From 02c625920a24faf5087d49452da30ac7d3b44e14 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:05:24 -0400 Subject: [PATCH 01/34] typo: Double word "the" --- education/windows/change-history-edu.md | 4 ++-- .../manage-orders-microsoft-store-for-business.md | 2 +- .../manage-settings-app-with-group-policy.md | 2 +- .../mdm/azure-active-directory-integration-with-mdm.md | 2 +- windows/client-management/mdm/bitlocker-csp.md | 2 +- windows/client-management/mdm/dmclient-csp.md | 2 +- ...ll-a-windows-10-device-automatically-using-group-policy.md | 2 +- .../mdm/new-in-windows-mdm-enrollment-management.md | 4 ++-- windows/configuration/wcd/wcd-calling.md | 2 +- windows/configuration/wcd/wcd-policies.md | 2 +- windows/privacy/windows-diagnostic-data-1703.md | 2 +- windows/security/identity-protection/configure-s-mime.md | 2 +- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 2 +- .../hello-for-business/hello-hybrid-cert-whfb-provision.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-provision.md | 2 +- ...ccess-restrict-clients-allowed-to-make-remote-sam-calls.md | 2 +- ...t-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- 17 files changed, 19 insertions(+), 19 deletions(-) diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md index b65a448e31..c14ad21e17 100644 --- a/education/windows/change-history-edu.md +++ b/education/windows/change-history-edu.md @@ -2,7 +2,7 @@ title: Change history for Windows 10 for Education (Windows 10) description: New and changed topics in Windows 10 for Education keywords: Windows 10 education documentation, change history -ms.prod: w10 +ms.prod: w10 ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library @@ -32,7 +32,7 @@ New or changed topic | Description | New or changed topic | Description | | --- | ---- | -| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the the list of device manufacturers. | +| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the list of device manufacturers. | | [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. | | [Set up Take a Test on a single PC](take-a-test-single-pc.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. | | [Take a Test app technical reference](take-a-test-app-technical.md) | Added a note that the Alt+F4 key combination for enabling students to exit the test is disabled in Windows 10, version 1703 (Creators Update) and later. Also added additional info about the Ctrl+Alt+Del key combination. | diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md index 742b3c694e..12d927fce2 100644 --- a/store-for-business/manage-orders-microsoft-store-for-business.md +++ b/store-for-business/manage-orders-microsoft-store-for-business.md @@ -55,7 +55,7 @@ Reclaim licenses, and then request a refund. If you haven't assigned licenses, s 1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then choose **Apps & software**. 3. Find the app you want to refund, click the ellipses under **Actions**, and then choose **View license details**. -4. Select the the people who you want to reclaim license from, click the ellipses under **Actions**, and then choose **Reclaim licenses**. +4. Select the people who you want to reclaim license from, click the ellipses under **Actions**, and then choose **Reclaim licenses**. 5. Click **Order history**, click the order you want to refund, and click **Refund order**. For free apps, the app will be removed from your inventory in **Apps & software**. diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md index 57086835cb..b51971615e 100644 --- a/windows/client-management/manage-settings-app-with-group-policy.md +++ b/windows/client-management/manage-settings-app-with-group-policy.md @@ -25,7 +25,7 @@ The Group Policy can be configured in one of two ways: specify a list of pages t Here are some examples: -- To show only the the Ethernet and Proxy pages, set the **Settings App Visibility** textbox to **ShowOnly:Network-Proxy;Network-Ethernet**. +- To show only the Ethernet and Proxy pages, set the **Settings App Visibility** textbox to **ShowOnly:Network-Proxy;Network-Ethernet**. - To hide the Ethernet and Proxy pages, set the **Settings App Visibility** textbox to **Hide:Network-Proxy;Network-Ethernet**. diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 9078574ee6..e5d61253aa 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -610,7 +610,7 @@ Authorization:Bearer Additional claims may be present in the Azure AD token, such as: - User - user currently logged in -- Device compliance - value set the the MDM service into Azure +- Device compliance - value set the MDM service into Azure - Device ID - identifies the device that is checking in - Tenant ID diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index a1a2dd3a81..17c167b863 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -418,7 +418,7 @@ The following diagram shows the BitLocker configuration service provider in tree

If you set the value to "2" (Use custom recovery message), the message you set in the "RecoveryMessage_Input" data field will be displayed in the pre-boot key recovery screen. If a recovery URL is available, include it in the message.

-

If you set the the value to "3" (Use custom recovery URL), the URL you type in the "RecoveryUrl_Input" data field will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.

+

If you set the value to "3" (Use custom recovery URL), the URL you type in the "RecoveryUrl_Input" data field will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.

Sample value for this node to enable this policy is:

diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index bde1f8c70d..a33799474c 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -658,7 +658,7 @@ Required. Added in Windows 10, version 1709. This node contains a list of LocURI Supported operations are Add, Delete, Get, and Replace. Value type is string. **Provider/*ProviderID*/FirstSyncStatus/ExpectedNetworkProfiles** -Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the the management service provider expects to provision, delimited by the character L"\xF000". +Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the management service provider expects to provision, delimited by the character L"\xF000". Supported operations are Add, Delete, Get, and Replace. Value type is string. diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 5e60eb85a2..5ff07ac151 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -30,7 +30,7 @@ Here is a partial screenshot of the result: The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered. > [!Note] -> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation. +> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page. diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 15342170ff..b47cd87d57 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -934,7 +934,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
  • DomainName - fully qualified domain name if the device is domain-joined.
    • -

    For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.

    +

    For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.

    [Firewall CSP](firewall-csp.md) @@ -2191,7 +2191,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
  • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
  • DomainName - fully qualified domain name if the device is domain-joined.
    • -

    For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.

    +

    For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.

