diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 8b53725783..947ffa3bac 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -202,6 +202,7 @@
#### [Experience](policy-csp-experience.md)
#### [ExploitGuard](policy-csp-exploitguard.md)
#### [Games](policy-csp-games.md)
+#### [Handwriting](policy-csp-handwriting.md)
#### [InternetExplorer](policy-csp-internetexplorer.md)
#### [Kerberos](policy-csp-kerberos.md)
#### [Licensing](policy-csp-licensing.md)
diff --git a/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png b/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png
deleted file mode 100644
index a5b77e0b42..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-vpnv2.png b/windows/client-management/mdm/images/provisioning-csp-vpnv2.png
new file mode 100644
index 0000000000..09c27e0e12
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-vpnv2.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 38b240b6b4..50d3253a38 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/31/2017
+ms.date: 09/12/2017
---
# What's new in MDM enrollment and management
@@ -956,7 +956,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
| [VPNv2 CSP](vpnv2-csp.md) |
-Added DeviceTunnel profile in Windows 10, version 1709.
+ | Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709.
|
| [DeviceStatus CSP](devicestatus-csp.md) |
@@ -1015,6 +1015,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
DeviceGuard/LsaCfgFlags
ExploitGuard/ExploitProtectionSettings
Games/AllowAdvancedGamingServices
+Handwriting/PanelDefaultModeDocked
LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
@@ -1371,6 +1372,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
Added the following new policies for Windows 10, version 1709:
- Authentication/AllowAadPasswordReset
+- Handwriting/PanelDefaultModeDocked
- Search/AllowCloudSearch
- System/LimitEnhancedDiagnosticDataWindowsAnalytics
@@ -1390,6 +1392,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.
|
+
+| [VPNv2 CSP](vpnv2-csp.md) |
+Added RegisterDNS setting in Windows 10, version 1709.
+ |
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index eaafad9a16..121d77fdb7 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1027,6 +1027,14 @@ The following diagram shows the Policy configuration service provider in tree fo
+### Handwriting policies
+
+
+ -
+ Handwriting/PanelDefaultModeDocked
+
+
+
### InternetExplorer policies
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
new file mode 100644
index 0000000000..b2cdcd1ae0
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -0,0 +1,72 @@
+---
+title: Policy CSP - Handwriting
+description: Policy CSP - Handwriting
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 09/07/2017
+---
+
+# Policy CSP - Handwriting
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+
+
+## Handwriting policies
+
+
+**Handwriting/PanelDefaultModeDocked**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+  3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel.
+
+
The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen.
+
+
In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction.
+
+
The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way.
+
+
+- 0 - Disabled (default)
+- 1 - Enabled
+
+
+
+
+
+
+Footnote:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 05e8da9fa3..aa98ff54c0 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/07/2017
+ms.date: 09/18/2017
---
# VPNv2 CSP
@@ -35,7 +35,7 @@ The XSDs for all EAP methods are shipped in the box and can be found at the foll
The following diagram shows the VPNv2 configuration service provider in tree format.
-
+
**Device or User profile**
For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path.
@@ -303,6 +303,14 @@ A device tunnel profile must be deleted before another device tunnel profile can
Value type is bool. Supported operations include Get, Add, Replace, and Delete.
+**VPNv2/***ProfileName***/RegisterDNS**
+Allows registration of the connection's address in DNS.
+
+Valid values:
+
+- False = Do not register the connection's address in DNS (default).
+- True = Register the connection's addresses in DNS.
+
**VPNv2/***ProfileName***/DnsSuffix**
Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 1312ba1a63..3208f1111a 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/07/2017
+ms.date: 09/18/2017
---
# VPNv2 DDF file
@@ -992,6 +992,33 @@ The XML below is for Windows 10, version 1709.
+
+ RegisterDNS
+
+
+
+
+
+
+
+
+ False = Do not register the connection's address in DNS (default).
+ True = Register the connection's addresses in DNS.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DnsSuffix
diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md
index 4485b5e7e7..39f2e28ac0 100644
--- a/windows/configuration/manage-tips-and-suggestions.md
+++ b/windows/configuration/manage-tips-and-suggestions.md
@@ -44,7 +44,7 @@ Windows 10, version 1607 (also known as the Anniversary Update), provides organi
| Windows 10 Pro Education | Yes (default) | Yes | No (setting cannot be changed) |
| Windows 10 Education | Yes (default) | Yes | No (setting cannot be changed) |
-
+[Learn more about policy settings for Windows Spotlight.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)
## Related topics
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index e203016bfa..6454a3fe7c 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -32,8 +32,7 @@ On Windows 10 for desktop editions, the customized Start works by:
>[!NOTE]
>Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx).
->[!NOTE]
->Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/library/jj649079.aspx).
+
## LayoutModification XML
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index e11c92867c..95255b68f9 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -79,7 +79,7 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
### Microsoft Deployment Toolkit (MDT)
-MDT build 884 is available, including support for:
+MDT build 8443 is available, including support for:
- Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016.
- The Windows ADK for Windows 10, version 1607.
- Integration with Configuration Manager version 1606.
diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md
index 12589a4f94..7213b01b6c 100644
--- a/windows/deployment/usmt/usmt-common-issues.md
+++ b/windows/deployment/usmt/usmt-common-issues.md
@@ -229,7 +229,7 @@ There are three typical causes for this issue.
**Description:** You are using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and does not have the Start menu layout they had previously configured.
-**Cause:** A code change in the Start Menu with Windows 10 version 1607 is incompatible with this USMT function.
+**Cause:** A code change in the Start Menu with Windows 10 version 1607 and later is incompatible with this USMT function.
**Resolution:** The following workaround is available:
@@ -245,6 +245,8 @@ There are three typical causes for this issue.
Import-StartLayout –LayoutPath "C:\Layout\user1.xml" –MountPath %systemdrive%
```
+This workaround changes the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout.
+
## Offline Migration Problems
diff --git a/windows/deployment/windows-10-auto-pilot.md b/windows/deployment/windows-10-auto-pilot.md
index 4bcaef04a8..7f6cdc5a1c 100644
--- a/windows/deployment/windows-10-auto-pilot.md
+++ b/windows/deployment/windows-10-auto-pilot.md
@@ -18,7 +18,7 @@ ms.date: 06/30/2017
- Windows 10
-Windows AutoPilot is a collection of technologies used to setup and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.
+Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
index 8d28359a61..8a90f8cb96 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -33,6 +33,9 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might
You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
+>[!WARNING]
+> For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding.
+
1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
a. Click **Endpoint management** > **Clients** on the **Navigation pane**.