None |
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index 01dbef4001..8457313a96 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -24,7 +24,7 @@ Passwords are still weak. We recommend that in addition to deploying Windows Def
 Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported. 
 
 ## Wi-fi and VPN Considerations
-When you enable Windows Defender Credential Guard, you can no longer use NTLM classic deployment model authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. 
+When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You will be forced to enter your credentials to use these protocols and cannot save the credentials for future use. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. 
 
 ## Kerberos Considerations
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index d3be3e2ba8..0e81b79e6d 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -20,7 +20,7 @@ Prefer video? See
 [Windows Defender Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474)
 in the Deep Dive into Windows Defender Credential Guard video series.
 
-For Windows Defender Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
+For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
 
 
 ## Hardware and software requirements
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
new file mode 100644
index 0000000000..b2d6b3e54b
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -0,0 +1,290 @@
+---
+title: Multifactor Unlock
+description: Multifactor Unlock
+keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, multi, factor, multifactor, multi-factor
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: mikestephens-MS
+ms.author: mstephen
+localizationpriority: high
+ms.date: 03/20/2018
+---
+# Multifactor Unlock
+
+**Requirements:**
+* Windows Hello for Business deployment (Hybrid or On-premises)
+* Hybird Azure AD joined (Hybrid deployments)
+* Domain Joined (on-premises deployments) 
+* Windows 10, version 1709
+* Bluetooth, Bluetooth capable phone - optional
+
+Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system.
+
+Windows 10 offers Multifactor device unlock by extending Windows Hello with trusted signals, administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. 
+
+Which organizations can take advanage of Multifactor unlock? Those who:
+* Have expressed that PINs alone do not meet their security needs.
+* Want to prevent Information Workers from sharing credentials.
+* Want their orgs to comply with regulatory two-factor authentication policy.
+* Want to retain the familiar Windows logon UX and not settle for a custom solution.
+ 
+You enable multifactor unlock using Group Policy.  The **Configure device unlock factors** policy setting is located under **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**.
+
+## The Basics: How it works
+
+First unlock factor credential provider and Second unlock credential provider are repsonsible for the bulk of the configuration.  Each of these components contains a globally unqiue identifier (GUID) that represents a different Windows credential provider.  With the policy setting enabled, users unlock the device using at least one credenital provider from each category before Windows allows the user to proceed to their desktop.
+
+The policy setting has three components:
+* First unlock factor credential provider
+* Second unlock factor credential provider 
+* Signal rules for device unlock
+
+## Configuring Unlock Factors
+
+The **First unlock factor credential providers** and **Second unlock factor credential providers** portion of the policy setting each contain a comma separated list of credential providers. 
+
+Supported credential providers include: 
+
+|Credential Provider| GUID|
+|:------------------|:----|
+|PIN | \{D6886603-9D2F-4EB2-B667-1971041FA96B}|  
+|Fingerprint | \{BEC09223-B018-416D-A0AC-523971B639F5}|
+|Facial Recognition | \{8AF662BF-65A0-4D0A-A540-A338A999D36F}|
+|Trusted Signal<br>(Phone proximity, Network location) | \{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}|
+
+>[!NOTE]
+>Multifactor unlock does not support third-party credential providers or credential providers not listed in the above table.
+
+The default credential providers for the **First unlock factor credential provider** include:
+* PIN
+* Fingerprint
+* Facial Recongition
+
+The default credential providers for the **Second unlock factor credential provider** include:
+* Trusted Signal
+* PIN
+
+Configure a comma separated list of credential provider GUIDs you want to use as first and second unlock factors. While a credential provider can appear in both lists, remember that a credential supported by that provider can only satisfy one of the unlock factors. Listed credential providers do not need to be in any specific order. 
+
+For example, if you include the PIN and fingerprint credential providers in both first and second factor lists, a user can use their fingerprint or PIN as the first unlock factor.  However, whichever factor they used to satisfy the first unlock factor cannot be used to satisfy the second unlock factor.  Each factor can therefore be used exactly once. The Trusted Signal provider can *only* be specified as part of the Second unlock factor credential provider list.  
+
+
+## Configure Signal Rules for the Trusted Signal Credential Provider
+
+The **Signal rules for device unlock** setting contains the rules the Trusted Signal credential provider uses to satisfy unlocking the device.
+
+### Rule element
+You represent signal rules in XML.  Each signal rule has an starting and ending **rule** element that contains the **schemaVersion** attribute and value.  The current supported scheam version is 1.0.<br>
+**Example**
+```
+<rule schemaVersion="1.0">
+</rule>
+```
+
+### Signal element
+Each rule element has a **signal** element.  All signal elements have a **type** element and value.  Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values.<br>
+
+|Attribute|Value|
+|---------|-----|
+| type| "bluetooth" or "ipConfig" (Windows 10, version 1709)| 
+
+#### Bluetooth
+You define the bluetooth signal with additional attribute in the signal elment. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>".
+
+|Attribute|Value|Required|
+|---------|-----|--------|
+|type|"bluetooth"|yes|
+|scenario|"Authentication"|yes|
+|classOfDevice|"*number*"|no|
+|rssiMin|"*number*"|no|
+|rssiMaxDelta|"*number*"|no|
+
+Example:
+```
+<rule schemaVersion="1.0">
+    <signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
+</rule>
+```
+The **classofDevice** attribute defaults Phones and uses the values from the following table 
+
+|Description|Value|
+|:-------------|:-------:|
+|Miscellaneous|0|
+|Computer|256|
+|Phone|512|
+|LAN/Network Access Point|768|
+|Audio/Video|1024|
+|Peripheral|1280|
+|Imaging|1536|
+|Wearable|1792|
+|Toy|2048|
+|Health|2304|
+|Uncategorized|7936|
+
+The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range".  The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device.  The **rssiMaxDelta** has a default value of **-10**, which instruct Windows 10 to lock the device once the signal strength weakens by more than measurement of 10.  
+
+RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other.
+
+>[!IMPORTANT]
+>Microsoft recommends using the default values for this policy settings.  Measurements are relative, based on the varying conditions of each environment.  Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting.  Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values.
+
+#### IP Configuration
+You define IP configuration signals using one or more ipConfiguration elements.  Each element has a string value.  IpConfiguration elements do not have attributes or nested elements.
+
+##### IPv4Prefix
+The IPv4 network prefix represented in Internet standard dotted-decimal notation. A network prefix that uses the Classless Inter-Domain Routing (CIDR) notation is required as part of the network string. A network port must not be present in the network string.  A **signal** element may only contain one **ipv4Prefix** element.<br>
+**Example**
+```
+<ipv4Prefix>192.168.100.0/24</ipv4Prefix>
+```
+The assigned IPv4 addresses in the range of 192.168.100.1 to 192.168.100.254 match this signal configuration.
+
+##### IPv4Gateway
+The IPv4 network gateway represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4Gateway** element.<br>
+**Example**
+```
+<ipv4Gateway>192.168.100.10</ipv4Gateway>
+```
+##### IPv4DhcpServer
+The IPv4 DHCP server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4DhcpServer** element.<br>
+**Example**
+```
+<ipv4DhcpServer>192.168.100.10</ipv4DhcpServer>
+```
+##### IPv4DnsServer
+The IPv4 DNS server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.The **signal** element may contain one or more **ipv4DnsServer** elements.<br>
+**Example:**
+```
+<ipv4DnsServer>192.168.100.10</ipv4DnsServer>
+```
+
+##### IPv6Prefix
+The IPv6 network prefix represented in IPv6 network using Internet standard hexadecimal encoding. A network prefix in CIDR notation is required as part of the network string. A network port or scope ID must not be present in the network string.  A **signal** element may only contain one **ipv6Prefix** element.<br>
+**Example** 
+```
+<ipv6Prefix>21DA:D3::/48</ipv6Prefix>
+```
+
+##### IPv6Gateway
+The IPv6 network gateway represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6Gateway** element.<br>
+**Example** 
+```
+<ipv6Gateway>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6Gateway>
+```
+
+##### IPv6DhcpServer
+The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6DhcpServer** element.<br>
+**Example**
+```
+<ipv6DhcpServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DhcpServer
+```
+
+##### IPv6DnsServer
+The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string. The **signal** element may contain one or more **ipv6DnsServer** elements.<br>
+**Example**
+```
+<ipv6DnsServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DnsServer>
+```
+##### dnsSuffix
+The fully qualified domain name of your organizations internal dns suffix where any part of the fully qualified domain name in this setting exists in the computer's primary dns suffix.  The **signal** element may contain one or more **dnsSuffix** elements.<br>
+**Example**
+```
+<dnsSuffix>corp.contoso.com</dnsSuffix>
+```
+
+### Sample Trusted Signal Congfigurations
+
+These examples are wrapped for readability.  Once properly formatted, the entire XML contents must be a single line.
+
+#### Example 1
+This example configures an IPConfig signal type using Ipv4Prefix, Ipv4DnsServer, and DnsSuffix elements.
+```
+<rule schemaVersion="1.0"> 
+    <signal type="ipConfig"> 
+        <ipv4Prefix>10.10.10.0/24</ipv4Prefix>
+        <ipv4DnsServer>10.10.0.1</ipv4DnsServer>
+        <ipv4DnsServer>10.10.0.2</ipv4DnsServer>
+        <dnsSuffix>corp.contoso.com</dnsSuffix> 
+	</signal> 
+</rule>
+```
+
+
+#### Example 2
+This example configures an IpConfig signal type using a dnsSuffix element and a bluetooth signal for phones.  This configuration is wrapped for reading.  Once properly formatted, the entire XML contents must be a single line.  This example implies that either the ipconfig **or** the Bluetooth rule must evaluate to true, for the resulting signal evaluation to be true.
+>[!NOTE] 
+>Separate each rule element using a comma.
+
+```
+<rule schemaVersion="1.0"> 
+	<signal type="ipConfig"> 
+	    <dnsSuffix>corp.contoso.com</dnsSuffix> 
+	</signal> 
+</rule>,
+<rule schemaVersion="1.0">
+	<signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
+</rule>
+```
+#### Example 3
+This example configures the same as example 2 using compounding And elements.  This example implies that the ipconfig **and** the Bluetooth rule must evaluate to true, for the resulting signal evaluation to be true.
+```
+<rule schemaVersion="1.0">
+<and>
+  <signal type="ipConfig">
+   <dnsSuffix>corp.microsoft.com</dnsSuffix>
+  </signal> 
+  <signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
+</and>
+</rule>
+```
+
+
+## Deploying Multifactor Unlock
+
+>[!IMPORTANT]
+>You need to remove all third party credential providers to ensure users cannot unlock their devices if they do not have the required factors. The fall back options are to use passwords or smart cards (both of which could be disabled as needed).
+
+### How to configure Multifactor Unlock policy settings
+
+You need a Windows 10, version 1709 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business  Group Policy settings, which includes muiltifactor unlock. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1709.
+
+Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
+
+
+### Create the Multifactor Unlock Group Policy object
+
+The Group Policy object contains the policy settings needed to trigger Windows Hello for Business provisioning and to ensure Windows Hello for Business authentication certificates are automatically renewed.
+
+>[!IMPORTANT]
+> * PIN **must** be in at least one of the groups
+> * Trusted signals **must** be combined with another credential provider
+> * You cannot use the same unlock factor to satisfy both categories. Therefore, if you include any credential provider in both categories, it means it can satisfy either category, but not both.
+
+1. Start the **Group Policy Management Console** (gpmc.msc)
+2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+3. Right-click **Group Policy object** and select **New**.
+4. Type *Multifactor Unlock* in the name box and click **OK**.
+5. In the content pane, right-click the **Multifactor Unlock** Group Policy object and click **Edit**.
+6. In the navigation pane, expand **Policies** under **Computer Configuration**.
+7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.<br>
+![Group Policy Editor](images/multifactorUnlock/gpme.png)
+8. In the content pane, double-click **Configure device unlock factors**. Click **Enable**.  The **Options** section populates the policy setting with default values.<br>
+![Multifactor Policy Setting](images/multifactorUnlock/gp-setting.png)
+9. Configure first and second unlock factors using the information in the [Configure Unlock Factors](#configuring-unlock-factors) section.
+10. If using trusted signals, configure the trusted signals used by the unlock factor using the information in the [Configure Signal Rules for the Trusted Signal Credential Provider](#configure-signal-rules-for-the-trusted-signal-credential-provider) section.
+11. Click **Ok** to close the **Group Policy Management Editor**. Use the **Group Policy Management Console** to deploy the newly created Group Policy object to your organization's computers.
+
+ ## Troubleshooting
+Mulitfactor unlock writes events to event log under **Application and Services Logs\Microsoft\Windows\HelloForBusiness** with the category name **Device Unlock**.
+
+### Events
+
+|Event ID|Details|
+|:------:|:------|
+|3520|Unlock attempt initiated|
+|5520|Unlock policy not configured|
+|6520|Warning event|
+|7520|Error event|
+|8520|Success event|
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 227053e01a..10032d6303 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -6,10 +6,10 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
-author: DaniHalfin
-ms.localizationpriority: high
-ms.author: daniha
-ms.date: 09/08/2017
+author: mikestephens-MS
+ms.author: mstephen
+localizationpriority: high
+ms.date: 03/26/2018
 ---
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services
 
@@ -36,7 +36,7 @@ Prepare the Active Directory Federation Services deployment by installing and up
 
 Sign-in the federation server with _local admin_ equivalent credentials.
 1.	Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If you’re not using Windows Update for updates, please advise the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed.
-2.	Ensure the latest server updates to the federation server includes [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658).
+2.	Ensure the latest server updates to the federation server includes [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).
 
 >[!IMPORTANT]
 >The above referenced updates are mandatory for Windows Hello for Business all on-premises deployment and hybrid certificate trust deployments for domain joined computers.
@@ -346,13 +346,6 @@ Sign-in the AD FS server with Domain Admin equivalent credentials.
     ```PowerShell
     Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplate WHFBEnrollmentAgent -WindowsHelloCertificateTemplate WHFBAuthentication
     ```
-
-
-The `Set-AdfsCertificateAuthority` cmdlet may show the following warning:
->WARNING: PS0343: Issuing Windows Hello certificates requires enabling a permitted strong authentication provider, but no usable providers are currently configured.  These authentication providers are not supported for Windows Hello certificates: CertificateAuthentication,MicrosoftPassportAuthentication. Windows Hello certificates will not be issued until a permitted strong authentication provider is configured.
-
-This warning indicates that you have not configured multi-factor authentication in AD FS and until it is configured, the AD FS server will not issue Windows Hello certificates.  Windows 10, version 1703 clients check this configuration during prerequisite checks.  If detected, the prerequisite check will not succeed and the user will not provision Windows Hello for Business on sign-in.
-
 >[!NOTE]
 > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates.  It’s important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
index d2126063c5..99a39e91b2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
@@ -6,10 +6,10 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
-author: DaniHalfin
-ms.localizationpriority: high
-ms.author: daniha
-ms.date: 07/27/2017
+author: mikestephens-MS
+ms.author: mstephen
+localizationpriority: high
+ms.date: 03/5/2018
 ---
 # Configure or Deploy Multifactor Authentication Services
 
@@ -523,7 +523,7 @@ Before you continue with the deployment, validate your deployment progress by re
 * Confirm you saved the changes to the web.config file.
 * Confirm you restarted the AD FS Service after completing the configuration.
 
-## Test AD FS with the Multifactor Authentication connector
+## Test Multifactor Authentication
 
 Now, you should test your Azure Multi-Factor Authentication server configuration before proceeding any further in the deployment.  The AD FS and Azure Multi-Factor Authentication server configurations are complete.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md
index 5c6fcc07d2..2cff590539 100644
--- a/windows/security/identity-protection/hello-for-business/hello-features.md
+++ b/windows/security/identity-protection/hello-for-business/hello-features.md
@@ -10,7 +10,7 @@ ms.pagetype: security, mobile
 author: mikestephens-MS
 ms.author: mstephen
 localizationpriority: high
-ms.date: 12/04/2017
+ms.date: 3/5/2018
 ---
 # Windows Hello for Business Features
 
@@ -20,7 +20,6 @@ Consider these additional features you can use after your organization deploys W
 * [Dynamic lock](#dynamic-lock)
 * [PIN reset](#pin-reset)
 * [Privileged credentials](#privileged-credentials)
-* [Mulitfactor Unlock](#multifactor-unlock)
 
 
 ## Conditional access 
@@ -113,7 +112,7 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10
 
 Set the value for this CSP to **True**.
 
-Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/device-windows-pin-reset#steps-to-reset-the-passcode) section to removely reset a PIN on an Intune managed device.
+Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/device-windows-pin-reset#steps-to-reset-the-passcode) section to remotely reset a PIN on an Intune managed device.
 
 ### On-premises Deployments
 
@@ -123,7 +122,7 @@ Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/d
 * Reset from settings - Windows 10, version 1703
 * Reset above Lock - Windows 10, version 1709
 
-On-premises deployments provide users with the ability to reset forgotton PINs either through the settings page or from above the user's lock screen.  Users must know or be provider their password for authentication, must perform a second factor of authentication, and then reprovision Windows Hello for Business.
+On-premises deployments provide users with the ability to reset forgotton PINs either through the settings page or from above the user's lock screen.  Users must know or be provided their password for authentication, must perform a second factor of authentication, and then reprovision Windows Hello for Business.
 
 >[!IMPORTANT]
 >Users must have corporate network connectivity to domain controllers and the AD FS server to reset their PINs.
@@ -146,84 +145,11 @@ On-premises deployments provide users with the ability to reset forgotton PINs e
 
 **Requirements**
 * Hybrid and On-premises Windows Hello for Business deployments
-* Domain Joined or Hybird Azure joined devices
+* Domain Joined or Hybrid Azure joined devices
 * Windows 10, version 1709
 
-The privileged credentials scenario enables administrators to perform elevated, admistrative funcions by enrolling both their non-privileged and privileged credentials on their device.
+The privileged credentials scenario enables administrators to perform elevated, administrative functions by enrolling both their non-privileged and privileged credentials on their device.
 
-By design, Windows 10 does not enumerate all Windows Hello for Business users from within a user's session.  Using the computer Group Policy setting, Allow enumeration of emulated smartd card for all users, you can configure a device to all this enumeration on selected devices.  
+By design, Windows 10 does not enumerate all Windows Hello for Business users from within a user's session.  Using the computer Group Policy setting, Allow enumeration of emulated smart card for all users, you can configure a device to all this enumeration on selected devices.  
 
 With this setting, administrative users can sign-in to Windows 10, version 1709 using their non-privileged Windows Hello for Business credentials for normal workflow such as email, but can launch Microsoft Managment Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN.  Administrators can also take advantage of this feature with command line applications by using **runas.exe** combined with the **/smartcard** argument.  This enables administrators to perform their day-to-day operations without needing to sign-in and out, or use fast user switching when alternativing between privileged and non-privileged workloads.
-
-## Multifactor Unlock
-
-**Requirements:**
-* Windows Hello for Business deployment (Hybrid or On-premises)
-* Hybird Azure AD joined (Hybrid deployments)
-* Domain Joined (on-premises deployments) 
-* Windows 10, version 1709
-* Bluetooth, Bluetooth capable smartphone - optional
-
-Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system.
-
-Windows 10 offers Multifactor device unlock by extending Windows Hello with trusted signals, administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. 
-
-Which organizations can take advanage of Multifactor unlock? Those who:
-* Have expressed that PINs alone do not meet their security needs.
-* Want to prevent Information Workers from sharing credentials.
-* Want their orgs to comply with regulatory two-factor authentication policy.
-* Want to retain the familiar Windows logon UX and not settle for a custom solution.
-
->[!IMPORTANT]
->Once the you deploy multifactor unlock policies, users are not be able to unlock their devices if they do not have the required factors. The fall back options are to use passwords or smart cards (both of which could be disabled as needed).
- 
-You enable multifactor unlock using Group Policy.  The **Configure device unlock factors** policy setting is located under **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**.
-
-The policy setting has three components:
-* First unlock factor credential provider
-* Second unlock factor credential provider 
-* Signal rules for device unlock 
-
-### The Basics: How it works
-
-First unlock factor credential provider and Second unlock credential provider are repsonsible for the bulk of the configuration.  Each of these components contains a globally unqiue identifier (GUID) that represents a different Windows credential provider.  With the policy setting enabled, users unlock the device using at least one credenital provider from each category before Windows allows the user to proceed to their desktop.
-
-The credenital providers included in the default policy settings are:
-
-|Credential Provider| GUID|
-|:------------------|:----:|
-|PIN | \{D6886603-9D2F-4EB2-B667-1971041FA96B}|  
-|Fingerprint | \{BEC09223-B018-416D-A0AC-523971B639F5}|
-|Facial Recognition | \{8AF662BF-65A0-4D0A-A540-A338A999D36F}|
-|Trusted Signal | \{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}|
-
-The default credential providers for the **First unlock factor credential provider** include:
-* PIN
-* Fingerprint
-* Facial Recongition
-
-The default credential providers for the **Second unlock factor credential provider** include:
-* Trusted Signal
-* PIN
-
-The **Signal rules for device unlock** setting contains the rules the Trusted Signal credential provider uses to satisfy unlocking the device. 
-
-The default signal rules for the policy setting include the proximity of any paired bluetooth smartphone.
-
-To successfully reach their desktop, the user must satisfy one credential provider from each category.  The order in which the user satisfies each credential provider does not matter.  Therefore, using the default policy setting a user can provide:
-* PIN and Fingerprint
-* PIN and Facial Recognition
-* Fingerprint and PIN
-* Facial Recognition and Trusted Signal (bluetooth paired smartphone)
-
->[!IMPORTANT]
-> * PIN **must** be in at least one of the groups
-> * Trusted signals **must** be combined with another credential provider
-> * You cannot use the same unlock factor to satisfy both categories. Therefore, if you include any credential provider in both categories, it means it can be used to satisfy either category, but not both.  
-
-
-
-
-
-
-
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index 57a3df8925..0ed566fedc 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -9,7 +9,7 @@ ms.pagetype: security, mobile
 author: mikestephens-MS
 ms.author: mstephen
 localizationpriority: high
-ms.date: 10/23/2017
+ms.date: 03/26/2018
 ---
 # Configure Device Registration for Hybrid Windows Hello for Business
 
@@ -88,7 +88,7 @@ Once you have your AD FS design ready, review [Deploying a Federation Server far
 > [!IMPORTANT]
 > During your AD FS deployment, skip the **Configure a federation server with Device Registration Service** and the **Configure Corporate DNS for the Federation Service and DRS** procedures.      
 
-The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658), which is automatically downloaded and installed through Windows Update.  If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
+The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).  If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
 
 #### ADFS Web Proxy ###
 Federation server proxies are computers that run AD FS software that have been configured manually to act in the proxy role. You can use federation server proxies in your organization to provide intermediary services between an Internet client and a federation server that is behind a firewall on your corporate network.
@@ -495,8 +495,7 @@ For your reference, below is a comprehensive list of the AD DS devices, containe
 
 ![Device Registration](images/hybridct/device8.png) 
  
-- object of type serviceConnectionpoint at CN=&lt;guid&gt;, CN=Device Registration
-- Configuration,CN=Services,CN=Configuration,DC=&lt;domain&gt;  
+- object of type serviceConnectionpoint at CN=&lt;guid&gt;, CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=&lt;domain&gt;  
   - read/write access to the specified AD connector account name on the new object 
 - object of type msDS-DeviceRegistrationServiceContainer at CN=Device Registration Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=&lt;domain&gt;
 - object of type msDS-DeviceRegistrationService in the above container
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index 6b742dba4b..ed3b027ada 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -9,7 +9,7 @@ ms.pagetype: security, mobile
 author: mikestephens-MS
 ms.author: mstephen
 localizationpriority: high
-ms.date: 11/08/2017
+ms.date: 03/26/2018
 ---
 # Hybrid Windows Hello for Business Prerequisites
 
@@ -80,12 +80,12 @@ Organizations using older directory synchronization technology, such as DirSync
 ## Federation ##
 Federating your on-premises Active Directory with Azure Active Directory ensures all identities have access to all resources regardless if they reside in cloud or on-premises.  Windows Hello for Business hybrid certificate trust needs Windows Server 2016 Active Directory Federation Services.  All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices.
 
-The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658), which is automatically downloaded and installed through Windows Update.  If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
+The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).  If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
 
 ### Section Review ###
 > [!div class="checklist"]
 > * Windows Server 2016 Active Directory Federation Services
-> * Minimum update of [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658)
+> * Minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889)
 
 <br>
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index 5109222155..622367ea79 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -9,7 +9,7 @@ ms.pagetype: security, mobile
 author: mikestephens-MS
 ms.author: mstephen
 localizationpriority: high
-ms.date: 10/23/2017
+ms.date: 03/26/2018
 ---
 # Hybrid Windows Hello for Business Provisioning
 
@@ -48,12 +48,14 @@ The provisioning flow has all the information it needs to complete the Windows H
 The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Azure Active Directory to register the public key.  AAD Connect syncrhonizes the user's key to the on-prem Active Directory.
 
 > [!IMPORTANT]
-> The minimum time needed to syncrhonize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
+> The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).
+
+> The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
 > **This synchronization latency delays the the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 > [!NOTE]
-> Microsoft is actively investigating ways to reduce the syncrhonization latency and delays in certificate enrollment with the goal to make certificate enrollment occur real-time.  
+> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning.  With this update, users no longer need to wait for Azure AD Connect to sync their  public key on-premises.  Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning. 
   
 After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate.  Windows send the certificate request to the AD FS server for certificate enrollment.
   
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 4acb7d887b..732ecc5a7e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -9,7 +9,7 @@ ms.pagetype: security, mobile
 localizationpriority: high
 author: mikestephens-MS
 ms.author: mstephen
-ms.date: 10/23/2017
+ms.date: 03/26/2018
 ---
 # Configure Windows Hello for Business: Active Directory Federation Services
 
@@ -36,11 +36,6 @@ Sign-in the AD FS server with *Domain Admin* equivalent credentials.
     ```
 
 
-The `Set-AdfsCertificateAuthority` cmdlet should show the following warning:
->WARNING: PS0343: Issuing Windows Hello certificates requires enabling a permitted strong authentication provider, but no usable providers are currently configured.  These authentication providers are not supported for Windows Hello certificates: CertificateAuthentication,MicrosoftPassportAuthentication. Windows Hello certificates will not be issued until a permitted strong authentication provider is configured.
-
-This warning indicates that you have not configured multi-factor authentication in AD FS and until it is configured, the AD FS server will not issue Windows Hello certificates.  Windows 10, version 1703 clients check this configuration during prerequisite checks.  If detected, the prerequisite check will not succeed and the user will not provision Windows Hello for Business on sign-in.
-
 >[!NOTE]
 > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates.  It's important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
index 3ade5c7cd8..52ec97995f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@@ -9,7 +9,7 @@ ms.pagetype: security, mobile
 author: mikestephens-MS
 ms.author: mstephen
 localizationpriority: high
-ms.date: 10/20/2017
+ms.date: 03/26/2018
 ---
 # Windows Hello for Business Key Trust New Installation
 
@@ -70,7 +70,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o
     
 ## Configure a Production Public Key Infrastructure
 
-If you do have an existing public key infrastructure, please review [Certification Authority Guidance](https://technet.microsoft.com/library/hh831574.aspx) from Microsoft TechNet to properly design your infrastructure.   Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348.aspx) for instructions on how to configure your public key infrastructure using the information from your design session.
+If you do not have an existing public key infrastructure, please review [Certification Authority Guidance](https://technet.microsoft.com/library/hh831574.aspx) from Microsoft TechNet to properly design your infrastructure.   Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348.aspx) for instructions on how to configure your public key infrastructure using the information from your design session.
 
 > [!IMPORTANT]
 > For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 43ce0a6db5..645efb6bee 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -1,5 +1,5 @@
 ---
-title: Hybrid Key trust Windows Hello for Business Prerequistes (Windows Hello for Business)
+title: Hybrid Key trust Windows Hello for Business Prerequisites (Windows Hello for Business)
 description: Prerequisites for Hybrid Windows Hello for Business Deployments
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust
 ms.prod: w10
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index b0e4a403a4..29fcf7faee 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -10,7 +10,7 @@ ms.pagetype: security, mobile
 author: mikestephens-MS
 ms.author: mstephen
 localizationpriority: high
-ms.date: 12/04/2017
+ms.date: 03/26/2018
 ---
 # Windows Hello for Business
 
@@ -43,12 +43,12 @@ The table shows the minimum requirements for each deployment.
 
 | Key trust</br>Group Policy managed | Certificate trust</br>Mixed managed | Key trust</br>Modern managed | Certificate trust</br>Modern managed | 
 | --- | --- | --- | --- |
-| Windows 10, version 1511 or later| Windows 10, version 1703 or later (domain joined)</br>Windows 10, version 1511 or later (cloud joined) | Windows 10, version 1511 or later | Windows 10, version 1511 or later |
+| Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**<br>  *Minimum:* Windows 10, version 1703<br>  *Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).</br>**Azure AD Joined:**<br>  Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later |
 | Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema |
 | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level| Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level |
 | Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | 
 | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
-| N/A | Windows Server 2016 AD FS with KB4022723 update (domain joined), and</br>Windows Server 2012 or later Network Device Enrollment Service (cloud joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
+| N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/en-us/help/4088889) (hybrid Azure AD joined clients),<br> and</br>Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
 | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter |
 | Azure Account | Azure Account | Azure Account | Azure Account |
 | Azure Active Directory | Azure Active Directory | Azure Active Directory | Azure Active Directory |
@@ -65,12 +65,15 @@ The table shows the minimum requirements for each deployment.
 | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
 | Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
 | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
-| Windows Server 2016 AD FS with [KB4022723 update](https://support.microsoft.com/en-us/help/4022723) | Windows Server 2016 AD FS with [KB4022723 update](https://support.microsoft.com/en-us/help/4022723) |
+| Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/en-us/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/en-us/help/4088889) |
 | AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter |
 | Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing |
 
 ## Frequently Asked Questions
 
+### Can I deploy Windows Hello for Business using System Center Configuration Manager?
+Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no long be supported after November 2018.
+
 ### What is the password-less strategy?
 
 Watch Senior Program Manager Karanbir Singh's Ignite 2017 presentation **Microsoft's guide for going password-less**
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index da1578c94d..827025586d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -9,7 +9,7 @@ ms.pagetype: security, mobile
 author: mikestephens-MS
 ms.author: mstephen
 localizationpriority: high
-ms.date: 10/10/2017
+ms.date: 03/26/2018
 ---
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services
 
@@ -36,7 +36,7 @@ Prepare the Active Directory Federation Services deployment by installing and up
 
 Sign-in the federation server with _local admin_ equivalent credentials.
 1.	Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If you’re not using Windows Update for updates, please review the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed.
-2.	Ensure the latest server updates to the federation server includes [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658).
+2.	Ensure the latest server updates to the federation server includes [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).
 
 >[!IMPORTANT]
 >The above referenced updates are mandatory for Windows Hello for Business all on-premises deployment and hybrid certificate trust deployments for domain joined computers.
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 331d1f28df..880d8394b1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -9,13 +9,12 @@ ms.pagetype: security, mobile
 author: mikestephens-MS
 ms.author: mstephen
 localizationpriority: high
-ms.date: 10/20/2017
+ms.date: 03/26/2018
 ---
 # Planning a Windows Hello for Business Deployment
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
 
 > This guide only applies to Windows 10, version 1511 or higher.
 
@@ -70,7 +69,7 @@ It’s fundamentally important to understand which deployment model to use for a
 
 #### Trust types
 
-A deployments trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory.  There are two trusts types, key trust and certificate trust. 
+A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory.  There are two trust types: key trust and certificate trust. 
   
 The key trust type does not require issuing authentication certificates to end users.  Users authenticate using a hardware-bound key created during an in-box provisioning experience, which requires an adequate distribution of Windows Server 2016 domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment.  Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 
@@ -86,9 +85,9 @@ The in-box Windows Hello for Business provisioning experience creates a hardware
 
 #### Multifactor authentication
 
-The goal of Windows Hello for Business is to move organizations away from passwords by providing them a strong credential that providers easy two-factor authentication.  The inbox provisioning experience accepts the user’s weak credentials (username and password) as the first factor authentication; however, the user must provide a second factor of authentication before Windows provisions a strong credential.  
+The goal of Windows Hello for Business is to move organizations away from passwords by providing them a strong credential that provides easy two-factor authentication.  The inbox provisioning experience accepts the user’s weak credentials (username and password) as the first factor authentication; however, the user must provide a second factor of authentication before Windows provisions a strong credential.  
 
-Cloud only and hybrid deployments provide many choices for multifactor authentication.  On-premises deployments must use a multifactor authentication that provides an AD FS multifactor adapter to be used in conjunction with the on-premises Windows Server 2016 AD FS server role. Organizations can use from the on-premises Azure Multifactor Authentication server, or choose from several third parties (Read [Microsoft and third-party additional authentication methods](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods) for more information).
+Cloud only and hybrid deployments provide many choices for multifactor authentication.  On-premises deployments must use a multifactor authentication that provides an AD FS multifactor adapter to be used in conjunction with the on-premises Windows Server 2016 AD FS server role. Organizations can use the on-premises Azure Multifactor Authentication server, or choose from several third parties (Read [Microsoft and third-party additional authentication methods](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods) for more information).
 >[!NOTE]
 > Azure Multi-Factor Authentication is available through:
 >* Microsoft Enterprise Agreement
@@ -102,11 +101,11 @@ Cloud only and hybrid deployments provide many choices for multifactor authentic
 
 #### Directory synchronization
 
-Hybrid and on-premises deployments use directory synchronization, however, each for a different purpose.  Hybrid deployments use Azure Active Directory Connect to synchronization Active Directory identities or credentials between itself and Azure Active Directory. This helps enable single sign-on to Azure Active Directory and its federated components.
+Hybrid and on-premises deployments use directory synchronization, however, each for a different purpose.  Hybrid deployments use Azure Active Directory Connect to synchronize Active Directory identities or credentials between itself and Azure Active Directory. This helps enable single sign-on to Azure Active Directory and its federated components.
 
 ### Management
 
-Windows Hello for Business provides organizations with a rich set of granular policy setting with which they can use to manage their devices and users.  There are three ways in which you can manage Windows Hello for Business: Group Policy, Modern Management, and Mixed.
+Windows Hello for Business provides organizations with a rich set of granular policy settings with which they can use to manage their devices and users.  There are three ways in which you can manage Windows Hello for Business: Group Policy, Modern Management, and Mixed.
 
 #### Group Policy
 
@@ -129,11 +128,11 @@ Hybrid and on-premises deployments include Active Directory as part of their inf
 
 ### Public Key Infrastructure
 
-The Windows Hello for Business deployment depends on an enterprise public key infrastructure a trust anchor for authentication. Domain controllers for hybrid and on-prem deployments need a certificate in order for Windows 10 devices to trust the domain controller as legitimate. Deployments using the certificate trust type need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  Hybrid deployments may need to issue VPN certificates to users to enable connectivity on-premises resources.
+The Windows Hello for Business deployment depends on an enterprise public key infrastructure as a trust anchor for authentication. Domain controllers for hybrid and on-prem deployments need a certificate in order for Windows 10 devices to trust the domain controller as legitimate. Deployments using the certificate trust type need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  Hybrid deployments may need to issue VPN certificates to users to enable connectivity on-premises resources.
 
 ### Cloud
 
-Some deployment combinations require an Azure account and some require Azure Active Directory for user identities.  These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiate the components that are needed from the those that are optional.
+Some deployment combinations require an Azure account and some require Azure Active Directory for user identities.  These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from the those that are optional.
 
 ## Planning a Deployment
 
@@ -147,13 +146,13 @@ Choose the deployment model based on the resources your users access.  Use the f
 
 If your organization does not have on-premises resources, write **Cloud Only** in box **1a** on your planning worksheet.
 
-If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users access cloud and on-premises resources, write **Hyrbid** in box **1a** on your planning worksheet.
+If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet.
 
 If your organization does not have cloud resources, write **On-Premises** in box **1a** on your planning worksheet.
 >[!NOTE]
->If you’re unsure if your organization is federated, run the following Active Directory Windows PowerShell command from and elevated Windows PowerShell prompt and evaluate the results.  
->```Get-AdObject “CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com -Properties keywords```
->* If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS.  Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**.  If the object truly does not exists, then you environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type.
+>If you’re unsure if your organization is federated, run the following Active Directory Windows PowerShell command from an elevated Windows PowerShell prompt and evaluate the results.  
+>```Get-AdObject “CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com" -Properties keywords```
+>* If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS.  Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**.  If the object truly does not exist, then you environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type.
 >* If the command returns a value, compare that value with the values below.  The value indicates the deployment model you should implement
 >    * If the value begins with **azureADName:**  – write **Hybrid** in box **1a**on your planning worksheet.
  >   * If the value begins with **enterpriseDrsName:** – write **On-Premises** in box **1a** on your planning worksheet.
@@ -176,7 +175,7 @@ A successful Windows Hello for Business requires all devices to register with th
 
 If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, write **Azure** in box **1c** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **on-premises**, write **AF FS** in box **1c** on your planning worksheet.
+If box **1a** on your planning worksheet reads **on-premises**, write **AD FS** in box **1c** on your planning worksheet.
 
 ### Key Registration
 
@@ -184,7 +183,7 @@ All users provisioning Windows Hello for Business have their public key register
 
 If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, write **Azure** in box **1d** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **on-premises**, write **AF FS** in box **1d** on your planning worksheet.
+If box **1a** on your planning worksheet reads **on-premises**, write **AD FS** in box **1d** on your planning worksheet.
 
 ### Directory Synchronization
 
@@ -235,7 +234,7 @@ If box **1a** on your planning worksheet reads **on-prem**, write **GP** in box
 
 Managing hybrid deployments includes two categories of devices to consider for your Windows Hello for Business deployment—domain joined and non-domain joined.  All devices are registered, however, not all devices are domain joined.  You have the option of using Group Policy for domain joined devices and modern management for non-domain joined devices. Or, you can use modern management for both domain and non-domain joined devices.  
 
-If you use Group Policy to manage your domain joined devices, write **GP** in box **2a** on your planning worksheet, Write **modern management** in box **2b** if you decide to manage non-domain joined devices; otherwise, write **N/A**.  
+If you use Group Policy to manage your domain joined devices, write **GP** in box **2a** on your planning worksheet. Write **modern management** in box **2b** if you decide to manage non-domain joined devices; otherwise, write **N/A**.  
 
 If you use modern management for both domain and non-domain joined devices, write **modern management** in box **2a** and **2b** on your planning worksheet.
 
@@ -261,7 +260,7 @@ Write **1703 or later** in box **3a** on your planning worksheet if any of the f
 
 ### Active Directory
 
-The Active Directory portion of the planning guide should be complete.  Most of conditions are baseline prerequisites except for your domain controllers.  The domain controllers used in your deployment are decided by the chosen trust type. 
+The Active Directory portion of the planning guide should be complete.  Most of the conditions are baseline prerequisites except for your domain controllers.  The domain controllers used in your deployment are decided by the chosen trust type. 
 
 Review the trust type portion of this section if box **4d** on your planning worksheet remains empty.
 
@@ -285,7 +284,7 @@ If box **2a** reads **GP** and box **2b** reads **modern management**, write **A
 | Web Server | NDES |
 | CEP Encryption | NDES |
 
-If box **2a** reads **GP** and box **2b** reads **N/A**, write **AD FA RA** in box **5b** and write the following certificate template names and issuances in box **5c** on your planning worksheet.
+If box **2a** reads **GP** and box **2b** reads **N/A**, write **AD FS RA** in box **5b** and write the following certificate template names and issuances in box **5c** on your planning worksheet.
 
 | Certificate Template Name | Issued To |
 | --- | --- |
@@ -306,7 +305,7 @@ Nearly all deployments of Windows Hello for Business require an Azure account.
 
 If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, write **Yes** in boxes **6a** and **6b** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **on-premises**, and box **1f** reads **AD FS with third party**, write **No** in box **6a** on your planning worksheet. Otherwise, write **Yes** in box **1f** as you need an Azure account for per-consumption MFA billing. Write **No** in box **6b** on your planning worksheet—on-premises deployments do not use the cloud directory.
+If box **1a** on your planning worksheet reads **on-premises**, and box **1f** reads **AD FS with third party**, write **No** in box **6a** on your planning worksheet. Otherwise, write **Yes** in box **6a** as you need an Azure account for per-consumption MFA billing. Write **No** in box **6b** on your planning worksheet—on-premises deployments do not use the cloud directory.
 
 Windows Hello for Business does not require an Azure AD premium subscription.  However, some dependencies do.
 
diff --git a/windows/security/identity-protection/hello-for-business/images/multifactorUnlock/gp-setting.png b/windows/security/identity-protection/hello-for-business/images/multifactorUnlock/gp-setting.png
new file mode 100644
index 0000000000..47823d76a8
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/multifactorUnlock/gp-setting.png differ
diff --git a/windows/security/identity-protection/hello-for-business/images/multifactorUnlock/gpme.png b/windows/security/identity-protection/hello-for-business/images/multifactorUnlock/gpme.png
new file mode 100644
index 0000000000..fd7afd80cb
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/multifactorUnlock/gpme.png differ
diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md
index 81267549c1..ae838d1fcc 100644
--- a/windows/security/identity-protection/hello-for-business/toc.md
+++ b/windows/security/identity-protection/hello-for-business/toc.md
@@ -22,7 +22,7 @@
 #### [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
 
 ### [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md)
-#### [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+#### [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 #### [New Installation Baseline](hello-hybrid-cert-new-install.md)
 #### [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 #### [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings.md)
@@ -43,4 +43,5 @@
 ##### [Configure or Deploy Multifactor Authentication Services](hello-cert-trust-deploy-mfa.md)
 #### [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
 
-## [Windows Hello for Business Features](hello-features.md)
\ No newline at end of file
+## [Windows Hello for Business Features](hello-features.md)
+### [Multifactor Unlock](feature-multifactor-unlock.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 829934ef39..7d22c3efb9 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -1,20 +1,21 @@
 ---
 title: VPN and conditional access (Windows 10)
-description: tbd
+description: The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application. 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: jdeckerms
+author: shortpatti
+ms.author: pashort
+manager: elizapo
+ms.reviewer: 
 ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/20/2018
 ---
 
 # VPN and conditional access
 
-**Applies to**
--   Windows 10
--   Windows 10 Mobile
+>Applies to: Windows 10 and Windows 10 Mobile
 
 The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.  
 
@@ -44,13 +45,13 @@ Conditional Access Platform components used for Device Compliance include the fo
     - Encryption compliance
     - Device health attestation state (validated against attestation service after query)
 
-
 The following client-side components are also required:
 - [HealthAttestation Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn934876.aspx)
 - [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) DeviceCompliance node settings
 - Trusted Platform Module (TPM)
 
 ## VPN device compliance 
+According to the VPNv2 CSP, these settings options are **Optional**.  If you want your users to access on-premises resources, such as files on a network share, based on the credential of a certificate that was issued by an on-premises CA, and not the Cloud CA certificate, you add these settings to the VPNv2 profile.  Alternatively, if you add the cloud root certificates to the NTAuth store in on-prem AD, your user's cloud certificate will chain and KDC will issue TGT and TGS tickets to them.
 
 Server-side infrastructure requirements to support VPN device compliance include:
 
@@ -65,9 +66,9 @@ After the server side is set up, VPN admins can add the policy settings for cond
 Two client-side configuration service providers are leveraged for VPN device compliance.
 
 - VPNv2 CSP DeviceCompliance settings
-   - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client will attempt to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD.
-   - **Sso**: nodes under SSO can be used to choose a certificate different from the VPN authentication certificate for  Kerberos authentication in the case of device compliance.
-   - **Sso/Enabled**: if this field is set to **true**, the VPN client will look for a separate certificate for Kerberos authentication.
+   - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client attempts to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD.
+   - **Sso**: nodes under SSO can be used to choose a certificate different from the VPN authentication certificate for Kerberos authentication in the case of device compliance.
+   - **Sso/Enabled**: if this field is set to **true**, the VPN client looks for a separate certificate for Kerberos authentication.
    - **Sso/IssuerHash**: hashes for the VPN client to look for the correct certificate for Kerberos authentication.
    - **Sso/Eku**: comma-separated list of Enhanced Key Usage (EKU) extensions for the VPN client to look for the correct certificate for Kerberos authentication.
 - HealthAttestation CSP (not a requirement) - functions performed by the HealthAttestation CSP include:
@@ -76,14 +77,16 @@ Two client-side configuration service providers are leveraged for VPN device com
    - Provisions the Health Attestation Certificate received from the HAS
    - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification
    
+>[!NOTE]
+>Enabling SSO is not necessarily required unless you want VPN users to be issued Kerberos tickets to access on-premises resources using a certificate issued by the on-premises CA; not the cloud certificate issued by AAD.
+
+
 ## Client connection flow
-
-
-The  VPN client side connection flow works as follows:
+The VPN client side connection flow works as follows:
 
 ![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png)
  
-When a Device Compliance-enabled VPN connection profile is triggered (either manually or automatically):
+When a VPNv2 Profile is configured with \<DeviceCompliance> \<Enabled>true<\/Enabled> the VPN client uses this connection flow:
 
 1.	 The VPN client calls into Windows 10’s AAD Token Broker, identifying itself as a VPN client.
 2.	 The Azure AD Token Broker authenticates to Azure AD and provides it with information about the device trying to connect. The Azure AD Server checks if the device is in compliance with the policies.
@@ -91,19 +94,10 @@ When a Device Compliance-enabled VPN connection profile is triggered (either man
 4.	 Azure AD pushes down a short-lived certificate to the Certificate Store via the Token Broker. The Token Broker then returns control back over to the VPN client for further connection  processing.
 5. The VPN client uses the Azure AD-issued certificate to authenticate with the VPN server.
 
-
-
 ## Configure conditional access
 
 See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. 
 
-The following image shows conditional access options in a VPN Profile configuration policy using Microsoft Intune.
-
-![conditional access in profile](images/vpn-conditional-access-intune.png)
-
->[!NOTE]
->In Intune, the certificate selected in **Select a client certificate for client authentication** does not set any VPNv2 CSP nodes. It is simply a way to tie the VPN profile’s successful provisioning to the existence of a certificate. If you are enabling conditional access and using the Azure AD short-lived certificate for both VPN server authentication and domain resource authentication, do not select a certificate since the short-lived certificate is not a certificate that would be on the user’s device yet.
-
 ## Learn more about Conditional Access and Azure AD Health
 
 - [Azure Active Directory conditional access](https://azure.microsoft.com/documentation/articles/active-directory-conditional-access/)
@@ -115,9 +109,7 @@ The following image shows conditional access options in a VPN Profile configurat
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 4)](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/16/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-4/)
 
 
-
 ## Related topics
-
 - [VPN technical guide](vpn-guide.md)
 - [VPN connection types](vpn-connection-type.md)
 - [VPN routing decisions](vpn-routing.md)
diff --git a/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index 7ce6c1be29..04fceb336d 100644
--- a/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -1,5 +1,5 @@
 ---
-title: Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security (Windows 10)
+title: Open the Group Policy Management Console to Windows Defender Firewall (Windows 10)
 description: Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security
 ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760
 ms.prod: w10
@@ -7,10 +7,10 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-ms.date: 08/17/2017
+ms.date: 04/02/2017
 ---
 
-# Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security
+# Open the Group Policy Management Console to Windows Defender Firewall
 
 **Applies to**
 -   Windows 10
@@ -18,10 +18,8 @@ ms.date: 08/17/2017
 
 To open a GPO to Windows Defender Firewall:
 
-1.  Open the Active Directory Users and Computers console.
+1.  Open the Group Policy Management console.
 