    [EntepriseAPN CSP](enterpriseapn-csp.md) diff --git a/windows/configuration/wcd/wcd-calling.md b/windows/configuration/wcd/wcd-calling.md index 5e1b0c5274..dd7a6057aa 100644 --- a/windows/configuration/wcd/wcd-calling.md +++ b/windows/configuration/wcd/wcd-calling.md @@ -131,7 +131,7 @@ VideoCallingDescription | Enter text to describe the video calling feature. VideoCallingLabel | Enter text to describe the video calling toggle. VideoCapabilityDescription | Enter text to describe the video capability feature. VideoCapabilityLabel | Enter text to describe the video capability toggle. -VideoTransitionTimeout | Enter the the time in milliseconds to check how long the video transition state will remain until the remote party responds. The minimum value is 10000 and the maximum value is 30000. +VideoTransitionTimeout | Enter the time in milliseconds to check how long the video transition state will remain until the remote party responds. The minimum value is 10000 and the maximum value is 30000. VoLTEAudioQualityString | Partners can add a string to the call progress screen to indicate if the active call is a high quality voice over LTE (VoLTE). Set the value of VoLTEAudioQualityString to the string that you want to display in the call progress screen to indicate that the call is a VoLTE call. This string is combined with the PLMN so if the string is "VoLTE", the resulting string is "PLMN_String VoLTE". For example, the string displayed in the call progress screen can be "Litware VoLTE" if the PLMN_String is "Litware". The value you specify for VoLTEAudioQualityString must exceed 10 characters. diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 786afaaed1..a8b96f80b9 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -302,7 +302,7 @@ These settings apply to the **Kiosk Browser** app available in Microsoft Store. | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [EnableLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#location-enablelocation) | Configure whether the the Location Service's Device Switch is enabled or disabled for the device. | X | X | | | | +| [EnableLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#location-enablelocation) | Configure whether the Location Service's Device Switch is enabled or disabled for the device. | X | X | | | | ## Privacy diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md index 67fd23abec..15ce44125d 100644 --- a/windows/privacy/windows-diagnostic-data-1703.md +++ b/windows/privacy/windows-diagnostic-data-1703.md @@ -1,6 +1,6 @@ --- title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10) -description: Use this article to learn about the types of data that is collected the the Full diagnostic data level. +description: Use this article to learn about the types of data that is collected the Full diagnostic data level. keywords: privacy,Windows 10 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md index f88ca13870..e5086ff9c0 100644 --- a/windows/security/identity-protection/configure-s-mime.md +++ b/windows/security/identity-protection/configure-s-mime.md @@ -64,7 +64,7 @@ On the device, perform the following steps: (add select certificate) 7. Tap the back arrow. ## Encrypt or sign individual messages -1. While composing a message, choose **Options** from the ribbon. On phone, **Options** can be accessed by tapping the the ellipsis (...). +1. While composing a message, choose **Options** from the ribbon. On phone, **Options** can be accessed by tapping the ellipsis (...). 2. Use **Sign** and **Encrypt** icons to turn on digital signature and encryption for this message. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index a07b0f9acd..b09e2f8ec6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -253,7 +253,7 @@ The definition helps you to verify whether the values are present or if you need #### Issue objectSID of the computer account on-premises -**`http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`** - This claim must contain the the **objectSid** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this: +**`http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`** - This claim must contain the **objectSid** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this: @RuleName = "Issue objectSID for domain-joined computers" c1:[ diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 9ac1099b03..effbe6b03a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -51,7 +51,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting > The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889). > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. -> **This synchronization latency delays the the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources. +> **This synchronization latency delays the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources. > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization. > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index ec87d95afa..c4889c081a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -49,7 +49,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting > [!IMPORTANT] > The minimum time needed to syncrhonize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. -> **This synchronization latency delays the the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources. +> **This synchronization latency delays the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources. > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization. > [!NOTE] diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md index a95ce92f8c..b672362f53 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md @@ -25,7 +25,7 @@ ms.date: 07/27/2017 The **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting controls which users can enumerate users and groups in the local Security Accounts Manager (SAM) database and Active Directory. -The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the the KB articles listed in **Applies to** section of this topic. +The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the KB articles listed in **Applies to** section of this topic. This topic describes the default values for this security policy setting in different versions of Windows. By default, computers beginning with Windows 10 version 1607 and Windows Server 2016 are more restrictive than earlier versions of Windows. diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 20d32432c5..bbbdb8c3b5 100644 --- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -148,7 +148,7 @@ This step will guide you in exploring the custom alert in the portal. ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) > [!NOTE] -> There is a latency time of approximately 20 minutes between the the time a custom TI is introduced and when it becomes effective. +> There is a latency time of approximately 20 minutes between the time a custom TI is introduced and when it becomes effective. ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) From ceab8cabb28bc887bcdc146a236a16009c0ad876 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:09:05 -0400 Subject: [PATCH 02/34] typo: teh -> the --- ...ws-defender-application-control-policy-design-decisions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 0148e43cae..d973298558 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -43,7 +43,7 @@ You might need to control a limited number of apps because they access sensitive |Control only Classic Windows applications, only Universal Windows apps, or both| WDAC policies control apps by creating an allowed list of apps based on code signing certificate and\or file hash information. Because Universal Windows apps are all signed by the Windows Store, Classic Windows applications and Universal Windows apps can be controlled together. WDAC policies for Universal Windows apps can be applied only to apps that are installed on PCs that support the Microsoft Store, but Classic Windows applications can be controlled with WDAC on Windows. The rules you currently have configured for Classic Windows applications can remain, and you can create new ones for Universal Windows apps.| | Control apps by business group | WDAC policies can be applied through a Group Policy Object (GPO) to computer objects within an organizational unit (OU). | | Control apps by computer, not user | WDAC is a computer-based policy implementation. If your domain or site organizational structure is not based on a logical user structure, such as an OU, you might want to set up that structure before you begin your WDAC planning. Otherwise, you will have to identify users, their computers, and their app access requirements.| -|Understand app usage, but there is no need to control any apps yet | WDAC policies can be set to audit app usage to help you track which apps are used in your organization. You can then use teh CodeIntegrity log in Event Viewer to create WDAC policies.| +|Understand app usage, but there is no need to control any apps yet | WDAC policies can be set to audit app usage to help you track which apps are used in your organization. You can then use the CodeIntegrity log in Event Viewer to create WDAC policies.| ### How do you currently control app usage in your organization? @@ -135,4 +135,4 @@ Because the effectiveness of application control policies is dependent on the ab   ## Record your findings -The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. \ No newline at end of file +The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. From 2a2aa1b3c046e9799ebc48006b8e3e252e910279 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:10:43 -0400 Subject: [PATCH 03/34] typo: Double word "of" --- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 59c71f57ac..38cb2e0298 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -32,7 +32,7 @@ This topic provides an overview of some of the software and firmware threats fac ## The security threat landscape -Today’s security threat landscape is one of aggressive and tenacious threats. In previous years, malicious attackers mostly focused on gaining community recognition through their attacks or the thrill of of temporarily taking a system offline. Since then, attacker’s motives have shifted toward making money, including holding devices and data hostage until the owner pays the demanded ransom. Modern attacks increasingly focus on large-scale intellectual property theft; targeted system degradation that can result in financial loss; and now even cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources. Threats like these require an approach that can meet this challenge. +Today’s security threat landscape is one of aggressive and tenacious threats. In previous years, malicious attackers mostly focused on gaining community recognition through their attacks or the thrill of temporarily taking a system offline. Since then, attacker’s motives have shifted toward making money, including holding devices and data hostage until the owner pays the demanded ransom. Modern attacks increasingly focus on large-scale intellectual property theft; targeted system degradation that can result in financial loss; and now even cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources. Threats like these require an approach that can meet this challenge. In recognition of this landscape, Windows 10 Creator's Update (Windows 10, version 1703) includes multiple security features that were created to make it difficult (and costly) to find and exploit many software vulnerabilities. These features are designed to: From 9c561ed10fea66d180d23b6e3823be5ad393568b Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:22:41 -0400 Subject: [PATCH 04/34] typo: Double word "on" --- mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md | 2 +- windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md | 2 +- ...ore-dashboard-windows-defender-advanced-threat-protection.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md index ca1329c6b0..6cb5d4878e 100644 --- a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md +++ b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md @@ -23,7 +23,7 @@ UE-V 2.1 SP1 adds support for Windows 10, in addition to the same software that ### Compatibility with Microsoft Azure -Windows 10 lets enterprise users synchronize Windows app settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V on on-premises domain-joined computers only. To enable coexistence between Windows 10 and UE-V, you must disable the following UE-V templates using either PowerShell on each client or Group Policy. +Windows 10 lets enterprise users synchronize Windows app settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V for on-premises domain-joined computers only. To enable coexistence between Windows 10 and UE-V, you must disable the following UE-V templates using either PowerShell on each client or Group Policy. In Group Policy, under the Microsoft User Experience Virtualization node, configure these policy settings: diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md index 2270745715..81e41752be 100644 --- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md +++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md @@ -54,7 +54,7 @@ Administrators can still define which user-customized application settings can s ## Compatibility with Microsoft Enterprise State Roaming -With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V on on-premises domain-joined devices only. +With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V for on-premises domain-joined devices only. In hybrid cloud environments, UE-V can roam Win32 applications on-premises while [Enterprise State Roaming](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) (ESR) can roam the rest, e.g., Windows and desktop settings, themes, colors, etc., to an Azure cloud installation. diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md index c3aaebae19..47815df570 100644 --- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md @@ -326,7 +326,7 @@ For a machine to be considered "well configured", it must comply to a minimum ba Machines are considered "well configured" for Windows Defender Credential Guard if the following requirements are met: - Hardware and software prerequisites are met -- Windows Defender Credential Guard is turned on on compatible machines +- Windows Defender Credential Guard is turned on compatible machines ##### Recommended actions: From a37d2d26d6e909b0029405f9e6e045cc48e3ea5f Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:24:23 -0400 Subject: [PATCH 05/34] typo: Double word "during" --- windows/security/threat-protection/auditing/event-5039.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index f629490f28..fe78230d8c 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -18,7 +18,7 @@ ms.date: 04/19/2017 This event should be generated when registry key was virtualized using [LUAFV](http://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx). -This event occurs very rarely during during standard LUAFV registry key virtualization. +This event occurs very rarely during standard LUAFV registry key virtualization. There is no example of this event in this document. From f9a83af4136228b12441f9e711a07f3e22885de5 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:25:47 -0400 Subject: [PATCH 06/34] typo: Double word "this" --- .../threat-protection/auditing/basic-audit-process-tracking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index fea480a728..af9ea206a6 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -23,7 +23,7 @@ To set this value to **No auditing**, in the **Properties** dialog box for this **Default:** No auditing. -## Configure this this security setting +## Configure this security setting You can configure this security setting under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy. From d9cd56cadd0dbea418af2d8b2000a5ff192387f2 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:28:32 -0400 Subject: [PATCH 07/34] typo: Double word "rule" --- .../create-wip-policy-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index a2d2b485a4..1b084c9605 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -195,7 +195,7 @@ Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the ### Add an AppLocker policy file Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview). -**To create a Packaged App rule rule and xml file** +**To create a Packaged App rule and xml file** 1. Open the Local Security Policy snap-in (SecPol.msc). 