-2.  In the navigation pane, expand *YourDomainName*, right-click the container that your GPO is linked to, and then click **Properties**.
+2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**.
 
-3.  Click the **Group Policy** tab, select your GPO, and then click **Edit**.
-
-4.  In the navigation pane of the Group Policy Object Editor, navigate to **Computer Configuration** > **Administrative Templates** > **Network** > **Network Connections** > **Windows Defender Firewall**.
\ No newline at end of file
+3.  In the navigation pane of the Group Policy Object Editor, navigate to **Computer Configuration** > **Administrative Templates** > **Network** > **Network Connections** > **Windows Defender Firewall**.
\ No newline at end of file
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index bb2ff3ed96..bdeb514ae1 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -18,7 +18,7 @@ This topic explains how BitLocker Device Encryption  can help protect data on de
 For an architectural overview about how BitLocker Device Encryption  works with Secure Boot, see [Secure boot and BitLocker Device Encryption overview](https://docs.microsoft.com/windows-hardware/drivers/bringup/secure-boot-and-device-encryption-overview). 
 For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md).
 
-When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives; in Windows 10, BitLocker will even protect individual files, with data loss prevention capabilities. Windows consistently improves data protection by improving existing options and by providing new strategies.
+When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies.
 
 Table 2 lists specific data-protection concerns and how they are addressed in Windows 10 and Windows 7.
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
index b56af7542a..267a2e2428 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
@@ -336,7 +336,7 @@ To use Network Unlock you must also have a PIN configured for your computer. Whe
 BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before you can use it.
 
 Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector it will prompt you to enter your PIN. If the PIN is 
-not available you will need to use the recovery key to unlock the computer if it can ot be connected to the network.
+not available you will need to use the recovery key to unlock the computer if it can not be connected to the network.
 
 For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index d5952e711b..961c0d224c 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -108,7 +108,7 @@ For Azure AD-joined computers, including virtual machines, the recovery password
 ``` 
 PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
 
-PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:”
+PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"
 
 PS C:\>BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
 ``` 
@@ -118,7 +118,7 @@ For domain-joined computers, including servers, the recovery password should be
 ``` 
 PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
 
-PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:”
+PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"
 
 PS C:\>Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
  ```
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 9e780394d7..6505ce3f4a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -24,15 +24,6 @@ This article assumes that you understand how to set up AD DS to back up BitLock
 
 This article does not detail how to configure AD DS to store the BitLocker recovery information.
 
-This article contains the following topics:
-
--   [What Is BitLocker Recovery?](#bkmk-whatisrecovery)
--   [Testing Recovery](#bkmk-testingrecovery)
--   [Planning Your Recovery Process](#bkmk-planningrecovery)
--   [Using Additional Recovery Information](#bkmk-usingaddrecovery)
--   [Resetting Recovery Passwords](#bkmk-appendixb)
--   [Retrieving the BitLocker Key Package](#bkmk-appendixc)
-
 ## <a href="" id="bkmk-whatisrecovery"></a>What is BitLocker recovery?
 
 BitLocker recovery is the process by which you can restore access to a BitLocker-protected drive in the event that you cannot unlock the drive normally. In a recovery scenario you have the following options to restore access to the drive:
@@ -109,7 +100,7 @@ Before you create a thorough BitLocker recovery process, we recommend that you t
 2.  At the command prompt, type the following command and then press ENTER:
     `manage-bde. -ComputerName <RemoteComputerName> -forcerecovery <BitLockerVolume>`
 
-> **Note:**  Recovery triggered by `-forcerecovery` persists for multiple restarts until a TPM protector is added or protection is suspended by the user.
+> **Note:**  Recovery triggered by `-forcerecovery` persists for multiple restarts until a TPM protector is added or protection is suspended by the user. When using Modern Standby devices (such as Surface devices), the `-forcerecovery` option is not recommended because BitLocker will have to be unlocked and disabled manually from the WinRE environment before the OS can boot up again. For more information, see [BitLocker Troubleshooting: Continuous reboot loop with BitLocker recovery on a slate device](https://social.technet.microsoft.com/wiki/contents/articles/18671.bitlocker-troubleshooting-continuous-reboot-loop-with-bitlocker-recovery-on-a-slate-device.aspx).
  
 ## <a href="" id="bkmk-planningrecovery"></a>Planning your recovery process
 
diff --git a/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png b/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png
new file mode 100644
index 0000000000..19fd27b480
Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png differ
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
index c68ad8e70c..20431799cb 100644
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -62,7 +62,7 @@ WIP provides:
 
 - Additional data protection for existing line-of-business apps without a need to update the apps.
 
-- Ability to wipe corporate data from devices while leaving personal data alone.
+- Ability to wipe corporate data from Intune MDM enrolled devices while leaving personal data alone.
 
 - Use of audit reports for tracking issues and remedial actions.
 
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 8c67c0d721..c262cdc23d 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -17,6 +17,7 @@
 
 ## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)
 ###Get started
+<<<<<<< HEAD
 #### [Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md)
 #### [Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md)
 #### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
@@ -40,6 +41,33 @@
 #### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md)
 #### [View the Security operations dashboard](windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md)
 #### [View the Security analytics dashboard](windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+=======
+#### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md)
+#### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+#### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
+#### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
+#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
+### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+#### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune)
+##### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+#### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+#### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+#### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
+#### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
+#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+### [Understand the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
+#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
+#### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+>>>>>>> e29efea6d2a8cab479d5d47c6a477a512c12ce8b
 
 ###Investigate and remediate threats
 ####Alerts queue
@@ -52,6 +80,9 @@
 ##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
 ##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
 
+
+
+
 ####Machines list
 ##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
 ##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
@@ -83,6 +114,11 @@
 ####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
 ####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
 
+#### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
+#### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
 ###API and SIEM support
 #### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
 ##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
@@ -166,6 +202,7 @@
 #### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
 
 ###Check service health and sensor state
+<<<<<<< HEAD
 #### [Check sensor state](windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md)
 ##### [Fix unhealthy sensors](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
 ##### [Inactive machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
@@ -375,6 +412,231 @@
 ##### [Tools to Use with AppLocker](windows-defender-application-control/applocker/tools-to-use-with-applocker.md)
 ###### [Using Event Viewer with AppLocker](windows-defender-application-control/applocker/using-event-viewer-with-applocker.md)
 ##### [AppLocker Settings](windows-defender-application-control/applocker/applocker-settings.md)
+=======
+#### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
+##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
+#### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
+### [Configure Windows Defender ATP Settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
+
+####General
+##### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
+##### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
+##### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
+##### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
+
+####Permissions
+##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
+##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
+
+####APIs
+##### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+####Rules
+##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+##### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+##### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+
+####Machine management
+##### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
+
+### [Configure Windows Defender ATP time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
+
+### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
+### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
+#### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
+### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
+
+##	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
+### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
+
+### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
+
+### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+#### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
+
+
+### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
+
+
+### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
+#### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
+##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
+#### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
+##### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
+#### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
+##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
+##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
+##### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
+##### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
+##### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+
+
+### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
+#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
+##### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
+##### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
+##### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
+##### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+#### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
+##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
+#### [Configure end-user interaction with Windows Defender AV](windows-defender-antivirus\configure-end-user-interaction-windows-defender-antivirus.md)
+##### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md)
+##### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md)
+##### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md)
+
+
+### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
+#### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
+##### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
+##### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+##### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
+#### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
+#### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
+#### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
+#### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
+#### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
+#### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
+
+
+### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
+
+
+
+### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
+#### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
+#### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
+#### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
+#### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
+#### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
+
+
+
+## [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md)
+### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
+#### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
+#### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md)
+
+### [Exploit protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
+#### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
+#### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
+#### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
+#### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
+##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard\import-export-exploit-protection-emet-xml.md)
+### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
+#### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
+#### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
+#### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md)
+#### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md)
+### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md)
+#### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
+#### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md)
+#### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md)
+### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md)
+#### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
+#### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
+#### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
+
+
+## [Windows Defender Application Control](windows-defender-application-control.md)
+
+## [Enable HVCI](enable-virtualization-based-protection-of-code-integrity.md)
+
+## [AppLocker](applocker\applocker-overview.md)
+### [Administer AppLocker](applocker\administer-applocker.md)
+#### [Maintain AppLocker policies](applocker\maintain-applocker-policies.md)
+#### [Edit an AppLocker policy](applocker\edit-an-applocker-policy.md)
+#### [Test and update an AppLocker policy](applocker\test-and-update-an-applocker-policy.md)
+#### [Deploy AppLocker policies by using the enforce rules setting](applocker\deploy-applocker-policies-by-using-the-enforce-rules-setting.md)
+#### [Use the AppLocker Windows PowerShell cmdlets](applocker\use-the-applocker-windows-powershell-cmdlets.md)
+#### [Use AppLocker and Software Restriction Policies in the same domain](applocker\use-applocker-and-software-restriction-policies-in-the-same-domain.md)
+#### [Optimize AppLocker performance](applocker\optimize-applocker-performance.md)
+#### [Monitor app usage with AppLocker](applocker\monitor-application-usage-with-applocker.md)
+#### [Manage packaged apps with AppLocker](applocker\manage-packaged-apps-with-applocker.md)
+#### [Working with AppLocker rules](applocker\working-with-applocker-rules.md)
+##### [Create a rule that uses a file hash condition](applocker\create-a-rule-that-uses-a-file-hash-condition.md)
+##### [Create a rule that uses a path condition](applocker\create-a-rule-that-uses-a-path-condition.md)
+##### [Create a rule that uses a publisher condition](applocker\create-a-rule-that-uses-a-publisher-condition.md)
+##### [Create AppLocker default rules](applocker\create-applocker-default-rules.md)
+##### [Add exceptions for an AppLocker rule](applocker\configure-exceptions-for-an-applocker-rule.md)
+##### [Create a rule for packaged apps](applocker\create-a-rule-for-packaged-apps.md)
+##### [Delete an AppLocker rule](applocker\delete-an-applocker-rule.md)
+##### [Edit AppLocker rules](applocker\edit-applocker-rules.md)
+##### [Enable the DLL rule collection](applocker\enable-the-dll-rule-collection.md)
+##### [Enforce AppLocker rules](applocker\enforce-applocker-rules.md)
+##### [Run the Automatically Generate Rules wizard](applocker\run-the-automatically-generate-rules-wizard.md)
+#### [Working with AppLocker policies](applocker\working-with-applocker-policies.md)
+##### [Configure the Application Identity service](applocker\configure-the-application-identity-service.md)
+##### [Configure an AppLocker policy for audit only](applocker\configure-an-applocker-policy-for-audit-only.md)
+##### [Configure an AppLocker policy for enforce rules](applocker\configure-an-applocker-policy-for-enforce-rules.md)
+##### [Display a custom URL message when users try to run a blocked app](applocker\display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md)
+##### [Export an AppLocker policy from a GPO](applocker\export-an-applocker-policy-from-a-gpo.md)
+##### [Export an AppLocker policy to an XML file](applocker\export-an-applocker-policy-to-an-xml-file.md)
+##### [Import an AppLocker policy from another computer](applocker\import-an-applocker-policy-from-another-computer.md)
+##### [Import an AppLocker policy into a GPO](applocker\import-an-applocker-policy-into-a-gpo.md)
+##### [Add rules for packaged apps to existing AppLocker rule-set](applocker\add-rules-for-packaged-apps-to-existing-applocker-rule-set.md)
+##### [Merge AppLocker policies by using Set-ApplockerPolicy](applocker\merge-applocker-policies-by-using-set-applockerpolicy.md)
+##### [Merge AppLocker policies manually](applocker\merge-applocker-policies-manually.md)
+##### [Refresh an AppLocker policy](applocker\refresh-an-applocker-policy.md)
+##### [Test an AppLocker policy by using Test-AppLockerPolicy](applocker\test-an-applocker-policy-by-using-test-applockerpolicy.md)
+### [AppLocker design guide](applocker\applocker-policies-design-guide.md)
+#### [Understand AppLocker policy design decisions](applocker\understand-applocker-policy-design-decisions.md)
+#### [Determine your application control objectives](applocker\determine-your-application-control-objectives.md)
+#### [Create a list of apps deployed to each business group](applocker\create-list-of-applications-deployed-to-each-business-group.md)
+##### [Document your app list](applocker\document-your-application-list.md)
+#### [Select the types of rules to create](applocker\select-types-of-rules-to-create.md)
+##### [Document your AppLocker rules](applocker\document-your-applocker-rules.md)
+#### [Determine the Group Policy structure and rule enforcement](applocker\determine-group-policy-structure-and-rule-enforcement.md)
+##### [Understand AppLocker enforcement settings](applocker\understand-applocker-enforcement-settings.md)
+##### [Understand AppLocker rules and enforcement setting inheritance in Group Policy](applocker\understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md)
+##### [Document the Group Policy structure and AppLocker rule enforcement](applocker\document-group-policy-structure-and-applocker-rule-enforcement.md)
+#### [Plan for AppLocker policy management](applocker\plan-for-applocker-policy-management.md)
+##### [Document your application control management processes](applocker\document-your-application-control-management-processes.md)
+#### [Create your AppLocker planning document](applocker\create-your-applocker-planning-document.md)
+### [AppLocker deployment guide](applocker\applocker-policies-deployment-guide.md)
+#### [Understand the AppLocker policy deployment process](applocker\understand-the-applocker-policy-deployment-process.md)
+#### [Requirements for Deploying AppLocker Policies](applocker\requirements-for-deploying-applocker-policies.md)
+#### [Use Software Restriction Policies and AppLocker policies](applocker\using-software-restriction-policies-and-applocker-policies.md)
+#### [Create Your AppLocker policies](applocker\create-your-applocker-policies.md)
+##### [Create Your AppLocker rules](applocker\create-your-applocker-rules.md)
+#### [Deploy the AppLocker policy into production](applocker\deploy-the-applocker-policy-into-production.md)
+##### [Use a reference device to create and maintain AppLocker policies](applocker\use-a-reference-computer-to-create-and-maintain-applocker-policies.md)
+###### [Determine which apps are digitally signed on a reference device](applocker\determine-which-applications-are-digitally-signed-on-a-reference-computer.md)
+###### [Configure the AppLocker reference device](applocker\configure-the-appLocker-reference-device.md)
+### [AppLocker technical reference](applocker\applocker-technical-reference.md)
+#### [What Is AppLocker?](applocker\what-is-applocker.md)
+#### [Requirements to use AppLocker](applocker\requirements-to-use-applocker.md)
+#### [AppLocker policy use scenarios](applocker\applocker-policy-use-scenarios.md)
+#### [How AppLocker works](applocker\how-applocker-works-techref.md)
+##### [Understanding AppLocker rule behavior](applocker\understanding-applocker-rule-behavior.md)
+##### [Understanding AppLocker rule exceptions](applocker\understanding-applocker-rule-exceptions.md)
+##### [Understanding AppLocker rule collections](applocker\understanding-applocker-rule-collections.md)
+##### [Understanding AppLocker allow and deny actions on rules](applocker\understanding-applocker-allow-and-deny-actions-on-rules.md)
+##### [Understanding AppLocker rule condition types](applocker\understanding-applocker-rule-condition-types.md)
+###### [Understanding the publisher rule condition in AppLocker](applocker\understanding-the-publisher-rule-condition-in-applocker.md)
+###### [Understanding the path rule condition in AppLocker](applocker\understanding-the-path-rule-condition-in-applocker.md)
+###### [Understanding the file hash rule condition in AppLocker](applocker\understanding-the-file-hash-rule-condition-in-applocker.md)
+##### [Understanding AppLocker default rules](applocker\understanding-applocker-default-rules.md)
+###### [Executable rules in AppLocker](applocker\executable-rules-in-applocker.md)
+###### [Windows Installer rules in AppLocker](applocker\windows-installer-rules-in-applocker.md)
+###### [Script rules in AppLocker](applocker\script-rules-in-applocker.md)
+###### [DLL rules in AppLocker](applocker\dll-rules-in-applocker.md)
+###### [Packaged apps and packaged app installer rules in AppLocker](applocker\packaged-apps-and-packaged-app-installer-rules-in-applocker.md)
+#### [AppLocker architecture and components](applocker\applocker-architecture-and-components.md)
+#### [AppLocker processes and interactions](applocker\applocker-processes-and-interactions.md)
+#### [AppLocker functions](applocker\applocker-functions.md)
+#### [Security considerations for AppLocker](applocker\security-considerations-for-applocker.md)
+#### [Tools to Use with AppLocker](applocker\tools-to-use-with-applocker.md)
+##### [Using Event Viewer with AppLocker](applocker\using-event-viewer-with-applocker.md)
+#### [AppLocker Settings](applocker\applocker-settings.md)
+>>>>>>> e29efea6d2a8cab479d5d47c6a477a512c12ce8b
 
 ## [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
 
diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index f2d774c843..0c5a957bec 100644
--- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -15,18 +15,7 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies.
+Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista. 
+There is no difference in security auditing support between 32-bit and 64-bit versions. 
+Windows editions that cannot join a domain, such as Windows 10 Home edition, do not have access to these features. 
 