2. In the left pane, click **Application Control Policies** > **AppLocker** > **Packaged App Rules**. From 9b1df4875238a49bea1c0e5d5f46b9b729a96860 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:37:15 -0400 Subject: [PATCH 08/34] typo: Double word "and" --- windows/security/information-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md index 4afe213341..4da67275f3 100644 --- a/windows/security/information-protection/index.md +++ b/windows/security/information-protection/index.md @@ -11,7 +11,7 @@ ms.date: 02/05/2018 # Information protection -Learn more about how to secure documents and and other data across your organization. +Learn more about how to secure documents and other data across your organization. | Section | Description | |-|-| From 051362dd9ce591f35b73ac8b7ee2aa6087ed9b98 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:39:43 -0400 Subject: [PATCH 09/34] typo: Double word "used" --- .../basic-level-windows-diagnostic-events-and-fields-1703.md | 2 +- .../basic-level-windows-diagnostic-events-and-fields-1709.md | 2 +- .../privacy/basic-level-windows-diagnostic-events-and-fields.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index b46ecc7203..fc0bdeaa2d 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -3479,7 +3479,7 @@ The following fields are available: - **HostOSBuildNumber** The build number of the previous OS. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. - **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 35e98f0a3c..11c2fa2d5c 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -3504,7 +3504,7 @@ The following fields are available: - **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. - **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md index 341093a206..70a5d11f7a 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md @@ -4411,7 +4411,7 @@ The following fields are available: - **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. - **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled From c0aee8a47cab3ef8d35d94896cbe2435591efb2d Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:42:37 -0400 Subject: [PATCH 10/34] typo: Double word "indicates" --- .../basic-level-windows-diagnostic-events-and-fields-1703.md | 4 ++-- .../basic-level-windows-diagnostic-events-and-fields-1709.md | 4 ++-- .../basic-level-windows-diagnostic-events-and-fields.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index fc0bdeaa2d..fb377da82f 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -556,7 +556,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove -This event indicates Indicates that the DecisionApplicationFile object is no longer present. +This event indicates that the DecisionApplicationFile object is no longer present. The following fields are available: @@ -880,7 +880,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync -This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent. +This event indicates that a new set of InventoryApplicationFileAdd events will be sent. The following fields are available: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 11c2fa2d5c..03f057b152 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -922,7 +922,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync -This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent. +This event indicates that a new set of InventoryApplicationFileAdd events will be sent. The following fields are available: @@ -1169,7 +1169,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove -This event indicates Indicates that the DecisionApplicationFile object is no longer present. +This event indicates that the DecisionApplicationFile object is no longer present. The following fields are available: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md index 70a5d11f7a..84da766a22 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md @@ -530,7 +530,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove -This event indicates Indicates that the DecisionApplicationFile object is no longer present. +This event indicates that the DecisionApplicationFile object is no longer present. The following fields are available: @@ -814,7 +814,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync -This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent. +This event indicates that a new set of InventoryApplicationFileAdd events will be sent. The following fields are available: From ded53f2994fb2a5752f66a1522934f4a2536e678 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:44:48 -0400 Subject: [PATCH 11/34] typo: Double word "to" --- .../ie11-deploy-guide/turn-off-enterprise-mode.md | 2 +- .../identity-protection/access-control/local-accounts.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md index d0d2e95b50..0c83be2b26 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md @@ -2,7 +2,7 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat -description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it. +description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to use it. author: eross-msft ms.prod: ie11 ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3 diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 09953fe371..cdfbc8c21a 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -92,7 +92,7 @@ The Administrator account cannot be deleted or removed from the Administrators g **Security considerations** -Because the Administrator account is known to exist on many versions of the Windows operating system, it is a best practice to disable the Administrator account when possible to make it more difficult for malicious users to gain access to to the server or client computer. +Because the Administrator account is known to exist on many versions of the Windows operating system, it is a best practice to disable the Administrator account when possible to make it more difficult for malicious users to gain access to the server or client computer. You can rename the Administrator account. However, a renamed Administrator account continues to use the same automatically assigned security identifier (SID), which can be discovered by malicious users. For more information about how to rename or disable a user account, see [Disable or activate a local user account](http://technet.microsoft.com/library/cc732112.aspx) and [Rename a local user account](http://technet.microsoft.com/library/cc725595.aspx). From dc1e6c1c3d387a930db51c9777b11b6fd540e715 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:46:53 -0400 Subject: [PATCH 12/34] typo: Double word "can" --- windows/client-management/mdm/policy-csp-smartscreen.md | 2 +- .../tpm/initialize-and-configure-ownership-of-the-tpm.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 20b484e71e..e7bdc48ee7 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -185,7 +185,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. +Added in Windows 10, version 1703. Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files. diff --git a/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index 525ead7434..95c6095ae0 100644 --- a/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -83,7 +83,7 @@ There are several ways to clear the TPM: - **Clear the TPM as part of a complete reset of the computer**: You might want to remove all files from the computer and completely reset it, for example, in preparation for a clean installation. To do this, we recommend that you use the **Reset** option in **Settings**. When you perform a reset and use the **Remove everything** option, it will clear the TPM as part of the reset. You might be prompted to press a key before the TPM can be cleared. For more information, see the “Reset this PC” section in [Recovery options in Windows 10](https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options). -- **Clear the TPM to fix “reduced functionality” or “Not ready” TPM status**: If you open TPM.msc and see that the TPM status is something other than **Ready**, you can can try using TPM.msc to clear the TPM and fix the status. However, be sure to review the precautions in the next section. +- **Clear the TPM to fix “reduced functionality” or “Not ready” TPM status**: If you open TPM.msc and see that the TPM status is something other than **Ready**, you can try using TPM.msc to clear the TPM and fix the status. However, be sure to review the precautions in the next section. ### Precautions to take before clearing the TPM From 782c45c2bb3fea70ddd8c16ede7419d6adba8557 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:49:46 -0400 Subject: [PATCH 13/34] typo: Double word "data" --- windows/configuration/wcd/wcd-connectivityprofiles.md | 2 +- .../deployment/update/windows-analytics-FAQ-troubleshooting.md | 2 +- .../basic-level-windows-diagnostic-events-and-fields-1703.md | 2 +- .../basic-level-windows-diagnostic-events-and-fields-1709.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index b79f7c9f6a..b797544274 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -167,7 +167,7 @@ The **Config** settings are initial settings that can be overwritten when settin ### SystemCapabilities -You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data data is generated by the system to provide data that can be used to diagnose both software and hardware issues. +You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data is generated by the system to provide data that can be used to diagnose both software and hardware issues. | Setting | Description | | --- | --- | diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index be6b6419c0..37f12a310f 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -171,7 +171,7 @@ Starting with Windows 10, version 1803, the device name is no longer collected b ### Disable Upgrade Readiness -If you want to stop using Upgrade Readiness and stop sending diagnostic data data to Microsoft, follow these steps: +If you want to stop using Upgrade Readiness and stop sending diagnostic data to Microsoft, follow these steps: 1. Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index b46ecc7203..812a76d7e8 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -1863,7 +1863,7 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_5 -This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. +This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. The following fields are available: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 35e98f0a3c..664642a913 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -1816,7 +1816,7 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_5 -This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. +This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. The following fields are available: From ed9c7bbbb049bc89a533dbc9548a0f45a60ec7d4 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:52:02 -0400 Subject: [PATCH 14/34] typo: Double word "system" --- .../basic-level-windows-diagnostic-events-and-fields-1703.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index b46ecc7203..6c33d94983 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -3125,8 +3125,8 @@ The following fields are available: - **BIOSVendor** The vendor of the device's system bios - **BiosVersion** The version of the device's system bios - **BiosReleaseDate** The release date of the device's system bios -- **SystemBIOSMajorRelease** The major release version of the device's system system -- **SystemBIOSMinorRelease** The minor release version of the device's system system +- **SystemBIOSMajorRelease** The major release version of the device's system bios +- **SystemBIOSMinorRelease** The minor release version of the device's system bios - **BiosFamily** The device's family as defined in system bios - **BiosSKUNumber** The device's SKU as defined in system bios - **ClientVersion** The version number of the software distribution client From 976618c3797d2b73f212a3207fde416fe2e1f79f Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:53:11 -0400 Subject: [PATCH 15/34] typo: Double word "then" --- windows/deployment/upgrade/upgrade-readiness-resolve-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md index a927b0db6d..3f049881af 100644 --- a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md +++ b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md @@ -49,7 +49,7 @@ To change an application's upgrade decision: 1. Select **Decide upgrade readiness** to view applications with issues. 2. In the table view, select an **UpgradeDecision** value. 3. Select **Decide upgrade readiness** to change the upgrade decision for each application. -4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list. +4. Select the applications you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list. 5. Click **Save** when finished. IMPORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information. From baffd1459bbdd1a57ee58d5b2197581bece03937 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 09:55:10 -0400 Subject: [PATCH 16/34] typo: Double word "create" --- windows/client-management/mdm/policy-csp-applicationdefaults.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 1698ec45a7..3961d870d8 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -80,7 +80,7 @@ ADMX Info: -To create create the SyncML, follow these steps: +To create the SyncML, follow these steps:
    1. Install a few apps and change your defaults.
    2. From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"
      3. From 926e984de3eb19b8e9e37d33f6b7175ee4cba2ce Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 10:07:43 -0400 Subject: [PATCH 17/34] typo: Double word "about" --- .../app-v/appv-using-the-client-management-console.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md index 54b1306b2e..e2244bcd6a 100644 --- a/windows/application-management/app-v/appv-using-the-client-management-console.md +++ b/windows/application-management/app-v/appv-using-the-client-management-console.md @@ -15,7 +15,7 @@ ms.date: 04/19/2017 **Applies to** - Windows 10, version 1607 -This topic provides information about about using the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client. +This topic provides information about using the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client. ## Obtain the client management console From 31cf555dc88fdb16818cbf381ff9312dca17196c Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 10:08:59 -0400 Subject: [PATCH 18/34] typo: Double word "when" --- windows/application-management/app-v/appv-reporting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md index afe9597029..32ae6b094c 100644 --- a/windows/application-management/app-v/appv-reporting.md +++ b/windows/application-management/app-v/appv-reporting.md @@ -200,7 +200,7 @@ To retrieve report information and create reports using App-V you must use one o To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. Make sure the Microsoft SQL Server Agent is set to **AutoStart**. For more information, see [Autostart SQL Server Agent (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/ssms/agent/autostart-sql-server-agent-sql-server-management-studio). - The stored procedure is also created when when you use the App-V database scripts. + The stored procedure is also created when you use the App-V database scripts. You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server can manage without affecting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**. From eeda18d475eb2ea1fd55512d8a38499b4a726fda Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 10:10:11 -0400 Subject: [PATCH 19/34] typo: Double word "requirements" --- ...irtualization-client-hardware-and-software-requirements.