-Versions of the Windows operating system that cannot join a domain do not have access to these features. There is no difference in security auditing support between 32-bit and 64-bit versions.
-
-## Are there any special considerations?
-
-In addition, the following special considerations apply to the various tasks associated with advanced security auditing enhancements:
-
--   **Creating an audit policy.** To create an advanced security auditing policy, you must use a computer running any supported version of Windows. You can use the Group Policy Management Console (GPMC) on a computer running a supported version of the Windows client operating system after installing the Remote Server Administration Tools.
--   **Applying audit policy settings.** If you are using Group Policy to apply the advanced audit policy settings and global object access settings, client computers must be running any supported version of the Windows server operating system or Windows client operating system. In addition, only computers running any of these supported operating systems can provide "reason for access" reporting data.
--   **Developing an audit policy model.** To plan advanced security audit settings and global object access settings, you must use the GPMC that targets a domain controller running a supported version of the Windows server operating system.
--   **Distributing the audit policy.** After a Group Policy Object (GPO) that includes advanced security auditing settings is developed, it can be distributed by using domain controllers running any Windows Server operating system. 
-However, if you cannot put client computers running a supported version of the Windows client operating system into a separate organizational unit (OU), you should use Windows Management Instrumentation (WMI) filtering to ensure that the advanced security auditing policy settings are applied only to client computers running a supported version of the Windows client operating system.
-
->**Important:**  Using both the basic auditing policy settings under **Local Policies\\Audit Policy** and the advanced auditing policy settings under **Advanced Audit Policy Configuration** can cause unexpected results in audit reporting. Therefore, the two sets of audit policy settings should not be combined. If you use advanced audit policy configuration settings, you should enable the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** policy setting under **Local Policies\\Security Options**. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored.  
diff --git a/windows/security/threat-protection/device-guard/device-guard-deployment-guide.md b/windows/security/threat-protection/device-guard/device-guard-deployment-guide.md
new file mode 100644
index 0000000000..5bb386464c
--- /dev/null
+++ b/windows/security/threat-protection/device-guard/device-guard-deployment-guide.md
@@ -0,0 +1,38 @@
+---
+title: Windows Defender Device Guard deployment guide (Windows 10)
+description: Microsoft Windows Defender Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security.
+ms.assetid: 4BA52AA9-64D3-41F3-94B2-B87EC2717486
+keywords: virtualization, security, malware
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+author: brianlic-msft
+ms.date: 10/20/2017
+---
+
+# Windows Defender Device Guard deployment guide
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016
+
+With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks. Windows Defender Device Guard describes a locked-down device configuration state that uses multiple enterprise-related hardware and software security features that run on Windows 10 Enterprise edition and Windows Server. When these features are configured together, Windows Defender Device Guard changes from a mode where apps are trusted unless blocked by an antivirus or other security solution, to a mode where the operating system trusts only apps authorized by your enterprise. If the app isn’t trusted, it can’t run, period. 
+
+Windows Defender Device Guard also uses virtualization-based security to isolate the Code Integrity service and run it alongside the Windows kernel in a hypervisor-protected container. Even if an attacker manages to get control of the Windows kernel itself, the ability to run malicious executable code is much less likely. 
+
+
+## Related topics
+
+[AppLocker overview](/windows/device-security/applocker/applocker-overview)
+
+<!-- The following topic is EIGHT YEARS OLD, but I don't really see anything better out there on Code Integrity that existed before Windows 10. -->
+
+[Code integrity](https://technet.microsoft.com/library/dd348642.aspx)
+
+[Protect derived domain credentials with Windows Defender Credential Guard](/windows/access-protection/credential-guard/credential-guard)
+
+[Driver compatibility with Windows Defender Device Guard in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10)
+
+[Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender Device Guard](https://channel9.msdn.com/Events/Ignite/2015/BRK2336)
+
+
diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
new file mode 100644
index 0000000000..1650272c86
--- /dev/null
+++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
@@ -0,0 +1,1236 @@
+---
+title: Deploy code integrity policies - steps (Windows 10)
+description: This article describes how to deploy code integrity policies, one of the main features that are part of Windows Defender Device Guard in Windows 10. 
+keywords: virtualization, security, malware
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+author: brianlic-msft
+ms.date: 04/18/2018
+---
+
+# Steps to Deploy Windows Defender Application Control
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016
+
+For an overview of the process described in the following procedures, see [Deploy Windows Defender Application Control: policy rules and file rules](deploy-windows-defender-application-control-policy-rules-and-file-rules.md). 
+
+
+## Create a Windows Defender Application Control policy from a reference computer
+
+This section outlines the process to create a WDAC policy with Windows PowerShell. 
+For this example, you must initiate variables to be used during the creation process or use the full file paths in the command. 
+Then create the WDAC policy by scanning the system for installed applications. 
+The policy file is converted to binary format when it gets created so that Windows can interpret it.
+
+> [!Note] 
+> Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy. 
+
+### Scripting and applications
+
+Each installed software application should be validated as trustworthy before you create a policy. 
+We recommend that you review the reference computer for software that can load arbitrary DLLs and run code or scripts that could render the PC more vulnerable. 
+Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you do not want it to run scripts. 
+You can remove or disable such software on the reference computer. 
+You can also fine-tune your control by [using Windows Defender Application Control in combination with AppLocker](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#windows-defender-device-guard-with-applocker). 
+
+Members of the security community<sup>\*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control. 
+
+Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application whitelisting policies, including Windows Defender Application Control:
+
+- addinprocess.exe
+- addinprocess32.exe
+- addinutil.exe
+- bash.exe
+- bginfo.exe<sup>[1]</sup> 
+- cdb.exe
+- csi.exe
+- dbghost.exe
+- dbgsvc.exe
+- dnx.exe
+- fsi.exe
+- fsiAnyCpu.exe
+- kd.exe
+- ntkd.exe
+- lxssmanager.dll
+- msbuild.exe<sup>[2]</sup>
+- mshta.exe
+- ntsd.exe
+- rcsi.exe
+- system.management.automation.dll
+- windbg.exe
+- wmic.exe
+
+<sup>[1]</sup>A vulnerability in bginfo.exe has been fixed in the latest version 4.22. If you use BGInfo, for security, make sure to download and run the latest version here [BGInfo 4.22](https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo). Note that BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
+
+<sup>[2]</sup>If you are using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you whitelist msbuild.exe in your code integrity policies. However, if your reference system is an end user device that is not being used in a development context, we recommend that you block msbuild.exe.
+
+<sup>*</sup>Microsoft recognizes the efforts of those in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people:
+
+<br />
+
+|Name|Twitter|
+|---|---|
+|Casey Smith |@subTee| 
+|Matt Graeber | @mattifestation| 
+|Matt Nelson | @enigma0x3| 
+|Oddvar Moe |@Oddvarmoe|
+|Alex Ionescu | @aionescu|
+|Lee Christensen|@tifkin_|
+|Vladas Bulavas | Kaspersky Lab |
+
+<br />
+
+>[!Note]
+>This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. 
+
+Certain software applications may allow additional code to run by design. 
+These types of applications should be blocked by your Windows Defender Application Control policy. 
+In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add deny rules to your WDAC policies for that application’s previous, less secure versions. 
+
+Microsoft recommends that you install the latest security updates. 
+The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. 
+These modules cannot be blocked by name or version, and therefore must be blocked by their corresponding hashes. 
+
+For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules.
+
+Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
+
+```
+  <?xml version="1.0" encoding="utf-8" ?> 
+- <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
+  <VersionEx>10.0.0.0</VersionEx> 
+  <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID> 
+  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> 
+- <Rules>
+- <Rule>
+  <Option>Enabled:Unsigned System Integrity Policy</Option> 
+  </Rule>
+- <Rule>
+  <Option>Enabled:Audit Mode</Option> 
+  </Rule>
+- <Rule>
+  <Option>Enabled:Advanced Boot Options Menu</Option> 
+  </Rule>
+- <Rule>
+  <Option>Enabled:UMCI</Option> 
+  </Rule>
+  </Rules>
+- <!-- EKUS
+  --> 
+  <EKUs /> 
+- <!-- File Rules
+  --> 
+- <FileRules>
+  <Deny ID="ID_DENY_BGINFO" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion="4.21.0.0"/> 
+  <Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_KD" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_KD_KMCI" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_NTKD" FriendlyName="ntkd.exe" FileName="ntkd.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_MSBUILD" FriendlyName="MSBuild.exe" FileName="MSBuild.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0"/> 
+  <Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0"/> 
+  <Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_RCSI" FriendlyName="rcsi.exe" FileName="rcsi.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_NTSD" FriendlyName="ntsd.exe" FileName="ntsd.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_LXSS" FriendlyName="LxssManager.dll" FileName="LxssManager.dll" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_BASH" FriendlyName="bash.exe" FileName="bash.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_FSI_ANYCPU" FriendlyName="fsiAnyCpu.exe" FileName="fsiAnyCpu.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_MSHTA" FriendlyName="mshta.exe" FileName="mshta.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_VISUALUIAVERIFY" FriendlyName="visualuiaverifynative.exe" FileName="visualuiaverifynative.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_RUNSCRIPTHELPER" FriendlyName="runscripthelper.exe" FileName="runscripthelper.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_ADDINPROCESS" FriendlyName="AddInProcess.exe" FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_ADDINPROCESS32" FriendlyName="AddInProcess32.exe" FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_ADDINUTIL" FriendlyName="AddInUtil.exe" FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_LXRUN" FriendlyName="lxrun.exe" FileName="lxrun.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_PWRSHLCUSTOMHOST" FriendlyName="powershellcustomhost.exe" FileName="powershellcustomhost.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
+  <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6"/> 
+  <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF"/> 
+  <Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40"/> 
+  <Deny ID="ID_DENY_D_4" FriendlyName="Powershell 4" Hash="29DF1D593D0D7AB365F02645E7EF4BCCA060763A"/> 
+  <Deny ID="ID_DENY_D_5" FriendlyName="Powershell 5" Hash="2E3C47BBE1BA99842EE187F756CA616EFED61B94"/> 
+  <Deny ID="ID_DENY_D_6" FriendlyName="Powershell 6" Hash="38DC1956313B160696A172074C6F5DA9852BF508F55AFB7FA079B98F2849AFB5"/> 
+  <Deny ID="ID_DENY_D_7" FriendlyName="Powershell 7" Hash="513B625EA507ED9CE83E2FB2ED4F3D586C2AA379"/> 
+  <Deny ID="ID_DENY_D_8" FriendlyName="Powershell 8" Hash="71FC552E66327EDAA72D72C362846BD80CB65EECFAE95C4D790C9A2330D95EE6"/> 
+  <Deny ID="ID_DENY_D_9" FriendlyName="Powershell 9" Hash="72E4EC687CFE357F3E681A7500B6FF009717A2E9538956908D3B52B9C865C189"/> 
+  <Deny ID="ID_DENY_D_10" FriendlyName="Powershell 10" Hash="74E207F539C4EAC648A5507EB158AEE9F6EA401E51808E83E73709CFA0820FDD"/> 
+  <Deny ID="ID_DENY_D_11" FriendlyName="Powershell 11" Hash="75288A0CF0806A68D8DA721538E64038D755BBE74B52F4B63FEE5049AE868AC0"/> 
+  <Deny ID="ID_DENY_D_12" FriendlyName="Powershell 12" Hash="7DB3AD53985C455990DD9847DE15BDB271E0C8D1"/> 
+  <Deny ID="ID_DENY_D_13" FriendlyName="Powershell 13" Hash="84BB081141DA50B3839CD275FF34854F53AECB96CA9AEB8BCD24355C33C1E73E"/> 
+  <Deny ID="ID_DENY_D_14" FriendlyName="Powershell 14" Hash="86DADE56A1DBAB6DDC2769839F89244693D319C6"/> 
+  <Deny ID="ID_DENY_D_15" FriendlyName="Powershell 15" Hash="BD3139CE7553AC7003C96304F08EAEC2CDB2CC6A869D36D6F1E478DA02D3AA16"/> 
+  <Deny ID="ID_DENY_D_16" FriendlyName="Powershell 16" Hash="BE3FFE10CDE8B62C3E8FD4D8198F272B6BD15364A33362BB07A0AFF6731DABA1"/> 
+  <Deny ID="ID_DENY_D_17" FriendlyName="Powershell 17" Hash="C1196433541B87D22CE2DD19AAAF133C9C13037A"/> 
+  <Deny ID="ID_DENY_D_18" FriendlyName="Powershell 18" Hash="C6C073A80A8E76DC13E724B5E66FE4035A19CCA0C1AF3FABBC18E5185D1B66CB"/> 
+  <Deny ID="ID_DENY_D_19" FriendlyName="Powershell 19" Hash="CE5EA2D29F9DD3F15CF3682564B0E765ED3A8FE1"/> 
+  <Deny ID="ID_DENY_D_20" FriendlyName="Powershell 20" Hash="D027E09D9D9828A87701288EFC91D240C0DEC2C3"/> 
+  <Deny ID="ID_DENY_D_21" FriendlyName="Powershell 21" Hash="D2CFC8F6729E510AE5BA9BECCF37E0B49DDF5E31"/> 
+  <Deny ID="ID_DENY_D_22" FriendlyName="Powershell 22" Hash="DED853481A176999723413685A79B36DD0F120F9"/> 
+  <Deny ID="ID_DENY_D_23" FriendlyName="Powershell 23" Hash="DFCD10EAA2A22884E0A41C4D9E6E8DA265321870"/> 
+  <Deny ID="ID_DENY_D_24" FriendlyName="Powershell 24" Hash="F16E605B55774CDFFDB0EB99FAFF43A40622ED2AB1C011D1195878F4B20030BC"/> 
+  <Deny ID="ID_DENY_D_25" FriendlyName="Powershell 25" Hash="F29A958287788A6EEDE6035D49EF5CB85EEC40D214FDDE5A0C6CAA65AFC00EEC"/> 
+  <Deny ID="ID_DENY_D_26" FriendlyName="Powershell 26" Hash="F875E43E12685ECE0BA2D42D55A13798CE9F1FFDE3CAE253D2529F4304811A52"/> 
+- <!-- System.Management.Automation.dll 
+  --> 
+  <Deny ID="ID_DENY_D_27" FriendlyName="PowerShell 27" Hash="720D826A84284E18E0003526A0CD9B7FF0C4A98A"/> 
+  <Deny ID="ID_DENY_D_28" FriendlyName="PowerShell 28" Hash="CB5DF9D0D25571948C3D257882E07C7FA5E768448E0DEBF637E110F9FF575808"/> 
+  <Deny ID="ID_DENY_D_29" FriendlyName="PowerShell 29" Hash="3C7265C3393C585D32E509B2D2EC048C73AC5EE6"/> 
+  <Deny ID="ID_DENY_D_30" FriendlyName="PowerShell 30" Hash="7F1E03E956CA38CC0C491CB958D6E61A52491269CDB363BC488B525F80C56424"/> 
+  <Deny ID="ID_DENY_D_31" FriendlyName="PowerShell 31" Hash="27D86C9B54E1A97399A6DC9C9DF9AE030CB734C8"/> 
+  <Deny ID="ID_DENY_D_32" FriendlyName="PowerShell 32" Hash="917BD10E82C6E932F9C63B9BDCCC1D9BF04510CD8491B005CFFD273B48B5CD1E"/> 
+  <Deny ID="ID_DENY_D_33" FriendlyName="PowerShell 33" Hash="B3BB2D75AECB34ED316CE54C6D513420186E4950"/> 
+  <Deny ID="ID_DENY_D_34" FriendlyName="PowerShell 34" Hash="B734F6269A6738861E1DF98EE0E4E7377FAED10B82AAA9731DA0BB1CB366FCCE"/> 
+  <Deny ID="ID_DENY_D_35" FriendlyName="PowerShell 35" Hash="FF378B465F2C8A87B4092F7C1F96399C0156CEEB"/> 
+  <Deny ID="ID_DENY_D_36" FriendlyName="PowerShell 36" Hash="9B884CFE78F921042B003574AE30D9E86EE3DCC11E7110A1C92927F13C3F47E6"/> 
+  <Deny ID="ID_DENY_D_37" FriendlyName="PowerShell 37" Hash="C7B99E8B59182112A3A14BD39880BDCDDD5C724F"/> 
+  <Deny ID="ID_DENY_D_38" FriendlyName="PowerShell 38" Hash="6E585890C7369D6D8DA85C8B6B7411463BAA1ACAE9CE4197E033A46C897B35E5"/> 
+  <Deny ID="ID_DENY_D_39" FriendlyName="PowerShell 39" Hash="BA4B3A92123FBCE66398020AFBCC0BCA1D1AAAD7"/> 
+  <Deny ID="ID_DENY_D_40" FriendlyName="PowerShell 40" Hash="D8D361E3690676C7FDC483003BFC5C0C39FB16B42DFC881FB8D42A1064740B0B"/> 
+  <Deny ID="ID_DENY_D_41" FriendlyName="PowerShell 41" Hash="1EA5104AE1A7A53F9421E0193B749F310B9261D1"/> 
+  <Deny ID="ID_DENY_D_42" FriendlyName="PowerShell 42" Hash="66C1B8569019512ACDDC145DA6D348A68DE008BE7C05930AD0EC6927C26061AD"/> 
+  <Deny ID="ID_DENY_D_43" FriendlyName="PowerShell 43" Hash="4EB2C3A4B551FC028E00F2E7DA9D0F1E38728571"/> 
+  <Deny ID="ID_DENY_D_44" FriendlyName="PowerShell 44" Hash="30EAC589069FB79D540080B04B7FDBB8A9B1DF4E96B9D7C98519E49A1ED56851"/> 
+  <Deny ID="ID_DENY_D_45" FriendlyName="PowerShell 45" Hash="E55505B609DD7A22F55C4BA9EDAD5627ECA6A8E8"/> 
+  <Deny ID="ID_DENY_D_46" FriendlyName="PowerShell 46" Hash="ABDDA9C1EDA9F2344FB5B79890B7FD854D0E3D28BEC26AE33AAD196948AB642D"/> 
+  <Deny ID="ID_DENY_D_47" FriendlyName="PowerShell 47" Hash="A15964475D213FB752B42E7DCDDBF4B14D623D14"/> 
+  <Deny ID="ID_DENY_D_48" FriendlyName="PowerShell 48" Hash="61A68B436D828193E0C7B44D2AF83D22A9CB557B90186E4E6AC998CE5E3BFE8A"/> 
+  <Deny ID="ID_DENY_D_49" FriendlyName="PowerShell 49" Hash="DB0C4B5CA1CBC3B117AB0439C5937B6A263DFD87"/> 
+  <Deny ID="ID_DENY_D_50" FriendlyName="PowerShell 50" Hash="6D4FB385328CA01700092E1CDF75A97123A95120D5F8A9877FFB4D5A8531380B"/> 
+  <Deny ID="ID_DENY_D_51" FriendlyName="PowerShell 51" Hash="72F9DCDA6ECDD6906A2538DFE795A2E2CA787BBC"/> 
+  <Deny ID="ID_DENY_D_52" FriendlyName="PowerShell 52" Hash="F98FEC4A0306BD398F7FB7F611679B7797D32D54D1F2B35D728C0C7A058153ED"/> 
+  <Deny ID="ID_DENY_D_53" FriendlyName="PowerShell 53" Hash="C980B65B86F780AC93B9458E9657291083CFEDA8"/> 
+  <Deny ID="ID_DENY_D_54" FriendlyName="PowerShell 54" Hash="F9473493FF53274B8E75EC7E517F324AA0C5644C6F8045D3EF3A1B9A669ECF78"/> 
+  <Deny ID="ID_DENY_D_55" FriendlyName="PowerShell 55" Hash="C30355B5E6FA3F793A3CC0A649945829723DD85C"/> 
+  <Deny ID="ID_DENY_D_56" FriendlyName="PowerShell 56" Hash="4EB14099165177F0F3A1FACE32E72CF2DD221DB44155E73AFF94CB7DA195EF22"/> 
+  <Deny ID="ID_DENY_D_57" FriendlyName="PowerShell 57" Hash="5C6CC1903D3DA2054ECD9A295EEE26F5561E152A"/> 
+  <Deny ID="ID_DENY_D_58" FriendlyName="PowerShell 58" Hash="0BF8CAB75DAB712FC848DE7CC7DC5C8A10D666515E7535F89146F45AAAF9EF54"/> 
+  <Deny ID="ID_DENY_D_59" FriendlyName="PowerShell 59" Hash="1443E8F56DEE11EEF5B746E3657C2F953FD4F6EA"/> 
+  <Deny ID="ID_DENY_D_60" FriendlyName="PowerShell 60" Hash="487CB42795046E885303FC96EA54C3234E1B2072DAEB4F9218C21CC6C39A3223"/> 
+  <Deny ID="ID_DENY_D_61" FriendlyName="PowerShell 61" Hash="072D4E33D1478C863DBAB20BF5DFF1A0FB5A9D53"/> 
+  <Deny ID="ID_DENY_D_62" FriendlyName="PowerShell 62" Hash="631E091AE7AD2C543EE5755BC9D8DB34683C41E20D9A6CD41C8F07827156D6DB"/> 
+  <Deny ID="ID_DENY_D_63" FriendlyName="PowerShell 63" Hash="FD15A313B890369B7D8E26C13B2070AE044FB4D8"/> 
+  <Deny ID="ID_DENY_D_64" FriendlyName="PowerShell 64" Hash="AB9886A0993F87C2A39BC7822EE44FD4B4751C530ACF292ACD0319C967FB4F3B"/> 
+  <Deny ID="ID_DENY_D_65" FriendlyName="PowerShell 65" Hash="4BAFD867B59328E7BB853148FE6D16B9411D7A12"/> 
+  <Deny ID="ID_DENY_D_66" FriendlyName="PowerShell 66" Hash="D1F22B37902C2DD53FA27438436D9D236A196C10C8E492A8F4A14768644592D3"/> 
+  <Deny ID="ID_DENY_D_67" FriendlyName="PowerShell 67" Hash="AC53AE4C8AB56D84393D67D820BEBDC3218739D3"/> 
+  <Deny ID="ID_DENY_D_68" FriendlyName="PowerShell 68" Hash="49580C9459C3917E6F982C8E0D753D293DFA2E4FD1152F78FF7C73CF8B422507"/> 
+  <Deny ID="ID_DENY_D_69" FriendlyName="PowerShell 69" Hash="333678A44D4BEBE9BEA3041FFDA9E2B55B58F1B5"/> 
+  <Deny ID="ID_DENY_D_70" FriendlyName="PowerShell 70" Hash="94CBBC3970F01280D98C951BD0C4158D4B09A2BE21B8A27790D9F127B78C6F3F"/> 
+  <Deny ID="ID_DENY_D_71" FriendlyName="PowerShell 71" Hash="5F5620DC049FE1F1C2DBAC077A59BA69CF2FF72C"/> 
+  <Deny ID="ID_DENY_D_72" FriendlyName="PowerShell 72" Hash="A32C0769F36CAE0B6A7A1B8CCB6B7A75AA8BEB7F49815E96B4E120BFD7527E0A"/> 
+  <Deny ID="ID_DENY_D_73" FriendlyName="PowerShell 73" Hash="BDBE541D269EC8235563842D024F9E37883DFB57"/> 
+  <Deny ID="ID_DENY_D_74" FriendlyName="PowerShell 74" Hash="441076C7FD0AD481E6AC3198F08BE80EA9EB2926CA81D733F798D03DBEFD683E"/> 
+  <Deny ID="ID_DENY_D_75" FriendlyName="PowerShell 75" Hash="FD6FE9143A46F4EBB46E6B46332FA7171002EBF0"/> 
+  <Deny ID="ID_DENY_D_76" FriendlyName="PowerShell 76" Hash="85399D84601207AB92C8CA4D7D6E58CB1B0B0B57ED94FA7E5A1191FA1810E223"/> 
+  <Deny ID="ID_DENY_D_77" FriendlyName="PowerShell 77" Hash="98FD94A89DCF92A7BEDB51C72BAD1A67650DD6E5"/> 
+  <Deny ID="ID_DENY_D_78" FriendlyName="PowerShell 78" Hash="5CE4B042E986DAFEB7E2D2ABFB80376C4DEC325DB23B584B76039EEA6E1A74B1"/> 
+  <Deny ID="ID_DENY_D_79" FriendlyName="PowerShell 79" Hash="6BC1E70F0EA84E88AC28BEAF74C10F3ABDF99209"/> 
+  <Deny ID="ID_DENY_D_80" FriendlyName="PowerShell 80" Hash="93CB3907D1A9473E8A90593250C4A95EAE3A7066E9D8A57535CBDF82AA4AD4C2"/> 
+  <Deny ID="ID_DENY_D_81" FriendlyName="PowerShell 81" Hash="7FCE82DBBC0FE45AFBE3927C323349C32D5A463A"/> 
+  <Deny ID="ID_DENY_D_82" FriendlyName="PowerShell 82" Hash="2EDA8CA129E30CB5522C4DCD1E5AFDCA1E9C6447DD7053DACEF18DCDCCF3E2BC"/> 
+  <Deny ID="ID_DENY_D_83" FriendlyName="PowerShell 83" Hash="BDB3DAC80667A0B931835D5D658C08F236B413D1"/> 
+  <Deny ID="ID_DENY_D_84" FriendlyName="PowerShell 84" Hash="51287BACB692AAC5A8659774D982B304DC0C0B4A4D8F41CBCCD47D69796786DE"/> 
+  <Deny ID="ID_DENY_D_85" FriendlyName="PowerShell 85" Hash="9633529CACE25ACCB29EBC5941DE1874903C0297"/> 
+  <Deny ID="ID_DENY_D_86" FriendlyName="PowerShell 86" Hash="483A3997D5DA69A51DC7EA368A36C3CA4A5BD56CB08BFD9912BE799005156C18"/> 
+  <Deny ID="ID_DENY_D_87" FriendlyName="PowerShell 87" Hash="B3493E30A2C347B550331C86529BDC288EAF8186"/> 
+  <Deny ID="ID_DENY_D_88" FriendlyName="PowerShell 88" Hash="9371E2333906441715DE15FEE8A9AA03C4D076CA3C04D9A7AB0CC32189DA66ED"/> 
+  <Deny ID="ID_DENY_D_89" FriendlyName="PowerShell 89" Hash="5D4B0794EB973D61CF74A700F11BE84E527E0E51"/> 
+  <Deny ID="ID_DENY_D_90" FriendlyName="PowerShell 90" Hash="537DE34A1F4B3F8345D02F5BBA2B063F070A42FC1581AAC2AA91C1D071B14521"/> 
+  <Deny ID="ID_DENY_D_91" FriendlyName="PowerShell 91" Hash="F3C75F35F42C1C5B3B4ED888187D6AB4035F994C"/> 
+  <Deny ID="ID_DENY_D_92" FriendlyName="PowerShell 92" Hash="AD5678ED0734281973465DD728281A6C0EA146620FF2106A4EEFC7E94622B92F"/> 
+  <Deny ID="ID_DENY_D_93" FriendlyName="PowerShell 93" Hash="91C0F76798A9679188C7D93FDEBAF797BDBE41B2"/> 
+  <Deny ID="ID_DENY_D_94" FriendlyName="PowerShell 94" Hash="1D9244EAFEDFBFC02E13822E24A476C36FFD362B9D18F6CD195B654A34F946FF"/> 
+  <Deny ID="ID_DENY_D_95" FriendlyName="PowerShell 95" Hash="7FCB424E67DDAC49413B45D7DCD636AD70E23B41"/> 
+  <Deny ID="ID_DENY_D_96" FriendlyName="PowerShell 96" Hash="7E6F9A738520F78D1E9D0D0883FB07DD9188408CBE7C2937BDE1590F90C61753"/> 
+  <Deny ID="ID_DENY_D_97" FriendlyName="PowerShell 97" Hash="A9745E20419EC1C90B23FE965D3C2DF028AF39DC"/> 
+  <Deny ID="ID_DENY_D_98" FriendlyName="PowerShell 98" Hash="71B5B58EAA0C90397BC9546BCCA8C657500499CD2087CD7D7E1753D54C07E71D"/> 
+  <Deny ID="ID_DENY_D_99" FriendlyName="PowerShell 99" Hash="3E5294910C59394DA93962128968E6C23016A028"/> 
+  <Deny ID="ID_DENY_D_100" FriendlyName="PowerShell 100" Hash="DA700D4F58BCEA1D5A9CAD4F20AC725C6A354F9DA40E4F8F95E1C3DC7B84F550"/> 
+  <Deny ID="ID_DENY_D_101" FriendlyName="PowerShell 101" Hash="266896FD257AD8EE9FC73B3A50306A573714EA8A"/> 
+  <Deny ID="ID_DENY_D_102" FriendlyName="PowerShell 102" Hash="8E36BD08084C73AF674F2DAD568EE3BA2C85769FA7B3400CB62F7A7BD028BE9A"/> 
+  <Deny ID="ID_DENY_D_103" FriendlyName="PowerShell 103" Hash="2CB781B3BD79FD277D92332ACA22C04430F9D692"/> 
+  <Deny ID="ID_DENY_D_104" FriendlyName="PowerShell 104" Hash="92AE03F0090C0A5DF329B4B3FFEDBA622B0521BA699FA303C24120A30ED4C9E6"/> 
+  <Deny ID="ID_DENY_D_105" FriendlyName="PowerShell 105" Hash="D82583F7D5EA477C94630AC5AAEB771C85BD4B0A"/> 
+  <Deny ID="ID_DENY_D_106" FriendlyName="PowerShell 106" Hash="9B0F39AB233628A971ACEC53029C9B608CAB99868F1A1C5ABE20BC1BD1C2B70E"/> 
+  <Deny ID="ID_DENY_D_107" FriendlyName="PowerShell 107" Hash="2DF4350DE3C97C9D4FD2973F8C5EA8AE621D22A8"/> 
+  <Deny ID="ID_DENY_D_108" FriendlyName="PowerShell 108" Hash="015CE571E8503A353E2250D4D0DA19493B3311F3437527E6DDD2D2B6439FA2EB"/> 
+  <Deny ID="ID_DENY_D_109" FriendlyName="PowerShell 109" Hash="080DEC3B15AD5AFE9BF3B0943A36285E92BAF469"/> 
+  <Deny ID="ID_DENY_D_110" FriendlyName="PowerShell 110" Hash="F1391E78F17EA6097906B99C6F4F0AE8DD2E519856F837A3BCC58FBB87DAAE62"/> 
+  <Deny ID="ID_DENY_D_111" FriendlyName="PowerShell 111" Hash="F87C726CCB5E64C6F363C21255935D5FEA9E4A0E"/> 
+  <Deny ID="ID_DENY_D_112" FriendlyName="PowerShell 112" Hash="B7B42C3C8C61FD2616C16BBCF36EA15EC26A67536E94764D72A91CE04B89AAA4"/> 
+  <Deny ID="ID_DENY_D_113" FriendlyName="PowerShell 113" Hash="25F52340199A0EA352C8B1A7014BCB610B232523"/> 
+  <Deny ID="ID_DENY_D_114" FriendlyName="PowerShell 114" Hash="64D6D1F3A053908C5635BD6BDA36BC8E72D518C7ECE8DA761C0DDE70C50BB632"/> 
+  <Deny ID="ID_DENY_D_115" FriendlyName="PowerShell 115" Hash="029198F05598109037A0E9E332EC052317E834DA"/> 
+  <Deny ID="ID_DENY_D_116" FriendlyName="PowerShell 116" Hash="70B4BB6C2B7E9237FB14ABBC94955012285E2CAA74F91455EE52809CDAD4E7FC"/> 
+  <Deny ID="ID_DENY_D_117" FriendlyName="PowerShell 117" Hash="A4390EF2D77F76DC4EFE55FF74EE1D06C303FDAE"/> 
+  <Deny ID="ID_DENY_D_118" FriendlyName="PowerShell 118" Hash="3246A0CB329B030DA104E04B1A0728DE83724B08C724FD0238CE4578A0245576"/> 
+  <Deny ID="ID_DENY_D_119" FriendlyName="PowerShell 119" Hash="89CEAB6518DA4E7F75B3C75BC04A112D3637B737"/> 
+  <Deny ID="ID_DENY_D_120" FriendlyName="PowerShell 120" Hash="6581E491FBFF954A1A4B9CEA69B63951D67EB56DF871ED8B055193595F042B0D"/> 
+  <Deny ID="ID_DENY_D_121" FriendlyName="PowerShell 121" Hash="00419E981EDC8613E600C939677F7B460855BF7E"/> 
+  <Deny ID="ID_DENY_D_122" FriendlyName="PowerShell 122" Hash="61B724BCFC3DA1CC1583DB0BC42EFE166E92D8D3CE91E58A29F7AEBEFAE2149F"/> 
+  <Deny ID="ID_DENY_D_123" FriendlyName="PowerShell 123" Hash="272EF88BBA9B4B54D242FFE1E96D07DBF53497A0"/> 
+  <Deny ID="ID_DENY_D_124" FriendlyName="PowerShell 124" Hash="AFC0968EDCE9E5FC1BC392382833EBEF3265B32D3ECBB529D89A1DF33A31E9BD"/> 
+  <Deny ID="ID_DENY_D_125" FriendlyName="PowerShell 125" Hash="CD9D9789B3B31562C4BE44B6BEEA8815C5EDAE1F"/> 
+  <Deny ID="ID_DENY_D_126" FriendlyName="PowerShell 126" Hash="FCAF8DC3C7A5D3B29B19A9C5F89324BF65B50C440AC0316B08532CEA2F1FF9B0"/> 
+  <Deny ID="ID_DENY_D_127" FriendlyName="PowerShell 127" Hash="941D0FD47887035A04E17F46DE6C4004D7FD8871"/> 
+  <Deny ID="ID_DENY_D_128" FriendlyName="PowerShell 128" Hash="4AD6DC7FF0A2E776CE7F27B4E3D3C1C380CA3548DFED565429D88C3BBE61DD0F"/> 
+  <Deny ID="ID_DENY_D_129" FriendlyName="PowerShell 129" Hash="421D1142105358B8360454E43FD15767DA111DBA"/> 
+  <Deny ID="ID_DENY_D_130" FriendlyName="PowerShell 130" Hash="692CABD40C1EDFCB6DC50591F31FAE30848E579D6EF4D2CA0811D06B086CF8BE"/> 
+  <Deny ID="ID_DENY_D_131" FriendlyName="PowerShell 131" Hash="AC9F095DD4AE80B124F55541761AA1F35E49A575"/> 
+  <Deny ID="ID_DENY_D_132" FriendlyName="PowerShell 132" Hash="0D8A0FB3BF3CF80D44ED20D9F1E7292E9EE5A49ABCE68592DED55A71B0ACAECE"/> 
+  <Deny ID="ID_DENY_D_133" FriendlyName="PowerShell 133" Hash="B1CF2A18B281F73FE6685B5CE74D1BA50BE9AFE5"/> 
+  <Deny ID="ID_DENY_D_134" FriendlyName="PowerShell 134" Hash="095B79953F9E3E2FB721693FBFAD5841112D592B6CA7EB2055B262DEB7C7008A"/> 
+  <Deny ID="ID_DENY_D_135" FriendlyName="PowerShell 135" Hash="128D7D03E4B85DBF95427D72EFF833DAB5E92C33"/> 
+  <Deny ID="ID_DENY_D_136" FriendlyName="PowerShell 136" Hash="EACFC615FDE29BD858088AF42E0917E4B4CA5991EFB4394FB3129735D7299235"/> 
+  <Deny ID="ID_DENY_D_137" FriendlyName="PowerShell 137" Hash="47D2F87F2D2D516D712A156421F0C2BD285200E9"/> 
+  <Deny ID="ID_DENY_D_138" FriendlyName="PowerShell 138" Hash="8CACA1828E7770DADF21D558976D415AC7BDA16D58926308FD5E9D5087F4B0E6"/> 
+  <Deny ID="ID_DENY_D_139" FriendlyName="PowerShell 139" Hash="CD9D70B0107801567EEADC4ECD74511A1A6FF4FE"/> 
+  <Deny ID="ID_DENY_D_140" FriendlyName="PowerShell 140" Hash="9C96396EFCC9DC09F119DE8695CB3372F82DB46D23A1B7A88BD86CBE814233E1"/> 
+  <Deny ID="ID_DENY_D_141" FriendlyName="PowerShell 141" Hash="233E3B5108A43239C6C13292043DED0567281AF9"/> 
+  <Deny ID="ID_DENY_D_142" FriendlyName="PowerShell 142" Hash="6EDF19CC53EA2064CE108957343EB3505359CF05BD6955C7502AF565BD761702"/> 
+  <Deny ID="ID_DENY_D_143" FriendlyName="PowerShell 143" Hash="CD725B606888E5C5426FEAB44E2CC7722DFE5411"/> 
+  <Deny ID="ID_DENY_D_144" FriendlyName="PowerShell 144" Hash="B20C4F36AE6A3AC323759C81173FACE1B1C112FA5B701C65DCD7313D7CE59907"/> 
+  <Deny ID="ID_DENY_D_145" FriendlyName="PowerShell 145" Hash="E5212F1081B5777B88F5C41174ADEDB35B4258CF"/> 
+  <Deny ID="ID_DENY_D_146" FriendlyName="PowerShell 146" Hash="F4DE5B5395701F8C94D65D732E4D212E1879C9C84345B46A941965B094F75017"/> 
+  <Deny ID="ID_DENY_D_147" FriendlyName="PowerShell 147" Hash="EC41A3FB8D6E3B0F55F6583C14C45B6238753019"/> 
+  <Deny ID="ID_DENY_D_148" FriendlyName="PowerShell 148" Hash="76CA6B396796351685198D6189E865AFD7FB9E6C5CEFA9EA0B5F0A9F1FC98D57"/> 
+  <Deny ID="ID_DENY_D_149" FriendlyName="PowerShell 149" Hash="3B2B7042A84033CA846AFE472912524F7BAD57E5"/> 
+  <Deny ID="ID_DENY_D_150" FriendlyName="PowerShell 150" Hash="2DF95ABEB23DAA0377DFA6360976B69D3CEE7325A9B7571F331D569809FAED8B"/> 
+  <Deny ID="ID_DENY_D_151" FriendlyName="PowerShell 151" Hash="7BED2F9C0ADF1597C7EBB79163BDA21D8D7D28CA"/> 
+  <Deny ID="ID_DENY_D_152" FriendlyName="PowerShell 152" Hash="44BDD2DADB13E7A8FF6AFCF4AE3E2CC830506D9475B4C2C71D319E169977998F"/> 
+  <Deny ID="ID_DENY_D_153" FriendlyName="PowerShell 153" Hash="A1251FA30162B13456A4687495726FF793D511BE"/> 
+  <Deny ID="ID_DENY_D_154" FriendlyName="PowerShell 154" Hash="9C15E4DE10DE47ACD393359D523211AD8596C61FE54F2C0664D48E1D249231CE"/> 
+  <Deny ID="ID_DENY_D_155" FriendlyName="PowerShell 155" Hash="D835947C84CFBA652B553A77A90475E02291AA5F"/> 
+  <Deny ID="ID_DENY_D_156" FriendlyName="PowerShell 156" Hash="B4D6DAA10398D5DA192DFDD75010F428D24762D432934F0E2030D39610D43E12"/> 
+  <Deny ID="ID_DENY_D_157" FriendlyName="PowerShell 157" Hash="1F85BBEC1DFC5785B91735A7C561E664F7FE1E94"/> 
+  <Deny ID="ID_DENY_D_158" FriendlyName="PowerShell 158" Hash="828F05BFF829019EC0F3082323FEA859C0D71CCE14B5B75C07E7D418EF354269"/> 
+  <Deny ID="ID_DENY_D_159" FriendlyName="PowerShell 159" Hash="FC0E23771620B41E6920F2463F49B84307D8BA91"/> 
+  <Deny ID="ID_DENY_D_160" FriendlyName="PowerShell 160" Hash="C4FA568C852A46316308A660B80D83A11D41071F1CF4A79847A3F56714CC47AF"/> 
+  <Deny ID="ID_DENY_D_161" FriendlyName="PowerShell 161" Hash="D18240AEE8B9B964F6B9CDFC5AFB6C343C286636"/> 
+  <Deny ID="ID_DENY_D_162" FriendlyName="PowerShell 162" Hash="7B4C39285569F14AA9799332C542A0796717C5EF9D636BD11B2841450BC6399D"/> 
+  <Deny ID="ID_DENY_D_163" FriendlyName="PowerShell 163" Hash="1A16008D330330182AA555B1D3E9BE0B2D6BECBF"/> 
+  <Deny ID="ID_DENY_D_164" FriendlyName="PowerShell 164" Hash="D7685E259D0328937487856A3AB68B6D9D420DD4E02541F4D71164DFA65B4644"/> 
+  <Deny ID="ID_DENY_D_165" FriendlyName="PowerShell 165" Hash="FBA274406B503B464B349805149E6AA722909CC9"/> 
+  <Deny ID="ID_DENY_D_166" FriendlyName="PowerShell 166" Hash="FEBC97ED819C79E54157895457DBA755F182D6330A5103E0663AFA07E01E5CF8"/> 
+  <Deny ID="ID_DENY_D_167" FriendlyName="PowerShell 167" Hash="293AF426A39282770387F5EE25CA719A91419A18"/> 
+  <Deny ID="ID_DENY_D_168" FriendlyName="PowerShell 168" Hash="A9E655A96A124BC361D9CC5C7663FC033AA6F6609916EFAA76B6A6E9713A0D32"/> 
+  <Deny ID="ID_DENY_D_169" FriendlyName="PowerShell 169" Hash="AEBFE7497F4A1947B5CB32650843CA0F85BD56D0"/> 
+  <Deny ID="ID_DENY_D_170" FriendlyName="PowerShell 170" Hash="8C385B2C16136C097C96701D2140E014BF454CFA7297BE0C28431DED15339C0F"/> 
+  <Deny ID="ID_DENY_D_171" FriendlyName="PowerShell 171" Hash="8FB604CD72701B83BC265D87F52B36C6F14E5DBE"/> 
+  <Deny ID="ID_DENY_D_172" FriendlyName="PowerShell 172" Hash="B35AFBA7A897CB882C14A08AFB36A8EC938BDA14DF070234A2CCBDBA8F7DF91C"/> 
+  <Deny ID="ID_DENY_D_173" FriendlyName="PowerShell 173" Hash="CE70309DB83C9202F45028EBEC252747F4936E6F"/> 
+  <Deny ID="ID_DENY_D_174" FriendlyName="PowerShell 174" Hash="1F6D74FDA1F9EE6BBAC72E7E717A01B9FFC29822561D11175F6809D12215B4ED"/> 
+  <Deny ID="ID_DENY_D_175" FriendlyName="PowerShell 175" Hash="9D71AD914DBB2FDF793742AA63AEEF4E4A430790"/> 
+  <Deny ID="ID_DENY_D_176" FriendlyName="PowerShell 176" Hash="8CC1B5FA9A9609AC811F6505FA9B68E85A87BAE1EF676EFFE1BE438EACBDF3E1"/> 
+  <Deny ID="ID_DENY_D_177" FriendlyName="PowerShell 177" Hash="7484FD78A9298DBA24AC5C882D16DB6146E53712"/> 
+  <Deny ID="ID_DENY_D_178" FriendlyName="PowerShell 178" Hash="A79A74BFB768312E8EE089060C5C3238D59EF0C044A450FEB97DCA26815ECB34"/> 
+  <Deny ID="ID_DENY_D_179" FriendlyName="PowerShell 179" Hash="78C3C6AEF52A6A5392C55F1EC98AF18053B3087D"/> 
+  <Deny ID="ID_DENY_D_180" FriendlyName="PowerShell 180" Hash="493B620FCAD8A91D1FD7C726697E09358CA90822E8D6E021DF56E70B46F7C346"/> 
+  <Deny ID="ID_DENY_D_181" FriendlyName="PowerShell 181" Hash="783FFB771F08BCF55C2EA474B5460EB65EA9444C"/> 
+  <Deny ID="ID_DENY_D_182" FriendlyName="PowerShell 182" Hash="09DA1592B8457F860297821EB7FAA7F3BB71FC1916ED5DEE6D85044953640D5C"/> 
+  <Deny ID="ID_DENY_D_183" FriendlyName="PowerShell 183" Hash="B303D1689ED99613E4F52CE6E5F96AAEBC3A45C3"/> 
+  <Deny ID="ID_DENY_D_184" FriendlyName="PowerShell 184" Hash="82AB406FD78DCF58F65DC14D6FDDD72840015F3FE5B554428969BECA0325CD9C"/> 
+  <Deny ID="ID_DENY_D_185" FriendlyName="PowerShell 185" Hash="DB5C6CB23C23BA6A3CD4FD4EC0A4DAEE3FC66500"/> 
+  <Deny ID="ID_DENY_D_186" FriendlyName="PowerShell 186" Hash="9A46C16C5151D97A0EFA3EA503249E31A6D5D8D25E4F07CD4E5E077A574713FB"/> 
+  <Deny ID="ID_DENY_D_187" FriendlyName="PowerShell 187" Hash="C1E08AD32F680100C51F138C6C095139E7230C3B"/> 
+  <Deny ID="ID_DENY_D_188" FriendlyName="PowerShell 188" Hash="A5D5C1F79CD26216194D4C72DBAA3E48CB4A143D9E1F78819E52E9FEB2AD0AE3"/> 
+  <Deny ID="ID_DENY_D_189" FriendlyName="PowerShell 189" Hash="BACA825D0852E2D8F3D92381D112B99B5DD56D9F"/> 
+  <Deny ID="ID_DENY_D_190" FriendlyName="PowerShell 190" Hash="ABA28E0FC251E1D7FE5E264E1B36EC5E482D70AA434E75A756356F23F0C1F2F4"/> 
+  <Deny ID="ID_DENY_D_191" FriendlyName="PowerShell 191" Hash="E89C29D38F554F6CB73B5FD3D0A783CC12FFEBC3"/> 
+  <Deny ID="ID_DENY_D_192" FriendlyName="PowerShell 192" Hash="4C93CBDCF4328D27681453D8DFD7495955A07EE6A0EFB9A593853A86990CF528"/> 
+  <Deny ID="ID_DENY_D_193" FriendlyName="PowerShell 193" Hash="5B5E7942233D7C8A325A429FC4F4AE281325E8F9"/> 
+  <Deny ID="ID_DENY_D_194" FriendlyName="PowerShell 194" Hash="40DA20086ED76A5EA5F62901D110216EE206E7EEB2F2BFF02F61D0BE85B0BB5A"/> 
+  <Deny ID="ID_DENY_D_195" FriendlyName="PowerShell 195" Hash="926DCACC6983F85A8ABBCB5EE13F3C756705A1D5"/> 
+  <Deny ID="ID_DENY_D_196" FriendlyName="PowerShell 196" Hash="A22761E2BF18F02BB630962E3C5E32738770AAEA77F8EDA233E77792EB480072"/> 
+  <Deny ID="ID_DENY_D_197" FriendlyName="PowerShell 197" Hash="6FE6723A355DEB4BC6B8637A634D1B43AFA64112"/> 
+  <Deny ID="ID_DENY_D_198" FriendlyName="PowerShell 198" Hash="9BCC55A97A275F7D81110877F1BB5B41F86A848EA02B4EE1E1E6A44D927A488F"/> 
+  <Deny ID="ID_DENY_D_199" FriendlyName="PowerShell 199" Hash="8D5599B34BED4A660DACC0922F6C2F112F264758"/> 
+  <Deny ID="ID_DENY_D_200" FriendlyName="PowerShell 200" Hash="F375014915E5E027F697B29201362B56F2D9E598247C96F86ABADCC6FF42F034"/> 
+  <Deny ID="ID_DENY_D_201" FriendlyName="PowerShell 201" Hash="CCFB247A3BCA9C64D82F647F3D30A3172E645F13"/> 
+  <Deny ID="ID_DENY_D_202" FriendlyName="PowerShell 202" Hash="5E52ABBC051368315F078D31F01B0C1B904C1DDB6D1C1E4A91BE276BDF44C66F"/> 
+  <Deny ID="ID_DENY_D_203" FriendlyName="PowerShell 203" Hash="E8EB859531F426CC45A3CB9118F399C92054563E"/> 
+  <Deny ID="ID_DENY_D_204" FriendlyName="PowerShell 204" Hash="CD9E1D41F8D982F4AA6C610A2EFEAEBA5B0CDD883DF4A86FA0180ACD333CAA86"/> 
+  <Deny ID="ID_DENY_D_205" FriendlyName="PowerShell 205" Hash="C92D4EAC917EE4842A437C54F96D87F003199DE8"/> 
+  <Deny ID="ID_DENY_D_206" FriendlyName="PowerShell 206" Hash="3A270242EB49E06405FD654FA4954B166297BBC886891C64B4424134C39872DB"/> 
+  <Deny ID="ID_DENY_D_207" FriendlyName="PowerShell 207" Hash="66681D9171981216B31996429695931DA2A638B9"/> 
+  <Deny ID="ID_DENY_D_208" FriendlyName="PowerShell 208" Hash="7A2DF7D56912CB4EB5B36D071496EDC97661086B0E4C9CC5D9C61779A5A7DAAA"/> 
+  <Deny ID="ID_DENY_D_209" FriendlyName="PowerShell 209" Hash="9DCA54C85E4C645CB296FE3055E90255B6506A95"/> 
+  <Deny ID="ID_DENY_D_210" FriendlyName="PowerShell 210" Hash="8C9C58AD12FE61CBF021634EC6A4B3094750FC002DA224423E0BCEB01ECF292A"/> 
+  <Deny ID="ID_DENY_D_211" FriendlyName="PowerShell 211" Hash="3AF2587E8B62F88DC363D7F5308EE4C1A6147338"/> 
+  <Deny ID="ID_DENY_D_212" FriendlyName="PowerShell 212" Hash="D32D88F158FD341E32708CCADD48C426D227D0EC8465FF4304C7B7EAC2C6A93E"/> 
+  <Deny ID="ID_DENY_D_213" FriendlyName="PowerShell 213" Hash="D3D453EBC368DF7CC2200474035E5898B58D93F1"/> 
+  <Deny ID="ID_DENY_D_214" FriendlyName="PowerShell 214" Hash="BBE569BCC282B3AF682C1528D4E3BC53C1A0C6B5905FA34ADB4305160967B64A"/> 
+  <Deny ID="ID_DENY_D_215" FriendlyName="PowerShell 215" Hash="D147CE5C7E7037D1BE3C0AF67EDB6F528C77DB0A"/> 
+  <Deny ID="ID_DENY_D_216" FriendlyName="PowerShell 216" Hash="11F936112832738AD9B3A1C67537D5542DE8E86856CF2A5893C4D26CF3A2C558"/> 
+  <Deny ID="ID_DENY_D_217" FriendlyName="PowerShell 217" Hash="7DBB41B87FAA887DE456C8E6A72E09D2839FA1E7"/> 
+  <Deny ID="ID_DENY_D_218" FriendlyName="PowerShell 218" Hash="3741F3D2F264E047339C95A66085599A49766DEF1C5BD0C32237CE87FA0B41FB"/> 
+  <Deny ID="ID_DENY_D_219" FriendlyName="PowerShell 219" Hash="5F3AECC89BAF094EAFA3C25E6B883EE68A6F00B0"/> 
+  <Deny ID="ID_DENY_D_220" FriendlyName="PowerShell 220" Hash="AA085BE6498D2E3F527F3D72A5D1C604508133F0CDC05AD404BB49E8E3FB1A1B"/> 
+  <Deny ID="ID_DENY_D_221" FriendlyName="PowerShell 221" Hash="DDE4D9A08514347CDE706C42920F43523FC74DEA"/> 
+  <Deny ID="ID_DENY_D_222" FriendlyName="PowerShell 222" Hash="81835C6294B96282A4D7D70383BBF797C2E4E7CEF99648F85DDA50F7F41B02F6"/> 
+  <Deny ID="ID_DENY_D_223" FriendlyName="PowerShell 223" Hash="48092864C96C4BF9B68B5006EAEDAB8B57B3738C"/> 
+  <Deny ID="ID_DENY_D_224" FriendlyName="PowerShell 224" Hash="36EF3BED9A5D0D563BCB354BFDD2931F6256759D1D905BA5DC21CDA496F2FEB7"/> 
+  <Deny ID="ID_DENY_D_225" FriendlyName="PowerShell 225" Hash="7F6725BA8CCD2DAEEFD0C9590A5DF9D98642CCEA"/> 
+  <Deny ID="ID_DENY_D_226" FriendlyName="PowerShell 226" Hash="DB68DB3AE32A8A662AA6EE16CF459124D2701719D019B614CE9BF115F5F9C904"/> 
+  <Deny ID="ID_DENY_D_227" FriendlyName="PowerShell 227" Hash="FF205856A3209227D571EAD4B8C1E611E7FF9924"/> 
+  <Deny ID="ID_DENY_D_228" FriendlyName="PowerShell 228" Hash="A63B38CE17DA60C4C431FC42C4507A0B7C19B384AC9E121E2988AD026E71ED63"/> 
+  <Deny ID="ID_DENY_D_229" FriendlyName="PowerShell 229" Hash="479C9429691314D3E21E4F4CA8B95D5BD2BDDEDA"/> 
+  <Deny ID="ID_DENY_D_230" FriendlyName="PowerShell 230" Hash="2BA4E369D267A9ABDEBA50DA2CB5FC56A8EE4382C5BCFCFFD121350B88A6F0E1"/> 
+  <Deny ID="ID_DENY_D_231" FriendlyName="PowerShell 231" Hash="C7D70B96440D215173F35412D56CF9329886D8D3"/> 
+  <Deny ID="ID_DENY_D_232" FriendlyName="PowerShell 232" Hash="B00C54F1AA77D88335675EAF07ED834E68FD96DD7606914C2867F9C506AB0A56"/> 
+  <Deny ID="ID_DENY_D_233" FriendlyName="PowerShell 233" Hash="2AB804E1FF982AE0EDB591BC61AA909CF32E99C5"/> 
+  <Deny ID="ID_DENY_D_234" FriendlyName="PowerShell 234" Hash="253120422B0DD987C293CAF5928FA820414C0A01622FD0EAF304A750FC5AEEFE"/> 
+  <Deny ID="ID_DENY_D_235" FriendlyName="PowerShell 235" Hash="8DAB1D74CAEDBAA8D17805CF00D64A44F5831C12"/> 
+  <Deny ID="ID_DENY_D_236" FriendlyName="PowerShell 236" Hash="AC1CE3AA9023E23F2F63D5A3536294B914686057336402E059DEF6559D1CE723"/> 
+  <Deny ID="ID_DENY_D_237" FriendlyName="PowerShell 237" Hash="993425279D204D1D14C3EB989DEB4805ADC558CF"/> 
+  <Deny ID="ID_DENY_D_238" FriendlyName="PowerShell 238" Hash="BDADDD710E47EB8D24B78E542F3996B0EA2CA577ABD515785819302DB15839DD"/> 
+  <Deny ID="ID_DENY_D_239" FriendlyName="PowerShell 239" Hash="F4DB0CDF3A3FD163A9B90789CC6D14D326AD609C"/> 
+  <Deny ID="ID_DENY_D_240" FriendlyName="PowerShell 240" Hash="5D249D8366077713024552CA8D08F164E975AFF89E8909E35A43F02B0DC66F70"/> 
+  <Deny ID="ID_DENY_D_241" FriendlyName="PowerShell 241" Hash="5B8E45EECA32C2F0968C2252229D768B0DB796A0"/> 
+  <Deny ID="ID_DENY_D_242" FriendlyName="PowerShell 242" Hash="B4D336B32C27E3D3FEBE4B06252DDE9683814E7E903C98448972AAB7389DFC02"/> 
+  <Deny ID="ID_DENY_D_243" FriendlyName="PowerShell 243" Hash="4F5D66B449C4D2FDEA532F9B5DBECA5ACA8195EF"/> 
+  <Deny ID="ID_DENY_D_244" FriendlyName="PowerShell 244" Hash="39F2F19A5C6708CE8CE4E1ABBEBA8D3D1A6220391CA86B2D319E347B46005C97"/> 
+  <Deny ID="ID_DENY_D_245" FriendlyName="PowerShell 245" Hash="4BFB3F95CA1B79DA3C6B0A2ECB432059E686F967"/> 
+  <Deny ID="ID_DENY_D_246" FriendlyName="PowerShell 246" Hash="0C4688AACD02829850DE0F792AC06D3C87895412A910EA76F7F9BF31B3B4A3E9"/> 
+  <Deny ID="ID_DENY_D_247" FriendlyName="PowerShell 247" Hash="6DC048AFA50B5B1B0AD7DD3125AC83D46FED730A"/> 
+  <Deny ID="ID_DENY_D_248" FriendlyName="PowerShell 248" Hash="432F666CCE8CD222484E263AE02F63E0038143DD6AD07B3EB1633CD3C498C13D"/> 
+- <!-- pubprn.vbs
+  --> 
+- <!-- rs2 x86fre
+  --> 
+  <Deny ID="ID_DENY_D_249" FriendlyName="PubPrn 249" Hash="68E96BE23748AA680D5E1E557778901F332ED5D3"/> 
+  <Deny ID="ID_DENY_D_250" FriendlyName="PubPrn 250" Hash="8FA30B5931806565C2058E565C06AD5F1C5A48CDBE609975EB31207C25214063"/> 
+- <!-- rs2 amd64fre
+  --> 
+  <Deny ID="ID_DENY_D_251" FriendlyName="PubPrn 251" Hash="32C4B29FE428B1DF473F3F4FECF519D285E93521"/> 
+  <Deny ID="ID_DENY_D_252" FriendlyName="PubPrn 252" Hash="D44FB563198D60DFDC91608949FE2FADAD6161854D084EB1968C558AA36513C7"/> 
+- <!-- rs2 amd64chk
+  --> 
+  <Deny ID="ID_DENY_D_253" FriendlyName="PubPrn 253" Hash="9EDBEF086D350863F29175F5AB5178B88B142C75"/> 
+  <Deny ID="ID_DENY_D_254" FriendlyName="PubPrn 254" Hash="9B22C98351F2B6DEDDCED0D805C65F5B166FF519A8DF41EB242CB909471892EB"/> 
+- <!-- rs2 x86chk
+  --> 
+  <Deny ID="ID_DENY_D_255" FriendlyName="PubPrn 255" Hash="8A3B30F345C43246B3500721CFEEADBAC6B9D9C6"/> 
+  <Deny ID="ID_DENY_D_256" FriendlyName="PubPrn 256" Hash="37C20BF20A2BBACE50957F8D0AB3FD16174BC005E79D47E51E899AFD9E4B7724"/> 
+- <!-- rs2 woafre
+  --> 
+  <Deny ID="ID_DENY_D_257" FriendlyName="PubPrn 257" Hash="C659DAD2B37375781E2D584E16AAE2A10B5A1156"/> 
+  <Deny ID="ID_DENY_D_258" FriendlyName="PubPRn 258" Hash="EBDACA86F10AC0446D60CC75628EC7A370B1E2236E6D20F22372F91033B6D429"/> 
+- <!-- rs3 amd64chk
+  --> 
+  <Deny ID="ID_DENY_D_259" FriendlyName="PubPrn 259" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4"/> 
+  <Deny ID="ID_DENY_D_260" FriendlyName="PubPrn 260" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F"/> 
+- <!-- rs3 amd64fre
+  --> 
+  <Deny ID="ID_DENY_D_261" FriendlyName="PubPrn 261" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4"/> 
+  <Deny ID="ID_DENY_D_262" FriendlyName="PubPrn 262" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F"/> 
+- <!-- rs3 arm64chk
+  --> 
+  <Deny ID="ID_DENY_D_263" FriendlyName="PubPrn 263" Hash="763A652217A1E30F2D288B7F44E08346949A02CD"/> 
+  <Deny ID="ID_DENY_D_264" FriendlyName="PubPrn 264" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D"/> 
+- <!-- rs3 arm64fre
+  --> 
+  <Deny ID="ID_DENY_D_265" FriendlyName="PubPrn 265" Hash="763A652217A1E30F2D288B7F44E08346949A02CD"/> 
+  <Deny ID="ID_DENY_D_266" FriendlyName="PubPrn 266" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D"/> 
+- <!-- rs3 woachk
+  --> 
+  <Deny ID="ID_DENY_D_267" FriendlyName="PubPrn 267" Hash="60FD28D770B23A0477679311D247DA4D5C61074C"/> 
+  <Deny ID="ID_DENY_D_268" FriendlyName="PubPrn 268" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F"/> 
+- <!-- rs3 woafre
+  --> 
+  <Deny ID="ID_DENY_D_269" FriendlyName="PubPrn 269" Hash="60FD28D770B23A0477679311D247DA4D5C61074C"/> 
+  <Deny ID="ID_DENY_D_270" FriendlyName="PubPrn 270" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F"/> 
+- <!-- rs3 x86chk
+  --> 
+  <Deny ID="ID_DENY_D_271" FriendlyName="PubPrn 271" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A"/> 
+  <Deny ID="ID_DENY_D_272" FriendlyName="PubPrn 272" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43"/> 
+- <!-- rs3 x86fre
+  --> 
+  <Deny ID="ID_DENY_D_273" FriendlyName="PubPrn 273" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A"/> 
+  <Deny ID="ID_DENY_D_274" FriendlyName="PubPrn 274" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43"/> 
+- <!-- rs3 sxs amd64
+  --> 
+  <Deny ID="ID_DENY_D_275" FriendlyName="PubPrn 275" Hash="663D8E25BAE20510A882F6692BE2620FBABFB94E"/> 
+  <Deny ID="ID_DENY_D_276" FriendlyName="PubPrn 276" Hash="649A9E5A4867A28C7D0934793F33B545F9441EA23872715C84826D80CC8EC576"/> 
+- <!-- rs3 sxs arm64
+  --> 
+  <Deny ID="ID_DENY_D_277" FriendlyName="PubPrn 277" Hash="226ABB2FBAEFC5A7E2A819D9D708F826C00FD215"/> 
+  <Deny ID="ID_DENY_D_278" FriendlyName="PubPrn 278" Hash="AC6B35C904D388FD12C07C2F6A1A07F337D31895713BF01DCCE7A7F187D7F4D9"/> 
+- <!-- rs3 sxs woa
+  --> 
+  <Deny ID="ID_DENY_D_279" FriendlyName="PubPrn 279" Hash="071D7849941E43144839988971255FE34690A747"/> 
+  <Deny ID="ID_DENY_D_280" FriendlyName="PubPrn 280" Hash="5AF75895BDC11A6B68C816A8677D7CF9692BF25A95C4378A43FBDE740B18EEB1"/> 
+- <!-- rs3 sxs x86
+  --> 
+  <Deny ID="ID_DENY_D_281" FriendlyName="PubPrn 281" Hash="9FBFF074C201BFEBE37710CB453EFF9A14AE3BFF"/> 
+  <Deny ID="ID_DENY_D_282" FriendlyName="PubPrn 282" Hash="A0C71A925850D2D481C7E520F5D5A83305EC169EEA4C5B8DC20C8D8AFCD8A512"/> 
+- <!-- psworkflowutility.psm1
+  --> 
+- <!-- th1
+  --> 
+  <Deny ID="ID_DENY_D_283" FriendlyName="PSWorkflowUtility 283" Hash="4FBC9A72C5D5246F34994F13076A5AD98A1A844E"/> 
+  <Deny ID="ID_DENY_D_284" FriendlyName="PSWorkflowUtility 284" Hash="7BF44433D3A606104778F64B11B92C52FC99C4BA570C50B70438275D0B587B8E"/> 
+- <!-- th2
+  --> 
+  <Deny ID="ID_DENY_D_285" FriendlyName="PSWorkflowUtility 285" Hash="99382ED8FA3577DFD903C01478A79D6D90681406"/> 
+  <Deny ID="ID_DENY_D_286" FriendlyName="PSWorkflowUtility 286" Hash="C3A5DAB20947CA8FD092E75C25177E7BAE7884CA58710F14827144C09EA1F94B"/> 
+  </FileRules>
+- <!-- Signers
+  --> 
+  <Signers /> 
+- <!-- Driver Signing Scenarios
+  --> 
+- <SigningScenarios>
+- <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Driver Signing Scenarios">
+- <ProductSigners>
+- <FileRulesRef>
+  <FileRuleRef RuleID="ID_DENY_KD_KMCI"/> 
+  </FileRulesRef>
+  </ProductSigners>
+  </SigningScenario>
+- <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="User Mode Signing Scenarios">
+- <ProductSigners>
+- <FileRulesRef>
+  <FileRuleRef RuleID="ID_DENY_BGINFO"/> 
+  <FileRuleRef RuleID="ID_DENY_CBD"/> 
+  <FileRuleRef RuleID="ID_DENY_KD"/> 
+  <FileRuleRef RuleID="ID_DENY_NTKD"/> 
+  <FileRuleRef RuleID="ID_DENY_WINDBG"/> 
+  <FileRuleRef RuleID="ID_DENY_MSBUILD"/> 
+  <FileRuleRef RuleID="ID_DENY_CSI"/> 
+  <FileRuleRef RuleID="ID_DENY_DBGHOST"/> 
+  <FileRuleRef RuleID="ID_DENY_DBGSVC"/> 
+  <FileRuleRef RuleID="ID_DENY_DNX"/> 
+  <FileRuleRef RuleID="ID_DENY_RCSI"/> 
+  <FileRuleRef RuleID="ID_DENY_NTSD"/> 
+  <FileRuleRef RuleID="ID_DENY_LXSS"/> 
+  <FileRuleRef RuleID="ID_DENY_BASH"/> 
+  <FileRuleRef RuleID="ID_DENY_FSI"/> 
+  <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU"/> 
+  <FileRuleRef RuleID="ID_DENY_MSHTA"/> 
+  <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY"/> 
+  <FileRuleRef RuleID="ID_DENY_RUNSCRIPTHELPER"/> 
+  <FileRuleRef RuleID="ID_DENY_ADDINPROCESS"/> 
+  <FileRuleRef RuleID="ID_DENY_ADDINPROCESS32"/> 
+  <FileRuleRef RuleID="ID_DENY_ADDINUTIL"/> 
+  <FileRuleRef RuleID="ID_DENY_WSL"/> 
+  <FileRuleRef RuleID="ID_DENY_WSLCONFIG"/> 
+  <FileRuleRef RuleID="ID_DENY_WSLHOST"/> 
+  <FileRuleRef RuleID="ID_DENY_INFINSTALL"/> 
+  <FileRuleRef RuleID="ID_DENY_LXRUN"/> 
+  <FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/> 
+  <FileRuleRef RuleID="ID_DENY_WMIC"/> 
+  <FileRuleRef RuleID="ID_DENY_D_1"/> 
+  <FileRuleRef RuleID="ID_DENY_D_2"/> 
+  <FileRuleRef RuleID="ID_DENY_D_3"/> 
+  <FileRuleRef RuleID="ID_DENY_D_4"/> 
+  <FileRuleRef RuleID="ID_DENY_D_5"/> 
+  <FileRuleRef RuleID="ID_DENY_D_6"/> 
+  <FileRuleRef RuleID="ID_DENY_D_7"/> 
+  <FileRuleRef RuleID="ID_DENY_D_8"/> 
+  <FileRuleRef RuleID="ID_DENY_D_9"/> 
+  <FileRuleRef RuleID="ID_DENY_D_10"/> 
+  <FileRuleRef RuleID="ID_DENY_D_11"/> 
+  <FileRuleRef RuleID="ID_DENY_D_12"/> 
+  <FileRuleRef RuleID="ID_DENY_D_13"/> 
+  <FileRuleRef RuleID="ID_DENY_D_14"/> 
+  <FileRuleRef RuleID="ID_DENY_D_15"/> 
+  <FileRuleRef RuleID="ID_DENY_D_16"/> 
+  <FileRuleRef RuleID="ID_DENY_D_17"/> 
+  <FileRuleRef RuleID="ID_DENY_D_18"/> 
+  <FileRuleRef RuleID="ID_DENY_D_19"/> 
+  <FileRuleRef RuleID="ID_DENY_D_20"/> 
+  <FileRuleRef RuleID="ID_DENY_D_21"/> 
+  <FileRuleRef RuleID="ID_DENY_D_22"/> 
+  <FileRuleRef RuleID="ID_DENY_D_23"/> 
+  <FileRuleRef RuleID="ID_DENY_D_24"/> 
+  <FileRuleRef RuleID="ID_DENY_D_25"/> 
+  <FileRuleRef RuleID="ID_DENY_D_26"/> 
+  <FileRuleRef RuleID="ID_DENY_D_27"/> 
+  <FileRuleRef RuleID="ID_DENY_D_28"/> 
+  <FileRuleRef RuleID="ID_DENY_D_29"/> 
+  <FileRuleRef RuleID="ID_DENY_D_30"/> 
+  <FileRuleRef RuleID="ID_DENY_D_31"/> 
+  <FileRuleRef RuleID="ID_DENY_D_32"/> 
+  <FileRuleRef RuleID="ID_DENY_D_33"/> 
+  <FileRuleRef RuleID="ID_DENY_D_34"/> 
+  <FileRuleRef RuleID="ID_DENY_D_35"/> 
+  <FileRuleRef RuleID="ID_DENY_D_36"/> 
+  <FileRuleRef RuleID="ID_DENY_D_37"/> 
+  <FileRuleRef RuleID="ID_DENY_D_38"/> 
+  <FileRuleRef RuleID="ID_DENY_D_39"/> 
+  <FileRuleRef RuleID="ID_DENY_D_40"/> 
+  <FileRuleRef RuleID="ID_DENY_D_41"/> 
+  <FileRuleRef RuleID="ID_DENY_D_42"/> 
+  <FileRuleRef RuleID="ID_DENY_D_43"/> 
+  <FileRuleRef RuleID="ID_DENY_D_44"/> 
+  <FileRuleRef RuleID="ID_DENY_D_45"/> 
+  <FileRuleRef RuleID="ID_DENY_D_46"/> 
+  <FileRuleRef RuleID="ID_DENY_D_47"/> 
+  <FileRuleRef RuleID="ID_DENY_D_48"/> 
+  <FileRuleRef RuleID="ID_DENY_D_49"/> 
+  <FileRuleRef RuleID="ID_DENY_D_50"/> 
+  <FileRuleRef RuleID="ID_DENY_D_51"/> 
+  <FileRuleRef RuleID="ID_DENY_D_52"/> 
+  <FileRuleRef RuleID="ID_DENY_D_53"/> 
+  <FileRuleRef RuleID="ID_DENY_D_54"/> 
+  <FileRuleRef RuleID="ID_DENY_D_55"/> 
+  <FileRuleRef RuleID="ID_DENY_D_56"/> 
+  <FileRuleRef RuleID="ID_DENY_D_57"/> 
+  <FileRuleRef RuleID="ID_DENY_D_58"/> 
+  <FileRuleRef RuleID="ID_DENY_D_59"/> 
+  <FileRuleRef RuleID="ID_DENY_D_60"/> 
+  <FileRuleRef RuleID="ID_DENY_D_61"/> 
+  <FileRuleRef RuleID="ID_DENY_D_62"/> 
+  <FileRuleRef RuleID="ID_DENY_D_63"/> 
+  <FileRuleRef RuleID="ID_DENY_D_64"/> 
+  <FileRuleRef RuleID="ID_DENY_D_65"/> 
+  <FileRuleRef RuleID="ID_DENY_D_66"/> 
+  <FileRuleRef RuleID="ID_DENY_D_67"/> 
+  <FileRuleRef RuleID="ID_DENY_D_68"/> 
+  <FileRuleRef RuleID="ID_DENY_D_69"/> 
+  <FileRuleRef RuleID="ID_DENY_D_70"/> 
+  <FileRuleRef RuleID="ID_DENY_D_71"/> 
+  <FileRuleRef RuleID="ID_DENY_D_72"/> 
+  <FileRuleRef RuleID="ID_DENY_D_73"/> 
+  <FileRuleRef RuleID="ID_DENY_D_74"/> 
+  <FileRuleRef RuleID="ID_DENY_D_75"/> 
+  <FileRuleRef RuleID="ID_DENY_D_76"/> 
+  <FileRuleRef RuleID="ID_DENY_D_77"/> 
+  <FileRuleRef RuleID="ID_DENY_D_78"/> 
+  <FileRuleRef RuleID="ID_DENY_D_79"/> 
+  <FileRuleRef RuleID="ID_DENY_D_80"/> 
+  <FileRuleRef RuleID="ID_DENY_D_81"/> 
+  <FileRuleRef RuleID="ID_DENY_D_82"/> 
+  <FileRuleRef RuleID="ID_DENY_D_83"/> 
+  <FileRuleRef RuleID="ID_DENY_D_84"/> 
+  <FileRuleRef RuleID="ID_DENY_D_85"/> 
+  <FileRuleRef RuleID="ID_DENY_D_86"/> 
+  <FileRuleRef RuleID="ID_DENY_D_87"/> 
+  <FileRuleRef RuleID="ID_DENY_D_88"/> 
+  <FileRuleRef RuleID="ID_DENY_D_89"/> 
+  <FileRuleRef RuleID="ID_DENY_D_90"/> 
+  <FileRuleRef RuleID="ID_DENY_D_91"/> 
+  <FileRuleRef RuleID="ID_DENY_D_92"/> 
+  <FileRuleRef RuleID="ID_DENY_D_93"/> 
+  <FileRuleRef RuleID="ID_DENY_D_94"/> 
+  <FileRuleRef RuleID="ID_DENY_D_95"/> 
+  <FileRuleRef RuleID="ID_DENY_D_96"/> 
+  <FileRuleRef RuleID="ID_DENY_D_97"/> 
+  <FileRuleRef RuleID="ID_DENY_D_98"/> 
+  <FileRuleRef RuleID="ID_DENY_D_99"/> 
+  <FileRuleRef RuleID="ID_DENY_D_100"/> 
+  <FileRuleRef RuleID="ID_DENY_D_101"/> 
+  <FileRuleRef RuleID="ID_DENY_D_102"/> 
+  <FileRuleRef RuleID="ID_DENY_D_103"/> 
+  <FileRuleRef RuleID="ID_DENY_D_104"/> 
+  <FileRuleRef RuleID="ID_DENY_D_105"/> 
+  <FileRuleRef RuleID="ID_DENY_D_106"/> 
+  <FileRuleRef RuleID="ID_DENY_D_107"/> 
+  <FileRuleRef RuleID="ID_DENY_D_108"/> 
+  <FileRuleRef RuleID="ID_DENY_D_109"/> 
+  <FileRuleRef RuleID="ID_DENY_D_110"/> 
+  <FileRuleRef RuleID="ID_DENY_D_111"/> 
+  <FileRuleRef RuleID="ID_DENY_D_112"/> 
+  <FileRuleRef RuleID="ID_DENY_D_113"/> 
+  <FileRuleRef RuleID="ID_DENY_D_114"/> 
+  <FileRuleRef RuleID="ID_DENY_D_115"/> 
+  <FileRuleRef RuleID="ID_DENY_D_116"/> 
+  <FileRuleRef RuleID="ID_DENY_D_117"/> 
+  <FileRuleRef RuleID="ID_DENY_D_118"/> 
+  <FileRuleRef RuleID="ID_DENY_D_119"/> 
+  <FileRuleRef RuleID="ID_DENY_D_120"/> 
+  <FileRuleRef RuleID="ID_DENY_D_121"/> 
+  <FileRuleRef RuleID="ID_DENY_D_122"/> 
+  <FileRuleRef RuleID="ID_DENY_D_123"/> 
+  <FileRuleRef RuleID="ID_DENY_D_124"/> 
+  <FileRuleRef RuleID="ID_DENY_D_125"/> 
+  <FileRuleRef RuleID="ID_DENY_D_126"/> 
+  <FileRuleRef RuleID="ID_DENY_D_127"/> 
+  <FileRuleRef RuleID="ID_DENY_D_128"/> 
+  <FileRuleRef RuleID="ID_DENY_D_129"/> 
+  <FileRuleRef RuleID="ID_DENY_D_130"/> 
+  <FileRuleRef RuleID="ID_DENY_D_131"/> 
+  <FileRuleRef RuleID="ID_DENY_D_132"/> 
+  <FileRuleRef RuleID="ID_DENY_D_133"/> 
+  <FileRuleRef RuleID="ID_DENY_D_134"/> 
+  <FileRuleRef RuleID="ID_DENY_D_135"/> 
+  <FileRuleRef RuleID="ID_DENY_D_136"/> 
+  <FileRuleRef RuleID="ID_DENY_D_137"/> 
+  <FileRuleRef RuleID="ID_DENY_D_138"/> 
+  <FileRuleRef RuleID="ID_DENY_D_139"/> 
+  <FileRuleRef RuleID="ID_DENY_D_140"/> 
+  <FileRuleRef RuleID="ID_DENY_D_141"/> 
+  <FileRuleRef RuleID="ID_DENY_D_142"/> 
+  <FileRuleRef RuleID="ID_DENY_D_143"/> 
+  <FileRuleRef RuleID="ID_DENY_D_144"/> 
+  <FileRuleRef RuleID="ID_DENY_D_145"/> 
+  <FileRuleRef RuleID="ID_DENY_D_146"/> 
+  <FileRuleRef RuleID="ID_DENY_D_147"/> 
+  <FileRuleRef RuleID="ID_DENY_D_148"/> 
+  <FileRuleRef RuleID="ID_DENY_D_149"/> 
+  <FileRuleRef RuleID="ID_DENY_D_150"/> 
+  <FileRuleRef RuleID="ID_DENY_D_151"/> 
+  <FileRuleRef RuleID="ID_DENY_D_152"/> 
+  <FileRuleRef RuleID="ID_DENY_D_153"/> 
+  <FileRuleRef RuleID="ID_DENY_D_154"/> 
+  <FileRuleRef RuleID="ID_DENY_D_155"/> 
+  <FileRuleRef RuleID="ID_DENY_D_156"/> 
+  <FileRuleRef RuleID="ID_DENY_D_157"/> 
+  <FileRuleRef RuleID="ID_DENY_D_158"/> 
+  <FileRuleRef RuleID="ID_DENY_D_159"/> 
+  <FileRuleRef RuleID="ID_DENY_D_160"/> 
+  <FileRuleRef RuleID="ID_DENY_D_161"/> 
+  <FileRuleRef RuleID="ID_DENY_D_162"/> 
+  <FileRuleRef RuleID="ID_DENY_D_163"/> 
+  <FileRuleRef RuleID="ID_DENY_D_164"/> 
+  <FileRuleRef RuleID="ID_DENY_D_165"/> 
+  <FileRuleRef RuleID="ID_DENY_D_166"/> 
+  <FileRuleRef RuleID="ID_DENY_D_167"/> 
+  <FileRuleRef RuleID="ID_DENY_D_168"/> 
+  <FileRuleRef RuleID="ID_DENY_D_169"/> 
+  <FileRuleRef RuleID="ID_DENY_D_170"/> 
+  <FileRuleRef RuleID="ID_DENY_D_171"/> 
+  <FileRuleRef RuleID="ID_DENY_D_172"/> 
+  <FileRuleRef RuleID="ID_DENY_D_173"/> 
+  <FileRuleRef RuleID="ID_DENY_D_174"/> 
+  <FileRuleRef RuleID="ID_DENY_D_175"/> 
+  <FileRuleRef RuleID="ID_DENY_D_176"/> 
+  <FileRuleRef RuleID="ID_DENY_D_177"/> 
+  <FileRuleRef RuleID="ID_DENY_D_178"/> 
+  <FileRuleRef RuleID="ID_DENY_D_179"/> 
+  <FileRuleRef RuleID="ID_DENY_D_180"/> 
+  <FileRuleRef RuleID="ID_DENY_D_181"/> 
+  <FileRuleRef RuleID="ID_DENY_D_182"/> 
+  <FileRuleRef RuleID="ID_DENY_D_183"/> 
+  <FileRuleRef RuleID="ID_DENY_D_184"/> 
+  <FileRuleRef RuleID="ID_DENY_D_185"/> 
+  <FileRuleRef RuleID="ID_DENY_D_186"/> 
+  <FileRuleRef RuleID="ID_DENY_D_187"/> 
+  <FileRuleRef RuleID="ID_DENY_D_188"/> 
+  <FileRuleRef RuleID="ID_DENY_D_189"/> 
+  <FileRuleRef RuleID="ID_DENY_D_190"/> 
+  <FileRuleRef RuleID="ID_DENY_D_191"/> 
+  <FileRuleRef RuleID="ID_DENY_D_192"/> 
+  <FileRuleRef RuleID="ID_DENY_D_193"/> 
+  <FileRuleRef RuleID="ID_DENY_D_194"/> 
+  <FileRuleRef RuleID="ID_DENY_D_195"/> 
+  <FileRuleRef RuleID="ID_DENY_D_196"/> 
+  <FileRuleRef RuleID="ID_DENY_D_197"/> 
+  <FileRuleRef RuleID="ID_DENY_D_198"/> 
+  <FileRuleRef RuleID="ID_DENY_D_199"/> 
+  <FileRuleRef RuleID="ID_DENY_D_200"/> 
+  <FileRuleRef RuleID="ID_DENY_D_201"/> 
+  <FileRuleRef RuleID="ID_DENY_D_202"/> 
+  <FileRuleRef RuleID="ID_DENY_D_203"/> 
+  <FileRuleRef RuleID="ID_DENY_D_204"/> 
+  <FileRuleRef RuleID="ID_DENY_D_205"/> 
+  <FileRuleRef RuleID="ID_DENY_D_206"/> 
+  <FileRuleRef RuleID="ID_DENY_D_207"/> 
+  <FileRuleRef RuleID="ID_DENY_D_208"/> 
+  <FileRuleRef RuleID="ID_DENY_D_209"/> 
+  <FileRuleRef RuleID="ID_DENY_D_210"/> 
+  <FileRuleRef RuleID="ID_DENY_D_211"/> 
+  <FileRuleRef RuleID="ID_DENY_D_212"/> 
+  <FileRuleRef RuleID="ID_DENY_D_213"/> 
+  <FileRuleRef RuleID="ID_DENY_D_214"/> 
+  <FileRuleRef RuleID="ID_DENY_D_215"/> 
+  <FileRuleRef RuleID="ID_DENY_D_216"/> 
+  <FileRuleRef RuleID="ID_DENY_D_217"/> 
+  <FileRuleRef RuleID="ID_DENY_D_218"/> 
+  <FileRuleRef RuleID="ID_DENY_D_219"/> 
+  <FileRuleRef RuleID="ID_DENY_D_220"/> 
+  <FileRuleRef RuleID="ID_DENY_D_221"/> 
+  <FileRuleRef RuleID="ID_DENY_D_222"/> 
+  <FileRuleRef RuleID="ID_DENY_D_223"/> 
+  <FileRuleRef RuleID="ID_DENY_D_224"/> 
+  <FileRuleRef RuleID="ID_DENY_D_225"/> 
+  <FileRuleRef RuleID="ID_DENY_D_226"/> 
+  <FileRuleRef RuleID="ID_DENY_D_227"/> 
+  <FileRuleRef RuleID="ID_DENY_D_228"/> 
+  <FileRuleRef RuleID="ID_DENY_D_229"/> 
+  <FileRuleRef RuleID="ID_DENY_D_230"/> 
+  <FileRuleRef RuleID="ID_DENY_D_231"/> 
+  <FileRuleRef RuleID="ID_DENY_D_232"/> 
+  <FileRuleRef RuleID="ID_DENY_D_233"/> 
+  <FileRuleRef RuleID="ID_DENY_D_234"/> 
+  <FileRuleRef RuleID="ID_DENY_D_235"/> 
+  <FileRuleRef RuleID="ID_DENY_D_236"/> 
+  <FileRuleRef RuleID="ID_DENY_D_237"/> 
+  <FileRuleRef RuleID="ID_DENY_D_238"/> 
+  <FileRuleRef RuleID="ID_DENY_D_239"/> 
+  <FileRuleRef RuleID="ID_DENY_D_240"/> 
+  <FileRuleRef RuleID="ID_DENY_D_241"/> 
+  <FileRuleRef RuleID="ID_DENY_D_242"/> 
+  <FileRuleRef RuleID="ID_DENY_D_243"/> 
+  <FileRuleRef RuleID="ID_DENY_D_244"/> 
+  <FileRuleRef RuleID="ID_DENY_D_245"/> 
+  <FileRuleRef RuleID="ID_DENY_D_246"/> 
+  <FileRuleRef RuleID="ID_DENY_D_247"/> 
+  <FileRuleRef RuleID="ID_DENY_D_248"/> 
+  <FileRuleRef RuleID="ID_DENY_D_249"/> 
+  <FileRuleRef RuleID="ID_DENY_D_250"/> 
+  <FileRuleRef RuleID="ID_DENY_D_251"/> 
+  <FileRuleRef RuleID="ID_DENY_D_252"/> 
+  <FileRuleRef RuleID="ID_DENY_D_253"/> 
+  <FileRuleRef RuleID="ID_DENY_D_254"/> 
+  <FileRuleRef RuleID="ID_DENY_D_255"/> 
+  <FileRuleRef RuleID="ID_DENY_D_256"/> 
+  <FileRuleRef RuleID="ID_DENY_D_257"/> 
+  <FileRuleRef RuleID="ID_DENY_D_258"/> 
+  <FileRuleRef RuleID="ID_DENY_D_259"/> 
+  <FileRuleRef RuleID="ID_DENY_D_260"/> 
+  <FileRuleRef RuleID="ID_DENY_D_261"/> 
+  <FileRuleRef RuleID="ID_DENY_D_262"/> 
+  <FileRuleRef RuleID="ID_DENY_D_263"/> 
+  <FileRuleRef RuleID="ID_DENY_D_264"/> 
+  <FileRuleRef RuleID="ID_DENY_D_265"/> 
+  <FileRuleRef RuleID="ID_DENY_D_266"/> 
+  <FileRuleRef RuleID="ID_DENY_D_267"/> 
+  <FileRuleRef RuleID="ID_DENY_D_268"/> 
+  <FileRuleRef RuleID="ID_DENY_D_269"/> 
+  <FileRuleRef RuleID="ID_DENY_D_270"/> 
+  <FileRuleRef RuleID="ID_DENY_D_271"/> 
+  <FileRuleRef RuleID="ID_DENY_D_272"/> 
+  <FileRuleRef RuleID="ID_DENY_D_273"/> 
+  <FileRuleRef RuleID="ID_DENY_D_274"/> 
+  <FileRuleRef RuleID="ID_DENY_D_275"/> 
+  <FileRuleRef RuleID="ID_DENY_D_276"/> 
+  <FileRuleRef RuleID="ID_DENY_D_277"/> 
+  <FileRuleRef RuleID="ID_DENY_D_278"/> 
+  <FileRuleRef RuleID="ID_DENY_D_279"/> 
+  <FileRuleRef RuleID="ID_DENY_D_280"/> 
+  <FileRuleRef RuleID="ID_DENY_D_281"/> 
+  <FileRuleRef RuleID="ID_DENY_D_282"/> 
+  <FileRuleRef RuleID="ID_DENY_D_283"/> 
+  <FileRuleRef RuleID="ID_DENY_D_284"/> 
+  <FileRuleRef RuleID="ID_DENY_D_285"/> 
+  <FileRuleRef RuleID="ID_DENY_D_286"/> 
+  </FileRulesRef>
+  </ProductSigners>
+  </SigningScenario>
+  </SigningScenarios>
+  <UpdatePolicySigners /> 
+  <CiSigners /> 
+  <HvciOptions>0</HvciOptions> 
+  </SiPolicy>
+  
+  ```
+<br />
+
+To create a WDAC policy, copy each of the following commands into an elevated Windows PowerShell session, in order:
+
+1.  Initialize variables that you will use. The following example commands use **InitialScan.xml** and **DeviceGuardPolicy.bin** for the names of the files that will be created:
+
+    ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
+
+    ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"`
+
+    ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"`
+
+2.  Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to create a new WDAC policy by scanning the system for installed applications:
+
+    ` New-CIPolicy -Level FilePublisher -FilePath $InitialCIPolicy –UserPEs -FallBack Hash 3> CIPolicyLog.txt `
+
+    > [!Note] 
+    
+    > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the WDAC policy. In contrast, if you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers, in other words, the whitelist will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Windows Defender Application Control. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application. 
+    
+    > - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [Windows Defender Application Control file rule levels](deploy-windows-defender-application-control-policy-rules-and-file-rules.md#windows-defender-application-control-file-rule-levels) in “Deploy Windows Defender Application Control: policy rules and file rules.”
+
+    > - To specify that the WDAC policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the entire system is scanned.
+    
+    > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
+
+3.  Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the WDAC policy to a binary format:
+
+    ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin`
+
+After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (IntialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
+
+> [!Note] 
+> We recommend that you keep the original .xml file of the policy for use when you need to merge the WDAC policy with another policy or update its rule options. Alternatively, you would have to create a new policy from a new scan for servicing. For more information about how to merge WDAC policies, see [Merge Windows Defender Application Control policies](#merge-windows-defender-application-control-policies).
+
+We recommend that every WDAC policy be run in audit mode before being enforced. Doing so allows administrators to discover any issues with the policy without receiving error message dialog boxes. For information about how to audit a WDAC policy, see the next section, [Audit Windows Defender Application Control policies](#audit-windows-defender-application-control-policies).
+
+## Audit Windows Defender Application Control policies
+
+When WDAC policies are run in audit mode, it allows administrators to discover any applications that were missed during an initial policy scan and to identify any new applications that have been installed and run since the original policy was created. While a WDAC policy is running in audit mode, any binary that runs and would have been denied had the policy been enforced is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. When these logged binaries have been validated, they can easily be added to a new WDAC policy. When the new exception policy is created, you can merge it with your existing WDAC policies.
+
+> [!Note] 
+> Before you begin this process, you need to create a WDAC policy binary file. If you have not already done so, see [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer), earlier in this topic, for a step-by-step walkthrough of the process to create a WDAC policy and convert it to binary format.
+
+**To audit a Windows Defender Application Control policy with local policy:**
+
+1.  Find a *.bin policy file that you have created, for example, the DeviceGuardPolicy.bin file that resulted from the steps in the earlier section, [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). Copy the file to C:\\Windows\\System32\\CodeIntegrity.
+
+2.  On the computer you want to run in audit mode, open the Local Group Policy Editor by running **GPEdit.msc**.
+
+    > [!Note]
+    
+    > - The computer that you will run in audit mode must be clean of viruses or malware. Otherwise, in the process that you follow after auditing the system, you might unintentionally merge in a policy that allows viruses or malware to run.
+    
+    > - An alternative method to test a policy is to rename the test file to SIPolicy.p7b and drop it into C:\\Windows\\System32\\CodeIntegrity, rather than deploy it by using the Local Group Policy Editor.
+    
+3.  Navigate to **Computer Configuration\\Administrative Templates\\System\\Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1.
+
+    > [!Note]
+    
+    > - The illustration shows the example file name *DeviceGuardPolicy.bin* because this name was used earlier in this topic, in [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). Also, this policy file does not need to be copied to every system. You can instead copy the WDAC policies to a file share to which all computer accounts have access.
+
+    > - Any policy you select here is converted to SIPolicy.p7b when it is deployed to the individual computers.
+
+    > - You might have noticed that the GPO setting references a .p7b file and this policy uses a .bin file. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped onto the computers running Windows 10. We recommend that you make your WDAC policy names friendly and allow the system to convert the policy names for you. By doing this, it ensures that the policies are easily distinguishable when viewed in a share or any other central repository.
+
+   ![Group Policy called Deploy Windows Defender Application Control](images/dg-fig22-deploycode.png)
+
+   Figure 1. Deploy your Windows Defender Application Control policy
+
+4.  Restart the reference system for the WDAC policy to take effect.
+
+5.  Use the system as you normally would, and monitor code integrity events in the event log. While in audit mode, any exception to the deployed WDAC policy will be logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log, as shown in Figure 2.
+
+   ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png)
+
+   Figure 2. Exceptions to the deployed WDAC policy
+
+   You will be reviewing the exceptions that appear in the event log, and making a list of any applications that should be allowed to run in your environment.
+   
+6. If you want to create a catalog file to simplify the process of including unsigned LOB applications in your WDAC policy, this is a good time to create it. For information, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).   
+
+Now that you have a WDAC policy deployed in audit mode, you can capture any audit information that appears in the event log. This is described in the next section.
+
+## Create a Windows Defender Application Control policy that captures audit information from the event log
+
+Use the following procedure after you have been running a computer with a WDAC policy in audit mode for a period of time. When you are ready to capture the needed policy information from the event log (so that you can later merge that information into the original WDAC policy), complete the following steps. 
+
+<!-- Watch the phrase "later step in this procedure" in step 1, in case the organization of the procedures changes. -->
+
+1.  Review the audit information in the event log. From the WDAC policy exceptions that you see, make a list of any applications that should be allowed to run in your environment, and decide on the file rule level that should be used to trust these applications.
+
+    Although the Hash file rule level will catch all of these exceptions, it may not be the best way to trust all of them. For information about file rule levels, see [Windows Defender Application Control file rule levels](deploy-windows-defender-application-control-policy-rules-and-file-rules.md#windows-defender-application-control-file-rule-levels) in "Deploy Windows Defender Application Control: policy rules and file rules."
+    
+    Your event log might also contain exceptions for applications that you eventually want your WDAC policy to block. If these appear, make a list of these also, for a later step in this procedure.
+
+2.  In an elevated Windows PowerShell session, initialize the variables that will be used. The example filename shown here is **DeviceGuardAuditPolicy.xml**:
+
+    ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
+
+    ` $CIAuditPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"`
+
+3.  Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
+
+    ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3 -FallBack Hash > CIPolicylog.txt`
+
+  > [!Note] 
+  > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy.
+
+4.  Find and review the WDAC audit policy .xml file that you created. If you used the example variables as shown, the filename will be **DeviceGuardAuditPolicy.xml**, and it will be on your desktop. Look for the following:
+
+    - Any applications that were caught as exceptions, but should be allowed to run in your environment. These are applications that should be in the .xml file. Leave these as-is in the file.
+    
+    - Any applications that actually should not be allowed to run in your environment. Edit these out of the .xml file. If they remain in the .xml file, and the information in the file is merged into your existing WDAC policy, the policy will treat the applications as trusted, and allow them to run. 
+
+You can now use this file to update the existing WDAC policy that you ran in audit mode by merging the two policies. For instructions on how to merge this audit policy with the existing WDAC policy, see the next section, [Merge Windows Defender Application Control policies](#merge-windows-defender-application-control-policies).
+
+> [!Note] 
+> You may have noticed that you did not generate a binary version of this policy as you did in [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). This is because WDAC policies created from an audit log are not intended to run as stand-alone policies but rather to update existing WDAC policies.
+
+## Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
+
+As of Windows 10, version 1703, you can use WDAC policies not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
+
+| Approach (as of Windows 10, version 1703) | Guideline |
+|---|---|
+| You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them. | Use `New-CIPolicyRule` with the `-AppID` option. |
+| In addition, you can work  from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them. | Use `New-CIPolicyRule` with the `-AppID` and `-Deny` options. |
+
+To work with these options, the typical method is to create a policy that only affects plug-ins, add-ins, and modules, then merge it into your ‘master’ policy (merging is described in the next section).
+
+For example, to create a WDAC policy that allows **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization’s enterprise resource planning (ERP) application, but blocks those add-ins in other applications, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable:
+
+```
+$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
+$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP1.exe'
+New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs
+```
+
+As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specifed application:
+
+```
+$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
+New-CIPolicy -Rules $rule -FilePath ".\BlockAddins.xml" -UserPEs
+```
+
+## Merge Windows Defender Application Control policies
+
+When you develop WDAC policies, you will occasionally need to merge two policies. A common example is when a WDAC policy is initially created and audited. Another example is when you create a single master policy by using multiple policies previously created from reference computers. Because each computer running Windows 10 can have only one WDAC policy, it is important to properly maintain these policies. In this example, audit events have been saved into a secondary WDAC policy that you then merge with the initial WDAC policy.
+
+> [!Note] 
+> The following example uses several of the WDAC policy .xml files that you created in earlier sections in this topic. You can follow this process, however, with any two WDAC policies you would like to combine.
+
+To merge two WDAC policies, complete the following steps in an elevated Windows PowerShell session:
+
+1.  Initialize the variables that will be used:
+
+    ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
+
+    ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"`
+
+    ` $AuditCIPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"`
+
+    ` $MergedCIPolicy=$CIPolicyPath+"MergedPolicy.xml"`
+
+    ` $CIPolicyBin=$CIPolicyPath+"NewDeviceGuardPolicy.bin"`
+
+  > [!Note] 
+  > The variables in this section specifically expect to find an initial policy on your desktop called **InitialScan.xml** and an audit WDAC policy called **DeviceGuardAuditPolicy.xml**. If you want to merge other WDAC policies, update the variables accordingly.
+
+2.  Use [Merge-CIPolicy](https://docs.microsoft.com/powershell/module/configci/merge-cipolicy?view=win10-ps) to merge two policies and create a new WDAC policy:
+
+    ` Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy`
+
+3.  Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the merged WDAC policy to binary format:
+
+    ` ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin `
+
+Now that you have created a new WDAC policy (for example, called **NewDeviceGuardPolicy.bin**), you can deploy the policy binary to systems manually or by using Group Policy or Microsoft client management solutions. For information about how to deploy this new policy with Group Policy, see the [Deploy and manage Windows Defender Application Control with Group Policy](#deploy-and-manage-windows-defender-application-control-with-group-policy) section.
+
+## Enforce Windows Defender Application Control policies
+
+Every WDAC policy is created with audit mode enabled. After you have successfully deployed and tested a WDAC policy in audit mode and are ready to test the policy in enforced mode, complete the following steps in an elevated Windows PowerShell session:
+
+> [!Note] 
+> Every WDAC policy should be tested in audit mode first. For information about how to audit WDAC policies, see [Audit Windows Defender Application Control policies](#audit-windows-defender-application-control-policies), earlier in this topic.
+
+1.  Initialize the variables that will be used:
+
+    ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
+
+    ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml" `
+
+    ` $EnforcedCIPolicy=$CIPolicyPath+"EnforcedPolicy.xml"`
+
+    ` $CIPolicyBin=$CIPolicyPath+"EnforcedDeviceGuardPolicy.bin"`
+
+    > [!Note] 
+    > The initial WDAC policy that this section refers to was created in the [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer) section. If you are using a different WDAC policy, update the **CIPolicyPath** and **InitialCIPolicy** variables.
+
+2. Ensure that rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) are set the way that you intend for this policy. We strongly recommend that you enable these rule options before you run any enforced policy for the first time. Enabling these options provides administrators with a pre-boot command prompt, and allows Windows to start even if the WDAC policy blocks a kernel-mode driver from running. When ready for enterprise deployment, you can remove these options.
+
+    To ensure that these options are enabled in a policy, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) as shown in the following commands. You can run these commands even if you're not sure whether options 9 and 10 are already enabled—if so, the commands have no effect.
+    
+    ` Set-RuleOption -FilePath $InitialCIPolicy -Option 9`
+    
+    ` Set-RuleOption -FilePath $InitialCIPolicy -Option 10`
+
+3.  Copy the initial file to maintain an original copy:
+
+    ` copy $InitialCIPolicy $EnforcedCIPolicy`
+
+4.  Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) to delete the audit mode rule option:
+
+    ` Set-RuleOption -FilePath $EnforcedCIPolicy -Option 3 -Delete`
+
+  > [!Note] 
+  > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy.
+
+5.  Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the new WDAC policy to binary format:
+
+    ` ConvertFrom-CIPolicy $EnforcedCIPolicy $CIPolicyBin`
+
+Now that this policy is in enforced mode, you can deploy it to your test computers. Rename the policy to SIPolicy.p7b and copy it to C:\\Windows\\System32\\CodeIntegrity for testing, or deploy the policy through Group Policy by following the instructions in [Deploy and manage Windows Defender Application Control with Group Policy](#deploy-and-manage-windows-defender-application-control-with-group-policy). You can also use other client management software to deploy and manage the policy.
+
+## Signing Windows Defender Application Control policies with SignTool.exe
+
+Signed WDAC policies give organizations the highest level of malware protection available in Windows 10. 
+In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. 
+These policies are designed to prevent administrative tampering and kernel mode exploit access. 
+With this in mind, it is much more difficult to remove signed WDAC policies. 
+Before you sign and deploy a signed WDAC policy, we recommend that you [audit the policy](#audit-windows-defender-application-control-policies) to discover any blocked applications that should be allowed to run. 
+
+Signing WDAC policies by using an on-premises CA-generated certificate or a purchased code signing certificate is straightforward. 
+If you do not currently have a code signing certificate exported in .pfx format (containing private keys, extensions, and root certificates), see [Optional: Create a code signing certificate for Windows Defender Application Control](optional-create-a-code-signing-certificate-for-windows-defender-application-control.md) to create one with your on-premises CA. 
+
+Before signing WDAC policies for the first time, be sure to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9` even if you're not sure whether the option is already enabled—if so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](deploy-windows-defender-application-control-policy-rules-and-file-rules.md#windows-defender-application-control-policy-rules) in "Deploy Windows Defender Application Control: policy rules and file rules."
+
+To sign a WDAC policy with SignTool.exe, you need the following components:
+
+-   SignTool.exe, found in the Windows SDK (Windows 7 or later)
+
+-   The binary format of the WDAC policy that you generated in the [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer) section or another WDAC policy that you have created
+
+-   An internal CA code signing certificate or a purchased code signing certificate
+
+If you do not have a code signing certificate, see the [Optional: Create a code signing certificate for Windows Defender Application Control](optional-create-a-code-signing-certificate-for-windows-defender-application-control.md) section for instructions on how to create one. If you use an alternate certificate or WDAC policy, be sure to update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session:
+
+1.  Initialize the variables that will be used:
+
+    ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
+    
+    ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"`
+    
+    ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"`
+
+   > [!Note] 
+   > This example uses the WDAC policy that you created in the [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer) section. If you are signing another policy, be sure to update the **$CIPolicyPath** and **$CIPolicyBin** variables with the correct information.
+
+2.  Import the .pfx code signing certificate. Import the code signing certificate that you will use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](optional-create-a-code-signing-certificate-for-windows-defender-application-control.md).
+
+3.  Export the .cer code signing certificate. After the code signing certificate has been imported, export the .cer version to your desktop. This version will be added to the policy so that it can be updated later.
+
+4.  Navigate to your desktop as the working directory:
+
+    ` cd $env:USERPROFILE\Desktop `
+
+5.  Use [Add-SignerRule](https://docs.microsoft.com/powershell/module/configci/add-signerrule?view=win10-ps) to add an update signer certificate to the WDAC policy:
+
+    ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath <Path to exported .cer certificate> -Kernel -User –Update`
+
+   > [!Note] 
+   > *&lt;Path to exported .cer certificate&gt;* should be  the full path to the certificate that you exported in   step 3.
+    Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see the [Disable signed Windows Defender Application Control policies within Windows](#disable-signed-windows-defender-application-control-policies-within-windows) section.
+
+6.  Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) to remove the unsigned policy rule option:
+
+    ` Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete`
+
+7.  Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the policy to binary format:
+
+    ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin`
+
+8.  Sign the WDAC policy by using SignTool.exe:
+
+    ` <Path to signtool.exe> sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin`
+
+   > [!Note] 
+   > The *&lt;Path to signtool.exe&gt;* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
+
+9.  Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](#deploy-and-manage-windows-defender-application-control-with-group-policy).
+
+## Disable unsigned Windows Defender Application Control policies
+
+There may come a time when an administrator wants to disable a WDAC policy. For unsigned WDAC policies, this process is simple. Depending on how the WDAC policy was deployed, unsigned policies can be disabled in one of two ways. If a WDAC policy was manually enabled and copied to the code integrity folder location, simply delete the file and restart the computer. The following locations can contain executing WDAC policies:
+
+-   &lt;EFI System Partition&gt;\\Microsoft\\Boot\\
+
+-   &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\
+
+If the WDAC policy was deployed by using Group Policy, the GPO that is currently enabling and deploying the policy must be set to disabled. Then, the WDAC policy will be disabled on the next computer restart.
+
+## Disable signed Windows Defender Application Control policies within Windows
+
+Signed policies protect Windows from administrative manipulation as well as malware that has gained administrative-level access to the system. For this reason, signed WDAC policies are intentionally more difficult to remove than unsigned policies. They inherently protect themselves from modification or removal and therefore are difficult even for administrators to remove successfully. If the signed WDAC policy is manually enabled and copied to the CodeIntegrity folder, to remove the policy, you must complete the following steps.
+
+> [!Note] 
+> For reference, signed WDAC policies should be replaced and removed from the following locations:
+
+-   &lt;EFI System Partition&gt;\\Microsoft\\Boot\\
+
+-   &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\
+
+
+1.  Replace the existing policy with another signed policy that has the **6 Enabled: Unsigned System Integrity Policy** rule option enabled.
+
+    > **Note**&nbsp;&nbsp;To take effect, this policy must be signed with a certificate previously added to the **UpdatePolicySigners** section of the original signed policy you want to replace.
+
+2.  Restart the client computer.
+
+3.  Verify that the new signed policy exists on the client.
+
+    > **Note**&nbsp;&nbsp;If the signed policy that contains rule option 6 has not been processed on the client, the addition of an unsigned policy may cause boot failures.
+
+4.  Delete the new policy.
+
+5.  Restart the client computer.
+
+If the signed WDAC policy has been deployed using by using Group Policy, you must complete the following steps:
+
+1.  Replace the existing policy in the GPO with another signed policy that has the **6 Enabled: Unsigned System Integrity Policy** rule option enabled.
+
+    > **Note**&nbsp;&nbsp;To take effect, this policy must be signed with a certificate previously added to the **UpdatePolicySigners** section of the original signed policy you want to replace.
+
+2.  Restart the client computer.
+
+3.  Verify that the new signed policy exists on the client.
+
+    > **Note**&nbsp;&nbsp;If the signed policy that contains rule option 6 has not been processed on the client, the addition of an unsigned policy may cause boot failures.
+
+4.  Set the GPO to disabled.
+
+5.  Delete the new policy.
+
+6.  Restart the client computer.
+
+## Disable signed Windows Defender Application Control policies within the BIOS
+
+There may be a time when signed WDAC policies cause a boot failure. Because WDAC policies enforce kernel mode drivers, it is important that they be thoroughly tested on each software and hardware configuration before being enforced and signed. Signed WDAC policies are validated in the pre-boot sequence by using Secure Boot. When you disable the Secure Boot feature in the BIOS, and then delete the file from the following locations on the operating system disk, it allows the system to boot into Windows:
+
+-   &lt;EFI System Partition&gt;\\Microsoft\\Boot\\
+
+-   &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\
+
+## Deploy and manage Windows Defender Application Control with Group Policy
+
+WDAC policies can easily be deployed and managed with Group Policy. A Windows Defender Device Guard administrative template will be available in Windows Server 2016 that allows you to simplify deployment of Windows Defender Device Guard hardware-based security features and Windows Defender Application Control policies. The following procedure walks you through how to deploy a WDAC policy called **DeviceGuardPolicy.bin** to a test OU called *DG Enabled PCs* by using a GPO called **Contoso GPO Test**.
+
+> [!Note] 
+> This walkthrough requires that you have previously created a WDAC policy and have a computer running Windows 10 on which to test a Group Policy deployment. For more information about how to create a WDAC policy, see [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer), earlier in this topic.
+
+> [!Note] 
+> Signed WDAC policies can cause boot failures when deployed. We recommend that signed WDAC policies be thoroughly tested on each hardware platform before enterprise deployment.
+
+To deploy and manage a WDAC policy with Group Policy:
+
+1.  On a domain controller on a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** or searching for “Group Policy Management” in Windows Search.
+
+2.  Create a new GPO: right-click an OU and then click **Create a GPO in this domain, and Link it here**, as shown in Figure 3.
+
+    > **Note**&nbsp;&nbsp;You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Planning and getting started on the Windows Defender Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md).
+
+    ![Group Policy Management, create a GPO](images/dg-fig24-creategpo.png)
+
+    Figure 3. Create a GPO
+
+3.  Name the new GPO. You can choose any name. 
+
+4.  Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**.
+
+5.  In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then click **Edit**.
+
+    ![Edit the Group Policy for Windows Defender Application Control](images/wdac-edit-gp.png)
+
+    Figure 4. Edit the Group Policy for Windows Defender Application Control
+
+6.  In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the code integrity policy deployment path.
+
+    In this policy setting, you specify either the local path in which the policy will exist on the client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, with DeviceGuardPolicy.bin on the test computer, the example file path would be C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 5.
+
+    > [!Note] 
+    > The illustration shows the example file name *DeviceGuardPolicy.bin* because this name was used earlier in this topic, in [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). Also, this policy file does not need to be copied to every computer. You can instead copy the WDAC policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers.
+
+    ![Group Policy called Deploy Windows Defender Application Control](images/dg-fig26-enablecode.png)
+
+    Figure 5. Enable the Windows Defender Application Control policy
+
+    > [!Note] 
+    > You may have noticed that the GPO setting references a .p7b file and this example uses a .bin file for the policy. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped on the client computer running Windows 10. Make your WDAC policies friendly and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository.
+
+7.  Close the Group Policy Management Editor, and then restart the Windows 10 test computer. Restarting the computer updates the WDAC policy. For information about how to audit WDAC policies, see the [Audit Windows Defender Application Control policies](#audit-windows-defender-application-control-policies) section.
+
+## Related topics
+
+[Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+
+[Enable virtualization-based protection of code integrity](deploy-device-guard-enable-virtualization-based-security.md)
+
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
index 1adc579110..7da0245da9 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
@@ -29,7 +29,7 @@ This policy setting is dependent on the **Account lockout threshold** policy set
 
 If [Account lockout threshold](account-lockout-threshold.md) is configured, after the specified number of failed attempts, the account will be locked out. If th **Account lockout duration** is set to 0, the account will remain locked until an administrator unlocks it manually.
 
-It is advisable to set **Account lockout duration** to approximately 30 minutes. To specify that the account will never be locked out, set the value to 0. To configure the value for this policy setting so that it never automatically unlocks the account might seem like a good idea; however, doing so can increase the number of requests that your organization’s Help Desk receives to unlock accounts that were locked by mistake.
+It is advisable to set **Account lockout duration** to approximately 15 minutes. To specify that the account will never be locked out, set the **Account lockout threshold** value to 0. 
 
 ### Location
 
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
index 1b64be5e1d..09d483458c 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
@@ -84,7 +84,7 @@ Configure the **Maximum lifetime for user ticket renewal** setting to 7 days.
 
 ### Potential impact
 
-None. This is the default configuration.
+Seven (7) days is the default configuration. Changing the default configuration is a tradeoff between user convenience and security. A shorter time period requires users to authenticate with a DC more often, but remote users who authenticate with a DC infrequently can be locked out of services until they reauthenticate. 
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
index 5577c3b083..7057705ad8 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
@@ -59,15 +59,17 @@ None. Changes to this policy become effective without a computer restart when th
 
 ## Security considerations
 
-This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
+This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of implementation.
 
 ### Vulnerability
 
-The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the **Maximum password age** policy setting to 0 so that users are never required to change their passwords is a major security risk because that allows a compromised password to be used by the malicious user for as long as the valid user is authorized access.
+The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the **Maximum password age** policy setting to 0 so that users are never required to change their passwords allows a compromised password to be used by the malicious user for as long as the valid user is authorized access. 
 
-### Countermeasure
+### Considerations
 
-Configure the **Maximum password age** policy setting to a value that is suitable for your organization's business requirements.
+Mandated password changes are a long-standing security practice, but current research strongly indicates that password expiration has a negative effect. See [Microsoft Password Guidance](https://www.microsoft.com/en-us/research/publication/password-guidance/) for further information.
+
+Configure the **Maximum password age** policy setting to a value that is suitable for your organization's business requirements. For example, many organisations have compliance or insurance mandates requiring a short lifespan on passwords. Where such a requirement exists, the **Maximum password age** policy setting can be used to meet business requirements.
 
 ### Potential impact
 
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index 75dda71497..8e5b6d0232 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -175,7 +175,7 @@ To gain the most value out of the baseline subscription we recommend to have the
 -   Enable disabled event channels and set the minimum size for modern event files.
 -   Currently, there is no GPO template for enabling or setting the maximum size for the modern event files. This must be done by using a GPO. For more info, see [Appendix C – Event Channel Settings (enable and Channel Access) methods](#bkmk-appendixc).
 
-The annotated event query can be found in the following. For more info, see [Appendix F – Annotated Baseline Subscription Event Query](#bkmk-appendixf).
+The annotated event query can be found in the following. For more info, see [Appendix F – Annotated Suspect Subscription Event Query](#bkmk-appendixf).
 
 -   Anti-malware events from Microsoft Antimalware or Windows Defender. This can be configured for any given anti-malware product easily if it writes to the Windows event log.
 -   Security event log Process Create events.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
index 4545c0e5dc..e84172c1e3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 08/26/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
 ---
 
 # Prevent or allow users to locally modify Windows Defender AV policy settings
@@ -47,7 +47,7 @@ To configure these settings:
 
 3. In the **Group Policy Management Editor** go to **Computer configuration**.
 
-4. Click **Policies** then **Administrative templates**.
+4. Click **Administrative templates**.
 
 5. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
 
@@ -91,12 +91,14 @@ You can disable this setting to ensure that only globally defined lists (such as
 
 3.  In the **Group Policy Management Editor** go to **Computer configuration**.
 
-4.  Click **Policies** then **Administrative templates**.
+4.  Click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus**.
 
 6. Double-click the **Configure local administrator merge behavior for lists** setting and set the option to **Enabled**. Click **OK**. 
 
+> [!NOTE]
+> If you disable local list merging, it will override Controlled folder access settings in Windows Defender Exploit Guard. It also overrides any protected folders or allowed apps set by the local administrator. For more information about Controlled folder access settings, see [Enable Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard).
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index f44c485e39..2de4642ade 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/04/2018
 ---
 
 # Configure and validate network connections for Windows Defender Antivirus
@@ -77,7 +77,7 @@ Microsoft Update Service (MU)
 Signature and product updates
 </td>
 <td>
-*.updates.microsoft.com
+*.update.microsoft.com
 </td>
 </tr>
 <tr style="vertical-align:top">
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
index 8bfa75ff42..39660adda8 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
@@ -82,7 +82,7 @@ Hiding notifications can be useful in situations where you cannot hide the entir
 > [!NOTE]
 > Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection).
 
-See the [Customize the Windows Defender Security Center app for your organization](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center-antivirus) topic for instructions to add custom contact information to the notifications that users see on their machines.
+See the [Customize the Windows Defender Security Center app for your organization](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md) topic for instructions to add custom contact information to the notifications that users see on their machines.
 
 **Use Group Policy to hide notifications:**
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
index fec3ab9056..c4fb7fbc8c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
@@ -1,7 +1,7 @@
 ---
-title: Utilize cloud-delivered protection in Windows Defender Antivirus
-description: Cloud-delivered protection provides an advanced level of fast, robust antivirus detection.
-keywords: windows defender antivirus, antimalware, security, defender, cloud, cloud-delivered protection
+title: Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection
+description: Next-gen technologies in cloud-delivered protection provide an advanced level of fast, robust antivirus detection.
+keywords: windows defender antivirus, next-gen technologies, next-gen av, machine learning, antimalware, security, defender, cloud, cloud-delivered protection
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -9,12 +9,12 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
 ---
 
-# Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus
+# Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection
 
 **Applies to:**
 
@@ -24,21 +24,35 @@ ms.date: 11/20/2017
 
 - Enterprise security administrators
 
-Cloud-delivered protection for Windows Defender Antivirus, also referred to as Microsoft Advanced Protection Service (MAPS), provides you with strong, fast protection in addition to our standard real-time protection.
+Microsoft next-gen technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.  
 
+To take advantage of the power and speed of these next-gen technologies, Windows Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense. 
 
 
 >[!NOTE] 
 >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates.
 
-Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver, while our cloud service can deliver updated protection in seconds. 
-
-The following video describes how it works:
+With cloud-delivered protection, next-gen technologies provide rapid identification of new threats, sometimes even before a single machine is infected. Watch the following video about Microsoft AI and Windows Defender Antivirus in action: 
+ 
+<iframe 
+src="https://www.microsoft.com/en-us/videoplayer/embed/RE1Yu4B" width="768" height="432" allowFullScreen="true" frameBorder="0" scrolling="no"></iframe>
 
+To understand how next-gen technologies shorten protection delivery time through the cloud, watch the following video: 
+ 
 <iframe 
 src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc62c59" width="768" height="432" allowFullScreen="true" frameBorder="0" scrolling="no"></iframe>
 
-Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.
+Read the following blogposts for detailed protection stories involving cloud-protection and Microsoft AI: 
+
+- [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/) 
+- [Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/)
+- [How artificial intelligence stopped an Emotet outbreak](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/)
+- [Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/)
+- [Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware](https://cloudblogs.microsoft.com/microsoftsecure/2017/07/18/windows-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/) 
+ 
+## Get cloud-delivered protection 
+
+Cloud-delivered protection is enabled by default. However, you may need to re-enable it if it has been disabled as part of previous organizational policies.
 
 >[!TIP]
 >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 4fe762ad49..fb71bda388 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/09/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/04/2018
 ---
 
 
@@ -67,7 +67,7 @@ This table indicates the functionality and features that are available in each s
 
 State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Threat definition updates](manage-updates-baselines-windows-defender-antivirus.md)
 :-|:-|:-:|:-:|:-:|:-:|:-:
-Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service.  | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service.  | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
 Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]] 
 Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index c2a9edb814..541ca154a0 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
 ---
 
 # Windows Defender Antivirus in Windows 10 and Windows Server 2016
@@ -22,7 +22,7 @@ ms.date: 11/20/2017
 
 Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers.
 
-This library of documentation is aimed for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.
+This library of documentation is for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.
 
 For more important information about running Windows Defender on a server platform, see [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md).
 
@@ -38,7 +38,7 @@ It can be configured with:
 - Group Policy
 
 Some of the highlights of Windows Defender AV include:
-- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for near-instant detection and blocking of new and emerging threats
+- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus. 
 - [Always-on scanning](configure-real-time-protection-windows-defender-antivirus.md), using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
 - [Dedicated protection updates](manage-updates-baselines-windows-defender-antivirus.md) based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
index 3ccb022cec..f8fb6d41ba 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 10/12/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/11/2018
 ---
 
 
@@ -59,6 +59,9 @@ This topic includes the following instructions for setting up and running Window
 ## Enable or disable the interface on Windows Server 2016
 By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
 
+>[!NOTE]
+>You can't uninstall the Windows Defender Security Center app, but you can disable the interface with these instructions.
+
 If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
 
 ![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
index 73a7463d29..eace7b9b57 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
-ms.date: 09/21/2017
+ms.date: 04/02/2018
 ---
 
 # Configure the Application Identity service
@@ -38,4 +38,12 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
 2.  Click the **Services** tab, right-click **AppIDSvc**, and then click **Start Service**.
 3.  Verify that the status for the Application Identity service is **Running**.
 
-Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic**. 
+Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic** by using the Sevices snap-in. Try either of these methods instead:
+
+- Open an elevated commnad prompt or PowerShell session and type:
+
+   ```powershell
+   sc.exe config appidsvc start= auto
+   ```
+
+- Create a security template that configures appidsvc to be automatic start, and apply it using secedit.exe or LGPO.exe.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
index 96c05fcdee..846cc26a49 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
@@ -35,7 +35,7 @@ The following table show the on which operating systems AppLocker features are s
 
 | Version | Can be configured | Can be enforced | Available rules | Notes |
 | - | - | - | - | - |
-| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
+| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
 | Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | 
 | Windows 8.1 Pro| Yes| No| N/A||
 | Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
index 77bef75b3e..efb071bcb1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
@@ -48,7 +48,9 @@ There are three primary steps to keep in mind:
 The identity of the managed installer executable(s) is specified in an AppLocker policy in a Managed Installer rule collection. 
 Currently the AppLocker policy creation UI and cmdlets do not allow for directly specifying rules for the Managed Installer rule collection, however a text editor can be used to make the simple changes needed to an EXE or DLL rule collection policy to specify Type="ManagedInstaller". 
 
-An example of a valid Managed Installer rule collection is shown below. 
+An example of a valid Managed Installer rule collection is shown below.
+For more information about creating an AppLocker policy that includes a managed installer and configuring client devices, see [Simplify application whitelisting with Configuration Manager and Windows 10](https://cloudblogs.microsoft.com/enterprisemobility/2016/06/20/configmgr-as-a-managed-installer-with-win10/).
+
 