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md index 25df0da425..5dec2b8fb8 100644 --- a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md +++ b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md @@ -28,7 +28,7 @@ The Application Virtualization (App-V) Desktop Client requires no additional pro ### Hardware Requirements -The hardware requirements requirements are applicable to all versions. +The hardware requirements are applicable to all versions. - Processor—See recommended system requirements for the operating system you are using. @@ -177,7 +177,7 @@ The Application Virtualization (App-V) Client for Remote Desktop Services requir ### Hardware Requirements -The hardware requirements requirements are applicable to all versions. +The hardware requirements are applicable to all versions. - Processor—See recommended system requirements for the operating system you are using. From 649b4dc5217ad2f0f20ee398fdea97a9bab08bd5 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 10:12:29 -0400 Subject: [PATCH 20/34] typo: Double word "School" --- education/windows/set-up-school-pcs-technical.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 3f6907cffb..e53e78ec35 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -42,7 +42,7 @@ Here's a list of what you get when using the Set up School PCs app in your schoo > If your school uses Active Directory, use [Windows Configuration Designer](set-up-students-pcs-to-join-domain.md) to configure your PCs to join the domain. You can only use the Set up School PCs app to set up PCs that are connected to Azure AD. ## Automated Azure AD join -One of the most important features in Set up School PCs is the ability to create a provisioning package that performs automated Azure AD join. With this feature, you no longer have to spend minutes going through Windows setup, manually connecting to a network, and manually joining your Azure AD domain. With the automated Azure AD join feature in Set up School School PCs, this process is reduced to zero clicks! You can skip all of the Windows setup experience and the OS automatically joins the PC to your Azure AD domain and enrolls it into MDM if you have a MDM provider activated. +One of the most important features in Set up School PCs is the ability to create a provisioning package that performs automated Azure AD join. With this feature, you no longer have to spend minutes going through Windows setup, manually connecting to a network, and manually joining your Azure AD domain. With the automated Azure AD join feature in Set up School PCs, this process is reduced to zero clicks! You can skip all of the Windows setup experience and the OS automatically joins the PC to your Azure AD domain and enrolls it into MDM if you have a MDM provider activated. To make this as seamless as possible, in your Azure AD tenant: - Allow your teacher and other IT staff to join devices to Azure AD so they can sucessfully request an automated Azure AD join token. From db3443e04e766687df23c1b8353156aa058cf6c9 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 10:13:33 -0400 Subject: [PATCH 21/34] typo: Double word "have" --- .../hybrid-deployment-surface-hub-device-accounts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index e0111f0b35..d72676e762 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -141,7 +141,7 @@ Next, you enable the device account with [Skype for Business Online](#skype-for- To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need. -| Skype room system scenario | If you have Office 365 Premium, Office 365 ProPlus, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have have Skype for Business Server 2015 (on-premises or hybrid), you need: | +| Skype room system scenario | If you have Office 365 Premium, Office 365 ProPlus, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have Skype for Business Server 2015 (on-premises or hybrid), you need: | | --- | --- | --- | --- | | Join a scheduled meeting | Skype for Business Standalone Plan 1 | E1, 3, 4, or 5 | Skype for Business Server Standard CAL | | Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL | From f398b63052b997e3643af3e77466d64477b0ac98 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 10:14:37 -0400 Subject: [PATCH 22/34] typo: Double word "will" --- devices/surface-hub/enable-8021x-wired-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/enable-8021x-wired-authentication.md b/devices/surface-hub/enable-8021x-wired-authentication.md index 8407392860..810dc3d2ce 100644 --- a/devices/surface-hub/enable-8021x-wired-authentication.md +++ b/devices/surface-hub/enable-8021x-wired-authentication.md @@ -56,5 +56,5 @@ This OMA-URI node takes a text string of XML as a parameter. The XML provided as ## Adding certificates -If your selected authentication method is certificate-based, you will will need to [create a provisioning package](provisioning-packages-for-surface-hub.md), [utilize MDM](https://docs.microsoft.com/windows/client-management/mdm/clientcertificateinstall-csp), or import a certificate from settings (**Settings** > **Update and Security** > **Certificates**) to deploy those certificates to your Surface Hub device in the appropriate Certificate Store. When adding certificates, each PFX must contain only one certificate (a PFX cannot have multiple certificates). +If your selected authentication method is certificate-based, you will need to [create a provisioning package](provisioning-packages-for-surface-hub.md), [utilize MDM](https://docs.microsoft.com/windows/client-management/mdm/clientcertificateinstall-csp), or import a certificate from settings (**Settings** > **Update and Security** > **Certificates**) to deploy those certificates to your Surface Hub device in the appropriate Certificate Store. When adding certificates, each PFX must contain only one certificate (a PFX cannot have multiple certificates). From 08f779a2bd52d2fea024cadbdc6182f89a3d0c60 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 3 Jul 2018 10:16:09 -0400 Subject: [PATCH 23/34] typo: Double word "be" --- devices/surface-hub/connect-and-display-with-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md index 4a5167db40..241cfc77e6 100644 --- a/devices/surface-hub/connect-and-display-with-surface-hub.md +++ b/devices/surface-hub/connect-and-display-with-surface-hub.md @@ -33,7 +33,7 @@ When connecting external devices and displays to a Surface Hub, there are severa ## Guest Mode -Guest Mode uses a wired connection, so people can display content from their devices to the Surface Hub. If the source device is Windows-based, that device can also provide Touchback and Inkback. Surface Hub's internal PC takes video and audio from the connected device and presents them on the Surface Hub. If Surface Hub encounters a High-Bandwidth Digital Content Protection (HDCP) signal, the source will be be displayed as a black image. To display your content without violating HDCP requirements, use the keypad on the right side of the Surface Hub to directly choose the external source. +Guest Mode uses a wired connection, so people can display content from their devices to the Surface Hub. If the source device is Windows-based, that device can also provide Touchback and Inkback. Surface Hub's internal PC takes video and audio from the connected device and presents them on the Surface Hub. If Surface Hub encounters a High-Bandwidth Digital Content Protection (HDCP) signal, the source will be displayed as a black image. To display your content without violating HDCP requirements, use the keypad on the right side of the Surface Hub to directly choose the external source. >[!NOTE] >When an HDCP source is connected, use the side keypad to change source inputs. From 2959adeeb5707bd14b7b426ccf3091853a7ee61c Mon Sep 17 00:00:00 2001 From: Jesper Nielsen Date: Tue, 3 Jul 2018 16:16:37 +0200 Subject: [PATCH 24/34] I changes a small spelling error --- .../hello-for-business/feature-multifactor-unlock.