 ```code
 <RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 5ed68d6744..5f5563cbb6 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -30,7 +30,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
 |-----------|------------------|-----------|
 |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
 |Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. |
-|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
+|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.|
 
 ### Application-specific settings
 These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
index a9148f2252..7e437ce4b1 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
@@ -13,7 +13,8 @@ ms.date: 10/23/2017
 # Windows Defender Application Guard overview
 
 **Applies to:**
-- Windows 10 Enterprise edition, version 1709
+- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10 Professional edition, version 1803
 
 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks.
  
@@ -27,7 +28,7 @@ If an employee goes to an untrusted site through either Microsoft Edge or Intern
 ![Hardware isolation diagram](images/appguard-hardware-isolation.png)
 
 ### What types of devices should use Application Guard?
-Application Guard has been created to target 3 types of enterprise systems:
+Application Guard has been created to target several types of systems:
 
 - **Enterprise desktops.** These desktops are domain-joined and managed by your organization. Configuration management is primarily done through System Center Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.
 
@@ -35,6 +36,8 @@ Application Guard has been created to target 3 types of enterprise systems:
 
 - **Bring your own device (BYOD) mobile laptops.** These personally-owned laptops are not domain-joined, but are managed by your organization through tools like Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home.
 
+- **Personal devices.** These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.
+
 ## In this section
 |Topic |Description |
 |------|------------|
@@ -42,4 +45,4 @@ Application Guard has been created to target 3 types of enterprise systems:
 |[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.|
 |[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.|
 |[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Windows Defender Application Guard (Application Guard) in your organization.|
-|[Frequently Asked Questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Common questions and answers around the features and functionality of Application Guard.|
\ No newline at end of file
+|[Frequently Asked Questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Common questions and answers around the features and functionality of Application Guard.|
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index fee57495f2..8b0591b338 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Turn on advanced features in Windows Defender ATP
+title: Configure advanced features in Windows Defender ATP
 description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
-keywords: advanced features, preferences setup, block file
+keywords: advanced features, settings, block file
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
-# Turn on advanced features in Windows Defender ATP
+# Configure advanced features in Windows Defender ATP
 
 **Applies to:**
 
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
 
@@ -31,6 +31,9 @@ Depending on the Microsoft security products that you use, some advanced feature
 
 Turn on the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
 
+## Automated investigation
+When you enable this feature, you'll be able to take advantage of the automated investigation and remediation features of the service. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md).
+
 ## Block file
 This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled.
 
@@ -47,22 +50,50 @@ For more information, see [Investigate a user account](investigate-user-windows-
 ## Skype for Business integration
 Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.
 
+## Azure Advanced Threat Protection integration
+The integration with Azure Advanced Threat Protection allows you to pivot directly into another Microsoft Identity security product. Azure Advanced Threat Protection augments an investigation with additional insights about a suspected compromised account and related resources. By enabling this feature, you'll enrich the machine-based investigation capability by pivoting across the network from an identify point of view.
+
+
+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature. 
+
+### Enable the Windows Defender ATP integration from the Azure ATP portal
+To receive contextual machine integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal.
+
+1. Login to the [Azure portal](https://portal.atp.azure.com/) with a Global Administrator or Security Administrator role.
+
+2. Click **Create a workspace** or use your primary workspace.
+
+3. Toggle the Integration setting to **On** and click **Save**.
+
+When you complete the integration steps on both portals, you'll be able to see relevant alerts in the machine details or user details page.
+
 ## Office 365 Threat Intelligence connection
 This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
 
 When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature. 
+
 To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
 
+## Microsoft Intune connection
+This feature is only available if you have an active Microsoft Intune (Intune) license. 
+
+When you enable this feature, you'll be able to share Windows Defender ATP device information to Intune and enhance policy enforcement. 
+
+>[!NOTE]
+>You'll need to enable the integration on both Intune and Windows Defender ATP to use this feature. 
+
+
 ## Enable advanced features
 1. In the navigation pane, select **Preferences setup** > **Advanced features**.
 2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**.
 3. Click **Save preferences**.
 