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 0e9283f815..6e31a65447 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -24,10 +24,10 @@ Windows, today, natively only supports the use of a single credential (password, Windows 10 offers Multifactor device unlock by extending Windows Hello with trusted signals, administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. -Which organizations can take advanage of Multifactor unlock? Those who: +Which organizations can take advantage of Multifactor unlock? Those who: * Have expressed that PINs alone do not meet their security needs. * Want to prevent Information Workers from sharing credentials. -* Want their orgs to comply with regulatory two-factor authentication policy. +* Want their organisations to comply with regulatory two-factor authentication policy. * Want to retain the familiar Windows logon UX and not settle for a custom solution. You enable multifactor unlock using Group Policy. The **Configure device unlock factors** policy setting is located under **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. From 5f575960ac8890503eed45b458dc39ed3bd377af Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Tue, 3 Jul 2018 07:24:46 -0700 Subject: [PATCH 25/34] Update feature-multifactor-unlock.md --- .../hello-for-business/feature-multifactor-unlock.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 6e31a65447..31116809dd 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -27,7 +27,7 @@ Windows 10 offers Multifactor device unlock by extending Windows Hello with trus Which organizations can take advantage of Multifactor unlock? Those who: * Have expressed that PINs alone do not meet their security needs. * Want to prevent Information Workers from sharing credentials. -* Want their organisations to comply with regulatory two-factor authentication policy. +* Want their organizations to comply with regulatory two-factor authentication policy. * Want to retain the familiar Windows logon UX and not settle for a custom solution. You enable multifactor unlock using Group Policy. The **Configure device unlock factors** policy setting is located under **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. @@ -188,7 +188,8 @@ The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IP 21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2 ``` ##### dnsSuffix -The fully qualified domain name of your organizations internal dns suffix where any part of the fully qualified domain name in this setting exists in the computer's primary dns suffix. The **signal** element may contain one or more **dnsSuffix** elements.
      +The fully qualified domain name of your +s internal dns suffix where any part of the fully qualified domain name in this setting exists in the computer's primary dns suffix. The **signal** element may contain one or more **dnsSuffix** elements.
      **Example** ``` corp.contoso.com From b9d334ebc01a639b5118182f133ff0ee713a9dcb Mon Sep 17 00:00:00 2001 From: Paramesh Babu Date: Tue, 3 Jul 2018 11:30:38 -0700 Subject: [PATCH 26/34] Add UWF for IoTCore Add UWF for IoTCore in the summary table. --- windows/configuration/wcd/wcd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index 53eeaa689f..3f4d731601 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -74,7 +74,7 @@ This section describes the settings that you can configure in [provisioning pack | [TakeATest](wcd-takeatest.md) | X | | | | | | [TextInput](wcd-textinput.md) | | X | | | | | [Theme](wcd-theme.md) | | X | | | | -| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | X | | | | | +| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | X | | | | X | | [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | X | X | | [UniversalAppUninstall](wcd-universalappuninstall.md) | X | X | X | X | X | | [WeakCharger](wcd-weakcharger.md) |X | X | X | X | | From 41120fdd3bcc09e767cb7d84953d4947c589ddf5 Mon Sep 17 00:00:00 2001 From: rikot Date: Tue, 3 Jul 2018 16:32:17 -0400 Subject: [PATCH 27/34] Update manage-settings-with-mdm-for-surface-hub.md In the Supported Windows setting section, the link in the first paragraph for Configuration service provider reference is outdated, but does get redirected to the correct webpage. Corrected link so that it points directly to the article --- .../surface-hub/manage-settings-with-mdm-for-surface-hub.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 13af52d485..af26258658 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -46,7 +46,6 @@ Surface Hub now supports the ability to automatically enroll in Intune by joinin For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment). - ## Manage Surface Hub settings with MDM You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. @@ -85,7 +84,7 @@ For more information, see [SurfaceHub configuration service provider](https://ms ### Supported Windows 10 settings -In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://msdn.microsoft.com/library/windows/hardware/dn920025.aspx). +In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference). The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML. From 5de102b627b009773040fd01070229db0343bd83 Mon Sep 17 00:00:00 2001 From: Jason Groce Date: Tue, 3 Jul 2018 13:50:43 -0700 Subject: [PATCH 28/34] Removed locale code Removed hardcoded en-us to allow language fallback for non-en-us users --- devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index af26258658..d0e895cd1a 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -84,7 +84,7 @@ For more information, see [SurfaceHub configuration service provider](https://ms ### Supported Windows 10 settings -In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference). +In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference). The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML. From 2bf6c066f2cee8bb5d56b185dc5e9e5fc424a3a4 Mon Sep 17 00:00:00 2001 From: Ed Gallagher Date: Wed, 4 Jul 2018 14:39:50 -0500 Subject: [PATCH 29/34] Update windows-to-go-frequently-asked-questions.md User nick-morhun indicated missing mentions of Windows 10 Professional with regard to use as a host for creating Windows To Go USB devices. --- .../planning/windows-to-go-frequently-asked-questions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md index 71ff1f9db8..bfadedc7cd 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md @@ -126,7 +126,7 @@ Windows To Go can be deployed using standard Windows deployment tools like Diskp - A Windows 10 Enterprise or Windows 10 Education image -- A Windows 10 Enterprise or Windows 10 Education host PC that can be used to provision new USB keys +- A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process. @@ -153,7 +153,7 @@ Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows ## Can the user self-provision Windows To Go? -Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise and Windows 10 Education. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746). +Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746). ## How can Windows To Go be managed in an organization? From 06b9ae00c4a33335a999b58945aee8636d8defbf Mon Sep 17 00:00:00 2001 From: alexlushsevernunival Date: Thu, 5 Jul 2018 16:01:13 +0100 Subject: [PATCH 30/34] Correction to the path of the GPO --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 5ff07ac151..010ca41cad 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -106,7 +106,7 @@ Requirements: - Enterprise AD must be integrated with Azure AD. - Ensure that PCs belong to same computer group. -1. Create a Group Policy Object (GPO) and enable the Group Policy **Auto MDM enrollment with AAD token**. +1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. 2. Create a Security Group for the PCs. 3. Link the GPO. 4. Filter using Security Groups. From b1a8db636e0cadb2e93802b9ec54989bd523b909 Mon Sep 17 00:00:00 2001 From: Marc Shepard <37675325+marcshep-msft@users.noreply.github.com> Date: Thu, 5 Jul 2018 09:29:19 -0700 Subject: [PATCH 31/34] Tweaks to reference section Added a link to Trust Center, removed "en-us" from link to Trusted Cloud --- windows/deployment/update/windows-analytics-privacy.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md index a3e43f7e7b..49c1fc93cc 100644 --- a/windows/deployment/update/windows-analytics-privacy.md +++ b/windows/deployment/update/windows-analytics-privacy.md @@ -45,7 +45,8 @@ See these topics for additional background information about related privacy iss - [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) - [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31) - [Learn about security and privacy at Microsoft datacenters](http://www.microsoft.com/datacenters) -- [Confidence in the trusted cloud](https://azure.microsoft.com/en-us/support/trust-center/) +- [Confidence in the trusted cloud](https://azure.microsoft.com/support/trust-center/) +- [Trust Center](https://www.microsoft.com/trustcenter) ### Can Windows Analytics be used without a direct client connection to the Microsoft Data Management Service? No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity. From 322c227a252a3c8ca727ac767247d44c1f760df8 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 6 Jul 2018 22:44:20 +0000 Subject: [PATCH 32/34] Merged PR 9593: Moved topic to a section in upgrades topic Moved topic --- .openpublishing.redirection.json | 4 +- windows/deployment/TOC.md | 1 - .../upgrade/windows-10-edition-downgrades.md | 145 ------------------ .../upgrade/windows-10-edition-upgrades.md | 134 +++++++++++++++- .../upgrade/windows-10-upgrade-paths.md | 5 +- 5 files changed, 133 insertions(+), 156 deletions(-) delete mode 100644 windows/deployment/upgrade/windows-10-edition-downgrades.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index c515cac4a0..85b9e8d303 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -13696,8 +13696,8 @@ "redirect_document_id": true }, { -"source_path": "windows/deployment/upgrade/windows-10-downgrade-paths.md", -"redirect_url": "/windows/deployment/upgrade/windows-10-edition-downgrades", +"source_path": "windows/deployment/upgrade/windows-10-edition-downgrades.md", +"redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades", "redirect_document_id": true }, { diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index a22ca17807..fe57158272 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -23,7 +23,6 @@ ### [Windows 10 in S mode](windows-10-pro-in-s-mode.md) ### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) ### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) -### [Windows 10 edition downgrade](upgrade/windows-10-edition-downgrades.md) ### [Windows 10 volume license media](windows-10-media.md) ### [Windows 10 deployment test lab](windows-10-poc.md) diff --git a/windows/deployment/upgrade/windows-10-edition-downgrades.md b/windows/deployment/upgrade/windows-10-edition-downgrades.md deleted file mode 100644 index 6e86af6b87..0000000000 --- a/windows/deployment/upgrade/windows-10-edition-downgrades.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: Windows 10 edition downgrade (Windows 10) -description: You can downgrade Windows 10 if the downgrade path is supported. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.localizationpriority: high -ms.pagetype: mobile -author: greg-lindsay -ms.date: 06/30/2018 ---- - -# Windows 10 edition downgrade -**Applies to** - -- Windows 10 - -This topic provides a summary of supported Windows 10 in-place edition downgrade paths. A valid product key for the destination edition is required to perform the downgrade. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired. - -To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md). If the downgrade path is supported, then your apps and settings can be migrated from the current edition to the downgraded edition. If a path is not supported, then a clean install is required. - -Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. The only downgrade method available for this path is through the rollback of a previous upgrade. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This topic does not discuss version downgrades. - -### Scenario example - -Downgrading from Enterprise -- Original edition: **Professional OEM** -- Upgrade edition: **Enterprise** -- Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education** - -You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supercede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/en-us/download/details.aspx?id=11091). - -### Supported Windows 10 downgrade paths - ->[!NOTE] ->Edition changes that are considered upgrades (Ex: Pro to Enterprise, Pro to Pro for Workstations) are not shown here. ->For more information see [Windows 10 edition upgrade](windows-10-edition-upgrades.md).
      - -✔ = Supported downgrade path
      - S  = Supported; Not considered a downgrade or an upgrade
      -[blank] = Not supported or not a downgrade
      - -
      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Destination edition
            HomeProPro for WorkstationsPro EducationEducationEnterprise LTSCEnterprise
      Starting edition
      Home
      Pro
      Pro for Workstations
      Pro Education
      EducationS
      Enterprise LTSC
      EnterpriseS
      - ->**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. - ->**Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above. - -Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro. - -## Related Topics - -[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
      -[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
      -[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
      -[Windows 10 upgrade paths](windows-10-upgrade-paths.md) \ No newline at end of file diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index bfc4a64f74..f0f9e52ba2 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mobile author: greg-lindsay -ms.date: 06/28/2018 +ms.date: 07/06/2018 --- # Windows 10 edition upgrade @@ -18,15 +18,15 @@ ms.date: 06/28/2018 - Windows 10 - Windows 10 Mobile -With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). +With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page. -Edition changes that are considered downgrades are not shown here. For more information, see [Windows 10 edition downgrade](windows-10-edition-downgrades.md). +For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](http://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf). The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607. ![not supported](../images/x_blk.png) (X) = not supported
      ![supported, reboot required](../images/check_grn.png) (green checkmark) = supported, reboot required
      -![supported, no reboot](../images/check_blu.png) (blue checkmark) = supported, no reboot required +![supported, no reboot](../images/check_blu.png) (blue checkmark) = supported, no reboot required