 ## Related topics
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+- [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..49284ab1d1
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,96 @@
+---
+title: Advanced hunting best practices in Windows Defender ATP
+description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data.
+keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Advanced hunting query best practices Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
+
+## Performance best practices
+The following best practices serve as a guideline of query performance best practices and for you to get faster results and be able to run complex queries. 
+- Use time filters first. Azure Kusto is highly optimized to utilize time filters. For more information, see [Azure Kusto](https://docs.microsoft.com/connectors/kusto/).
+- Put filters that are expected to remove most of the data in the beginning of the query, following the time filter.
+- Use 'has' keyword over 'contains' when looking for full tokens.
+- Use looking in specific column rather than using full text search across all columns.
+- When joining between two tables - choose the table with less rows to be the first one (left-most). 
+- When joining between two tables - project only needed columns from both sides of the join.
+
+## Query tips and pitfalls
+
+### Unique Process IDs
+Process IDs are recycled in Windows and reused for new processes and therefore can't serve as a unique identifier for a specific process.
+To address this issue, Windows Defender ATP created the time process. To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time.
+
+
+So, when you join data based on a specific process or summarize data for each process, you'll need to use a machine identifier (either MachineId or ComputerName), a process ID (ProcessId or InitiatingProcessId) and the process creation time (ProcessCreationTime or InitiatingProcessCreationTime)
+
+The following example query is created to find processes that access more than 10 IP addresses over port 445 (SMB) - possibly scanning for file shares.
+
+Example query:
+```
+NetworkCommunicationEvents
+| where RemotePort == 445 and EventTime > ago(12h) and InitiatingProcessId !in (0, 4)
+| summarize RemoteIPCount=dcount(RemoteIP) by ComputerName, InitiatingProcessId, InitiatingProcessCreationTime, InitiatingProcessFileName
+| where RemoteIPCount > 10
+```
+
+The query summarizes by both InitiatingProcessId and InitiatingProcessCreationTime - to make sure the query looks at a single process, and not mixing multiple processes with the same process ID.
+
+### Using command line queries
+
+Command lines may vary - when applicable, filter on file names and do fuzzy matching. 
+
+There are numerous ways to construct a command line to accomplish a task. 
+
+For example, a malicious attacker could specify the process image file name without a path, with full path, without the file extension, using environment variables, add quotes, and others. In addition, the attacker can also change the order of some parameters, add multiple quotes or spaces, and much more.
+
+To create more durable queries using command lines, we recommended the following guidelines:
+- Identify the known processes (such as net.exe, psexec.exe, and others) by matching on the filename fields, instead of filtering on the command line field.
+- When querying for command line arguments, don't look for an exact match on multiple unrelated arguments in a certain order. Instead, use regular expressions or use multiple separate contains operators.
+- Use case insensitive matches. For example, use '=~', 'in~', 'contains' instead of '==', 'in' or 'contains_cs'
+- To mitigate DOS command line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. This is just the start of handling DOS obfuscation techniques, but it does mitigate the most common ones.
+
+The following example query shows various ways to construct a query that looks for the file *net.exe* to stop the Windows Defender Firewall service:
+
+```
+// Non-durable query - do not use
+ProcessCreationEvents
+| where ProcessCommandLine == "net stop MpsSvc"
+| limit 10
+
+// Better query - filters on filename, does case-insensitive matches
+ProcessCreationEvents
+| where EventTime > ago(7d) and FileName in~ ("net.exe", "net1.exe") and ProcessCommandLine contains "stop" and ProcessCommandLine contains "MpsSvc" 
+
+// Best query also ignores quotes
+ProcessCreationEvents
+| where EventTime > ago(7d) and FileName in~ ("net.exe", "net1.exe")
+| extend CanonicalCommandLine=replace("\"", "", ProcessCommandLine)
+| where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" 
+```
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)        
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..db6c9b6f35
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,107 @@
+---
+title: Advanced hunting reference in Windows Defender ATP
+description: Learn about Advanced hunting table reference such as column name, data type, and description
+keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Advanced hunting reference in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+
+
+## Advanced hunting table reference
+When you run a query using Advanced hunting, a table with columns is returned as a result. 
+
+Use the following table to understand what the columns represent, its data type, and their description. 
+
+| Column name | Data type | Description
+:---|:--- |:---                                                            
+| AccountDomain                       | string      | Domain of the account.                                                                                                                                                                                                                                         |
+| AccountName                         | string      | User name of the account.                                                                                                                                                                                                                                      |
+| AccountSid                          | string      | Security Identifier (SID) of the account.                                                                                                                                                                                                                      |
+| ActionType                          | string      | Type of activity that triggered the event.                                                                                                                                                                                                                     |
+| AdditionalFields                    | string      | Additional information about the event in JSON array format.                                                                                                                                                                                                   |
+| AlertId                             | string      | Unique identifier for the alert.                                                                                                                                                                                                                               |
+| ComputerName                        | string      | Fully qualified domain name (FQDN) of the machine.                                                                                                                                                                                                             |
+| EventId                             | int         | Unique identifier used by Event Tracing for Windows (ETW) for the event type.                                                                                                                                                                                  |
+| EventTime                           | datetime    | Date and time when the event was recorded.                                                                                                                                                                                                                     |
+| EventType                           | string      | Table where the record is stored.                                                                                                                                                                                                                              |
+| FileName                            | string      | Name of the file that the recorded action was applied to.                                                                                                                                                                                                      |
+| FileOriginIp                        | string      | IP address where the file was downloaded from.                                                                                                                                                                                                                 |
+| FileOriginReferrerUrl               | string      | URL of the web page that links to the downloaded file.                                                                                                                                                                                                         |
+| FileOriginUrl                       | string      | URL where the file was downloaded from.                                                                                                                                                                                                                        |
+| FolderPath                          | string      | Folder containing the file that the recorded action was applied to.                                                                                                                                                                                            |
+| InitiatingProcessAccountDomain      | string      | Domain of the account that ran the process responsible for the event.                                                                                                                                                                                          |
+| InitiatingProcessAccountName        | string      | User name of the account that ran the process responsible for the event.                                                                                                                                                                                       |
+| InitiatingProcessAccountSid         | string      | Security Identifier (SID) of the account that ran the process responsible for the event.                                                                                                                                                                       |
+| InitiatingProcessCommandLine        | string      | Command line used to run the process that initiated the event.                                                                                                                                                                              |
+| InitiatingProcessCreationTime       | datetime    | Date and time when the process that initiated the event was started.                                                                                                                                                                                           |
+| InitiatingProcessFileName           | string      | Name of the process that initiated the event.                                                                                                                                                                                                                  |
+| InitiatingProcessFolderPath         | string      | Folder containing the process (image file) that initiated the event.                                                                                                                                                                                           |
+| InitiatingProcessId                 | int         | Process ID (PID) of the process that initiated the event.                                                                                                                                                                                                      |
+| InitiatingProcessIntegrityLevel     | string      | Integrity level of the process that initiated the event. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet download. These integrity levels influence permissions to resources. |
+| InitiatingProcessMd5                | string      | MD5 hash of the process (image file) that initiated the event.                                                                                                                                                                                                 |
+| InitiatingProcessParentCreationTime | datetime    | Date and time when the parent of the process responsible for the event was started.                                                                                                                                                                  |
+| InitiatingProcessParentId           | int         | Process ID (PID) of the parent process that spawned the process responsible for the event.                                                                                                                                                                     |
+| InitiatingProcessParentName         | string      | Name of the parent process that spawned the process responsible for the event.                                                                                                                                                                                 |
+| InitiatingProcessSha1               | string      | SHA-1 of the process (image file) that initiated the event.                                                                                                                                                                                                    |
+| InitiatingProcessSha256             | string      | SHA-256 of the process (image file) that initiated the event.                                                                                                                                                                                                  |
+| InitiatingProcessTokenElevation     | string      | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event.                                                                                                                |
+| IsAzureADJoined                     | boolean     | Boolean indicator of whether machine is joined to the Azure Active Directory.                                                                                                                                                                                  |
+| LocalIP                             | string      | IP address assigned to the local machine used during communication.                                                                                                                                                                                            |
+| LocalPort                           | int         | TCP port on the local machine used during communication.                                                                                                                                                                                                       |
+| LoggedOnUsers                       | string      | List of all users that are logged on the machine at the time of the event in JSON array format.                                                                                                                                                                |
+| LogonType                           | string      | Type of logon session, specifically: <br><br> - **Interactive** - User physically interacts with the machine using the local keyboard and screen.<br> <br> - **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients. <br><br>  - **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed. <br><br> - **Batch** - Session initiated by scheduled tasks. <br><br> - **Service** - Session initiated by services as they start. <br> 
+| MachineGroup                        | string      | Machine group of the machine. This group is used by role-based access control to determine access to the machine.                                                                                                                                              |
+| MachineId                           | string      | Unique identifier for the machine in the service.                                                                                                                                                                                                              |
+| MD5                                 | string      | MD5 hash of the file that the recorded action was applied to.                                                                                                                                                                                                  |
+| NetworkCardIPs                      | string      | List of all network adapters on the machine, including their MAC addresses and assigned IP addresses, in JSON array format.                                                                                                                                    |
+| OSArchitecture                      | string      | Architecture of the operating system running on the machine.                                                                                                                                                                                                   |
+| OSBuild                             | string      | Build version of the operating system running on the machine.                                                                                                                                                                                                  |
+| OSPlatform                          | string      | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.                                                                                |
+| PreviousRegistryKey                 | string      | Original registry key of the registry value before it was modified.                                                                                                                                                                                            |
+| PreviousRegistryValueData           | string      | Original data of the registry value before it was modified.                                                                                                                                                                                                    |
+| PreviousRegistryValueName           | string      | Original name of the registry value before it was modified.                                                                                                                                                                                                    |
+| PreviousRegistryValueType           | string      | Original data type of the registry value before it was modified.                                                                                                                                                                                               |
+| ProcessCommandline                  | string      | Command line used to create the new process.                                                                                                                                                                                                |
+| ProcessCreationTime                 | datetime    | Date and time the process was created.                                                                                                                                                                                                                         |
+| ProcessId                           | int         | Process ID (PID) of the newly created process.                                                                                                                                                                                                                 |
+| ProcessIntegrityLevel               | string      | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources.            |
+| ProcessTokenElevation               | string      | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process.                                                                                                                           |
+| ProviderId                          | string      | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log.                                                                                                                                                               |
+| RegistryKey                         | string      | Registry key that the recorded action was applied to.                                                                                                                                                                                                          |
+| RegistryValueData                   | string      | Data of the registry value that the recorded action was applied to.                                                                                                                                                                                            |
+| RegistryValueName                   | string      | Name of the registry value that the recorded action was applied to.                                                                                                                                                                                            |
+| RegistryValueType                   | string      | Data type, such as binary or string, of the registry value that the recorded action was applied to.                                                                                                                                                            |
+| RemoteIP                            | string      | IP address that was being connected to.                                                                                                                                                                                                                        |
+| RemotePort                          | int         | TCP port on the remote device that was being connected to.                                                                                                                                                                                                     |
+| RemoteUrl                           | string      | URL or fully qualified domain name (FQDN) that was being connected to.                                                                                                                                                                                         |
+| ReportIndex                         | long        | Event identifier that is unique among the same event type.                                                                                                                                                                                                     |
+| SHA1                                | string      | SHA-1 of the file that the recorded action was applied to.                                                                                                                                                                                                     |
+| SHA256                              | string      | SHA-256 of the file that the recorded action was applied to.                                                                                      
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)        
+
+## Related topic
+- [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
+- [Advanced hunting query language best practices](/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..f523b1c8d1
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,164 @@
+---
+title: Query data using Advanced hunting in Windows Defender ATP
+description: Learn about Advanced hunting in Windows Defender ATP and how to query ATP data.
+keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Query data using Advanced hunting in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+
+Advanced hunting allows you to proactively hunt for possible threats across your organization using a powerful search and query tool. Take advantage of the following capabilities: 
+
+- **Powerful query language with IntelliSense** - Built on top of a query language that gives you the flexibility you need to take hunting to the next level.
+- **Query the stored telemetry** - The telemetry data is accessible in tables for you to query. For example, you can query process creation, network communication, and many other event types.
+- **Links to portal** - Certain query results, such as machine names and file names are actually direct links to the portal, consolidating the Advanced hunting query experience and the existing portal investigation experience.
+- **Query examples** - A welcome page provides examples designed to get you started and get you familiar with the tables and the query language.
+
+To get you started in querying your data, you can use the basic or Advanced query examples that have some preloaded queries for you to understand the basic query syntax.
+
+![Image of Advanced hunting window](images/atp-advanced-hunting.png)
+
+## Use advanced hunting to query data
+
+A typical query starts with a table name followed by a series of operators separated by **|**.
+
+In the following example, we start with the table name **ProcessCreationEvents** and add piped elements as needed.
+
+![Image of Windows Defender ATP Advanced hunting query](images/advanced-hunting-query-example.png)
+
+First, we define a time filter to review only records from the previous seven days. 
+
+We then add a filter on the _FileName_  to contain only instances of _powershell.exe_.
+
+Afterwards, we add a filter on the _ProcessCommandLine_
+Finally, we  project only the columns we're interested in exploring and limit the results to 100 and click **Run query**.
+
+### Use operators
+The query language is very powerful and has a lot of available operators, some of them are - 
+
+- **where** - Filter a table to the subset of rows that satisfy a predicate.
+- **summarize** - Produce a table that aggregates the content of the input table.
+- **join** - Merge the rows of two tables to form a new table by matching values of the specified column(s) from each table.
+- **count** - Return the number of records in the input record set.
+- **top** - Return the first N records sorted by the specified columns.
+- **limit** - Return up to the specified number of rows.
+- **project** - Select the columns to include, rename or drop, and insert new computed columns.
+- **extend** - Create calculated columns and append them to the result set.
+- **makeset** -  Return a dynamic (JSON) array of the set of distinct values that Expr takes in the group
+- **find** - Find rows that match a predicate across a set of tables.
+
+To see a live example of these operators, run them as part of the **Get started** section.
+
+## Access query language documentation
+
+For more information on the query language and supported operators, see [Query Language](https://docs.loganalytics.io/docs/Language-Reference/).
+
+## Use exposed tables in Advanced hunting
+
+The following tables are exposed as part of Advanced hunting:
+
+- **AlertEvents** - Stores alerts related information 
+- **MachineInfo** - Stores machines properties
+- **ProcessCreationEvents** - Stores process creation events 
+- **NetworkCommunicationEvents** - Stores network communication events
+- **FileCreationEvents** - Stores file creation, modification, and rename events
+- **RegistryEvents** - Stores registry key creation, modification, rename and deletion events 
+- **LogonEvents** - Stores login events 
+- **ImageLoadEvents** - Stores load dll events  
+- **MiscEvents** - Stores several types of events, including Windows Defender blocks (Windows Defender Antivirus, Exploit Guard, Windows Defender SmartScreen, Windows Defender Application Guard, and Firewall), process injection events, access to LSASS processes, and others.
+
+These tables include data from the last 30 days.
+
+## Use shared queries
+Shared queries are prepopulated queries that give you a starting point on running queries on your organization's data. It includes a couple of examples that help demonstrate the query language capabilities.
+
+![Image of shared queries](images/atp-shared-queries.png)
+
+You can save, edit, update, or delete queries.
+
+### Save a query
+You can create or modify a query and save it as your own query or share it with users who are in the same tenant. 
+
+1. Create or modify a query. 
+
+2. Click the **Save query** drop-down button and select **Save as**.
+    
+3. Enter a name for the query. 
+
+   ![Image of saving a query](images/advanced-hunting-save-query.png)
+
+4. Select the folder where you'd like to save the query.
+    - Shared queries - Allows other users in the tenant to access the query
+    - My query - Accessible only to the user who saved the query
+    
+5. Click **Save**. 
+
+### Update a query
+These steps guide you on modifying and overwriting an existing query.
+
+1. Edit an existing query. 
+
+2. Click the **Save**.
+
+### Delete a query
+1. Right-click on a query you want to delete.
+
+    ![Image of delete query](images/atp-delete-query.png)
+
+2. Select **Delete** and confirm that you want to delete the query.
+
+## Result set capabilities in Advanced hunting
+
+The result set has several capabilities to provide you with effective investigation, including:
+
+- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in the Windows Defender ATP portal.
+- You can right-click on a cell in the result set and add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides additional filtering options on the cell value. These cell values are part of the row set. 
+
+![Image of Windows Defender ATP Advanced hunting result set](images/atp-advanced-hunting-results-filter.png)
+
+## Filter results in Advanced hunting
+In Advanced hunting, you can use the advanced filter on the output result set of the query. 
+The filters provide an overview of the result set where 
+each column has it's own section and shows the distinct values that appear in the column and their prevalence.
+
+You can refine your query based on the filter by clicking the "+" or "-" buttons on the values that you want to include or exclude and click **Run query**.
+
+![Image of Advanced hunting filter](images/atp-filter-advanced-hunting.png)
+
+The filter selections will resolve as an additional query term and the results will be updated accordingly.
+
+
+
+## Public Advanced Hunting query GitHub repository  
+Check out the [Advanced Hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers. 
+
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
+
+## Related topic
+- [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+- [Advanced hunting query language best practices](/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
index 489d6db5d4..26eef896ca 100644
--- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 03/12/2018
+ms.date: 04/17/2018
 ---
 
 # View and organize the Windows Defender Advanced Threat Protection Alerts queue
@@ -23,11 +23,11 @@ ms.date: 03/12/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink) 
 
-The **Alerts queue** shows a list of alerts that were flagged from endpoints in your network. Alerts are displayed in queues according to their current status. In each queue, you'll see details such as the severity of alerts and the number of machines the alerts were raised on.
+The **Alerts queue** shows a list of alerts that were flagged from machines in your network. Alerts are displayed in queues according to their current status. In each queue, you'll see details such as the severity of alerts and the number of machines the alerts were raised on.
 
 Alerts are organized in queues by their workflow status or assignment:
 
@@ -35,14 +35,13 @@ Alerts are organized in queues by their workflow status or assignment:
 - **In progress**
 - **Resolved**
 - **Assigned to me**
-- **Suppression rules** 
 
 To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
 
 > [!NOTE]
 > By default, alerts in the queues are sorted from newest to oldest.
 
-![Image of alerts queue](images/atp-alertsq2.png)
+![Image of alerts queue](images/atp-new-alerts-list.png)
 
 ##  Sort, filter, and group the alerts list
 You can sort and filter the alerts using the available filters or clicking on a column's header that will sort the view in ascending or descending order.
@@ -64,12 +63,11 @@ You can sort and filter the alerts using the available filters or clicking on a
 
 Alert severity | Description
 :---|:---
-High </br>(Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
+High </br>(Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on machines.
 Medium </br>(Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
 Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
 Informational </br>(Grey) | Informational alerts are those that might not be considered harmful to the network but might be good to keep track of.
 
-Reviewing the various alerts and their severity can help you decide on the appropriate action to protect your organization's endpoints.
 
 #### Understanding alert severity
 It is important to understand that the Windows Defender Antivirus (Windows Defender AV) and Windows Defender ATP alert severities are different because they represent different scopes.
@@ -92,7 +90,8 @@ So, for example:
 - Others
 
 >[!NOTE]
->The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender Antivirus as the default real-time protection antimalware product.
+>The Windows Defender Antivirus filter will only appear if machines are using Windows Defender Antivirus as the default real-time protection antimalware product.
+
 
 ### View
 - **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top.
@@ -100,6 +99,22 @@ So, for example:
 
 The grouped view allows for efficient alert triage and management.
 
+## Alert queue columns
+You can click on the first column to open up the **Alert management pane**. You can also select view the machine and user panes by selecting the icons beside the links.
+
+Alerts are listed with the following columns:
+
+- **Title** - Displays a brief description of the alert and its category.
+- **Machine and user** - Displays the machine name and user associated with the alert. You view the machine or user details pane or pivot the actual details page.
+- **Severity** - Displays the severity of the alert. Possible values are informational, low, medium, or high.
+- **Last activity** - Date and time for when the last action was taken on the alert.
+- **Time in queue** - Length of time the alert has been in the alerts queue.
+- **Detection source** - Displays the detection source of the alert.
+- **Status** - Current status of the alert. Possible values include new, in progress, or resolved. 
+- **Investigation state** - Reflects the number of related investigations and it's current state.
+- **Assigned to** - Displays who is addressing the alert.
+- **Manage icon** - You can click on the icon to bring up the alert management pane where you can manage and see details about the alert.
+
 ### Use the Alert management pane
 Selecting an alert brings up the **Alert management** pane where you can manage and see details about the alert.
 
@@ -134,14 +149,11 @@ Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together
 ![Alerts queue bulk edit](images/alerts-q-bulk.png)
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View the Windows Defender Advanced Threat Protection Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
index ac64b927c8..4b947eec35 100644
--- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Assign user access to the Windows Defender ATP portal
@@ -24,18 +24,33 @@ ms.date: 10/16/2017
 - Office 365
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
 
-Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). Use the following methods to assign security roles.
+Windows Defender ATP supports two ways to manage permissions:
 
-## Assign user access using Azure PowerShell
+- **Basic permissions management**: Set permissions to either full access or read-only.
+- **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to machine groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+
+> [!NOTE]
+>If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
+
+>- Users with full access (Security Administrators) are automatically assigned the default **Global administrator** role, which also has full access. Only global administrators can manage permissions using RBAC. 
+>- Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC.
+>- After switching to RBAC, you will not be able to switch back to using basic permissions management.
+
+## Use basic permissions management
+Refer to the instructions below to use basic permissions management. You can use either Azure PowerShell or the Azure Portal.  
+
+For granular control over permissions, [switch to role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+
+### Assign user access using Azure PowerShell
 You can assign users with one of the following levels of permissions:
 - Full access (Read and Write)
-- Read only access
+- Read-only access
 
-### Before you begin
+#### Before you begin
 - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).<br>
 
     > [!NOTE]
@@ -43,8 +58,6 @@ You can assign users with one of the following levels of permissions:
 
 - Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx).
 
-
-
 **Full access** <br>
 Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package.
 Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles.
@@ -67,7 +80,7 @@ Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader
 
 For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
 
-## Assign user access using the Azure portal
+### Assign user access using the Azure portal
 
 1.	Go to the [Azure portal](https://portal.azure.com).
 
@@ -86,4 +99,8 @@ For more information see, [Manage Azure AD group and role membership](https://te
     ![Image of Microsoft Azure portal](images/atp-azure-ui-user-access.png)
 
 
+
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portalaccess-belowfoldlink)
+
+## Related topic
+- [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..b0954a8441
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,63 @@
+---
+title: Experience Windows Defender ATP through simulated attacks
+description: Run the provided attack scenario simulations to experience how Windows Defender ATP can detect, investigate, and respond to breaches.
+keywords: wdatp, test, scenario, attack, simulation, simulated, diy, windows defender advanced threat protection
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: lomayor
+author: lomayor
+ms.localizationpriority: high
+ms.date: 28/02/2018
+---
+
+# Experience Windows Defender ATP through simulated attacks 
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
+
+You might want to experience Windows Defender ATP before you onboard more than a few machines to the service. To do this, you can run controlled attack simulations on a few test machines. After running the simulated attacks, you can review how Windows Defender ATP surfaces malicious activity and explore how it enables an efficient response.
+
+## Before you begin
+
+To run any of the provided simulations, you need at least [one onboarded machine](onboard-configure-windows-defender-advanced-threat-protection.md). 
+
+Read the walkthrough document provided with each attack scenario. Each document includes OS and application requirements as well as detailed instructions that are specific to an attack scenario.
+
+## Run a simulation
+
+1. In **Help** > **Simulations & tutorials**, select which of the available attack scenarios you would like to simulate:
+
+  - **Scenario 1: Document drops backdoor** - simulates delivery of a socially engineered lure document. The document launches a specially crafted backdoor that gives attackers control.
+
+  - **Scenario 2: PowerShell script in fileless attack** - simulates a fileless attack that relies on PowerShell, showcasing attack surface reduction and machine learning detection of malicious memory activity.
+    
+  - **Scenario 3: Automated incident response** - triggers Automated investigation, which automatically hunts for and remediates breach artifacts to scale your incident response capacity.
+
+2. Download and read the corresponding walkthrough document provided with your selected scenario.
+
+3. Download the simulation file or copy the simulation script by navigating to **Help** > **Simulations & tutorials**. You can choose to download the file or script on the test machine but it's not mandatory.
+
+4. Run the simulation file or script on the test machine as instructed in the walkthrough document.
+
+>[!NOTE]
+>Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test machine.
+
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink)
+
+
+## Related topics
+- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..6046993dba
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,266 @@
+---
+title: Use Automated investigations to investigate and remediate threats
+description: View the list of automated investigations, its status, detection source and other details.
+keywords: automated, investigation, detection, source, threat types, id, tags, machines, duration, filter export
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Use Automated investigations to investigate and remediate threats
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
+
+The Windows Defender ATP service has a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address.
+
+
+To address this challenge, Windows Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. 
+
+The Automated investigations list shows all the investigations that have been initiated automatically and shows other details such as its status, detection source, and the date for when the investigation was initiated. 
+
+## Understand the Automated investigation flow
+### How the Automated investigation starts
+Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) an Automated investigation starts. 
+
+The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.
+
+### Details of an Automated investigation
+As the investigation proceeds, you'll be able to view the details of the investigation. Selecting a triggering alert brings you to the investigation details view where you can pivot from the **Investigation graph**, **Alerts**, **Machines**, **Threats**, **Entities**, and **Log** tabs.
+
+In the **Alerts** tab, you'll see the alert that started the investigation. 
+
+The **Machines** tab shows where the alert was seen.
+
+The **Threats** tab shows the entities that were found to be malicious during the investigation.
+
+During an Automated investigation, details about each analyzed entity is categorized in the **Entities** tab. You'll be able to see the determination for each entity type, such as whether it was determined to be malicious, suspicious, or clean.
+
+The **Log** tab reflects the chronological detailed view of all the investigation actions taken on the alert.
+
+If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions.
+
+### How an Automated investigation expands its scope
+
+While an investigation is running, any other alert generated from the machine will be added to an ongoing Automated investigation until that investigation is completed. In addition, if the same threat is seen on other machines, those machines are added to the investigation.
+
+If an incriminated entity is seen in another machine, the Automated investigation will expand the investigation to include that machine and a generic machine playbook will start on that machine. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
+
+### How threats are remediated
+Depending on how you set up the machine groups and their level of automation, the Automated investigation will either automaticlly remediate threats or require user approval (this is the default). For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). 
+
+The default machine group is configured for semi-automatic remediation. This means that any malicious entity that needs to be remediated requires an approval and the investigation is added to the **Pending actions** section, this can be changed to fully automatic so that no user approval is needed. 
+
+When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
+
+### How an Automated investigation is completed
+When the Automated investigation completes its analysis, and all pending actions are resolved, an investigation is considered complete. It's important to understand that an investigation is only considered complete if there are no pending actions on it. 
+
+
+## Manage Automated investigations
+By default, the Automated investigations list displays investigations initiated in the last week. You can also choose to select other time ranges from the drop-down menu or specify a custom range. 
+
+>[!NOTE]
+>If your organization has implemented role-based access to manage portal access, only authorized users or user groups who have permission to view the machine or machine group will be able to view the entire investigation. 
+
+Use the **Customize columns** drop-down menu to select columns that you'd like to show or hide. 
+
+From this view, you can also download the entire list in CSV format using the **Export** button, specify the number of items to show per page, and navigate between pages. You also have the flexibility to filter the list based on your preferred criteria.
+
+![Image of Auto investigations page](images/atp-auto-investigations-list.png)
+
+ 
+**Filters**</br>
+You can use the following operations to customize the list of Automated investigations displayed:
+
+
+**Triggering alert**</br>
+The alert the initiated the Automated investigation.
+
+**Status**</br>
+An Automated investigation can be in one of the following status:
+
+Status | Description
+:---|:---
+| No threats found                                          | No malicious entities found during the investigation.
+| Failed                                                    | A problem has interrupted the investigation, preventing it from completing.                                                         |
+| Partially remediated                                      | A problem prevented the remediation of some malicious entities.                                                                     |
+| Action required                                           | Remediation actions require review and approval.                                                                                    |
+| Waiting for machine                                       | Investigation paused. The investigation will resume as soon as the machine is available.                                            |
+| Queued                                                    | Investigation has been queued and will resume as soon as other remediation activities are completed.                                |
+| Running                                                   | Investigation ongoing. Malicious entities found will be remediated.                                                                 |
+| Remediated                                                | Malicious entities found were successfully remediated.                                                                              |
+| Terminated by system                                      | Investigation was stopped due to <reason>.                                                                                          |
+| Terminated by user                                        | A user stopped the investigation before it could complete.                                                                          |
+| Not applicable                                            | Automated investigations do not apply to this alert type.                                                                           |
+| Partially investigated                                    | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. |
+| Automated investigation not applicable to alert type      | Automated investigation does not apply to this alert type.                                                                          |
+| Automated investigation does not support OS               | Machine is running an OS that is not supported by Automated investigation.                                                          |
+| Automated investigation unavailable for preexisting alert | Automated investigation does not apply to alerts that were generated before it was deployed.                                        |
+| Automated investigation unavailable for suppressed alert  | Automated investigation does not apply to suppressed alerts.                                                                        |
+
+
+**Detection source**</br>
+Source of the alert that initiated the Automated investigation. 
+
+**Threat**</br>
+The category of threat detected during the Automated investigation.
+
+
+**Tags**</br>
+Filter using manually added tags that capture the context of an Automated investigation.
+
+**Machines**</br>
+You can filter the Automated investigations list to zone in a specific machine to see other investigations related to the machine.
+
+**Machine groups**</br>
+Apply this filter to see specific machine groups that you might have created.
+
+**Comments**</br>
+Select between filtering the list between Automated investigations that have comments and those that don't.
+
+## Analyze Automated investigations 
+You can view the details of an Automated investigation to see information such as the investigation graph, alerts associated with the investigation, the machine that was investigated, and other information.
+
+In this view, you'll see the name of the investigation, when it started and ended. 
+
+![Image of investigation details window](images/atp-analyze-auto-ir.png)
+
+The progress ring shows two status indicators:
+- Orange ring - shows the pending portion of the investigation
+- Green ring - shows the running time portion of the investigation
+
+![Image of start, end, and pending time for an automated investigation](images/atp-auto-investigation-pending.png) 
+
+In the example image, the automated investigation started on 10:26:59 AM and ended on 10:56:26 AM. Therefore, the entire investigation was running for 29 minutes and 27 seconds. 
+
+The pending time of 16 minutes and 51 seconds reflects two possible pending states: pending for asset (for example, the device might have disconnected from the network) or pending for approval. 
+
+From this view, you can also view and add comments and tags about the investigation.
+
+### Investigation page
+The investigation page gives you a quick summary on the status, alert severity, category, and detection source.
+
+You'll also have access to the following sections that help you see details of the investigation with finer granularity:
+
+- Investigation graph
+- Alerts
+- Machines
+- Threats
+- Entities
+- Log
+- Pending actions
+
+  >[!NOTE]
+  >The Pending actions tab is only displayed if there are actual pending actions.
+
+- Pending actions history
+
+  >[!NOTE]
+  >The Pending actions history tab is only displayed when an investigation is complete.
+
+In any of the sections, you can customize columns to further expand to limit the details you see in a section.
+
+### Investigation graph
+The investigation graph provides a graphical representation of an Automated investigation. All investigation related information is simplified and arranged in specific sections. Clicking on any of the icons brings you the relevant section where you can view more information.
+
+### Alerts
+Shows details such as a short description of the alert that initiated the Automated investigation, severity, category, the machine associated with the alert, user, time in queue, status, investigation state, and who the investigation is assigned to. 
+
+Additional alerts seen on a machine can be added to an Automated investigation as long as the investigation is ongoing. 
+
+Selecting an alert using the check box brings up the alerts details pane where you have the option of opening the alert page, manage the alert by changing its status, see alert details, Automated investigation details, related machine, logged-on users, and comments and history. 
+
+Clicking on an alert title brings you the alert page.
+
+### Machines
+Shows details the machine name, IP address, group, users, operating system, remediation level, investigation count, and when it was last investigated.
+
+Machines that show the same threat can be added to an ongoing investigation and will be displayed in this tab. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
+
+Selecting a machine using the checkbox brings up the machine details pane where you can see more information such as machine details and logged-on users.
+
+Clicking on an machine name brings you the machine page.
+
+### Threats
+Shows details related to threats associated with this investigation. 
+
+### Entities
+Shows details about entities such as files, process, services, drives, and IP addresses. The table details such as the number of entities that were analyzed. You'll gain insight into details such as how many are remediated, suspicious, or determined to be clean.
+
+### Log
+Gives a chronological detailed view of all the investigation actions taken on the alert. You'll see the action type, action, status, machine name, description of the action, comments entered by analysts who may have worked on the investigation, execution start time, duration, pending duration.
+
+As with other sections, you can customize columns, select the number of items to show per page, and filter the log.
+
+Available filters include action type, action, status, machine name, and description.
+
+You can also click on an action to bring up the details pane where you'll see information such as the summary of the action and input data. 
+
+### Pending actions history
+This tab is only displayed when an investigation is complete and shows all pending actions taken during the investigation.
+
+
+## Pending actions
+If there are pending actions on an Automated investigation, you'll see a pop up similar to the following image. 
+
+![Image of pending actions](images\atp-pending-actions-notification.png)
+
+When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
+
+ 
+The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
+
+![Image of pending actions page](images/atp-pending-actions-list.png)
+
+Use the Customize columns drop-down menu to select columns that you'd like to show or hide. 
+
+From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
+
+Pending actions are grouped together in the following tabs:
+-  Quarantine file
+-  Remove persistence
+-  Stop process
+-  Expand pivot
+-  Quarantine service
+
+>[!NOTE]
+>The tab will only appear if there are pending actions for that category.
+
+### Approve or reject an action
+You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
+
+
+![Image of list of pending actions](images/atp-approve-reject-action.png)
+
+Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
+
+![Image of pending action selected](images/atp-pending-actions-file.png)
+
+From the panel, you can click on the Open investigation page link to see the investigation details.
+
+You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. 
+
+![Image of multiple investigations selected](images/atp-pending-actions-multiple.png)
+
+## Related topic
+- [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
index a18a381387..6a933ada64 100644
--- a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Check sensor health state in Windows Defender ATP
@@ -27,7 +27,7 @@ ms.date: 10/16/2017
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
 
-The sensor health tile provides information on the individual endpoint’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
+The sensor health tile provides information on the individual machine’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
 
 ![Windows Defender ATP sensor health tile](images/atp-portal-sensor.png)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
index 17cd076296..f56d8e3bae 100644
--- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/30/2017
+ms.date: 04/17/2018
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index c9a8873e08..668943dd4d 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -34,7 +34,7 @@ Configuring the HP ArcSight Connector tool requires several configuration files
 
 This section guides you in getting the necessary information to set and use the required configuration files correctly.
 
-- Make sure you have enabled the SIEM integration feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
 
 - Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
   - OAuth 2.0 Token refresh URL
@@ -105,7 +105,7 @@ The following steps assume that you have completed all the required steps in [Be
      <td>Browse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded.</td>
      <tr>
      <td>Refresh Token</td>
-     <td>You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM integration preferences setup** page or using the restutil tool. <br><br> For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). </br> </br>**Get your refresh token using the restutil tool:** </br> a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. </br></br> b. Type: `arcsight restutil token -config` from the bin directory. A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d.	A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the **Refresh Token** field.
+     <td>You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool. <br><br> For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). </br> </br>**Get your refresh token using the restutil tool:** </br> a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. </br></br> b. Type: `arcsight restutil token -config` from the bin directory. A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d.	A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the **Refresh Token** field.
      </td>
      </tr>
      </tr>
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 9f0f626310..6559e3e082 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Configure email notifications in Windows Defender ATP
+title: Configure alert notifications in Windows Defender ATP
 description: Send email notifications to specified recipients to receive new alerts based on severity with Windows Defender ATP on Windows 10 Enterprise, Pro, and Education editions.
 keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education
 search.product: eADQiWindows 10XVcnh
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
-# Configure email notifications in Windows Defender ATP
+# Configure alert notifications in Windows Defender ATP
 
 **Applies to:**
 
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
 
@@ -38,29 +38,44 @@ You can also add or remove recipients of the email notification. New recipients
 
 The email notification includes basic information about the alert and a link to the portal where you can do further investigation.
 
-## Set up email notifications for alerts
-The email notifications feature is turned off by default. Turn it on to start receiving email notifications.
+## Create rules for alert notifications
+You can create rules that determine the machines and alert severities to send email notifications for and the notification recipients.
 
-1. On the navigation pane, select **Preferences setup** > **Email Notifications**.
-2. Toggle the setting between **On** and **Off**.
-3.	Select the alert severity level that you’d like your recipients to receive:
-  - **High** – Select this level to send notifications for high-severity alerts.
-  - **Medium** – Select this level to send notifications for medium-severity alerts.
-  - **Low** - Select this level to send notifications for low-severity alerts.
-  - **Informational** - Select this level to send notification for alerts that might not be considered harmful but good to keep track of.
-4.	In **Email recipients to notify on new alerts**, type the email address then select the + sign.
-5.	Click **Save preferences** when you’ve completed adding all the recipients.
 
-Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email.
+1. In the navigation pane, select **Settings** > **General** > **Alert notifications**.
+
+2. Click **Add notification rule**.
+
+3.	Specify the General information:
+    - **Rule name**
+    - **Machines** - Choose whether to notify recipients for all alerts on all machines or on selected machine group. If you choose to only send on a selected machine group, make sure that the machine group has been created. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+    - **Alert severity** - Choose the alert severity level
+
+4. Click **Next**.
+	
+5. Enter the recipient's email address then click **Add recipient**. You can add multiple email addresses.
+
+6. Check that email recipients are able to receive the email notifications by selecting **Send test email**.
+
+7. Click **Save notification rule**.
 
 Here's an example email notification:
 
 ![Image of example email notification](images/atp-example-email-notification.png)
 
-## Remove email recipients
+## Edit a notification rule
+1. Select the notification rule you'd like to edit.
 
-1. Select the trash bin icon beside the email address you’d like to remove.
-2. Click **Save preferences**.
+2. Update the General and Recipient tab information.
+
+3. CLick **Save notification rule**.
+
+
+## Delete notification rule
+
+1. Select the notification rule you'd like to delete.
+
+2. Click **Delete**.
 
 ## Troubleshoot email notifications for alerts
 This section lists various issues that you may encounter when using email notifications for alerts.
@@ -74,9 +89,7 @@ This section lists various issues that you may encounter when using email notifi
 3.	Check your email application rules that might be catching and moving your Windows Defender ATP email notifications.
 
 ## Related topics
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+- [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 05863a21ee..20a25e6d96 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure Windows Defender ATP endpoints using Group Policy
-description: Use Group Policy to deploy the configuration package on endpoints so that they are onboarded to the service.
-keywords: configure endpoints using group policy, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, group policy
+title: Onboard Windows 10 machines using Group Policy to Windows Defender ATP
+description: Use Group Policy to deploy the configuration package on Windows 10 machines so that they are onboarded to the service.
+keywords: configure machines using group policy, machine management, configure Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, group policy
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/17/2018
 ---
 
-# Configure endpoints using Group Policy
+# Onboard Windows 10 machines using Group Policy 
 
 **Applies to:**
 
@@ -25,7 +25,7 @@ ms.date: 11/06/2017
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
 
@@ -33,14 +33,18 @@ ms.date: 11/06/2017
 > [!NOTE]
 > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
 
-## Onboard endpoints
-1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+## Onboard machines using Group Policy
+1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+ 
+    a.  In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 
-    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    b. Select Windows 10 as the operating system.
+    
+    c. In the **Deployment method** field, select **Group policy**.
+    
+    d. Click **Download package** and save the .zip file.
 
-    b.  Select **Group Policy**, click **Download package** and save the .zip file.
-
-2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
+2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the machine. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
 
 3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 
@@ -57,10 +61,10 @@ ms.date: 11/06/2017
 9. Click **OK** and close any open GPMC windows.
 
 >[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that the machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ## Additional Windows Defender ATP configuration settings
-For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
 
 You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
 
@@ -80,7 +84,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
 
 5.  Click **Windows components** and then **Windows Defender ATP**.
 
-6.  Choose to enable or disable sample sharing from your endpoints.
+6.  Choose to enable or disable sample sharing from your machines.
 
 >[!NOTE]
 > If you don't set a value, the default value is to enable sample collection.
@@ -93,7 +97,7 @@ In cases where high-value assets or machines are at high risk, you can configure
 > [!NOTE]
 > Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical.
 
-For each endpoint, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal.
+For each machine, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal.
 
 The configuration is set through the following registry key entry:
 
@@ -105,26 +109,28 @@ Value: Normal or Expedite
 Where:<br>
 Key type is a string. <br>
 Possible values are:
-- Normal - sets reporting frequency from the endpoint to Normal mode for the optimal speed and performance balance
-- Expedite - sets reporting frequency from the endpoint to Expedite mode
+- Normal - sets reporting frequency from the machine to Normal mode for the optimal speed and performance balance
+- Expedite - sets reporting frequency from the machine to Expedite mode
 
 The default value in case the registry key doesn’t exist is Normal.
 
-### Offboard endpoints
-For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+## Offboard machines using Group Policy
+For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
 > [!NOTE]
-> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a. In the navigation pane, select **Settings** > **Machine management** > **Offboarding**.
 
-    b. Click the **Endpoint offboarding** section.
+    b. Select Windows 10 as the operating system.
+    
+    c. In the **Deployment method** field, select **Group policy**.
 
-    c. Select **Group Policy**, click **Download package** and save the .zip file.
+    d. Click **Download package** and save the .zip file.
 
-2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
+2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the machine. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 
 3.	Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 
@@ -144,22 +150,22 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 > Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
 
 
-## Monitor endpoint configuration
-With Group Policy there isn’t an option to monitor deployment of policies on the endpoints. Monitoring can be done directly on the portal, or by using the different deployment tools.
+## Monitor machine configuration
+With Group Policy there isn’t an option to monitor deployment of policies on the machines. Monitoring can be done directly on the portal, or by using the different deployment tools.
 
-## Monitor endpoints using the portal
+## Monitor machines using the portal
 1.	Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/).
 2.	Click **Machines list**.
-3.	Verify that endpoints are appearing.
+3.	Verify that machines are appearing.
 
 > [!NOTE]
-> It can take several days for endpoints to start showing on the **Machines list**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting.
+> It can take several days for machines to start showing on the **Machines list**. This includes the time it takes for the policies to be distributed to the machine, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting.
 
 
 ## Related topics
-- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machines](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 1da2319b09..fc37a29fbc 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure endpoints using Mobile Device Management tools
-description: Use Mobile Device Management tools to deploy the configuration package on endpoints so that they are onboarded to the service.
-keywords: configure endpoints using mdm, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, mdm
+title: Onboard Windows 10 machines using Mobile Device Management tools
+description: Use Mobile Device Management tools to deploy the configuration package on machines so that they are onboarded to the service.
+keywords: onboard machines using mdm, machine management, onboard Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, mdm
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/17/2018
 ---
 
-# Configure endpoints using Mobile Device Management tools
+# Onboard Windows 10 machines using Mobile Device Management tools
 
 **Applies to:**
 
@@ -23,11 +23,9 @@ ms.date: 11/06/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
 
-You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints.
+You can use mobile device management (MDM) solutions to configure machines. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage machines.
 
 For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
@@ -36,19 +34,85 @@ If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwi
 
 For more information on enabling MDM with Microsoft Intune, see [Setup Windows Device Management](https://docs.microsoft.com/intune-classic/deploy-use/set-up-windows-device-management-with-microsoft-intune).
 
-## Configure endpoints using Microsoft Intune
+## Onboard machines using Microsoft Intune
 
 For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
-### Onboard and monitor endpoints using the classic Intune console
+### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher
 
 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a.  Select **Endpoint management** > **Clients** on the **Navigation pane**.
+    a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 
-    b.  Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
+    b. Select Windows 10 as the operating system.
 
-      ![Endpoint onboarding](images/atp-mdm-onboarding-package.png)
+    c. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**.
+    
+    d. Click **Download package**, and save the .zip file.
+
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
+
+3. Login to the [Microsoft Azure portal](https://portal.azure.com).
+
+4. From the Intune blade, choose **Device configuration**.
+
+  ![Image of device configuration menu in Microsoft Azure](images/atp-azure-intune-device-config.png)
+
+5. Under **Manage**, choose **Profiles** and click **Create Profile**.
+
+  ![Image of policy creation in Azure](images/atp-azure-intune-create-profile.png)
+
+6. Type a name, description and choose **Windows 10 and later** as the Platform and **Custom** as the Profile type.
+
+  ![Image of naming a policy](images/atp-intune-custom.png)
+
+7. Click **Settings** > **Configure**.
+
+  ![Image of settings](images/atp-intune-configure.png)
+
+8. Under Custom OMA-URI Settings, click **Add**.
+
+  ![Image of configuration settings](images/atp-custom-oma-uri.png)
+
+9. Enter the following values, then click **OK**.
+
+  ![Image of profile creation](images/atp-oma-uri-values.png)
+
+  - **Name**: Type a name for the setting.
+  - **Description**: Type a description for the setting.
+  - **OMA-URI**: _./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding_
+  - **Value**: Copy and paste the contents of the WindowsDefenderATP.onboarding file you downloaded.
+
+10. Save the settings by clicking **OK**.
+  
+11. Click **Create**.
+
+  ![Image of the policy being created](images/atp-intune-create-policy.png)
+
+12. To deploy the Profile, click **Assignments**. 
+
+  ![Image of groups](images/atp-intune-assignments.png)
+
+13. Search for and select the Group you want to apply the Configuration Profile to, then click **Select**.
+
+  ![Image of groups](images/atp-intune-group.png)
+
+14. Click **Save** to finish deploying the Configuration Profile.
+
+  ![Image of deployment](images/atp-intune-save-deployment.png)
+
+
+### Onboard and monitor machines using the classic Intune console
+
+1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+
+    a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+
+    b. Select Windows 10 as the operating system.
+
+    c. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**.
+    
+    d. Click **Download package**, and save the .zip file.
 
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named  *WindowsDefenderATP.onboarding*.
 
@@ -91,9 +155,9 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
 
   ![Microsoft Intune manage deployment](images/atp-intune-manage-deployment.png)
 
-When the policy is deployed and is propagated, endpoints will be shown in the **Machines list**.
+When the policy is deployed and is propagated, machines will be shown in the **Machines list**.
 
-You can use the following onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
+You can use the following onboarding policies to deploy configuration settings on machines. These policies can be sub-categorized to:
 - Onboarding
 - Health Status for onboarded machines
 - Configuration for onboarded machines
@@ -115,30 +179,29 @@ Configuration for onboarded machines: diagnostic data reporting frequency | ./De
 
 
 >[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that a machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
 
-
-
-### Offboard and monitor endpoints
-
-For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+## Offboard and monitor machines using Mobile Device Management tools
+For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
 > [!NOTE]
-> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+   a. In the navigation pane, select **Settings** > **Machine management** > **Offboarding**.
 
-    b. Click the **Endpoint offboarding** section.
+   b. Select Windows 10 as the operating system.
 
-    c. Select **Mobile Device Management /Microsoft Intune**, click **Download package** and save the .zip file.
+   c. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**.
+    
+   d. Click **Download package**, and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*.
 
 3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
 
-Offboarding - Use the offboarding policies to remove configuration settings on endpoints. These policies can be sub-categorized to:
+Offboarding - Use the offboarding policies to remove configuration settings on machines. These policies can be sub-categorized to:
 - Offboarding
 - Health Status for offboarded machines
 - Configuration for offboarded machines
@@ -156,9 +219,9 @@ Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/W
 > Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
 
 ## Related topics
-- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
index f98fcf98cf..60fdf52cf6 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure non-Windows endpoints in Windows Defender ATP
-description: Configure non-Winodws endpoints so that they can send sensor data to the Windows Defender ATP service.
-keywords: configure endpoints non-Windows endpoints, macos, linux, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+title: Onboard non-Windows machines to the Windows Defender ATP service
+description: Configure non-Winodws machines so that they can send sensor data to the Windows Defender ATP service.
+keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -9,10 +9,10 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 12/12/2017
+ms.date: 04/17/2018
 ---
 
-# Configure non-Windows endpoints
+# Onboard non-Windows machines
 
 **Applies to:**
 
@@ -28,20 +28,21 @@ Windows Defender ATP provides a centralized security operations experience for W
 
 You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. 
 
-## Onboard non-Windows endpoints
-You'll need to take the following steps to oboard non-Windows endpoints:
+You'll need to take the following steps to onboard non-Windows machines:
 1. Turn on third-party integration
 2. Run a detection test
 
 ### Turn on third-party integration
 
-1. In Windows Defender Security Center portal, select **Endpoint management** > **Clients** > **Non-Windows**. Make sure the third-party solution is listed.
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**. Make sure the third-party solution is listed.
 
-2. 	Toggle the third-party provider switch button to turn on the third-party solution integration.
+2. 	Select Mac and Linux as the operating system.
 
-3. 	Click **Generate access token** button and then **Copy**.
+3. Turn on the third-party solution integration.
 
-4. 	You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. 
+4. 	Click **Generate access token** button and then **Copy**.
+
+5. 	You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. 
 
 
 >[!WARNING] 
@@ -52,21 +53,21 @@ Create an EICAR test file by saving the string displayed on the portal in an emp
 
 The file should trigger a detection and a corresponding alert on Windows Defender ATP.
 
-### Offboard non-Windows endpoints
-To effectively offboard the endpoints from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
+## Offboard non-Windows machines
+To effectively offboard the machine from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
 
 
 1. Follow the third-party documentation to opt-out on the third-party service side.
 
-2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**.
+2. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 
-3. Toggle the third-party provider switch button to turn stop diagnostic data from endpoints. 
+3. Turn off the third-party solution integration. 
 
 >[!WARNING]
->If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints. 
+>If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on machines. 
 
 ## Related topics
-- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 - [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index de4aa4ddca..1da2299153 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure endpoints using System Center Configuration Manager
-description: Use System Center Configuration Manager to deploy the configuration package on endpoints so that they are onboarded to the service.
-keywords: configure endpoints using sccm, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm
+title: Onboard Windows 10 machines using System Center Configuration Manager
+description: Use System Center Configuration Manager to deploy the configuration package on machines so that they are onboarded to the service.
+keywords: onboard machines using sccm, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines, sccm
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/17/2018
 ---
 
-# Configure endpoints using System Center Configuration Manager
+# Onboard Windows 10 machines using System Center Configuration Manager
 
 **Applies to:**
 
@@ -24,33 +24,38 @@ ms.date: 11/06/2017
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 - System Center 2012 Configuration Manager or later versions
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
 
 <span id="sccm1606"/>
-## Configure endpoints using System Center Configuration Manager (current branch) version 1606
-System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
+## Onboard Windows 10 machines using System Center Configuration Manager (current branch) version 1606
+System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on machines. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
 
 >[!NOTE]
 > If you’re using SCCM client version 1606 with server version 1610 or above, you must upgrade the client version to match the server version.
 
 <span id="sccm1602"/>
-## Configure endpoints using System Center Configuration Manager earlier versions
-You can use existing System Center Configuration Manager functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions:
+## Onboard Windows 10 machines using System Center Configuration Manager earlier versions
+You can use existing System Center Configuration Manager functionality to create a policy to configure your machines. This is supported in the following System Center Configuration Manager versions:
 
 - System Center 2012 Configuration Manager
 - System Center 2012 R2 Configuration Manager
 - System Center Configuration Manager (current branch), version 1511
 - System Center Configuration Manager (current branch), version 1602
 
-### Onboard endpoints
+### Onboard machines using System Center Configuration Manager
+
 
 1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+    
+    b. Select Windows 10 as the operating system.
 
-    b. Select **System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
+    c. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
+    
+    d. Click **Download package**, and save the .zip file.
 
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
 
@@ -62,12 +67,12 @@ You can use existing System Center Configuration Manager functionality to create
 > Windows Defender ATP doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
 
 >[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ### Configure sample collection settings
-For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
 
-You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on an endpoint.
+You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on a machine.
 This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint.
 
 The configuration is set through the following registry key entry:
@@ -80,8 +85,8 @@ Value: 0 or 1
 Where:<br>
 Key type is a D-WORD. <br>
 Possible values are:
-- 0 - doesn't allow sample sharing  from this endpoint
-- 1 - allows sharing of all file types from this endpoint
+- 0 - doesn't allow sample sharing  from this machine
+- 1 - allows sharing of all file types from this machine
 
 The default value in case the registry key doesn’t exist is 1.
 
@@ -95,7 +100,7 @@ In cases where high-value assets or machines are at high risk, you can configure
 > [!NOTE]
 > Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical.
 
-For each endpoint, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal.
+For each machine, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal.
 
 The configuration is set through the following registry key entry:
 
@@ -107,26 +112,28 @@ Value: Normal or Expedite
 Where:<br>
 Key type is a string. <br>
 Possible values are:
-- Normal - sets reporting frequency from the endpoint to Normal mode for the optimal speed and performance balance
-- Expedite - sets reporting frequency from the endpoint to Expedite mode
+- Normal - sets reporting frequency from the machine to Normal mode for the optimal speed and performance balance
+- Expedite - sets reporting frequency from the machine to Expedite mode
 
 The default value in case the registry key doesn’t exist is Normal.
 
 
-### Offboard endpoints
+## Offboard machines using System Center Configuration Manager
 
-For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
 > [!NOTE]
-> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a. In the navigation pane, select **Settings** > **Machine management** >  **Offboarding**.
 
-    b. Click the **Endpoint offboarding** section.
+    b. Select Windows 10 as the operating system.
 
-    c. Select **System Center Configuration Manager System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
+    c. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
+    
+    d. Click **Download package**, and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 
@@ -138,12 +145,12 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 > Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
 
 
-### Monitor endpoint configuration
+### Monitor machine configuration
 Monitoring with SCCM consists of two parts:
 
-1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the endpoints in your network.
+1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the machines in your network.
 
-2. Checking that the endpoints are compliant with the Windows Defender ATP service (this ensures the endpoint can complete the onboarding process and can continue to report data to the service).
+2. Checking that the machines are compliant with the Windows Defender ATP service (this ensures the machine can complete the onboarding process and can continue to report data to the service).
 
 **To confirm the configuration package has been correctly deployed:**
 
@@ -155,11 +162,11 @@ Monitoring with SCCM consists of two parts:
 
 4. Review the status indicators under **Completion Statistics** and **Content Status**.
 
-If there are failed deployments (endpoints with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the endpoints. For more information see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+If there are failed deployments (machines with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the machines. For more information see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
 
 ![SCCM showing successful deployment with no errors](images/sccm-deployment.png)
 
-**Check that the endpoints are compliant with the Windows Defender ATP service:**<br>
+**Check that the machines are compliant with the Windows Defender ATP service:**<br>
 You can set a compliance rule for configuration item in System Center Configuration Manager to monitor your deployment.
 
 This rule should be a *non-remediating* compliance rule configuration item that monitors the value of a registry key on targeted machines.
@@ -173,9 +180,9 @@ Value: “1”
 For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx).
 
 ## Related topics
-- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index f1219c9897..51910b2668 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure Windows Defender ATP endpoints using a local script
-description: Use a local script to deploy the configuration package on endpoints so that they are onboarded to the service.
-keywords: configure endpoints using a local script, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+title: Onboard Windows 10 machines using a local script
+description: Use a local script to deploy the configuration package on machines so that they are onboarded to the service.
+keywords: configure machines using a local script, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/17/2018
 ---
 
-# Configure endpoints using a local script
+# Onboard Windows 10 machines using a local script
 
 **Applies to:**
 
@@ -23,26 +23,31 @@ ms.date: 11/06/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease information](prerelease.md)]
 
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
 
-You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network.
+You can also manually onboard individual machines to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all machines in your network.
 
 > [!NOTE]
-> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
 
-## Onboard endpoints
+## Onboard machines 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a.  In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 
-    b.  Select **Local Script**, click **Download package** and save the .zip file.
+    b. Select Windows 10 as the operating system.
 
+    c.  In the **Deployment method** field, select **Local Script**.
 
-2.  Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
+    d. Click **Download package** and save the .zip file.
 
-3.  Open an elevated command-line prompt on the endpoint and run the script:
+  
+2.  Extract the contents of the configuration package to a location on the machine you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
+
+3.  Open an elevated command-line prompt on the machine and run the script:
 
     a.  Go to **Start** and type **cmd**.
 
@@ -54,16 +59,16 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 
 5.  Press the **Enter** key or click **OK**.
 
-For information on how you can manually validate that the endpoint is compliant and correctly reports sensor data see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+For information on how you can manually validate that the machine is compliant and correctly reports sensor data see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
 
 
 >[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ## Configure sample collection settings
-For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
 
-You can manually configure the sample sharing setting on the endpoint by using *regedit* or creating and running a *.reg* file.  
+You can manually configure the sample sharing setting on the machine by using *regedit* or creating and running a *.reg* file.  
 
 The configuration is set through the following registry key entry:
 
@@ -75,29 +80,31 @@ Value: 0 or 1
 Where:<br>
 Name type is a D-WORD. <br>
 Possible values are:
-- 0 - doesn't allow sample sharing  from this endpoint
-- 1 - allows sharing of all file types from this endpoint
+- 0 - doesn't allow sample sharing  from this machine
+- 1 - allows sharing of all file types from this machine
 
 The default value in case the registry key doesn’t exist is 1.
 
 
-## Offboard endpoints
-For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+## Offboard machines using a local script
+For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
 > [!NOTE]
-> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** on the **Navigation pane**.
+    a.  In the navigation pane, select **Settings** > **Machine management** > **Offboarding**.
 
-    b. Click the **Endpoint offboarding** section.
+    b. Select Windows 10 as the operating system.
 
-    c. Select **Group Policy**, click **Download package** and save the .zip file.
+    c.  In the **Deployment method** field, select **Local Script**.
 
-2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
+    d. Click **Download package** and save the .zip file.
 
-3.  Open an elevated command-line prompt on the endpoint and run the script:
+2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the machines. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
+
+3.  Open an elevated command-line prompt on the machine and run the script:
 
     a.  Go to **Start** and type **cmd**.
 
@@ -113,23 +120,23 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 > Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
 
 
-## Monitor endpoint configuration
+## Monitor machine configuration
 You can follow the different verification steps in the [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) to verify that the script completed successfully and the agent is running.
 
 Monitoring can also be done directly on the portal, or by using the different deployment tools.
 
-### Monitor endpoints using the portal
+### Monitor machines using the portal
 1.	Go to the Windows Defender ATP portal.
 
 2.	Click **Machines list**.
 
-3.	Verify that endpoints are appearing.
+3.	Verify that machines are appearing.
 
 
 ## Related topics
-- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
index 06efff80c7..477529fa7d 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure non-persistent virtual desktop infrastructure (VDI) machines
+title: Onboard non-persistent virtual desktop infrastructure (VDI) machines
 description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Windows Defender ATP the service.
-keywords: configure virtual desktop infrastructure (VDI) machine, vdi, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+keywords: configure virtual desktop infrastructure (VDI) machine, vdi, machine management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,15 +10,15 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
-# Configure non-persistent virtual desktop infrastructure (VDI) machines
+# Onboard non-persistent virtual desktop infrastructure (VDI) machines
 
 **Applies to:**
 - Virtual desktop infrastructure (VDI) machines
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
 
@@ -40,9 +40,13 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 
 1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a.  In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 
-    b.  Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file.
+    b. Select Windows 10 as the operating system.
+
+    c.  In the **Deployment method** field, select **VDI onboarding scripts for non-persistent endpoints**.
+
+    d. Click **Download package** and save the .zip file.
 
 2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
 
@@ -67,9 +71,13 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 6. Test your solution:
 
       a. Create a pool with one machine.
+      
       b. Logon to machine.
+      
       c. Logoff from machine.
+
       d. Logon to machine with another user.
+      
       e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
     **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
 
@@ -78,10 +86,10 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 8. Use the search function by entering the machine name and select **Machine** as search type.
 
 ## Related topics
-- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
index 4afc560682..e6d78d4bb0 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure Windows Defender ATP client endpoints
-description: Configure client endpoints so that they can send sensor data to the Windows Defender ATP sensor.
-keywords: configure client endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+title: Onboard Windows 10 machines on Windows Defender ATP
+description: Onboard Windows 10 machines so that they can send sensor data to the Windows Defender ATP sensor
+keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
-# Configure Windows Defender ATP client endpoints
+# Onboard Windows 10 machines
 
 **Applies to:**
 
@@ -23,9 +23,9 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease information](prerelease.md)]
 
-
-Endpoints in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization.
+Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization.
 
 Windows Defender ATP supports the following deployment tools and methods:
 
@@ -37,11 +37,11 @@ Windows Defender ATP supports the following deployment tools and methods:
 ## In this section
 Topic | Description
 :---|:---
-[Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) | Use Group Policy to deploy the configuration package on endpoints.
-[Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on endpoints.
-[Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on endpoints.
-[Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) | Learn how to use the local script to deploy the configuration package on endpoints.
-[Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) | Learn how to use the configuration package to configure VDI machines.
+[Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) | Use Group Policy to deploy the configuration package on machines.
+[Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on machines.
+[Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on machine.
+[Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) | Learn how to use the local script to deploy the configuration package on endpoints.
+[Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) | Learn how to use the configuration package to configure VDI machines.
 
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index cd4942e214..ac747f99f5 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Configure endpoint proxy and Internet connection settings
+title: Configure machine proxy and Internet connection settings
 description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
 keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server
 search.product: eADQiWindows 10XVcnh
@@ -14,7 +14,7 @@ ms.date: 10/16/2017
 ---
 
 
-# Configure endpoint proxy and Internet connectivity settings
+# Configure machine proxy and Internet connectivity settings
 
 **Applies to:**
 
@@ -39,7 +39,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
     - Web Proxy Auto-discovery Protocol (WPAD)
 
 > [!NOTE]
-> If you're using Transparent proxy or WPAD in your network topology, you don't need special endpoint configuration settings. For more information on Windows Defender ATP URL exclusions in the proxy, see [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
+> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Windows Defender ATP URL exclusions in the proxy, see [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
 
 
  - Manual static proxy configuration:
@@ -99,7 +99,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
 
 1. Download the [connectivity verification tool](https://go.microsoft.com/fwlink/p/?linkid=823683) to the PC where Windows Defender ATP sensor is running on.
 
-2.  Extract the contents of WDATPConnectivityAnalyzer on the endpoint.
+2.  Extract the contents of WDATPConnectivityAnalyzer on the machine.
 
 3. Open an elevated command-line:
 
@@ -135,5 +135,5 @@ If at least one of the connectivity options returns a (200) status, then the Win
 However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
 
 ## Related topics
-- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index 576adf3128..c55f7851c0 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure Windows Defender ATP server endpoints
-description: Configure server endpoints so that they can send sensor data to the Windows Defender ATP sensor.
-keywords: configure server endpoints, server, server onboarding, endpoint management, configure Windows ATP server endpoints, configure Windows Defender Advanced Threat Protection server endpoints
+title: Onboard servers to the Windows Defender ATP service
+description: Onboard servers so that they can send sensor data to the Windows Defender ATP sensor.
+keywords: onboard server, server, server onboarding, machine management, configure Windows ATP servers, onboard Windows Defender Advanced Threat Protection servers
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -9,15 +9,16 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 11/30/2017
+ms.date: 04/17/2018
 ---
 
-# Configure Windows Defender ATP server endpoints
+# Onboard servers to the Windows Defender ATP service
 
 **Applies to:**
 
 - Windows Server 2012 R2
 - Windows Server 2016
+- Windows Server, version 1803
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
@@ -29,8 +30,9 @@ Windows Defender ATP extends support to also include the Windows Server operatin
 Windows Defender ATP supports the onboarding of the following servers:
 - Windows Server 2012 R2
 - Windows Server 2016
+- Windows Server, version 1803
 
-## Onboard server endpoints
+## Onboard Windows Server 2012 R2 and Windows Server 2016
 
 To onboard your servers to Windows Defender ATP, you’ll need to:
 
@@ -38,16 +40,16 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
 - If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
 
 >[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 
 ### Turn on Server monitoring from the Windows Defender Security Center portal
 
-1. In the navigation pane, select **Endpoint management** > **Servers**. 
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 
-2. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
-
-    ![Image of server onboarding](images/atp-server-onboarding.png)
+2. Select Windows server 2012, 2012R2 and 2016 as the operating system.
+ 
+3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
 
 <span id="server-mma"/>
 ### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP 
@@ -64,7 +66,8 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
 Once completed, you should see onboarded servers in the portal within an hour.
 
 <span id="server-proxy"/>
-### Configure server endpoint proxy and Internet connectivity settings 
+### Configure server proxy and Internet connectivity settings
+ 
 - Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway).
 - If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
 
@@ -79,17 +82,80 @@ Once completed, you should see onboarded servers in the portal within an hour.
 |    winatp-gw-neu.microsoft.com    |    443    |
 |    winatp-gw-weu.microsoft.com    |    443    |
 
+## Onboard Windows Server, version 1803 
+You’ll be able to onboard in the same method available for Windows 10 client machines. For more information, see  [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). Support for Windows Server, version 1803 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well. 
 
-### Offboard server endpoints 
-To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP.
-For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
+1.	Install the latest Windows Server Insider build on a machine. For more information, see [Windows Server Insider Preview](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver).
+
+2. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). 
+
+3.	If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly:
+
+    a. Set the following registry entry:
+      - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
+      - Name: ForceDefenderPassiveMode
+      - Value: 1
+
+    b. Run the following PowerShell command to verify that the passive mode was configured:
+    ```Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}```
+
+    c. Confirm  that a recent event containing the passive mode event is found:
+    ![Image of passive mode verification result](images/atp-verify-passive-mode.png)
+
+4. Run the following command to check if Windows Defender AV is installed:
+   ```sc query Windefend```
+
+    If the result is ‘The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
+
+## Offboard servers 
+You have two options to offboard servers from the service:
+- Uninstall the MMA agent
+- Remove the Windows Defender ATP workspace configuration
 
 >[!NOTE]
 >Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
 
+### Uninstall servers by uinstalling the MMA agent
+To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP.
+For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
+
+### Remove the Windows Defender ATP workspace configuration
+To offboard the server, you can use either of the following methods:
+
+- Remove the Windows Defender ATP workspace configuration from the MMA agent 
+- Run a PowerShell command to remove the configuration
+
+#### Remove the Windows Defender ATP workspace configuration from the MMA agent 
+
+1. In the **Microsoft Monitoring Agent Properties**, select the **Azure Log Analytics (OMS)** tab.
+
+2. Select the Windows Defender ATP workspace, and click **Remove**.
+
+    ![Image of Microsoft Monitoring Agen Properties](images/atp-mma.png)
+
+#### Run a PowerShell command to remove the configuration
+
+1. Get your Workspace ID:
+   a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+
+   b. Select **Windows server 2012, 2012R2 and 2016** as the operating system and get your Workspace ID:
+    
+        ![Image of server onboarding](images/atp-server-offboarding-workspaceid.png)
+
+2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`:
+
+    ```
+    # Load agent scripting object
+    $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
+    # Remove OMS Workspace
+    $AgentCfg.RemoveCloudWorkspace($WorkspaceID)
+    # Reload the configuration and apply changes
+    $AgentCfg.ReloadConfiguration()
+    ```
+
 ## Related topics
-- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
index e3847a41ad..f2ab846f15 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
@@ -23,11 +23,9 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
-## Pull alerts using supported security information and events management (SIEM) tools
+## Pull alerts using security information and events management (SIEM) tools
 Windows Defender ATP supports (SIEM) tools to pull alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
 
 
@@ -56,7 +54,7 @@ For more information, see [Pull Windows Defender ATP alerts using REST API](pull
 
 Topic | Description
 :---|:---
-[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Preferences setup** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
+[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
 [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
 [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
 [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
index ed2b034f45..be0b750935 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -32,7 +32,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
 ## Before you begin
 
 - Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk.
-- Make sure you have enabled the **SIEM integration** feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
 
 - Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
   - OAuth 2 Token refresh URL
@@ -105,7 +105,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
   </tr>
   <tr>
   <td>Polling Interval</td>
-  <td>Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.</td>
+  <td>Number of seconds that Splunk will ping the Windows Defender ATP machine. Accepted values are in seconds.</td>
   </tr>
   <tr>
   <td>Set sourcetype</td>
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
index c44eb648d5..8af91533b7 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Create custom alerts using the threat intelligence (TI) application program interface (API)
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) 
 
@@ -59,7 +59,7 @@ For this URL:
 Each tenant has a defined quota that limits the number of possible alert definitions, IOCs and another quota for IOCs of Action different than “equals” in the system. If you upload data beyond this quota, you'll encounter an HTTP error status code 507 (Insufficient Storage).
 
 ## Request an access token from the token issuing endpoint
-Windows Defender ATP Threat Intelligence API uses OAuth 2.0. In the context of Windows Defender ATP, the alert definitions are a protected resource. To issue tokens for ad-hoc, non-automatic operations you can use the **Preferences settings** page and click the **Generate Token** button. However, if you’d like to create an automated client, you need to use the “Client Credentials Grant” flow. For more information, see the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc6749#section-4.4).
+Windows Defender ATP Threat Intelligence API uses OAuth 2.0. In the context of Windows Defender ATP, the alert definitions are a protected resource. To issue tokens for ad-hoc, non-automatic operations you can use the **Settings** page and click the **Generate Token** button. However, if you’d like to create an automated client, you need to use the “Client Credentials Grant” flow. For more information, see the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc6749#section-4.4).
 
 For more information about the authorization flow, see [OAuth 2.0 authorization flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code#oauth-20-authorization-flow).
 
@@ -184,6 +184,21 @@ Content-Type: application/json;
 ```
 If successful, you should get a 201 CREATED response containing the representation of the newly created indicators of compromise in the payload.
 
+The API currently supports the following IOC types:
+
+- Sha1
+- Sha256
+- Md5
+- FileName
+- IpAddress
+- DomainName 
+
+And the following operators:
+
+- Equals
+- StartWith
+- EndWith
+- Contains
 
 ## Bulk upload of alert definitions and IOCs
 Bulk upload of multiple entities can be done by sending an HTTP POST request to `/{resource}/Actions.BulkUpload`. </br>
diff --git a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..2c31b1365d
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,46 @@
+---
+title: Update data retention settings for Windows Defender Advanced Threat Protection
+description: Update data retention settings by selecting between 30 days to 180 days.
+keywords: data, storage, settings, retention, update
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+# Update data retention settings for Windows Defender ATP 
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
+
+During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update the data retention settings.
+
+1. In the navigation pane, select **Settings** > **General** > **Data rention**.
+
+2. Select the data retention duration from the drop-down list.
+
+    > [!NOTE]
+    > Other settings are not editable.
+
+3. Click **Save preferences**.
+
+
+## Related topics
+- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+- [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index a650f8fe1f..e04a79d353 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ This section covers some of the most frequently asked questions regarding privac
 
 ## What data does Windows Defender ATP collect?
 
-Microsoft will collect and store information from your configured endpoints in a database specific to the service for administration, tracking, and reporting purposes.
+Microsoft will collect and store information from your configured machines in a database specific to the service for administration, tracking, and reporting purposes.
 
 Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version).
 
@@ -51,7 +51,7 @@ In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wik
 
 ## Do I have the flexibility to select where to store my data?
 
-When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not under any circumstance, transfer the data from the specified geolocation into another geolocation.
+When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States.
 
 ## Is my data isolated from other customer data?
 Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
diff --git a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
index 4e082b67d2..09ed79f526 100644
--- a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/28/2017
+ms.date: 04/17/2018
 ---
 
 # Windows Defender Antivirus compatibility with Windows Defender ATP
@@ -33,12 +33,12 @@ The Windows Defender Advanced Threat Protection agent depends on Windows Defende
 >[!IMPORTANT]
 >Windows Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings. 
 
-You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
 
-If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
+If an onboarded machine is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
 
 Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client.
 
-The Windows Defender Antivirus interface will be disabled, and users on the endpoint will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options.
+The Windows Defender Antivirus interface will be disabled, and users on the machine will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options.
 
 For more information, see the [Windows Defender Antivirus and Windows Defender ATP compatibility topic](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
index def73c0599..4864c55ad8 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Enable the custom threat intelligence API in Windows Defender ATP
@@ -23,13 +23,13 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) 
 
 Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
 
-1. In the navigation pane, select **Preference Setup** > **Threat intel API**.
+1. In the navigation pane, select **Settings** > **APIs** > **Threat intel**.
 
   ![Image of threat intel API menu](images/atp-threat-intel-api.png)
 
@@ -47,7 +47,7 @@ You’ll need to use the access token in the Authorization header when doing RES
 
 ## Related topics
 - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
 - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
 - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..9e6c2f081b
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,46 @@
+---
+title: Enable Secure Score in Windows Defender ATP
+description: Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard.
+keywords: enable secure score, baseline, calculation, analytics, score, secure score dashboard, dashboard
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Enable Secure Score security controls
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
+
+  >[!NOTE]
+  >Changes might take up to a few hours to reflect on the dashboard. 
+
+1. In the navigation pane, select **Settings** > **General** > **Secure Score**.
+
+    ![Image of Secure Score controls from Preferences setup menu](images/atp-enable-security-analytics.png)
+
+2. Select the security control, then toggle the setting between **On** and **Off**.
+
+3. Click **Save preferences**.
+
+## Related topics
+- [View the Secure Score dashboard](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [Update data retention settings for Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md)
+- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+- [Configure advanced features in Windows Defender ATP](/advanced-features-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index fc7325015e..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Enable Secure score security controls in Windows Defender ATP
-description: Set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard.
-keywords: secure score, baseline, calculation, score, secure score dashboard, dashboard, windows defender antivirus, av, exploit guard, application guard, smartscreen
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: high
-ms.date: 03/12/2018
----
-
-# Enable Secure score security controls
-
-**Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
-Set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
-
-  >[!NOTE]
-  >Changes might take up to a few hours to reflect on the dashboard. 
-
-1. In the navigation pane, select **Preferences setup** > **Secure score**.
-
-    ![Image of Secure score controls from Preferences setup menu](images/atp-enable-security-analytics.png)
-
-2. Select the security control, then toggle the setting between **On** and **Off**.
-
-3. Click **Save preferences**.
-
-## Related topics
-- [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
index c444afe13d..9b39935b31 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/21/2017
+ms.date: 04/17/2018
 ---
 
 # Enable SIEM integration in Windows Defender ATP
@@ -29,9 +29,9 @@ ms.date: 11/21/2017
 
 Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API.
 
-1. In the navigation pane, select **Preferences setup** > **SIEM integration**.
+1. In the navigation pane, select **Settings** > **APIs** > **SIEM**.
 
-  ![Image of SIEM integration from Preferences setup menu](images/atp-siem-integration.png)
+  ![Image of SIEM integration from Settings menu](images/atp-siem-integration.png)
 
 2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
index 79a751c4a0..7dbc500f97 100644
--- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Review events and errors on endpoints with Event Viewer
+title: Review events and errors using Event Viewer
 description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service.
 keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start
 search.product: eADQiWindows 10XVcnh
@@ -10,11 +10,11 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 
-# Review events and errors on endpoints with Event Viewer
+# Review events and errors using Event Viewer
 
 **Applies to:**
 
@@ -25,14 +25,14 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease information](prerelease.md)]
 
+You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual machines.
 
-You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
-
-For example, if endpoints are not appearing in the **Machines list**, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
+For example, if machines are not appearing in the **Machines list**, you might need to look for event IDs on the machines. You can then use this table to determine further troubleshooting steps.
 
 > [!NOTE]
-> It can take several days for endpoints to begin reporting to the Windows Defender ATP service.
+> It can take several days for machines to begin reporting to the Windows Defender ATP service.
 
 **Open Event Viewer and find the Windows Defender ATP service event log:**
 
@@ -65,7 +65,7 @@ For example, if endpoints are not appearing in the **Machines list**, you might
 <tr>
 <td>2</td>
 <td>Windows Defender Advanced Threat Protection service shutdown.</td>
-<td>Occurs when the endpoint is shut down or offboarded.</td>
+<td>Occurs when the machine is shut down or offboarded.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
@@ -91,17 +91,17 @@ The service could not contact the external processing servers at that URL.</td>
 <tr>
 <td>6</td>
 <td>Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found.</td>
-<td>The endpoint did not onboard correctly and will not be reporting to the portal.</td>
+<td>The machine did not onboard correctly and will not be reporting to the portal.</td>
 <td>Onboarding must be run before starting the service.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>7</td>
 <td>Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: ```variable```.</td>
-<td>Variable = detailed error description. The endpoint did not onboard correctly and will not be reporting to the portal.</td>
+<td>Variable = detailed error description. The machine did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>8</td>
@@ -109,28 +109,28 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen
 <td>**During onboarding:** The service failed to clean its configuration during the onboarding. The onboarding process continues. <br><br> **During offboarding:** The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
  </td>
 <td>**Onboarding:** No action required. <br><br> **Offboarding:** Reboot the system.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>9</td>
 <td>Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: ```variable```.</td>
-<td>**During onboarding:** The endpoint did not onboard correctly and will not be reporting to the portal. <br><br>**During offboarding:** Failed to change the service start type. The offboarding process continues. </td>
+<td>**During onboarding:** The machine did not onboard correctly and will not be reporting to the portal. <br><br>**During offboarding:** Failed to change the service start type. The offboarding process continues. </td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>10</td>
 <td>Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```.</td>
-<td>The endpoint did not onboard correctly and will not be reporting to the portal.</td>
+<td>The machine did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>11</td>
 <td>Onboarding or re-onboarding of Windows Defender Advanced Threat Protection service completed.</td>
-<td>The endpoint onboarded correctly.</td>
+<td>The machine onboarded correctly.</td>
 <td>Normal operating notification; no action required.<br>
-It may take several hours for the endpoint to appear in the portal.</td>
+It may take several hours for the machine to appear in the portal.</td>
 </tr>
 <tr>
 <td>12</td>
@@ -157,7 +157,7 @@ The service could not contact the external processing servers at that URL.</td>
 <td>An error occurred with the Windows telemetry service.</td>
 <td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>18</td>
@@ -181,25 +181,25 @@ If this error persists after a system restart, ensure all Windows updates have f
 <tr>
 <td>25</td>
 <td>Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: ```variable```.</td>
-<td>The endpoint did not onboard correctly.
+<td>The machine did not onboard correctly.
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>26</td>
 <td>Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```.</td>
-<td>The endpoint did not onboard correctly.<br>
+<td>The machine did not onboard correctly.<br>
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>27</td>
 <td>Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender Antivirus. Onboarding process failed. Failure code: ```variable```.</td>
-<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP.</td>
+<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).<br>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).<br>
 Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
@@ -208,14 +208,14 @@ Ensure real-time antimalware protection is running properly.</td>
 <td>An error occurred with the Windows telemetry service.</td>
 <td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>30</td>
 <td>Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: ```variable```.</td>
-<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP.</td>
+<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)<br>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)<br>
 Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
@@ -233,9 +233,9 @@ Ensure real-time antimalware protection is running properly.</td>
 <tr>
 <td>33</td>
 <td>Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```.</td>
-<td>A unique identifier is used to represent each endpoint that is reporting to the portal.<br>
+<td>A unique identifier is used to represent each machine that is reporting to the portal.<br>
 If the identifier does not persist, the same machine might appear twice in the portal.</td>
-<td>Check registry permissions on the endpoint to ensure the service can update the registry.</td>
+<td>Check registry permissions on the machine to ensure the service can update the registry.</td>
 </tr>
 <tr>
 <td>34</td>
@@ -243,7 +243,7 @@ If the identifier does not persist, the same machine might appear twice in the p
 <td>An error occurred with the Windows telemetry service.</td>
 <td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>35</td>
@@ -337,6 +337,6 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink)
 
 ## Related topics
-- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender ATP](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index 5652ee66e3..5a34950b31 100644
--- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -152,8 +152,8 @@ This step will guide you in exploring the custom alert in the portal.
 
 ## Related topics
 - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
 - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index b31dad703f..d35ec1554e 100644
--- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -54,7 +54,7 @@ This status indicates that there's limited communication between the machine and
 
 The following suggested actions can help fix issues related to a misconfigured machine with impaired communications:
 
-- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)</br>
+- [Ensure the machine has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#troubleshoot-onboarding-issues-on-the-machine)</br>
   The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
 
 - [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)</br>
@@ -66,17 +66,17 @@ If you took corrective actions and the machine status is still misconfigured, [o
 A misconfigured machine with status ‘No sensor data’ has communication with the service but can only report partial sensor data.
 Follow theses actions to correct known issues related to a misconfigured machine with status ‘No sensor data’:
 
-- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)</br>
+- [Ensure the machine has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#troubleshoot-onboarding-issues-on-the-machine)</br>
   The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
 
 - [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)</br>
   Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
 
 - [Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled)</br>
-If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
+If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
 
 - [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)</br>
-If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
+If your machines are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
 
 If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 
diff --git a/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 7c8b6ad443..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Update general Windows Defender Advanced Threat Protection settings
-description: Update your general Windows Defender Advanced Threat Protection settings such as data retention or industry after onboarding.
-keywords: general settings, settings, update settings
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: high
-ms.date: 10/16/2017
----
-# Update general Windows Defender ATP settings
-
-**Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
-
-During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu.
-
-1. In the navigation pane, select **Preferences setup** > **General**.
-
-2. Modify settings such as data retention policy or the industry that best describes your organization.
-
-    > [!NOTE]
-    > Other settings are not editable.
-
-3. Click **Save preferences**.
-
-
-## Related topics
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Failed.png b/windows/security/threat-protection/windows-defender-atp/images/Failed.png
new file mode 100644
index 0000000000..6cef8a46db
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Failed.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/No threats found.png b/windows/security/threat-protection/windows-defender-atp/images/No threats found.png
new file mode 100644
index 0000000000..11eb05d7c6
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/No threats found.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Partially investigated.png b/windows/security/threat-protection/windows-defender-atp/images/Partially investigated.png
new file mode 100644
index 0000000000..430acc7c42
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Partially investigated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Partially remediated.png b/windows/security/threat-protection/windows-defender-atp/images/Partially remediated.png
new file mode 100644
index 0000000000..c3060b51b0
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Partially remediated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Pending.png b/windows/security/threat-protection/windows-defender-atp/images/Pending.png
new file mode 100644
index 0000000000..b5a27d0a58
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Pending.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Remediated.png b/windows/security/threat-protection/windows-defender-atp/images/Remediated.png
new file mode 100644
index 0000000000..9f13d8e5dc
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Remediated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Running.png b/windows/security/threat-protection/windows-defender-atp/images/Running.png
new file mode 100644
index 0000000000..5de179503f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Running.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Terminated by system.png b/windows/security/threat-protection/windows-defender-atp/images/Terminated by system.png
new file mode 100644
index 0000000000..f1d7bb0531
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Terminated by system.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG
new file mode 100644
index 0000000000..3958d9a532
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-save-query.PNG b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-save-query.PNG
new file mode 100644
index 0000000000..2da889163c
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-save-query.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png b/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png
index 4a2c0fa98e..bafa469657 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png and b/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png
new file mode 100644
index 0000000000..6950882187
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-query.png b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-query.png
new file mode 100644
index 0000000000..c148c887c1
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-query.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-filter.PNG b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-filter.PNG
new file mode 100644
index 0000000000..40d4cf3b5c
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-filter.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-set.png b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-set.png
new file mode 100644
index 0000000000..cfec514362
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-set.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting.png b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting.png
new file mode 100644
index 0000000000..f43355e6e2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png
index 89fd66df5f..f98240f439 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png
index 379423a53a..7ae7d3aa20 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png
index 12537a9efb..b34d5f4779 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-view.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-view.png
new file mode 100644
index 0000000000..1b6c2dfa10
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-view.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png
index 745712f857..00185b3daa 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG
index af1915fb0b..dcaa87034d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png
index eaacfa5256..4fcc40c32c 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png
index ed3cf79941..7a975960a1 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png
index a2960ce201..7d65413066 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-analyze-auto-ir.png b/windows/security/threat-protection/windows-defender-atp/images/atp-analyze-auto-ir.png
new file mode 100644
index 0000000000..ec8235b996
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-analyze-auto-ir.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-approve-reject-action.png b/windows/security/threat-protection/windows-defender-atp/images/atp-approve-reject-action.png
new file mode 100644
index 0000000000..f96acc7694
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-approve-reject-action.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigation-pending.png b/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigation-pending.png
new file mode 100644
index 0000000000..f006033aef
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigation-pending.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigations-list.png b/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigations-list.png
new file mode 100644
index 0000000000..b2cdc68a24
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigations-list.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png b/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png
new file mode 100644
index 0000000000..82565d784f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png
new file mode 100644
index 0000000000..c2c13fe289
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png
new file mode 100644
index 0000000000..62e88527b3
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-block-file.png b/windows/security/threat-protection/windows-defender-atp/images/atp-block-file.png
new file mode 100644
index 0000000000..3f7e3dba8a
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-block-file.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-community-center.png b/windows/security/threat-protection/windows-defender-atp/images/atp-community-center.png
new file mode 100644
index 0000000000..96c73fc027
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-community-center.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access-numbered.png b/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access-numbered.png
new file mode 100644
index 0000000000..c9ff0c1688
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access-numbered.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access.png b/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access.png
new file mode 100644
index 0000000000..c8126f92a3
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png
index 1918a2064d..fc628073fc 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-9.png
new file mode 100644
index 0000000000..f40dff2c63
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png b/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png
index 2c44e15d09..e4ec0ca34e 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-delete-query.png b/windows/security/threat-protection/windows-defender-atp/images/atp-delete-query.png
new file mode 100644
index 0000000000..703204c040
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-delete-query.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png b/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png
index 9405ae0d6e..fc1a15b8e1 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png b/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png
index 1fa1650882..0ada1afc87 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png b/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png
index 5982447692..6d0e7a9d55 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-filter-advanced-hunting.png b/windows/security/threat-protection/windows-defender-atp/images/atp-filter-advanced-hunting.png
new file mode 100644
index 0000000000..2787e7d147
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-filter-advanced-hunting.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-image.png b/windows/security/threat-protection/windows-defender-atp/images/atp-image.png
new file mode 100644
index 0000000000..e3f4b5b27f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-image.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps-9.png
new file mode 100644
index 0000000000..99a4376f93
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png b/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png
index 0f5ef13a77..692238433d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png
index 6a005352c5..97529ae015 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png
new file mode 100644
index 0000000000..5ce3e0d034
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png
index 63431efa68..9dd1e801dd 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png
index b5dee50cd9..e2e3ae3944 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png
index 0be9abed27..45f38aa956 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png
index 8047e53b44..bbf578bd52 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png
index cfa3cbda3e..9347d09c04 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view2.png
new file mode 100644
index 0000000000..692b21869f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png
index c405166f01..d3291b5cd5 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png
index d8d2aea802..2645ee2e58 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png
new file mode 100644
index 0000000000..df43379ab5
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score-9.png
new file mode 100644
index 0000000000..3d3330a2db
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score.png b/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score.png
new file mode 100644
index 0000000000..860899d286
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-new-alerts-list.png b/windows/security/threat-protection/windows-defender-atp/images/atp-new-alerts-list.png
new file mode 100644
index 0000000000..b9a758e159
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-new-alerts-list.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png b/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png
index b330f34ac1..3b4cf3197c 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png b/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png
index 24b6aee777..b538946141 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png b/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png
index 020eeac764..738c1470e7 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notification-action.png b/windows/security/threat-protection/windows-defender-atp/images/atp-notification-action.png
new file mode 100644
index 0000000000..ca06a6bea9
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-notification-action.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notifications.png b/windows/security/threat-protection/windows-defender-atp/images/atp-notifications.png
new file mode 100644
index 0000000000..ec00bdcb5e
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-notifications.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png b/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png
index a0c18757a8..ee2cf3dc71 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png b/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png
index 729042ed30..a109efd09c 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-auto-ir.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-auto-ir.png
new file mode 100644
index 0000000000..8c38cc18a2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-auto-ir.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-file.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-file.png
new file mode 100644
index 0000000000..006d7c1a3f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-file.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-list.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-list.png
new file mode 100644
index 0000000000..55113991e6
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-list.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-multiple.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-multiple.png
new file mode 100644
index 0000000000..f0878a6699
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-multiple.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-notification.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-notification.png
new file mode 100644
index 0000000000..af05f88e0b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-notification.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png b/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png
index 4a41dff7b6..06147c025e 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png b/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png
index 74b6e5fae6..f271f16509 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-save-query.png b/windows/security/threat-protection/windows-defender-atp/images/atp-save-query.png
new file mode 100644
index 0000000000..0e8c9e12d2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-save-query.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-1.png b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-1.png
new file mode 100644
index 0000000000..ae8d72d307
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-1.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png
new file mode 100644
index 0000000000..5a4816bf80
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png
index 20e5f4f5fa..f80648993e 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls-9.png
new file mode 100644
index 0000000000..9ce191083b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls.png
new file mode 100644
index 0000000000..023881cd9b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time-9.png
new file mode 100644
index 0000000000..8afeee9566
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png
index 9cbf01f81a..3bfad3afc3 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png b/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png
index 76267fb27f..f3de71739d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png b/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png
new file mode 100644
index 0000000000..1d1cbb4448
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png b/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png
new file mode 100644
index 0000000000..1c3154f188
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-shared-queries.png b/windows/security/threat-protection/windows-defender-atp/images/atp-shared-queries.png
new file mode 100644
index 0000000000..bdcc1997eb
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-shared-queries.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png b/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png
index 2ce7dbc637..d611574dbc 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png b/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png
index b2ae248d35..db6082c4e1 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png b/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png
index 7a6c15ebbb..8fc24beeab 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png
new file mode 100644
index 0000000000..0989362804
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png
index 70a7ce9fee..0b532a888a 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png b/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png
index 3aa0b451bc..dce4ee3f5e 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-azureatp.png b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-azureatp.png
new file mode 100644
index 0000000000..2fcb58e44f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-azureatp.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png
index eb1366d9cb..94c0f5cd1f 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-verify-passive-mode.png b/windows/security/threat-protection/windows-defender-atp/images/atp-verify-passive-mode.png
new file mode 100644
index 0000000000..32907fedb6
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-verify-passive-mode.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/dashboard.png
new file mode 100644
index 0000000000..974708504f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/dashboard.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/io.png b/windows/security/threat-protection/windows-defender-atp/images/io.png
new file mode 100644
index 0000000000..a03e5fb917
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/io.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/mss.png b/windows/security/threat-protection/windows-defender-atp/images/mss.png
new file mode 100644
index 0000000000..63a22c2e50
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/mss.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png b/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png
new file mode 100644
index 0000000000..fc3ee208d2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/no_threats_found.png b/windows/security/threat-protection/windows-defender-atp/images/no_threats_found.png
new file mode 100644
index 0000000000..4db61c4162
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/no_threats_found.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png b/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png
new file mode 100644
index 0000000000..225988f58b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially_investigated.png b/windows/security/threat-protection/windows-defender-atp/images/partially_investigated.png
new file mode 100644
index 0000000000..469ec08f53
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/partially_investigated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially_remediated.png b/windows/security/threat-protection/windows-defender-atp/images/partially_remediated.png
new file mode 100644
index 0000000000..b381112d21
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/partially_remediated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/save-query.png b/windows/security/threat-protection/windows-defender-atp/images/save-query.png
new file mode 100644
index 0000000000..719a1a7113
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/save-query.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/securescore.png b/windows/security/threat-protection/windows-defender-atp/images/securescore.png
new file mode 100644
index 0000000000..2b8104bd7d
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/securescore.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ss1.png b/windows/security/threat-protection/windows-defender-atp/images/ss1.png
new file mode 100644
index 0000000000..ebd17712d6
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/ss1.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ssot.png b/windows/security/threat-protection/windows-defender-atp/images/ssot.png
new file mode 100644
index 0000000000..a21b675f64
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/ssot.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/status-tile.png b/windows/security/threat-protection/windows-defender-atp/images/status-tile.png
index 78812e3248..452918b63f 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/status-tile.png and b/windows/security/threat-protection/windows-defender-atp/images/status-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png b/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png
new file mode 100644
index 0000000000..7db354747c
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/terminated_by_system.png b/windows/security/threat-protection/windows-defender-atp/images/terminated_by_system.png
new file mode 100644
index 0000000000..f2d59131d5
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/terminated_by_system.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdsc.png b/windows/security/threat-protection/windows-defender-atp/images/wdsc.png
new file mode 100644
index 0000000000..3cd583ed74
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/wdsc.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
index b4fae526ee..840ac36b91 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Investigate Windows Defender Advanced Threat Protection alerts
 description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them.
-keywords: investigate, investigation, machines, machine, endpoints, endpoint, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
+keywords: investigate, investigation, machines, machine, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Investigate Windows Defender Advanced Threat Protection alerts
@@ -19,17 +19,17 @@ ms.date: 10/16/2017
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink) 
 
-Investigate alerts that are affecting your network, what they mean, and how to resolve them. 
+Investigate alerts that are affecting your network, understand what they mean, and how to resolve them. 
 
 Click an alert to see the alert details view and the various tiles that provide information about the alert. 
 
-You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them.
+You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them. You'll also see a status of the automated investigation on the upper right corner. Clicking on the link will take you to the Automated investigations view. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md). 
 
-![Image of the alert page](images/atp-alert-details.png)
+![Image of the alert page](images/atp-alert-view.png)
 
 
 The alert context tile shows the where, who, and when context of the alert. As with other pages, you can click on the icon beside the name or user account to bring up the machine or user details pane. The alert details view also has a status tile that shows the status of the alert in the queue. You'll also see a description and a set of recommended actions which you can expand.
@@ -91,13 +91,12 @@ The **Artifact timeline** feature provides an addition view of the evidence that
 Selecting an alert detail brings up the **Details pane** where you'll be able to see more information about the alert such as file details, detections, instances of it observed worldwide, and in the organization.
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
index f4f611b986..9d2442bd7c 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 # Investigate a domain associated with a Windows Defender ATP alert
 
@@ -22,7 +22,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink) 
 
@@ -58,13 +58,10 @@ The **Most recent observed machinew with URL** section provides a chronological
 5. Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
 - [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
index df24b9a27b..8303abcda1 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 # Investigate a file associated with a Windows Defender ATP alert
 
@@ -22,7 +22,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink) 
 
@@ -63,13 +63,10 @@ The **Most recent observed machines with the file** section allows you to specif
 This allows for greater accuracy in defining entities to display such as if and when an entity was observed in the organization. For example, if you’re trying to identify the origin of a network communication to a certain IP Address within a 10-minute period on a given date, you can specify that exact time interval, and see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching.
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
index 01828ef7ff..a22179f273 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 # Investigate an IP address associated with a Windows Defender ATP alert
 
@@ -65,13 +65,10 @@ Use the search filters to define the search criteria. You can also use the timel
 Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
 - [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
 - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
index e9940d0a2b..9fb3644bae 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Investigate machines in the Windows Defender ATP Machines list
 description: Investigate affected machines by reviewing alerts, network connection information, adding machine tags and groups, and checking the service health.
-keywords: machines, endpoints, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh
+keywords: machines, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Investigate machines in the Windows Defender ATP Machines list
@@ -19,8 +19,6 @@ ms.date: 10/16/2017
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) 
 
 ## Investigate machines
@@ -30,87 +28,55 @@ You can click on affected machines whenever you see them in the portal to open a
 
 - The [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-- The [Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- The [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
 - Any individual alert
 - Any individual file details view
 - Any IP address or domain details view
 
 When you investigate a specific machine, you'll see:
-- Machine details, Logged on users, and Machine Reporting
+- Machine details, Logged on users, Machine risk, and Machine Reporting
 - Alerts related to this machine
 - Machine timeline
 
-![Image of machine view](images/atp-machine-details-view.png)
+![Image of machine view](images/atp-azure-atp-machine.png)
 
-The machine details, total logged on users, and machine reporting sections display various attributes about the machine.
+The machine details, logged on users, machine risk, and machine reporting sections display various attributes about the machine.
 
+**Machine details**</br>
 The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package.
 
 For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
 
-Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
+
+**Logged on users**</br>
+Clicking on the logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
 
 -	Interactive and remote interactive logins
 -	Network, batch, and system logins
 
-![Image of user details pane](images/atp-user-details.png)
+![Image of user details pane](images/atp-azure-atp-machine-user.png)
 
 You'll also see details such as logon types for each user account, the user group, and when the account logon occurred.
 
  For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md).
 
-## Manage machine group and tags
-Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident. 
+**Machine risk**</br>
+The Machine risk tile shows the overall risk assessment of a machine. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert. It's also indicators of the active threats that machines could be exposed to.
 
-Machine related properties are being extended to account for:
-
-- Group affiliation
-- Dynamic context capturing  
-
-
-
-### Group machines
-Machine group affiliation can represent geographic location, specific activity, importance level and others. Grouping machines with similar attributes can be handy when you need to apply contextual action on a specific list of machines. After creating groups, you can apply the Group filter on the Machines list to get a narrowed list of machines.
-
-Machine group is defined in the following registry key entry of the machine:
-
--	Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
--	Registry key value (string): Group
-
-
-### Set standard tags on machines
-Dynamic context capturing is achieved using tags. By tagging machines, you can keep track of individual machines in your organization. After adding tags on machines, you can apply the Tags filter on the Machines list to get a narrowed list of machines with the tag.
-
-1.	Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views:
-
-    -	**Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
-    -	**Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
-    -	**Machines list** - Select the machine name from the list of machines.
-    -	**Search box** - Select Machine from the drop-down menu and enter the machine name.
-
-    You can also get to the alert page through the file and IP views.
-
-2.	Open the **Actions** menu and select **Manage tags**.
-
-    ![Image of taking action to manage tags on a machine](images/atp-manage-tags.png)
-
-3. Enter tags on the machine. To add more tags, click the + icon.
-4. Click **Save and close**. 
-
-    ![Image of adding tags on a machine](images/atp-save-tag.png)
-
-    Tags are added to the machine view and will also be reflected on the **Machines list** view. You can then use the **Tags** or **Groups** filter to see the relevant list of machines.
-
-### Manage machine tags
-You can manage tags from the Actions button or by selecting a machine from the Machines list and opening the machine details panel. 
-
-![Image of adding tags on a machine](images/atp-tag-management.png)
+**Azure Advanced Threat Protection**</br> 
+If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. 
 
+>[!NOTE]
+>You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
 
+**Machine reporting**</br>
+Provides the last internal IP and external IP of the machine. It also shows when the machine was first and last seen reporting to the service. 
 
 ## Alerts related to this machine
 The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts).
 
+![Image of alerts related to machine](images/atp-alerts-related-to-machine.png)
+
 This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
 
 You can also choose to highlight an alert from the **Alerts related to this machine** or from the  **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**.
@@ -184,20 +150,71 @@ From the list of events that are displayed in the timeline, you can examine the
 
 You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.
 
-Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of metadata on the file or IP address.
+Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of meta data on the file or IP address.
 
 The details pane enriches the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context.
 
+## Add machine tags
+You can add tags on machines during an investigation. Machine tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident. 
+
+You can add tags on machines using the following ways:
+- By setting a registry key value
+- By using the portal
+
+### Add machine tags by setting a registry key value
+Add tags on machines which can be used as a filter in Machines list view. You can limit the machines in the list by selecting the Tag filter on the Machines list.
+
+Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines. 
+
+Use the following registry key entry to add a tag on a machine:
+
+-	Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
+-	Registry key value (string): Group
+
+
+### Add machine tags using the portal
+Dynamic context capturing is achieved using tags. By tagging machines, you can keep track of individual machines in your organization. After adding tags on machines, you can apply the Tags filter on the Machines list to get a narrowed list of machines with the tag.
+
+1.	Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views:
+
+    -	**Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
+    -	**Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+    -	**Machines list** - Select the machine name from the list of machines.
+    -	**Search box** - Select Machine from the drop-down menu and enter the machine name.
+
+    You can also get to the alert page through the file and IP views.
+
+2.	Open the **Actions** menu and select **Manage tags**.
+
+    ![Image of taking action to manage tags on a machine](images/atp-manage-tags.png)
+
+3. Enter tags on the machine. To add more tags, click the + icon.
+4. Click **Save and close**. 
+
+    ![Image of adding tags on a machine](images/atp-save-tag.png)
+
+    Tags are added to the machine view and will also be reflected on the **Machines list** view. You can then use the **Tags** filter to see the relevant list of machines.
+
+### Manage machine tags
+You can manage tags from the Actions button or by selecting a machine from the Machines list and opening the machine details panel. 
+
+![Image of adding tags on a machine](images/atp-tag-management.png)
+
+## Use machine groups in an investigation
+Machine group affiliation can represent geographic location, specific activity, importance level and others.
+
+You can create machine groups in the context of role-based access (RBAC) to control who can take specific action or who can see information on a specific machine group or groups by assigning the machine group to a user group. For more information, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+
+You can also use machine groups to assign specific remediation levels to apply during automated investigations. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+
+In an investigation, you can filter the Machines list to just specific machine groups by using the Groups filter. 
 
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
 - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
index 7d166a4ede..46a2f46c0e 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
@@ -10,16 +10,12 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 # Investigate a user account in Windows Defender ATP
 
 **Applies to:**
 
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
@@ -37,17 +33,32 @@ You can find user account information in the following views:
 A clickable user account link is available in these views, that will take you to the user account details page where more details about the user account are shown.
 
 When you investigate a user account entity, you'll see:
-- User account details and Logged on machines
+- User account details, Azure Advanced Threat Protection (Azure ATP) alerts, and Logged on machines
 - Alerts related to this user
 - Observed in organization (machines logged on to)
 
-![Image of the user account entity details page](images/atp-user-details-view-tdp.png)
+![Image of the user account entity details page](images/atp-user-details-view-azureatp.png)
 
-The user account entity details and logged on machines section display various attributes about the user account. You'll see details such as when the user was first and last seen and the total number of machines the user logged on to. You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
+**User details**</br>
+The user account entity details, Azure ATP alerts, and logged on machines sections display various attributes about the user account.
 
-The **Alerts related to this user** section provides a list of alerts that are associated with the user account. This list  is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
+The user entity tile provides details about the user such as when the user was first and last seen. Depending on the integration features you enable, you'll see other details. For example, if you enable the Skype for business integration, you'll be able to contact the user from the portal. 
 
-The **Observed in organization** section allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines.
+**Azure Advanced Threat Protection**</br>
+If you have enabled the Azure ATP feature and there are alerts related to the user, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last AD site, total group memberships, and login failure associated with the user.
+
+>[!NOTE]
+>You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
+
+**Logged on machines**</br>
+You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
+
+
+## Alerts related to this user
+This section provides a list of alerts that are associated with the user account. This list  is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
+
+## Observed in organization
+This section allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines.
 
 The machine health state is displayed in the machine icon and color as well as in a description text. Clicking on the icon displays additional details regarding machine health.
 
@@ -69,13 +80,11 @@ You can filter the results by the following time periods:
 - 6 months
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
index c2e2c9f696..240d558937 100644
--- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Is domain seen in org
diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
index 4e8281d86e..71573b1352 100644
--- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
@@ -22,6 +22,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-validatelicense-abovefoldlink)
 
@@ -53,7 +54,7 @@ To gain access into which licenses are provisioned to your company, and to check
 
 When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created.
 
-1. Each time you access the portal you will need to validate that you are authorized to access the product. Only if you are not authorized will This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
+1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
 
 	![Image of Set up your permissions for WDATP](images\atp-setup-permissions-wdatp-portal.png)
 
@@ -117,20 +118,20 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
 
 10. You are almost done. Before you can start using Windows Defender ATP you'll need to:
 
-	- [Onboard endpoints and setup access](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection)
+	- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
 
 	- Run detection test (optional)
 
-	![Image of Onboard endpoints and run detection test](images\atp-onboard-endpoints-run-detection-test.png)
+	![Image of Onboard machines and run detection test](images\atp-onboard-endpoints-run-detection-test.png)
 
 	> [!IMPORTANT]
-	> If you click **Start using Windows Defender ATP** before onboarding endpoints you will receive the following notification:
+	> If you click **Start using Windows Defender ATP** before onboarding machines you will receive the following notification:
 	>![Image of setup imcomplete](images\atp-setup-incomplete.png)
 
-11. After onboarding endpoints you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
+11. After onboarding machines you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
 
-	![Image of onboard endpoints](images\atp-onboard-endpoints-WDATP-portal.png)
+	![Image of onboard machines](images\atp-onboard-endpoints-WDATP-portal.png)
 
 ## Related topics
-- [Onboard and set up Windows Defender Advanced Threat Protection](onboard-configure-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot onboarding process and error messages](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Onboard machines to the Windows Defender Advanced Threat Protection service](onboard-configure-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot onboarding process and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..454d1a3aec
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,94 @@
+---
+title: Create and manage machine groups in Windows Defender ATP
+description: Create machine groups and set automated remediation levels on them by confiring the rules that apply on the group
+keywords: machine groups, groups, remediation, level, rules, aad group, role, assign, rank
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Create and manage machine groups in Windows Defender ATP
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Azure Active Directory
+- Office 365
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+In an enterprise scenario, security operation teams are typically assigned a set of machines. These machines are grouped together based on a set of attributes such as their domains, computer names, or designated tags.
+
+In Windows Defender ATP, you can create machine groups and use them to:
+- Limit access to related alerts and data to specific Azure AD user groups with [assigned RBAC roles](rbac-windows-defender-advanced-threat-protection.md) 
+- Configure different auto-remediation settings for different sets of machines
+
+As part of the process of creating a machine group, you'll:
+- Set the automated remediation level for that group
+- Define a matching rule based on the machine name, domain, tags, and OS platform to determine which machines belong to the group. If a machine is also matched to other groups, it is added only to the highest ranked machine group.
+- Determine access to machine group
+- Rank the machine group relative to other groups after it is created 
+
+>[!NOTE]
+>All machine groups are accessible to all users if you don’t assign any Azure AD groups to them.
+
+
+## Add a machine group
+
+1.	In the navigation pane, select **Settings > Permissions > Machine groups**.
+
+2.	Click **Add machine group**. 
+
+3.	Set the machine group details, configure an association rule, preview the results, then assign the group to an Azure user group:
+
+	 - **Name**
+
+	 - **Remediation level for automated investigations**
+	  - **No remediation**
+	  - **Require approval (all folders)**
+	  - **Require approval (non-temp folders)**
+	  - **Require approval (core folders)**
+	  - **Fully automated**
+
+	 - **Description**
+
+	 - **Matching rule** – you can apply the rule based on machine name, domain, tag, or OS version. 
+
+		>[!TIP]
+		>If you want to group machines by organizational unit, you can configure the registry key for the group affiliation. For more information on device tagging, see [Manage machine group and tags](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#manage-machine-group-and-tags).
+
+4.	Review the result of the preview of matched machines. If you are satisfied with the rules, click the **Access** tab.
+
+5.	Assign the user groups that can access the machine group you created. 
+
+    >[!NOTE]
+    >You can only grant access to Azure AD user groups that have been assigned to RBAC roles. 
+
+6.	Click **Close**.
+
+7.	Apply the configuration settings.
+
+## Understand matching and manage groups
+You can promote the rank of a machine group so that it is given higher priority during matching. When a machine is matched to more than one group, it is added only to the highest ranked group. You can also edit and delete groups.
+
+By default, machine groups are accessible to all users with portal access. You can change the default behavior by assigning Azure AD user groups to the machine group.
+
+Machines that are not matched to any groups are added to Ungrouped machines (default) group. You cannot change the rank of this group or delete it. However, you can change the remediation level of this group, and define the Azure AD user groups that can access this group.
+
+>[!NOTE]
+>Applying changes to machine group configuration may take up to several minutes.
+
+
+
+
+## Related topic
+- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
index b25f671461..278725340f 100644
--- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 03/12/2018
+ms.date: 04/17/2018
 ---
 
 # View and organize the Windows Defender ATP Machines list
@@ -23,8 +23,6 @@ ms.date: 03/12/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
 
 The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
@@ -32,7 +30,7 @@ The **Machines list** shows a list of the machines in your network, the domain o
 Use the Machines list in these main scenarios:
 
 - **During onboarding**<br>
-  During the onboarding process, the **Machines list** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
+  During the onboarding process, the **Machines list** is gradually populated with machines as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
 - **Day-to-day work** <br>
   The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
 
@@ -43,7 +41,7 @@ Filter the **Machines list** by **Time**, **OS Platform**, **Health**, **Securit
 
 You can also download the entire list in CSV format using the **Export to CSV** feature.
 
-![Image of machines list with list of machines](images/atp-machines-list-view.png)
+![Image of machines list with list of machines](images/atp-machines-list-view2.png)
 
 You can use the following filters to limit the list of machines displayed during an investigation:
 
@@ -54,6 +52,9 @@ You can use the following filters to limit the list of machines displayed during
 - 30 days
 - 6 months
 
+**Risk level**</br>
+Machine risk levels are indicators of the active threats that machines could be exposed to. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert.
+
 **OS Platform**</br>
 - Windows 10
 - Windows Server 2012 R2
@@ -80,7 +81,7 @@ Filter the list to view specific machines that are well configured or require at
 - **Well configured** - Machines have the Windows Defender security controls well configured. 
 - **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
 
-For more information, see [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md).
+For more information, see [View the Secure Score dashboard](secure-score-dashboard-windows-defender-advanced-threat-protection.md).
 
 **Malware category alerts**</br>
 Filter the list to view specific machines grouped together by the following malware categories:
@@ -92,13 +93,14 @@ Filter the list to view specific machines grouped together by the following malw
   -	**General malware** – Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks.
   -	**PUA** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.
 
-## Groups and tags
-You can filter the list based on the grouping and tagging that you've added to individual machines. For more information, see [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags).
+**Groups and tags** </br>
+You can filter the list based on the grouping and tagging that you've added to individual machines. 
 
 ## Export machine list to CSV
 You can  download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file.
 
-**Note**: Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
+>[NOTE]
+> Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
 Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
 
 ## Sort the Machines list
@@ -112,17 +114,10 @@ You can sort the **Machines list** by the following columns:
 - **Active malware alerts** - Number of active malware detections reported by the machine
 
 > [!NOTE]
-> The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.
+> The **Active malware detections** filter column will only appear if your machines are using [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.
 
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
 - [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 496720c009..5912acb1a8 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Manage Windows Defender Advanced Threat Protection alerts
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
 
@@ -87,20 +87,20 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
     ![Image of alert status](images/atp-create-suppression-rule.png)
 
-3. Choose the context for suppressing the alert.
+3. Enter an alert title then select an indicator of compromise from the drop-down list.
   
     ![Image of alert status](images/atp-new-suppression-rule.png)
 
   > [!NOTE]
   > You cannot create a custom or blank suppression rule. You must start from an existing alert.
 
-4. Specify the conditions for when the rule is applied:
-    - Alert title
-    - Indicator of compromise (IOC)
-    - Suppression conditions
+4. Specify the suppression conditions by entering values for any of the following:
+    - Sha1
+    - File name
+    - Folder path
 
     > [!NOTE]
-    > The SHA1 of the alert cannot be modified, however you can clear the SHA1 to remove it from the suppression conditions.
+    > The SHA1 of the alert cannot be modified, however you can clear the SHA1 to remove it from the suppression conditions by removing the deselecting the checkbox.
     
 5. Specify the action and scope on the alert. <br>
    You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. Alerts that are marked as hidden will be suppressed from the entire system, both on the machine's associated alerts and from the dashboard. You can also specify to suppress the alert on the machine only or the whole organization.
@@ -110,20 +110,18 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
 ### View the list of suppression rules
 
-1. Click **Alerts queue** > **Suppression rules**.
+1. In the navigation pane, select **Settings** > **Rules**  > **Alert suppression**.
 
 2. The list of suppression rules shows all the rules that users in your organization have created.
 
-You can select rules to open up the **Alert management** pane. From there, you can activate previously disabled rules.
+For more information on managing suppression rules, see [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
 
 ## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..1f68016ea9
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,73 @@
+---
+title: Manage automation allowed/blocked lists
+description: Create lists that control what items are automatically blocked or allowed during an automatic investigation.
+keywords: manage, automation, whitelist, blacklist, block, clean, malicious
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage automation allowed/blocked lists
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+
+Create a rule to control which entities are automatically incriminated or exonerated during Automated investigations.  
+
+Entities added to the allowed list are considered safe and will not be analyzed during Automated investigations.
+
+Entities added to the blocked list are considered malicious and will be remediated during Automated investigations.
+
+You can define the conditions for when entities are identified as malicious or safe based on certain attributes such as hash values or certificates. 
+
+## Create an allowed or blocked list
+1. In the navigation pane, select **Settings** > **Rules**  > **Automation allowed/blocked list**.  
+
+2. Select the type of entity you'd like to create an exclusion for. You can choose any of the following entities: 
+   - File hash
+   - Certificate
+
+3. Click **Add system exclusion**.
+
+4. For each attribute specify the exclusion type, details, and the following required values:
+
+    - **Files** -  Hash value
+    - **Certificate** - PEM certificate file
+    
+5. Click **Update rule**.
+
+## Edit a list
+1. In the navigation pane, select **Settings** > **Rules**  > **Automation allowed/blocked list**.  
+
+2. Select the type of entity you'd like to edit the list from.  
+
+3. Update the details of the rule and click **Update rule**.
+
+## Delete a list 
+1. In the navigation pane, select **Settings** > **Rules**  > **Automation allowed/blocked list**.  
+
+2. Select the type of entity you'd like to delete the list from.
+
+3. Select the list type by clicking the check-box beside the list type.
+
+4. Click **Delete**.
+
+
+## Related topics
+- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..f6b88381ff
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,50 @@
+---
+title: Manage automation file uploads
+description: Enable content analysis and configure the file extension and email attachment extensions that will be sumitted for analysis
+keywords: automation, file, uploads, content, analysis, file, extension, email, attachment
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage automation file uploads
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
+
+Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection in Automated investigation.
+
+Identify the files and email attachments by specifying the file extension names and email attachment extension names. 
+
+For example, if you add *exe* and *bat* as file or attachment extension names, then all files or attachments with those extensions will automatically be sent to the cloud for additional inspection during Automated investigation. 
+
+## Add file extension names and attachment extension names.
+
+1. In the navigation pane, select **Settings** > **Rules** > **Automation file uploads**. 
+
+2. Toggle the content analysis setting between **On** and **Off**.
+
+3. Configure the following extension names and separate extension names with a comma:
+   - **File extension names** -  Suspicious files except email attachments will be submitted for additional inspection
+   - **Attachment extension names** - Suspicious email attachments with these extension names will be submitted for additional inspection
+
+
+
+## Related topics
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..c7d1e70c54
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,78 @@
+---
+title: Manage automation folder exclusions
+description: Add automation folder exclusions to control the files that are excluded from an automated investigation. 
+keywords: manage, automation, exclusion, whitelist, blacklist, block, clean, malicious
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage automation folder exclusions 
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink)
+
+Automation folder exclusions allow you to specify folders that the Automated investigation will skip. 
+
+You can control the following attributes about the folder that you'd like to be skipped:
+- Folders 
+- Extensions of the files
+- File names
+
+
+**Folders**<br>
+You can specify a folder and its subfolders to be skipped. You can use wild cards so that all files under the directory is skipped by the automated investigation. 
+
+**Extensions**<br>
+You can specify the extensions to exclude in a specific directory. The extensions are a way to prevent an attacker from using an excluded folder to hide an exploit. The extensions explicitly define which files to ignore. 
+
+**File names**<br>
+You can specify the file names that you want to be excluded in a specific directory. The names are a way to prevent an attacker from using an excluded folder to hide an exploit. The names explicitly define which files to ignore. 
+
+
+
+## Add an automation folder exclusion
+1. In the navigation pane, select **Settings** > **Rules**  > **Automation folder exclusions**.  
+
+2. Click **New folder exclusion**.  
+
+3. Enter the folder details:
+
+    - Folder
+    - Extensions
+    - File names
+    - Description
+    
+
+4. Click **Save**.
+
+## Edit an automation folder exclusion 
+1. In the navigation pane, select **Settings** > **Rules**  > **Automation folder exclusions**. 
+
+2. Click **Edit** on the folder exclusion.  
+
+3. Update the details of the rule and click **Save**.
+
+## Remove an automation folder exclusion 
+1. In the navigation pane, select **Settings** > **Rules**  > **Automation folder exclusions**.  
+2. Click **Remove exclusion**. 
+
+
+## Related topics
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..c06aea4230
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,49 @@
+---
+title: Manage Windows Defender Advanced Threat Protection suppression rules
+description: Manage suppression rules 
+keywords: manage suppression, rules, rule name, scope, action, alerts, turn on, turn off
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage suppression rules
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-suppressionrules-abovefoldlink)
+
+There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. For more information on how to suppress alerts, see [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts).
+
+You can view a list of all the suppression rules and manage them in one place. You can also turn an alert suppression rule on or off.
+
+## Turn a suppression rule on or off
+1. In the navigation pane, select **Settings** > **Rules**  > **Alert suppression**. The list of suppression rules that users in your organization have created is displayed.
+
+2. Select a rule by clicking on the check-box beside the rule name. 
+
+3. Click **Turn rule on** or **Turn rule off**.
+
+## View details of a suppression rule
+
+1. In the navigation pane, select **Settings** > **Rules**  > **Alert suppression**. The list of suppression rules that users in your organization have created is displayed.
+
+2. Click on a rule name. Details of the rule is displayed. You'll see the rule details such as  status, scope, action, number of matching alerts, created by, and date when the rule was created. You can also view associated alerts and the rule conditions.
+
+## Related topics
+- [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 3027bbe7f9..3983d79af5 100644
--- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Minimum requirements for Windows Defender ATP
-description: Minimum network and data storage configuration, endpoint hardware and software requirements, and deployment channel requirements for Windows Defender ATP.
-keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, endpoint, endpoint configuration, deployment channel
+description: Minimum network and data storage configuration, machine hardware and software requirements, and deployment channel requirements for Windows Defender ATP.
+keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, machine configuration, deployment channel
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/17/2017
+ms.date: 04/17/2018
 ---
 
 # Minimum requirements for Windows Defender ATP
@@ -23,9 +23,9 @@ ms.date: 11/17/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease information](prerelease.md)]
 
-
-There are some minimum requirements for onboarding your network and endpoints.
+There are some minimum requirements for onboarding machines to the service.
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink)
 
@@ -49,7 +49,7 @@ When you run the onboarding wizard for the first time, you must choose where you
 > -   You cannot change your data storage location after the first-time setup.
 > -   Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
 
-### Endpoint hardware and software requirements
+### Hardware and software requirements
 
 The Windows Defender ATP agent only supports the following editions of Windows 10:
 
@@ -58,30 +58,30 @@ The Windows Defender ATP agent only supports the following editions of Windows 1
 - Windows 10 Pro
 - Windows 10 Pro Education
 
-Endpoints on your network must be running one of these editions.
+Machines on your network must be running one of these editions.
 
-The hardware requirements for Windows Defender ATP on endpoints is the same as those for the supported editions.
+The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions.
 
 > [!NOTE]
-> Endpoints that are running mobile versions of Windows are not supported.
+> Machines that are running mobile versions of Windows are not supported.
 
 #### Internet connectivity
-Internet connectivity on endpoints is required either directly or through proxy.
+Internet connectivity on machines is required either directly or through proxy.
 
-The Windows Defender ATP sensor can utilize up to 5MB daily of bandwidth  to communicate with the Windows Defender ATP cloud service and report cyber data.
+The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data.
 
-For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
+For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
 
-Before you configure endpoints, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
+Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
 
 <span id="telemetry-and-diagnostics-settings" />
 ### Diagnostic data settings
-You must ensure that the diagnostic data service is enabled on all the endpoints in your organization.
+You must ensure that the diagnostic data service is enabled on all the machines in your organization.
 By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
 
 **Use the command line to check the Windows 10 diagnostic data service startup type**:
 
-1.  Open an elevated command-line prompt on the endpoint:
+1.  Open an elevated command-line prompt on the machine:
 
   a.  Go to **Start** and type **cmd**.
 
@@ -124,15 +124,20 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the
 ## Windows Defender Antivirus signature updates are configured
 The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
 
-You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
 
 When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
 
+Depending on the server version you're onboarding, you might need to configure a Group Policy setting to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md).
+
 For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 
 ## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Windows Defender Antivirus as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
+If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard.
 
 If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-minreq-belowfoldlink1)
+
+## Related topic
+- [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..78710989d2
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,47 @@
+---
+title: Offboard machines from the Windows Defender ATP service
+description: Onboard Windows 10 machines, servers, non-Windows machines from the Windows Defender ATP service
+keywords: offboarding, windows defender advanced threat protection offboarding, windows atp offboarding
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Offboard machines from the Windows Defender ATP service
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- macOS
+- Linux
+- Windows Server 2012 R2
+- Windows Server 2016
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink)
+
+Follow the corresponding instructions depending on your preferred deployment method.
+
+## Offboard Windows 10 machines
+  - [Offboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md#offboard-machines-using-a-local-script)
+  - [Offboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md#offboard-machines-using-group-policy)
+  - [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#offboard-machines-using-system-center-configuration-manager)
+  - [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
+
+## Offboard Servers
+  - [Offboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md#offboard-servers)
+
+## Offboard non-Windows machines
+  - [Offboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md#offboard-non-windows-machines)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index 17df4fab03..84c7cee481 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Onboard endpoints and set up the Windows Defender ATP user access
-description: Set up user access in Azure Active Directory and use Group Policy, SCCM, or do manual registry changes to onboard endpoints to the service.
-keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script
+title: Onboard machines to the Windows Defender ATP service
+description: Onboard Windows 10 machines, servers, non-Windows machines and learn how to run a detection test.
+keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/21/2017
+ms.date: 04/17/2018
 ---
 
-# Onboard and set up Windows Defender Advanced Threat Protection
+# Onboard machines to the Windows Defender ATP service
 
 **Applies to:**
 
@@ -21,15 +21,19 @@ ms.date: 11/21/2017
 - Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
+- macOS
+- Linux
+- Windows Server 2012 R2
+- Windows Server 2016
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
 You need to onboard to Windows Defender ATP before you can use the service.
 
-For more information, see [Onboard your Windows 10 endpoints to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
+For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
 
 ## Licensing requirements
 Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
@@ -43,19 +47,23 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us
 ## Windows Defender Antivirus configuration requirement
 The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
 
-You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
 
 When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
 
+If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md).
+
+
 For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 
 
 ## In this section
 Topic | Description
 :---|:---
-[Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise.
-[Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products� sensor data. 
-[Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP 
+[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
+[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP 
+[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
+[Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
 [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
 [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index 14d4fc1ac4..ce444d924a 100644
--- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -1,16 +1,16 @@
 ---
 title: Windows Defender Advanced Threat Protection portal overview
 description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
-keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, preferences setup, endpoint management, advanced attacks
+keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
-author: DulceMV
+author: mjcaparas
 ms.localizationpriority: high
-ms.date: 03/12/2018
+ms.date: 04/17/2018
 ---
 
 # Windows Defender Advanced Threat Protection portal overview
@@ -23,7 +23,7 @@ ms.date: 03/12/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
 
@@ -37,29 +37,29 @@ You can use the [Windows Defender ATP portal](https://securitycenter.windows.com
 ## Windows Defender ATP portal
 When you open the portal, you’ll see the main areas of the application:
 
- ![Windows Defender Advanced Threat Protection portal](images/atp-portal.png)
+ ![Windows Defender Advanced Threat Protection portal](images/dashboard.png)
 
 - (1) Navigation pane
 - (2) Main portal
-- (3) Search, Feedback, Settings, Help and support
+- (3) Search, Community center, Time settings, Help and support, Feedback
 
 > [!NOTE]
-> Malware related detections will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> Malware related detections will only appear if your machines are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
 
 You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section.
 
 Area | Description
 :---|:---
-(1) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
-**Dashboards**	| Allows you to access the Security operations or the Secure score dashboard.
-**Alerts queue** | Allows you to view separate queues: new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
+(1) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Automated investigations**, **Machines list**, **Service health**, **Advanced hunting**, and **Settings**.
+**Dashboards**	| Access the Security operations, the Secure Score, or Threat analytics dashboard.
+**Alerts** | View separate queues of new, in progress, resolved alerts, alerts assigned to you.
+**Automated investigations** | Displays a list of automated investigations that's been conducted in the network, the status of each investigation and other details such as when the investigation started and the duration of the investigation.
 **Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
 **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
-**Preferences setup** |	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Secure score dashboard.
-**Endpoint management** |	Provides access to endpoints such as clients and servers. Allows you to download the onboarding configuration package for endpoints. It also provides access to endpoint offboarding.
-**Community center** | Access the Community center to learn, collaborate, and share experiences about the product. 
-(2) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
-(3) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text.  </br> **Feedback** - Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones and view license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
+**Advanced hunting** | Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool.
+**Settings** |	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Secure Score dashboard.
+**(2) Main portal** | Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
+**(3) Search, Community center, Time settings,  Help and support, Feedback** | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. </br></br> **Community center** -Access the Community center to learn, collaborate, and share experiences about the product. </br></br>  **Time settings** - Gives you access to the configuration settings where you can set time zones and view license information. </br></br>  **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.</br></br> **Feedback** - Access the feedback button to provide comments about the portal. 
 
 ## Windows Defender ATP icons
 The following table provides information on the icons used all throughout the portal:
@@ -97,6 +97,20 @@ Icon | Description
 ![Memory allocation icon](images\atp-memory-allocation-icon.png)| Memory allocation
 ![Process injection icon](images\atp-process-injection.png)| Process injection
 ![Powershell command run icon](images\atp-powershell-command-run-icon.png)| Powershell command run
+![Community center icon](images\atp-community-center.png) | Community center 
+![Notifications icon](images\atp-notifications.png) | Notifications
+![No threats found](images\no-threats-found.png) | Automated investigation - no threats found
+![Failed icon](images\failed.png) | Automated investigation - failed
+![Partially remediated icon](images\partially-investigated.png) | Automated investigation - partially investigated
+![Termindated by system](images\terminated-by-system.png) | Automated investigation - terminated by system
+![Pending icon](images\pending.png) | Automated investigation - pending
+![Running icon](images\running.png) | Automated investigation - running
+![Remediated icon](images\remediated.png) | Automated investigation - remediated 
+![Partially investigated icon](images\partially_remediated.png) | Automated investigation - partially remediated
 
-## Related topic
-[Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+
+## Related topics
+- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
index 36517f85e2..e92d59ee73 100644
--- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Create and build Power BI reports using Windows Defender ATP data
 description: Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources.
-keywords: preferences setup, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup
+keywords: settings, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 03/16/2018
+ms.date: 04/17/2018
 ---
 # Create and build Power BI reports using Windows Defender ATP data
 
@@ -32,24 +32,26 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
 Data connectors integrate seamlessly in Power BI, and make it easy for power users to query, shape and combine data to build reports and dashboards that meet the needs of your organization. 
 
 You can easily get started by:
-- Creating a dashboard on the Power BI service:
-  - From the Windows Defender ATP portal or 
-  - From the Power BI portal
+- Creating a dashboard on the Power BI service 
 - Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization 
 
 You can access these options from the Windows Defender ATP portal. Both the Power BI service and Power BI Desktop are supported. 
 
-## Create a Power BI dashboard from the Windows Defender ATP portal
+## Create a Windows Defender ATP dashboard on Power BI service
 Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
 
-1. In the navigation pane, select **Preferences setup** > **Power BI reports**.
-    
-    ![Preferences setup with create dashboard button](images/atp-create-dashboard.png)
+1. In the navigation pane, select **Settings** > **General** > **Power BI reports**.
 
-2.	Click **Create dashboard**. You'll see a notification that things are being loaded. 
+2.	Click **Create dashboard**.
+
+    ![Image of create dashboard](images/atp-create-dashboard.png)
+    
+    You'll see a notification that things are being loaded. 
 
     ![Image of loading](images/atp-loading.png)
 
+    >[!NOTE]
+    >Loading your data in the Power BI service can take a few minutes.
 
 3. Specify the following details:
     - **extensionDataSourceKind**: WDATPConnector
@@ -62,7 +64,7 @@ Windows Defender ATP makes it easy to create a Power BI dashboard by providing a
 
       ![Consent image](images/atp-powerbi-accept.png)
 
-5.	Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
+5. Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
 
     ![Image of importing data](images/atp-powerbi-importing.png)
     
@@ -78,7 +80,6 @@ Windows Defender ATP makes it easy to create a Power BI dashboard by providing a
 
 For more information, see [Create a Power BI dashboard from a report](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-create-a-dashboard/).
 
-
 ## Create a Power BI dashboard from the Power BI portal
 
 1. Login to [Power BI](https://powerbi.microsoft.com/).
@@ -126,11 +127,11 @@ You can create a custom dashboard in Power BI Desktop to create visualizations t
 ### Before you begin
 1.	Make sure you use Power BI Desktop June 2017 and above. [Download the latest version](https://powerbi.microsoft.com/en-us/desktop/).
 
-2.	In the Windows Defender ATP portal navigation pane, select **Preferences setup** > **Power BI reports**.
+2.	In the navigation pane, select **Settings** > **General** > **Power BI reports**.
 
 3.	Click **Download connector** to download the WDATPPowerBI.zip file and extract it.
 
-    ![Preferences setup with download connector button](images/atp-download-connector.png)
+    ![Settings with download connector button](images/atp-download-connector.png)
 
 4.	Create a new directory `Microsoft Power BI Desktop\Custom Connectors` under the user's Documents folder.
 
@@ -154,12 +155,14 @@ After completing the steps in the Before you begin section, you can proceed with
 
 1.	Open WDATPPowerBI.pbit from the zip with Power BI Desktop.
 
-2.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
+2.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
 
-    ![Consent image](images/atp-powerbi-accept.png)
+    ![Consent image](images/atp-powerbi-consent.png)
 
 3.	Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
 
+
+
 ## Mashup Windows Defender ATP data with other data sources
 You can use Power BI Desktop to analyse data from Windows Defender ATP and mash that data up with other data sources to gain better security perspective in your organization.
 
@@ -173,9 +176,9 @@ You can use Power BI Desktop to analyse data from Windows Defender ATP and mash
 
     ![Power BI preview connector](images/atp-powerbi-preview.png) 
 
-4.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
+4.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
 
-    ![Consent image](images/atp-powerbi-accept.png)
+    ![Consent image](images/atp-powerbi-consent.png)
 
 5.	Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
 
@@ -187,13 +190,14 @@ You can use Power BI Desktop to analyse data from Windows Defender ATP and mash
 
 8.	Add visuals and select fields from the available data sources. 
 
-## Related topics
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+## Using the Power BI reports
+There are a couple of tabs on the report that's generated:
+
+- Machine and alerts 
+- Investigation results and action center
+- Secure Score
+
+In general, if you know of a specific threat name, CVE, or KB, you can identify machines with unpatched vulnerabilities that might be leveraged by threats. This report also helps you determine whether machine-level mitigations are configured correctly on the machines and prioritize those that might need attention.
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
index 38a4ba668d..36e285cce8 100644
--- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # PowerShell code examples for the custom threat intelligence API
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 This article provides PowerShell code examples for using the custom threat intelligence API.
 
@@ -38,7 +38,7 @@ These code examples demonstrate the following tasks:
 ## Step 1: Obtain an Azure AD access token
 The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
 
-Replace the *authUrl*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal:
+Replace the *authUrl*, *clientid*, and *clientSecret* values with the ones you got from **Settings** page in the portal:
 
 ```powershell
 $authUrl = 'Your Authorization URL'
@@ -180,8 +180,8 @@ $ioc =
 
 ## Related topics
 - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
 - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
index a21cd910cd..4d00c68de1 100644
--- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Configure Windows Defender ATP preferences settings
-description: Use the preferences setup to configure and update your preferences settings such as enabling advanced features, preview experience, email notifications, or custom threat intelligence.
-keywords: preferences settings, settings, advanced features, preview experience, email notifications, custom threat intelligence
+title: Configure Windows Defender ATP settings
+description: Use the settings page to configure general settings, permissions, apis, and rules.
+keywords: settings, general settings, permissions, apis, rules
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,9 +10,9 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
-# Configure Windows Defender ATP preferences settings
+# Configure Windows Defender ATP settings
 
 **Applies to:**
 
@@ -22,20 +22,19 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
 
-Use the **Preferences setup** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
+Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
 
 ## In this section
 
 Topic | Description
 :---|:---
-[Update general settings](general-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process.
-[Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products.
-[Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md) | Allows you to turn on preview features so you can try upcoming features.
-[Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications.
-[Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) | Enable security information and event management (SIEM) integration to pull alerts from the Windows Defender ATP portal using your SIEM solution.
-[Enable Threat intel API](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application.
-[Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) | Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources.
+[Update general settings](data-retention-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process.
+Permissions | Manage portal access using RBAC as well as machine groups.
+APIs | Enable the threat intel and SIEM integration.
+Rules | Configure suppressions rules and automation settings.
+Machine management | Onboard and offboard machines.
+
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
index b6de75210b..6f65f14423 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Turn on the preview experience in Windows Defender ATP
 description: Turn on the preview experience in Windows Defender Advanced Threat Protection to try upcoming features.
-keywords: advanced features, preferences setup, block file
+keywords: advanced features, settings, block file
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 # Turn on the preview experience in Windows Defender ATP
 
@@ -22,21 +22,21 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
 
 Turn on the preview experience setting to be among the first to try upcoming features.
 
-1. In the navigation pane, select **Preferences setup** > **Preview experience**.
+1. In the navigation pane, select **Settings** > **Preview experience**.
 
-    ![Image of Preferences setup and preview experience](images/atp-preview-features.png)
+    ![Image of settings and preview experience](images/atp-preview-features.png)
 
 
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 
 ## Related topics
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
+- [Update general settings in Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md)
 - [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
 - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
 - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index a05e77c9a2..4d92a145bd 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/30/2017
+ms.date: 04/17/2018
 ---
 
 # Windows Defender ATP preview features
@@ -23,31 +23,31 @@ ms.date: 11/30/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) 
 
+
 Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
 
 You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
 
 Turn on the preview experience setting to be among the first to try upcoming features.
 
-1. In the navigation pane, select **Preferences setup** > **Preview experience**.
-
-    ![Image of Preferences setup and preview experience](images/atp-preview-features.png)
+1. In the navigation pane, select **Settings** > **General** > **Advanced features** > **Preview features**.
 
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 
 ## Preview features
 The following features are included in the preview release:
 
-- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)<br>
+- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)<br>
 Windows Defender ATP supports the onboarding of the following servers:
     - Windows Server 2012 R2
     - Windows Server 2016
+    - Windows Server, version 1803
 
 - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)<br>
 Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
@@ -55,12 +55,6 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
 - [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)<br>
     Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
 
-- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)<br>
-Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
-
-- [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)<br>
-The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. Access and join the community to learn and interact with other members on product specific information. 
-
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)  
 
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 82d802c5f9..d3de2bec95 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Pull Windows Defender ATP alerts using REST API
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) 
 
@@ -67,18 +67,18 @@ POST /72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/token HTTP/1.1
 Host: login.microsoftonline.com
 Content-Type: application/x-www-form-urlencoded
 
-resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com&client_id=35e0f735-5fe4-4693-9e68-3de80f1d3745&client_secret=IKXc6PxB2eoFNJ%2FIT%2Bl2JZZD9d9032VXz6Ul3D2WyUQ%3D&grant_type=client_credentials
+resource=https%3A%2F%2Fgraph.windows.net&client_id=35e0f735-5fe4-4693-9e68-3de80f1d3745&client_secret=IKXc6PxB2eoFNJ%2FIT%2Bl2JZZD9d9032VXz6Ul3D2WyUQ%3D&grant_type=client_credentials
 ```
 The response will include an access token and expiry information.
 
 ```json
 {
-  "token type": "Bearer",
-  "expires in": "3599"
+  "token_type": "Bearer",
+  "expires_in": "3599"
   "ext_expires_in": "0",
   "expires_on": "1488720683",
   "not_before": "1488720683",
-  "resource": "https://WDATPAlertExport.Seville.onmicrosoft.com",
+  "resource": "https://graph.windows.net",
   "access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..."
 }
 ```
@@ -103,7 +103,9 @@ Use optional query parameters to specify and control the amount of data returned
 
 Name | Value| Description
 :---|:---|:---
-DateTime?sinceTimeUtc | string | Defines the time alerts are retrieved from based from `LastProccesedTimeUtc` time to current time. <br><br> **NOTE**: When not specified, all alerts generated in the last two hours are retrieved.
+DateTime?sinceTimeUtc | string | Defines the lower time bound alerts are retrieved from, based on field: <br> `LastProccesedTimeUtc` <br> The time range will be: from sinceTimeUtc time to current time. <br><br> **NOTE**: When not specified, all alerts generated in the last two hours are retrieved.
+DateTime?untilTimeUtc | string | Defines the upper time bound alerts are retrieved. <br> The time range will be: from `sinceTimeUtc` time to `untilTimeUtc` time. <br><br> **NOTE**: When not specified, the default value will be the current time.
+string ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time. <br><br> Value should be set according to **ISO 8601** duration format <br> E.g. `ago=PT10M` will pull alerts received in the last 10 minutes.
 int?limit | int | Defines the number of alerts to be retrieved. Most recent alerts will be retrieved based on the number defined.<br><br> **NOTE**: When not specified, all alerts available in the time range will be retrieved.
 
 ### Request example
@@ -117,7 +119,7 @@ Authorization: Bearer <your access token>
 The following example demonstrates a request to get the last 20 alerts since 2016-09-12 00:00:00.
 
 ```syntax
-GET  https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc="2016-09-12 00:00:00"
+GET  https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc=2016-09-12T00:00:00.000
 Authorization: Bearer <your access token>
 ```
 
diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
index b3bcae08b4..278e02f9bb 100644
--- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Python code examples for the custom threat intelligence API
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 ## Before you begin
 You must [install](http://docs.python-requests.org/en/master/user/install/#install) the "[requests](http://docs.python-requests.org/en/master/)" python library.
@@ -39,7 +39,7 @@ These code examples demonstrate the following tasks:
 ## Step 1: Obtain an Azure AD access token
 The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
 
-Replace the *auth_url*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal:
+Replace the *auth_url*, *client_id*, and *client_secret* values with the ones you got from **Settings** page in the portal:
 
 ```
 import json
@@ -183,8 +183,8 @@ with requests.Session() as session:
 
 ## Related topics
 - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
 - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..8b7ad9f93e
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,116 @@
+---
+title: Use role-based access control to grant fine-grained access to the Windows Defender ATP portal
+description: Create roles and groups within your security operations to grant access to the portal.
+keywords: rbac, role, based, access, control, groups, control, tier, aad
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage portal access using role-based access control
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Azure Active Directory
+- Office 365
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-rbac-abovefoldlink)
+
+
+Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the  portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do. 
+
+Large geo-distributed security operations teams typically adopt a tier-based model to assign and authorize access to security portals. Typical tiers include the following three levels:
+
+Tier | Description
+:---|:---
+Tier 1 | **Local security operations team / IT team** <br> This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required.
+Tier 2 | **Regional security operations team** <br> This team can see all the machines for their region and perform remediation actions.
+Tier 3 | **Global security operations team** <br> This team consists of security experts and are authorized to see and perform all actions from the portal.
+
+Windows Defender ATP RBAC is designed to support your tier- or role-based model of choice and gives you granular control over what roles can see, machines they can access, and actions they can take. The RBAC framework is centered around the following controls:
+
+- **Control who can take specific action**
+  - Create custom roles and control what Windows Defender ATP capabilities they can access with granularity.
+ 
+- **Control who can see information on specific machine group or groups**
+  - [Create machine groups](machine-groups-windows-defender-advanced-threat-protection.md) by specific criteria such as names, tags, domains, and others, then grant role access to them using a specific Azure AD user group.
+
+To implement role-based access, you'll need to define admin roles, assign corresponding permissions, and assign Azure Active Directory (Azure AD) user groups assigned to the roles.
+
+
+### Before you begin
+Before using RBAC, it's important that you understand the roles that can grant permissions and the consequences of turning on RBAC.
+
+
+> [!WARNING]
+> Before enabling the feature, it's important that you have a Global Administrator role or Security Administrator role in Azure AD and that you have your Azure AD groups ready to reduce the risk of being locked out of the portal. 
+
+When you first log in to the Windows Defender ATP portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD. 
+
+Someone with a Windows Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments
+
+> [!WARNING]
+> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in the Windows Defender ATP portal, therefore, having the right groups ready in Azure AD is important.
+>
+> **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.** 
+>
+>Users with admin permissions are automatically assigned the default built-in Windows Defender ATP global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Windows Defender ATP global administrator role. 
+>
+> After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal. 
+
+## Create roles and assign the role to a group
+
+1.	In the navigation pane, select **Settings > Role based access control > Roles**.
+
+2.	Click **Add role**. 
+
+3.	Enter the role name, description, and active permissions you’d like to assign to the role.
+
+	 - **Role name**
+
+	 - **Description**
+
+	 - **Active permissions**
+		  - **View data** - Users can view information in the portal.
+		  - **Investigate alerts** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline.
+		  - **Approve or take action** - Users can take response actions and approve or dismiss pending remediation actions.
+		  - **Manage system settings** - Users can configure settings, SIEM and threat intel API settings, advanced settings, preview features, and automated file uploads.
+		  
+4.	Click **Next** to assign the role to an Azure AD group.
+
+5.	Use the filter to select the Azure AD group that you’d like to add to this role.
+
+6.	Click **Save and close**.
+
+7.	Apply the configuration settings.
+
+## Edit roles
+
+1.	Select the role you'd like to edit.
+
+2.	Click **Edit**.
+
+3.	Modify the details or the groups that the role is a part of. 
+
+4.	Click **Save and close**.
+
+## Delete roles
+
+1.	Select the role row you'd like to delete.
+
+2.	Click the drop-down button and select **Delete role**.
+
+## Related topic
+- [Create and manage machine groups in Windows Defender ATP](machine-groups-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index c3162d20c2..0e5f08d3d5 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 03/06/2018
+ms.date: 04/17/2018
 ---
 
 # Take response actions on a file
@@ -57,23 +57,25 @@ The action takes effect on machines with Windows 10, version 1703 or later, wher
   - **Search box** - select File from the drop–down menu and enter the file name
 
 2.	Open the **Actions menu** and select **Stop and Quarantine File**.
+
     ![Image of stop and quarantine file action](images/atp-stop-quarantine-file.png)
 
-3. Type a comment and select **Yes, stop and quarantine** to take action on the file.
+3. Specify a reason, then click **Yes, stop and quarantine**.
+
     ![Image of stop and quarantine file](images/atp-stop-quarantine.png)
 
-  The Action center shows the submission information:
+    The Action center shows the submission information:
     ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file.png)
 
-   - **Submission time** - Shows when the action was submitted.
-   - **Success** - Shows the number of machines where the file has been stopped and quarantined.
-   - **Failed** - Shows the number of machines where the action failed and details about the failure.
-   - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
+    - **Submission time** - Shows when the action was submitted.
+    - **Success** - Shows the number of machines where the file has been stopped and quarantined.
+    - **Failed** - Shows the number of machines where the action failed and details about the failure.
+    - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
 
 4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed.
 
 **Notification on machine user**:</br>
-When the file is being removed from an endpoint, the following notification is shown:
+When the file is being removed from a machine, the following notification is shown:
 
 ![Image of notification on machine user](images/atp-notification-file.png)
 
@@ -89,7 +91,7 @@ For prevalent files in the organization, a warning is shown before an action is
 ## Remove file from quarantine
 You can roll back and remove a file from quarantine if you’ve determined that it’s clean after an investigation. Run the following command on each machine where the file was quarantined.
 
-1.	Open an elevated command–line prompt on the endpoint:
+1.	Open an elevated command–line prompt on the machine:
 
     a.	Go to **Start** and type cmd.
 
@@ -116,14 +118,27 @@ You can prevent further propagation of an attack in your organization by banning
 
 
 ### Enable the block file feature
-1.	In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**.
+Before you can block files, you'll need to enable the feature.
+
+1.	In the navigation pane, select **Settings** > **Advanced features** > **Block file**.
 
 2.	Toggle the setting between **On** and **Off** and select **Save preferences**.
+    
+    ![Image of advanced settings for block file feature](images/atp-preferences-setup.png)
+  
+### Block a file
+1.	Select the file you want to block. You can select a file from any of the following views or use the Search box:
 
-  ![Image of preferences setup](images/atp-preferences-setup.png)
+  - **Alerts** - click the corresponding links from the Description or Details in the Artifact timeline
+  - **Search box** - select File from the drop–down menu and enter the file name
 
+2.	Open the **Actions menu** and select **Block**. 
+    
+    ![Image of block action](images/atp-action-block-file.png)
 
-3. Type a comment and select **Yes, block file** to take action on the file.
+3. Specify a reason and select **Yes, block file** to take action on the file.
+    
+    ![Image of block file action](images/atp-block-file.png)
 
     The Action center shows the submission information:
     ![Image of block file](images/atp-blockfile.png)
@@ -135,7 +150,7 @@ You can prevent further propagation of an attack in your organization by banning
 When the file is blocked, there will be a new event in the machine timeline.</br>
 
 **Notification on machine user**:</br>
-When a file is being blocked on the endpoint, the following notification is displayed to inform the user that the file was blocked:
+When a file is being blocked on the machine, the following notification is displayed to inform the user that the file was blocked:
 
 ![Image of notification on machine user](images/atp-notification-file.png)
 
@@ -150,7 +165,6 @@ For prevalent files in the organization, a warning is shown before an action is
 1.	Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
 
   - **Alerts** - Click the file links from the Description or Details in the Artifact timeline <br>
-  - **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section <br>
   - **Search box** - Select File from the drop–down menu and enter the file name
 
 2.	Open the **Actions** menu and select **Remove file from blocked list**.
@@ -235,7 +249,7 @@ If you encounter a problem when trying to submit a file, try each of the followi
 3. You can wait a short while and try to submit the file again, in case the queue is full or there was a temporary connection or communication error.
 4. Verify the policy setting enables sample collection and try to submit the file again.
 
-  a. Change the following registry entry and values to change the policy on specific endpoints:
+  a. Change the following registry entry and values to change the policy on specific machines:
  ```
 HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
   Value = 0 – block sample collection
@@ -247,5 +261,5 @@ HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
 > [!NOTE]
 > If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
 
-## Related topics
+## Related topic
 - [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index adcfd622e0..ac9d6c02de 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -73,6 +73,7 @@ The package contains the following folders:
     ![Image of notification to collect package](images/atp-notification-collect-package.png)
 
     The Action center shows the submission information:
+
     ![Image of investigation package in action center](images/atp-action-center-package-collection.png)
 
     - **Submission time** - Shows when the action was submitted.
@@ -247,5 +248,5 @@ All other related details are also shown, for example, submission time, submitti
 
 ![Image of action center with information](images/atp-action-center-with-info.png)
 
-## Related topics
+## Related topic
 - [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
index 6092b45364..f4a083f835 100644
--- a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
@@ -38,15 +38,3 @@ Topic | Description
 :---|:---
 [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)| Isolate machines or collect an investigation package.
 [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)| Stop and quarantine files or block a file from your network.
-
-## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
index 9be70be191..f74f0543b9 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Run a detection test on a newly onboarded Windows Defender ATP endpoint
-description: Run the detection script on a newly onboarded endpoint to verify that it is properly onboarded to the Windows Defender ATP service.
-keywords: detection test, detection, powershell, script, verify, onboarding, windows defender advanced threat protection onboarding, clients, servers, endpoint, test
+title: Run a detection test on a newly onboarded Windows Defender ATP machine
+description: Run the detection script on a newly onboarded machine to verify that it is properly onboarded to the Windows Defender ATP service.
+keywords: detection test, detection, powershell, script, verify, onboarding, windows defender advanced threat protection onboarding, clients, servers, test
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -13,7 +13,7 @@ ms.localizationpriority: high
 ms.date: 11/06/2017
 ---
 
-#  Run a detection test on a newly onboarded Windows Defender ATP endpoint 
+#  Run a detection test on a newly onboarded Windows Defender ATP machine 
 
 **Applies to:**
 
@@ -24,9 +24,9 @@ ms.date: 11/06/2017
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
-Run the following PowerShell script on a newly onboarded endpoint to verify that it is properly reporting to the Windows Defender ATP service.
+Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
 
-1. Open an elevated command-line prompt on the endpoint and run the script:
+1. Open an elevated command-line prompt on the machine and run the script:
 
     a.  Go to **Start** and type **cmd**.
 
@@ -40,8 +40,8 @@ Run the following PowerShell script on a newly onboarded endpoint to verify that
     powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\test-WDATP-test\invoice.exe');Start-Process 'C:\test-WDATP-test\invoice.exe'
     ```
 
-The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded endpoint in approximately 10 minutes.
+The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded machine in approximately 10 minutes.
 
 ## Related topics
-- [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..43e1cf6abb
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,351 @@
+---
+title: View the Secure Score dashboard in Windows Defender ATP
+description: Use the Secure Score dashboard to assess and improve the security state of your organization by analyzing various security control tiles. 
+keywords: secure score, dashboard, security recommendations, security control state, security score, score improvement, microsoft secure score, security controls, security control, improvement opportunities, edr, antivirus, av, os security updates
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# View the Windows Defender Advanced Threat Protection Secure score dashboard
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink) 
+
+
+The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
+
+>[!IMPORTANT]
+> This feature is available for machines on Windows 10, version  1703 or later. 
+
+
+The **Secure score dashboard** displays a snapshot of:
+- Microsoft Secure score
+- Windows Defender security controls
+- Improvement opportunities
+- Security score over time
+
+![Secure score dashboard](images/ss1.png)
+
+## Microsoft secure score
+The Microsoft secure score tile is reflective of the sum of all the Windows Defender security controls that are configured according to the recommended baseline and Office 365 controls. It allows you to drill down into each portal for further analysis. You can also improve this score by taking the steps in configuring each of the security controls in the optimal settings.
+
+![Image of Microsoft secure score tile](images/mss.png)
+
+Each Windows Defender security control contributes 100 points to the score. The total number is reflective of the score potential and calculated by multiplying the number of supported security controls (Windows Defender security controls pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar). 
+
+The Office 365 Secure Score looks at your settings and activities and compares them to a baseline established by Microsoft. For more information, see [Introducing the Office 365 Secure Score](https://support.office.com/en-us/article/introducing-the-office-365-secure-score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef#howtoaccess).
+
+In the example image, the total points for the Windows security controls and Office 365 add up to 718 points. 
+
+You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md).
+
+## Windows Defender security controls
+The security controls tile shows a bar graph where each bar represents a Windows Defender security control. Each bar reflects the number of machines that are well configured and those that require **any kind of attention** for each security control. Hovering on top of the individual bars will show exact numbers for each category. Machines that are green are well configured, while machines that are orange require some level of attention. 
+
+
+![Windows Defender security controls](images/wdsc.png)
+
+## Improvement opportunities 
+Improve your score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
+
+Click on each control to see the recommended optimizations.
+
+![Improvement opportunities](images/io.png)
+
+The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action.  When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile.
+
+>[!IMPORTANT]
+>Recommendations that do not display a green triangle icon are informational only and no action is required. 
+
+Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. 
+
+The following image shows an example list of machines where the EDR sensor is not turned on.
+
+![Image of view machines list with a filter applied](images/atp-security-analytics-view-machines2.png)
+
+## Security score over time
+You can track the progression of your organizational security posture over time using this tile. It displays the overall and individual control scores in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
+
+![Image of the security score over time tile](images/ssot.png)
+
+You can click on specific date points to see the total score for that security control is on a particular date.
+
+## Improve your secure score by applying improvement recommendations
+Each security control lists recommendations that you can take to increase the security posture of your organization.
+
+### Endpoint detection and response (EDR) optimization
+For an machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for your Endpoint detection and response tool.
+
+>[!IMPORTANT]
+>This feature is available for machines on Windows 10, version  1607 or later.
+
+#### Minimum baseline configuration setting for EDR:
+- Windows Defender ATP sensor is on
+- Data collection is working correctly
+- Communication to Windows Defender ATP service is not impaired
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Turn on sensor
+- Fix sensor data collection
+- Fix impaired communications
+
+For more  information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). 
+
+### Windows Defender Antivirus (Windows Defender AV) optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AV is fulfilled.
+
+>[!IMPORTANT]
+>This feature is available for machines on Windows 10, version  1607 or later. 
+
+#### Minimum baseline configuration setting for Windows Defender AV:
+Machines are considered "well configured" for Windows Defender AV if the following requirements are met:
+
+- Windows Defender AV is reporting correctly
+- Windows Defender AV is turned on
+- Signature definitions are up to date
+- Real-time protection is on
+- Potentially Unwanted Application (PUA) protection is enabled
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+
+>[!NOTE]
+> For the Windows Defender Antivirus properties to show,  you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the machine. 
+
+- Fix antivirus reporting
+  - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
+- Turn on antivirus
+- Update antivirus definitions
+- Turn on real-time protection
+- Turn on PUA protection
+
+For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
+
+
+### OS security updates optimization
+This tile shows you the exact number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
+ 
+>[!IMPORTANT]
+>This feature is available for machines on Windows 10, version  1607 or later.
+
+You can take the following actions to increase the overall security score of your organization:
+- Install the latest security updates
+- Fix sensor data collection
+  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/en-us/help/4027322/windows-windows-update-troubleshooter).
+
+
+### Windows Defender Exploit Guard (Windows Defender EG) optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on machines so that the minimum baseline configuration setting for Windows Defender EG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender EG events on the Windows Defender ATP Machine timeline. 
+
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender EG:
+Machines are considered "well configured" for Windows Defender EG if the following requirements are met:
+
+- System level protection settings are configured correctly
+- Attack Surface Reduction rules are configured correctly
+- Controlled Folder Access setting is configured correctly
+
+##### System level protection:
+The following system level configuration settings must be set to **On or Force On**:
+
+1.	Control Flow Guard 
+2.	Data Execution Prevention (DEP)
+3.	Randomize memory allocations (Bottom-up ASLR)
+4.	Validate exception chains (SEHOP)
+5.	Validate heap integrity
+
+>[!NOTE]
+>The setting **Force randomization for images (Mandatory ASLR)** is currently excluded from the baseline.
+>Consider configuring **Force randomization for images (Mandatory ASLR)** to **On or Force On** for better protection.
+
+##### Attack Surface Reduction (ASR) rules:
+The following ASR rules must be configured to **Block mode**:
+
+Rule description | GUIDs 
+-|-
+Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
+Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
+Block Office applications from creating executable content  | 3B576869-A4EC-4529-8536-B80A7769E899
+Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
+Block execution of potentially obfuscated scripts  | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
+Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+
+
+
+>[!NOTE]
+>The setting **Block Office applications from injecting into other processes** with GUID 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 is excluded from the baseline.
+>Consider enabling this rule in **Audit** or **Block mode** for better protection.
+
+
+##### Controlled Folder Access
+The Controlled Folder Access setting must be configured to **Audit mode** or **Enabled**.
+
+>[!NOTE]
+> Audit mode, allows you to see audit events in the Windows Defender ATP Machine timeline however it does not block suspicious applications.
+>Consider enabling Controlled Folder Access for better protection.
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Turn on all system-level Exploit Protection settings
+- Set all ASR rules to enabled or audit mode
+- Turn on Controlled Folder Access
+- Turn on Windows Defender Antivirus on compatible machines
+
+For more information, see [Windows Defender Exploit Guard](../windows-defender-exploit-guard/windows-defender-exploit-guard.md).
+
+### Windows Defender Application Guard (Windows Defender AG) optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender AG events on the Windows Defender ATP Machine timeline. 
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender AG:
+Machines are considered "well configured" for Windows Defender AG if the following requirements are met:
+
+- Hardware and software prerequisites are met
+- Windows Defender AG is turned on compatible machines
+- Managed mode is turned on
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Ensure hardware and software prerequisites are met
+    
+    >[!NOTE]
+    >This improvement item does not contribute to the security score in itself because it's not a prerequisite for Windows Defender AG. It gives an indication of a potential reason why Windows Defender AG is not turned on.
+
+- Turn on  Windows Defender AG on compatible machines
+- Turn on managed mode
+
+
+For more information, see [Windows Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
+
+
+### Windows Defender SmartScreen optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender SmartScreen is fulfilled.
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender SmartScreen:
+The following settings must be configured with the following settings:
+- Check apps and files: **Warn** or **Block** 
+- SmartScreen for Microsoft Edge: **Warn** or **Block**
+- SmartScreen for Microsoft store apps: **Warn** or **Off**
+
+
+You can take the following actions to increase the overall security score of your organization:
+- Set **Check app and files** to **Warn** or **Block**
+- Set **SmartScreen for Microsoft Edge** to **Warn** or **Block**
+- Set **SmartScreen for Microsoft store apps** to **Warn** or **Off**
+
+For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
+
+
+
+### Windows Defender Firewall optimization
+For a machine to be considered "well configured", Windows Defender Firewall must be turned on and enabled for all profiles and inbound connections are blocked by default. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender Firewall is fulfilled. 
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender Firewall 
+
+- Windows Defender Firewall is turned on for all network connections
+- Secure domain profile by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+- Secure private profile by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+- Secure public profile is configured by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+
+For more information on Windows Defender Firewall settings, see [Planning settings for a basic firewall policy](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy).
+
+>[!NOTE]
+> If Windows Defender Firewall is not your primary firewall, consider excluding it from the security score calculations and make sure that your third-party firewall is configured in a securely.
+
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Turn on firewall
+- Secure domain profile 
+- Secure private profile
+- Secure public profile
+- Verify secure configuration of third-party firewall
+- Fix sensor data collection
+  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+For more information, see [Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security).
+
+### BitLocker optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for BitLocker is fulfilled. 
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1803 or later.
+
+#### Minimum baseline configuration setting for BitLocker
+- Ensure all supported internal drives are encrypted
+- Ensure that all suspended protection on drives resume protection 
+- Ensure that drives are compatible
+
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Encrypt all supported drives
+- Resume protection on all drives
+- Ensure drive compatibility
+- Fix sensor data collection
+  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+For more information, see [Bitlocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview).
+
+### Windows Defender Credential Guard optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender Credential Guard is fulfilled.
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later. 
+
+#### Minimum baseline configuration setting for Windows Defender Credential Guard:
+Machines are considered "well configured" for Windows Defender Credential Guard if the following requirements are met:
+
+- Hardware and software prerequisites are met
+- Windows Defender Credential Guard is turned on on compatible machines
+
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+
+- Ensure hardware and software prerequisites are met
+- Turn on Credential Guard 
+- Fix sensor data collection
+  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+For more information, see [Manage Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-manage).
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) 
+
+## Related topics
+- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 6ea27c4f75..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,256 +0,0 @@
----
-title: View the Secure score dashboard in Windows Defender ATP
-description: Use the Secure score dashboard to assess and improve the security state of your organization by analyzing various security control tiles. 
-keywords: secure score, dashboard, security recommendations, security control state, security score, score improvement, organizational security score, security coverage, security control, improvement opportunities, edr, antivirus, av, os security updates
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: mjcaparas
-localizationpriority: high
-ms.date: 03/12/2018
----
-
-# View the Windows Defender Advanced Threat Protection Secure score dashboard
-
-**Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink) 
-
-
-The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
-
->[!IMPORTANT]
-> This feature is available for machines on Windows 10, version  1703 or later. 
-
-The **Secure score dashboard** displays a snapshot of:
-- Organizational security score
-- Security coverage
-- Improvement opportunities
-- Security score over time
-
-![Secure score dashboard](images/atp-dashboard-security-analytics-full.png)
-
-## Organizational security score
-The organization security score is reflective of the average score of all the Windows Defender security controls that are configured according to the recommended baseline. You can improve this score by taking the steps in configuring each of the security controls in the optimal settings.
-
-![Organizational security score](images/atp-org-sec-score.png)
-
-Each Windows Defender security control from the **Security coverage** tile contributes 100 points to the organizational security score. 
-
-The denominator is reflective of the organizational score potential and calculated by multiplying the number of supported security controls (Security coverage pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar). 
-
-
-In the example image, the total points from the **Improvement opportunities** tile add up to 321 points for the six pillars from the **Security coverage** tile.
-
-You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Preferences settings**. For more information, see [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md).
-
-## Security coverage
-The security coverage tile shows a bar graph where each bar represents a Windows Defender security control. Each bar reflects the number of machines that are well configured and those that require **any kind of attention** for each security control. Hovering on top of the individual bars will show exact numbers for each category. Machines that are green are well configured, while machines that are orange require some level of attention. 
-
-
-![Security coverage](images/atp-security-coverage.png)
-
-## Improvement opportunities 
-Improve your organizational security score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
-
-Click on each control to see the recommended optimizations.
-
-![Improvement opportunities](images/atp-improv-opps.png)
-
-The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action.  When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile.
-
->[!IMPORTANT]
->Recommendations that do not display a green triangle icon are informational only and no action is required. 
-
-Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. 
-
-The following image shows an example list of machines where the EDR sensor is not turned on.
-
-![Image of view machines list with a filter applied](images/atp-security-analytics-view-machines2.png)
-
-## Security score over time
-You can track the progression of your organizational security posture over time using this tile. It displays the overall and individual control scores in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
-
-![Image of the security score over time tile](images/atp-security-score-over-time.png)
-
-You can click on specific date points to see the total score for that security control is on a particular date.
-
-### Endpoint detection and response (EDR) optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for your Endpoint detection and response tool.
-
-#### Minimum baseline configuration setting for EDR:
-- Windows Defender ATP sensor is on
-- Data collection is working correctly
-- Communication to Windows Defender ATP service is not impaired
-
-#### Minimum baseline configuration setting for EDR:
-You can take the following actions to increase the overall security score of your organization:
-- Turn on sensor
-- Fix sensor data collection
-- Fix impaired communications
-
-For more  information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). 
-
-### Windows Defender Antivirus (Windows Defender AV) optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AV is fulfilled.
-
-#### Minimum baseline configuration setting for Windows Defender AV:
-Endpoints are considered "well configured" for Windows Defender AV if the following requirements are met:
-
-- Windows Defender AV is reporting correctly
-- Windows Defender AV is turned on
-- Signature definitions are up to date
-- Real-time protection is on
-- Potentially Unwanted Application (PUA) protection is enabled
-
-##### Recommended actions:
-You can take the following actions to increase the overall security score of your organization:
-
->[!NOTE]
-> For the Windows Defender Antivirus properties to show,  you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the endpoint. 
-
-- Fix antivirus reporting
-  - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
-- Turn on antivirus
-- Update antivirus definitions
-- Turn on real-time protection
-- Turn on PUA protection
-
-For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
-
-
-### OS security updates optimization
-This tile shows you the exact number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
- 
-You can take the following actions to increase the overall security score of your organization:
-- Install the latest security updates
-- Fix sensor data collection
-  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
-
-For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/en-us/help/4027322/windows-windows-update-troubleshooter).
-
-
-### Windows Defender Exploit Guard (Windows Defender EG) optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender EG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender EG events on the Windows Defender ATP Machine timeline. 
-
-#### Minimum baseline configuration setting for Windows Defender EG:
-Endpoints are considered "well configured" for Windows Defender EG if the following requirements are met:
-
-- System level protection settings are configured correctly
-- Attack Surface Reduction rules are configured correctly
-- Controlled Folder Access setting is configured correctly
-
-##### System level protection:
-The following system level configuration settings must be set to **On or Force On**:
-
-1.	Control Flow Guard 
-2.	Data Execution Prevention (DEP)
-3.	Randomize memory allocations (Bottom-up ASLR)
-4.	Validate exception chains (SEHOP)
-5.	Validate heap integrity
-
->[!NOTE]
->The setting **Force randomization for images (Mandatory ASLR)** is currently excluded from the baseline.
->Consider configuring **Force randomization for images (Mandatory ASLR)** to **On or Force On** for better protection.
-
-##### Attack Surface Reduction (ASR) rules:
-The following ASR rules must be configured to **Block mode**:
-
-Rule description | GUIDs 
--|-
-Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
-Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
-Block Office applications from creating executable content  | 3B576869-A4EC-4529-8536-B80A7769E899
-Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
-Block execution of potentially obfuscated scripts  | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
-Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
-
-
->[!NOTE]
->The setting **Block Office applications from injecting into other processes** with GUID 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 is excluded from the baseline.
->Consider enabling this rule in **Audit** or **Block mode** for better protection.
-
-
-##### Controlled Folder Access
-The Controlled Folder Access setting must be configured to **Audit mode** or **Enabled**.
-
->[!NOTE]
-> Audit mode, allows you to see audit events in the Windows Defender ATP Machine timeline however it does not block suspicious applications.
->Consider enabling Controlled Folder Access for better protection.
-
-##### Recommended actions:
-You can take the following actions to increase the overall security score of your organization:
-- Turn on all system-level Exploit Protection settings
-- Set all ASR rules to enabled or audit mode
-- Turn on Controlled Folder Access
-- Turn on Windows Defender Antivirus on compatible machines
-
-For more information, see [Windows Defender Exploit Guard](../windows-defender-exploit-guard/windows-defender-exploit-guard.md).
-
-### Windows Defender Application Guard (Windows Defender AG) optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender AG events on the Windows Defender ATP Machine timeline. 
-
-#### Minimum baseline configuration setting for Windows Defender AG:
-Endpoints are considered "well configured" for Windows Defender AG if the following requirements are met:
-
-- Hardware and software prerequisites are met
-- Windows Defender AG is turned on compatible machines
-- Managed mode is turned on
-
-##### Recommended actions:
-You can take the following actions to increase the overall security score of your organization:
-- Ensure hardware and software prerequisites are met
-    
-    >[!NOTE]
-    >This improvement item does not contribute to the security score in itself because it's not a prerequisite for Windows Defender AG. It gives an indication of a potential reason why Windows Defender AG is not turned on.
-
-- Turn on  Windows Defender AG on compatible machines
-- Turn on managed mode
-
-
-For more information, see [Windows Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
-
-
-### Windows Defender SmartScreen optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender SmartScreen is fulfilled.
-
-#### Minimum baseline configuration setting for Windows Defender SmartScreen:
-The following settings must be configured with the following settings:
-- Check apps and files: **Warn** or **Block** 
-- SmartScreen for Microsoft Edge: **Warn** or **Block**
-- SmartScreen for Microsoft store apps: **Warn** or **Off**
-
-
-You can take the following actions to increase the overall security score of your organization:
-- Set **Check app and files** to **Warn** or **Block**
-- Set **SmartScreen for Microsoft Edge** to **Warn** or **Block**
-- Set **SmartScreen for Microsoft store apps** to **Warn** or **Off**
-
-For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) 
-
-## Related topics
-- [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md)
-- [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
-
diff --git a/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
similarity index 74%
rename from windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
index 1846ca83c2..7b4b053ce3 100644
--- a/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/01/2017
+ms.date: 04/17/2018
 ---
 
 # View the Windows Defender Advanced Threat Protection Security operations dashboard
@@ -23,20 +23,25 @@ ms.date: 11/01/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
 
 The **Security operations dashboard** displays a snapshot of:
 
 - The latest active alerts on your network
-- Daily machines reporting
 - Machines at risk
-- Users at risk
 - Machines with active malware alerts
+- Daily machines reporting
+- Active automated investigations
+- Automated investigations statistics
+- Users at risk
+- Suspicious activities
 - Sensor health
 - Service health
 
+![Image of Security operations dashboard](images/atp-sec-ops-1.png)
+
 You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in.
 
 From the **Security operations dashboard** you will see aggregated events to facilitate the identification of significant events or behaviors on a machine. You can also drill down into granular events and low-level indicators.
@@ -54,10 +59,7 @@ For more information see, [Alerts overview](alerts-queue-windows-defender-advanc
 
 The **Latest active alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. For more information see,  [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
 
-## Daily machines reporting
-The **Daily machines reporting** tile shows a bar graph that represents the number of machines reporting daily in the last 30 days. Hover over individual bars on the graph to see the exact number of machines reporting in each day.
 
-![Image of daily machines reporting tile](images/atp-daily-machines-reporting.png)
 
 ## Machines at risk
 This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
@@ -68,19 +70,12 @@ Click the name of the machine to see details about that machine. For more inform
 
 You can also click **Machines list** at the top of the tile to go directly to the **Machines list**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
 
-## Users at risk
-The tile shows you a list of user accounts with the most active alerts. 
-
-![User accounts at risk tile shows a list of user accounts with the highest number of alerts and a breakdown of the severity of the alerts](images/atp-users-at-risk.png)
-
-Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
-
 ## Machines with active malware detections
-The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender Antivirus.
+The **Machines with active malware detections** tile will only appear if your machines are using Windows Defender Antivirus.
 
 Active malware is defined as threats that were actively executing at the time of detection.
 
-Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of endpoints with at least one active detection (as **Machines**) over the past 30 days.
+Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of machines with at least one active detection (as **Machines**) over the past 30 days.
 
 ![The Machines with active malware detections tile shows the number of threats and machines for each threat category](images/atp-machines-active-threats-tile.png)
 
@@ -98,12 +93,44 @@ Threats are considered "active" if there is a very high probability that the mal
 Clicking on any of these categories will navigate to the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine.
 
 > [!NOTE]
-> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> The **Machines with active malware detections** tile will only appear if your machines are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
 
 
+## Daily machines reporting
+The **Daily machines reporting** tile shows a bar graph that represents the number of machines reporting daily in the last 30 days. Hover over individual bars on the graph to see the exact number of machines reporting in each day.
+
+![Image of daily machines reporting tile](images/atp-daily-machines-reporting.png)
+
+
+
+## Active automated investigations
+You can view the overall number of automated investigations from the last 30 days in your network from the **Active automated investigations** tile. Investigations are grouped into **Waiting for machine**, **Running**, and **Pending approval**.
+
+![Inmage of active automated investigations](images/atp-active-investigations-tile.png)
+
+
+## Automated investigations statistics
+This tile shows statistics related to automated investigations in the last 30 days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigaiton to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation. 
+
+![Image of automated investigations statistics](images/atp-automated-investigations-statistics.png)
+
+You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Invesgations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.
+
+## Users at risk
+The tile shows you a list of user accounts with the most active alerts and the number of alerts seen on high, medium, or low alerts. 
+
+![User accounts at risk tile shows a list of user accounts with the highest number of alerts and a breakdown of the severity of the alerts](images/atp-users-at-risk.png)
+
+Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
+
+## Suspicious activities
+This tile shows audit events based on detections from various security components.
+
+![Suspicous activities tile](images/atp-suspicious-activities-tile.png)
+
 
 ## Sensor health
-The **Sensor health** tile provides information on the individual endpoint’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
+The **Sensor health** tile provides information on the individual machine’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
 
 ![Sensor health tile](images/atp-tile-sensor-health.png)
 
@@ -126,13 +153,8 @@ For more information on the service health, see [Check the Windows Defender ATP
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-belowfoldlink)
 
 ## Related topics
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
index fb58b3850a..0e0c2d60c4 100644
--- a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Check the Windows Defender Advanced Threat Protection service health
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-servicestatus-abovefoldlink)
 
@@ -57,4 +57,4 @@ When an issue is resolved, it gets recorded in the **Status history** tab.
 The **Status history** tab reflects all the historical issues that were seen and resolved. You'll see details of the resolved issues along with the other information that were included while it was being resolved.
 
 ### Related topic
-- [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
index 6277924353..6e4c10056a 100644
--- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Supported Windows Defender ATP query APIs 
@@ -23,6 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink) 
 
@@ -39,3 +40,5 @@ IP | Run API calls such as get IP related alerts, IP related machines, IP statis
 Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID.
 User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines.
 
+## Related topic
+- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
index e2bb30d5ac..1b25b996dc 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
@@ -50,5 +50,10 @@ To access Threat analytics, from the navigation pane select **Dashboards** > **T
 
 Click a section of each chart to get a list of the machines in the corresponding mitigation status.
 
+## Related topics
+- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
index 54edd18d8c..3324909b34 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Understand threat intelligence concepts
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-threatindicator-abovefoldlink) 
 
@@ -52,8 +52,8 @@ Here is an example of an IOC:
 IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.
 
 ## Related topics
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
 - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
 - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
similarity index 96%
rename from windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
index b376019c6a..8f05637899 100644
--- a/windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
@@ -63,9 +63,9 @@ To set the time zone:
 To apply different date formats for Windows Defender ATP, use regional settings for Internet Explorer (IE) and Microsoft Edge (Edge). If you're using another browser such as Google Chrome, follow the required steps to change the time and date settings for that browser. 
 
 
-**Internet Explorer (IE) and Microsoft Edge (Edge)**
+**Internet Explorer (IE) and Microsoft Edge**
 
-IE and Edge use the **Region** settings configured in the **Clocks, Language, and Region** option in the Control panel. 
+IE and Microsoft Edge use the **Region** settings configured in the **Clocks, Language, and Region** option in the Control panel. 
 
 
 #### Known issues with regional formats
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
index d6dbef14e6..b020424608 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
@@ -23,7 +23,7 @@ ms.date: 02/26/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 You might need to troubleshoot issues while using the custom threat intelligence feature.
 
@@ -53,8 +53,8 @@ If your client secret expires or if you've misplaced the copy provided when you
 
 ## Related topics
 - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
 - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
 - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
index 67e7ed903c..ae602776bf 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
@@ -50,10 +50,10 @@ For both cases you should contact Microsoft support at [General Windows Defender
 
 If while accessing the Windows Defender ATP portal you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date. 
 
-You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the endpoint offboarding package, should you choose to not renew the license.
+You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the machine offboarding package, should you choose to not renew the license.
 
 > [!NOTE]
-> For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+> For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
 ![Image of subscription expired](images\atp-subscription-expired.png)
 
@@ -73,4 +73,4 @@ You'll need to whitelist the `security.windows.com` and all sub-domains under it
 
 
 ## Related topics
-- [Validating licensing provisioning and completing setup for Windows Defender ATP](licensing-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Validate licensing provisioning and complete setup for Windows Defender ATP](licensing-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 0dd01e9e60..637bf8c04f 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot Windows Defender ATP onboarding issues
-description: Troubleshoot issues that might arise during the onboarding of endpoints or to the Windows Defender ATP service.
+description: Troubleshoot issues that might arise during the onboarding of machines or to the Windows Defender ATP service.
 keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, sensor data and diagnostics
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/21/2017
+ms.date: 04/17/2018
 ---
 
 # Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
@@ -25,37 +25,37 @@ ms.date: 11/21/2017
 - Windows Server 2012 R2
 - Windows Server 2016
 
-
+[!include[Prerelease information](prerelease.md)]
 
 You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues.
-This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints.
+This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the machines.
 
-If you have completed the endpoint onboarding process and don't see endpoints in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an endpoint onboarding or connectivity problem.
+If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an onboarding or connectivity problem.
 
 ## Troubleshoot onboarding when deploying with Group Policy
-Deployment with Group Policy is done by running the onboarding script on the endpoints.  The Group Policy console does not indicate if the deployment has succeeded or not.
+Deployment with Group Policy is done by running the onboarding script on the machines.  The Group Policy console does not indicate if the deployment has succeeded or not.
 
-If you have completed the endpoint onboarding process and don't see endpoints in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint).
+If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the machines. For more information, see [Troubleshoot onboarding when deploying with a script](#troubleshoot-onboarding-when-deploying-with-a-script).
 
-If the script completes successfully, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
+If the script completes successfully, see [Troubleshoot onboarding issues](#troubleshoot-onboarding-issues) for additional errors that might occur.
 
 ## Troubleshoot onboarding issues when deploying with System Center Configuration Manager
-When onboarding endpoints using the following versions of System Center Configuration Manager:
+When onboarding machines using the following versions of System Center Configuration Manager:
 - System Center 2012 Configuration Manager
 - System Center 2012 R2 Configuration Manager
 - System Center Configuration Manager (current branch) version 1511
 - System Center Configuration Manager (current branch) version 1602
 
 
-Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the endpoints. You can track the deployment in the Configuration Manager Console.
+Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the machines. You can track the deployment in the Configuration Manager Console.
 
-If the deployment fails, you can check the output of the script on the endpoints.
+If the deployment fails, you can check the output of the script on the machines.
 
-If the onboarding completed successfully but the endpoints are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
+If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues](#troubleshoot-onboarding-issues) for additional errors that might occur.
 
-## Troubleshoot onboarding when deploying with a script on the endpoint
+## Troubleshoot onboarding when deploying with a script
 
-**Check the result of the script on the endpoint**:
+**Check the result of the script on the machine**:
 1. Click **Start**, type **Event Viewer**, and press **Enter**.
 
 2. Go to **Windows Logs** > **Application**.
@@ -70,17 +70,17 @@ Event ID | Error Type | Resolution steps
 :---|:---|:---
 5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
 10 | Onboarding data couldn't be written to registry |  Check the permissions on the registry, specifically<br> ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.<br>Verify that the script was ran as an administrator.
-15 |  Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). <br> <br> If the endpoint is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again.
+15 |  Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). <br> <br> If the machine is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again.
 15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions.
-30 |  The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
-35 |  The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location<br>```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.<br>The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
-40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
+30 |  The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
+35 |  The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location<br>```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.<br>The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
+40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
 65 | Insufficient privileges| Run the script again with administrator privileges.
 
 ## Troubleshoot onboarding issues using Microsoft Intune
 You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
 
-If you have configured policies in Intune and they are not propagated on endpoints, you might need to configure automatic MDM enrollment. For more information, see the [Configure automatic MDM enrollment](https://go.microsoft.com/fwlink/?linkid=829597) section.
+If you have configured policies in Intune and they are not propagated on machines, you might need to configure automatic MDM enrollment. For more information, see the [Configure automatic MDM enrollment](https://go.microsoft.com/fwlink/?linkid=829597) section.
 
 Use the following tables to understand the possible causes of issues while onboarding:
 
@@ -88,14 +88,14 @@ Use the following tables to understand the possible causes of issues while onboa
 - Known issues with non-compliance table
 - Mobile Device Management (MDM) event logs table
 
-If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint management** section of the portal, and run it in an elevated command prompt.  
+If none of the event logs and troubleshooting steps work, download the Local script from the **Machine management** section of the portal, and run it in an elevated command prompt.  
 
 **Microsoft Intune error codes and OMA-URIs**:
 
 
 Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
 :---|:---|:---|:---|:---
-0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
  | | | | Onboarding <br> Offboarding <br> SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. <br><br> **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection``` <br> <br> If it doesn't exist, open an elevated command and add the key.
  | | | | SenseIsRunning <br> OnboardingState <br> OrgId |  **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
  || | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. <br> Server is not supported.
@@ -125,16 +125,16 @@ ID | Severity | Event description | Troubleshooting steps
 :---|:---|:---|:---
 1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760).
 
-## Troubleshoot onboarding issues on the endpoint
-If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
-- [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
+## Troubleshoot onboarding issues on the machine
+If the deployment tools used does not indicate an error in the onboarding process, but machines are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
+- [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
 - [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled)
 - [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
-- [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
+- [Ensure the machine has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
 - [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
 
 
-### View agent onboarding errors in the endpoint event log
+### View agent onboarding errors in the machine event log
 
 1. Click **Start**, type **Event Viewer**, and press **Enter**.
 
@@ -155,16 +155,16 @@ If the deployment tools used does not indicate an error in the onboarding proces
 
 Event ID | Message | Resolution steps
 :---|:---|:---
-5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
-6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).
-7 |  Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
-9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). <br><br>If the event happened during offboarding, contact support.
-10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). <br><br>If the problem persists, contact support.
-15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
-17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). If the problem persists, contact support.
+5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection).
+6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md).
+7 |  Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
+9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). <br><br>If the event happened during offboarding, contact support.
+10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). <br><br>If the problem persists, contact support.
+15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection).
+17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). If the problem persists, contact support.
 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support.
 27 | Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support.
-29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the endpoint has Internet access, then run the entire offboarding process again.
+29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the machine has Internet access, then run the entire offboarding process again.
 30 | Failed to disable $(build.sense.productDisplayName) mode in Windows Defender Advanced Threat Protection. Failure code: %1 | Contact support.
 32 | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the machine.
 55 | Failed to create the Secure ETW autologger. Failure code: %1	| Reboot the machine.
@@ -174,11 +174,11 @@ Event ID | Message | Resolution steps
 69 |	The service is stopped. Service name: %1	| Start the mentioned service. Contact support if persists.
 
 <br>
-There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
+There are additional components on the machine that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
 
 <span id="ensure-the-diagnostics-service-is-enabled" />
 ### Ensure the diagnostic data service is enabled
-If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes.
+If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the machine. The service might have been disabled by other programs or user configuration changes.
 
 First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
 
@@ -186,7 +186,7 @@ First, you should check that the service is set to start automatically when Wind
 
 **Use the command line to check the Windows 10 diagnostic data service startup type**:
 
-1.  Open an elevated command-line prompt on the endpoint:
+1.  Open an elevated command-line prompt on the machine:
 
   a.  Click **Start**, type **cmd**, and press **Enter**.
 
@@ -207,7 +207,7 @@ First, you should check that the service is set to start automatically when Wind
 
 **Use the command line to set the Windows 10 diagnostic data service to automatically start:**
 
-1.  Open an elevated command-line prompt on the endpoint:
+1.  Open an elevated command-line prompt on the machine:
 
   a.  Click **Start**, type **cmd**, and press **Enter**.
 
@@ -233,7 +233,7 @@ First, you should check that the service is set to start automatically when Wind
   sc start diagtrack
   ```
 
-### Ensure the endpoint has an Internet connection
+### Ensure the machine has an Internet connection
 
 The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
 
@@ -248,7 +248,7 @@ If the verification fails and your environment is using a proxy to connect to th
 
 **Symptom**: Onboarding successfully completes, but you see error 577 when trying to start the service.
 
-**Solution**: If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
+**Solution**: If your machines are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
 
 - Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
 
@@ -259,7 +259,7 @@ If the verification fails and your environment is using a proxy to connect to th
 
   - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
   - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
--  After clearing the policy, run the onboarding steps again on the endpoint.
+-  After clearing the policy, run the onboarding steps again.
 
 - You can also check the following registry key values to verify that the policy is disabled:
 
@@ -273,7 +273,7 @@ If the verification fails and your environment is using a proxy to connect to th
 If you encounter issues while onboarding a server, go through the following verification steps to address possible issues.
 
 - [Ensure Microsoft Monitoring Agent (MMA) is installed and configured to report sensor data to the service](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-mma)
-- [Ensure that the server endpoint proxy and Internet connectivity settings are configured properly](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-proxy)
+- [Ensure that the server proxy and Internet connectivity settings are configured properly](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-proxy)
 
 You might also need to check the following:
 - Check that there is a Windows Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example:
@@ -308,5 +308,5 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us
 
 ## Related topics
 - [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
-- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
index 64bd439f18..6a9a2a8e2f 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -42,11 +42,11 @@ Make sure that `*.securitycenter.windows.com` is included the proxy whitelist.
 
 ### Windows Defender ATP service shows event or error logs in the Event Viewer
 
-See the topic [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) for a list of event IDs that are reported by the Windows Defender ATP service. The topic also contains troubleshooting steps for event errors.
+See the topic [Review events and errors using Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) for a list of event IDs that are reported by the Windows Defender ATP service. The topic also contains troubleshooting steps for event errors.
 
 ### Windows Defender ATP service fails to start after a reboot and shows error 577
 
-If onboarding endpoints successfully completes but Windows Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy.
+If onboarding machines successfully completes but Windows Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy.
 
 For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
 
@@ -73,4 +73,4 @@ Support of use of comma as a separator in numbers are not supported. Regions whe
 
 ## Related topics
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-- [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
+- [Review events and errors using Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
index c4691b7324..43d2792de3 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
 ---
 
 # Use the threat intelligence API to create custom alerts
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index 9ec694fdde..bc987d35d2 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -31,7 +31,9 @@ You can use the Windows Defender ATP portal to carry out an end-to-end security
 
 Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
 
-Use the **Secure score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
+Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
+
+Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown. 
 
 
 ### In this section
@@ -39,7 +41,8 @@ Use the **Secure score** dashboard to expand your visibility on the overall secu
 Topic | Description
 :---|:---
 [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the portal layout and area descriptions.
-[View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP  **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
-[View the Windows Defender Advanced Threat Protection Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
+[View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP  **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
+[View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
+[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to Spectre and Meltdown. Use the charts to quickly identify machines for the presence or absence of mitigations.
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index a82528a68f..a3ae16d7dd 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Windows Defender Advanced Threat Protection - Windows Defender
+title: Windows Defender Advanced Threat Protection 
 description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
-keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, endpoint behavioral sensor, cloud security, score, threat intelligence
+keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 03/12/2018
+ms.date: 04/17/2018
 ---
 
 # Windows Defender Advanced Threat Protection
@@ -23,7 +23,7 @@ ms.date: 03/12/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink)
 >
@@ -55,18 +55,15 @@ Windows Defender ATP uses the following combination of technology built into Win
     tools, techniques, and procedures, and generate alerts when these
     are observed in collected sensor data.
 
-The following diagram shows these Windows Defender ATP service
-components:
+    ![Windows Defender ATP service component](images/components.png)
 
-![Windows Defender ATP service components](images/components.png)
-
-Endpoint investigation capabilities in this service let you drill down
+Machine investigation capabilities in this service let you drill down
 into security alerts and understand the scope and nature of a potential
 breach. You can submit files for deep analysis and receive the results
-without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com).
+without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com). The automated investigation and remediation capability reduces the volume of alerts by leveraging various inspection algorithms to resolve breaches.
 
 Windows Defender ATP works with existing Windows security technologies
-on endpoints, such as Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard. It
+on machines, such as Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard. It
 can also work side-by-side with third-party security solutions and
 antimalware products.
 
@@ -75,39 +72,36 @@ detect sophisticated cyber-attacks, providing:
 
 - Behavior-based, cloud-powered, advanced attack detection
 
-    Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on endpoints.
+    Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on machines.
 
 - Rich timeline for forensic investigation and mitigation
 
-    Easily investigate the scope of breach or suspected behaviors on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs.
+    Easily investigate the scope of breach or suspected behaviours on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs.
 
 - Built in unique threat intelligence knowledge base
 
     Unparalleled threat optics provides actor details and intent context for every threat intel-based detection – combining first and third-party intelligence sources.
 
+- Automated investigation and remediation
+
+    Significantly reduces alert volume by leveraging inspection algorithms used by analysts to examine alerts and take remediation action. 
+
 ## In this section
 
 Topic | Description
 :---|:---
-[Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | This overview topic for IT professionals provides information on the minimum requirements to use Windows Defender ATP such as network and data storage configuration, and endpoint hardware and software requirements, and deployment channels.
-[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and enable the preview experience.
-[Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)| Learn about how Windows Defender ATP collects and handles information and where data is stored.
-[Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)| Before users can access the portal, they'll need to be granted specific roles in Azure Active Directory.
-[Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | You'll need to onboard and configure the Windows Defender ATP service and the endpoints in your network before you can use the service. Learn about how you can assign users to the Windows Defender ATP service in Azure Active Directory (AAD) and using a configuration package to configure endpoints.
-[Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the main features of the service and how it leverages Microsoft technology to protect enterprise endpoints from sophisticated cyber attacks.
-[Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise.
-[Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) | Learn about pulling alerts from the Windows Defender ATP portal using supported security information and events management (SIEM) tools.
-[Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) | Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
-[Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) | Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities.
-[Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI. 
-[Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service.
-[Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
-[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)| The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
-[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings and view license information.
-[Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues.
-[Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP.
-[Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required.
-[Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) | Learn about how Windows Defender Antivirus works in conjunction with Windows Defender ATP.
+Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
+[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
+[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
+Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
+API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal.
+Reporting | Create and build Power BI reports using Windows Defender ATP data.
+Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
+[Configure Windows Defender settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
+[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
+[Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
+[Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) | Understand how Windows Defender Antivirus integrates with Windows Defender ATP. 
+
 
 ## Related topic
 [Windows Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats)
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
index 7511f2b65d..9cf38c9042 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 12/01/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
 ---
 
 
@@ -21,7 +21,7 @@ ms.date: 12/01/2017
 
 **Applies to:**
 
-- Windows 10, version 1709
+- Windows 10, version 1709 and later
 
 
 
@@ -54,7 +54,11 @@ For further details on how audit mode works, and when you might want to use it,
 >If the feature is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Defender Security Center app after a restart of the device.
 >If the feature is set to **Audit mode** with any of those tools, the Windows Defender Security Center app will show the state as **Off**.
 >See [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md) for more details on how audit mode works.
-
+><p>
+>Group Policy settings that disable local administrator list merging will override Controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through Controlled folder access. These policies include:
+>- Windows Defender Antivirus **Configure local administrator merge behavior for lists**
+>- System Center Endpoint Protection **Allow users to add exclusions and overrides**
+>For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged).
 
 ### Use the Windows Defender Security app to enable Controlled folder access
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
index 772ad2e7b0..7066a89ed3 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
@@ -38,7 +38,7 @@ ms.date: 11/20/2017
 
 Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. 
 
-It expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outboud HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
+It expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
 
 It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 8c998be64f..75d70268f2 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 10/17/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/11/2018
 ---
 
 
@@ -39,12 +39,18 @@ In Windows 10, version 1709, we increased the scope of the app to also show info
 >[!NOTE]
 >The Windows Defender Security Center app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal console that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
 
-This library describes the Windows defender Security Center app, and provides information on configuring certain features, inlcuding:
+This library describes the Windows Defender Security Center app, and provides information on configuring certain features, including:
 
 <a id="customize-notifications-from-the-windows-defender-security-center"></a>
 - [Showing and customizing contact information on the app and in notifications](wdsc-customize-contact-information.md)
 - [Hiding notifications](wdsc-hide-notifications.md)
 
+You can't uninstall the Windows Defender Security Center app, but you can do one of the following:
+
+- Disable the interface on Windows Server 2016. See [Windows Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016). 
+- Hide all of the sections on client computers (see below).
+- Disable Windows Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
+
 You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics:
 
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md
index 8bf610b344..fba100bb3c 100644
--- a/windows/whats-new/whats-new-windows-10-version-1709.md
+++ b/windows/whats-new/whats-new-windows-10-version-1709.md
@@ -114,6 +114,9 @@ The minimum PIN length is being changed from 6 to 4, with a default of 6. For mo
 
 Microsoft has released new [Windows security baselines](https://docs.microsoft.com/en-us/windows/device-security/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](https://docs.microsoft.com/en-us/windows/device-security/security-compliance-toolkit-10).
 
+### SMBLoris vulnerability
+An issue, known as “SMBLoris”, which could result in denial of service, has been addressed.
+
 
 ## Windows Analytics