diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 99dceed75d..bd183c2b97 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -31,7 +31,7 @@ We've tried to make editing an existing, public file as simple as possible.
     ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png)
 
 4.	Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
-    - **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide)
+    - **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring)
     
     - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) 
 
diff --git a/bcs/TOC.md b/bcs/TOC.md
index 06913f7aef..ec9e79cbfc 100644
--- a/bcs/TOC.md
+++ b/bcs/TOC.md
@@ -1 +1 @@
-# [Index](index.md)
\ No newline at end of file
+# [Microsoft 365 Business FAQ](support/microsoft-365-business-faqs.md)
\ No newline at end of file
diff --git a/bcs/breadcrumb/toc.yml b/bcs/breadcrumb/toc.yml
new file mode 100644
index 0000000000..6a29a6b202
--- /dev/null
+++ b/bcs/breadcrumb/toc.yml
@@ -0,0 +1,11 @@
+- name: Docs
+  tocHref: /
+  topicHref: /
+  items:
+    - name: Microsoft 365 Business
+      tocHref: /microsoft-365-business/
+      topicHref: /microsoft-365-business/index
+      items:
+      - name: Support
+        tocHref: /microsoft-365-business/support/
+        topicHref: /microsoft-365-business/support/microsoft-365-business-faqs    
\ No newline at end of file
diff --git a/bcs/docfx.json b/bcs/docfx.json
index 4e3f166ece..aa19bbfd9b 100644
--- a/bcs/docfx.json
+++ b/bcs/docfx.json
@@ -3,7 +3,8 @@
     "content": [
       {
         "files": [
-          "**/*.md"
+          "**/*.md",
+          "**/**.yml"
         ],
         "exclude": [
           "**/obj/**",
@@ -19,7 +20,9 @@
       {
         "files": [
           "**/*.png",
-          "**/*.jpg"
+          "**/*.svg",
+          "**/*.jpg",
+          "**/*.json"
         ],
         "exclude": [
           "**/obj/**",
@@ -30,6 +33,7 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
+    "breadcrumb_path": "/microsoft-365-business/breadcrumb/toc.json",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "TechNet.bcs"
diff --git a/bcs/images/bcs-information-product-help-office.svg b/bcs/images/bcs-information-product-help-office.svg
new file mode 100644
index 0000000000..a748576afa
--- /dev/null
+++ b/bcs/images/bcs-information-product-help-office.svg
@@ -0,0 +1,94 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-8 {
+        fill: none;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-1 {
+        stroke: #d1d3d4;
+        stroke-dasharray: 3 3;
+      }
+
+      .cls-2 {
+        fill: #80def9;
+      }
+
+      .cls-3 {
+        fill: #aae9fb;
+      }
+
+      .cls-4 {
+        fill: #556a8a;
+      }
+
+      .cls-5 {
+        fill: #bad80a;
+      }
+
+      .cls-6 {
+        fill: #c6df33;
+      }
+
+      .cls-7 {
+        fill: #00bcf2;
+      }
+
+      .cls-8 {
+        stroke: #556a8a;
+      }
+    </style>
+  </defs>
+  <title>bcs-information-product-help-office</title>
+  <g>
+    <ellipse class="cls-1" cx="200" cy="71" rx="133" ry="39"/>
+    <g>
+      <circle class="cls-2" cx="201" cy="29" r="16" transform="translate(38.37 150.62) rotate(-45)"/>
+      <path class="cls-3" d="M212.31,17.69a16,16,0,0,1,0,22.62L189.69,17.69A16,16,0,0,1,212.31,17.69Z"/>
+    </g>
+    <g>
+      <circle class="cls-2" cx="131" cy="39" r="16" transform="translate(10.79 104.05) rotate(-45)"/>
+      <path class="cls-3" d="M142.31,27.69a16,16,0,0,1,0,22.62L119.69,27.69A16,16,0,0,1,142.31,27.69Z"/>
+    </g>
+    <g>
+      <circle class="cls-2" cx="274" cy="39" r="16" transform="translate(52.68 205.17) rotate(-45)"/>
+      <path class="cls-3" d="M285.31,27.69a16,16,0,0,1,0,22.62L262.69,27.69A16,16,0,0,1,285.31,27.69Z"/>
+    </g>
+    <g>
+      <circle class="cls-2" cx="68" cy="67" r="16" transform="translate(-27.46 67.71) rotate(-45)"/>
+      <path class="cls-3" d="M79.31,55.69a16,16,0,0,1,0,22.62L56.69,55.69A16,16,0,0,1,79.31,55.69Z"/>
+    </g>
+    <g>
+      <circle class="cls-2" cx="332" cy="67" r="16" transform="translate(49.86 254.38) rotate(-45)"/>
+      <path class="cls-3" d="M343.31,55.69a16,16,0,0,1,0,22.62L320.69,55.69A16,16,0,0,1,343.31,55.69Z"/>
+    </g>
+  </g>
+  <path class="cls-4" d="M68.12,75.89v2.86H66.75V76a8.27,8.27,0,0,1-4.56-1.13V72.57a6.17,6.17,0,0,0,2.09,1.13,7.63,7.63,0,0,0,2.47.46V67.4A10.34,10.34,0,0,1,63,64.83a4.89,4.89,0,0,1,.45-6.09,5.41,5.41,0,0,1,3.31-1.67V54.7h1.37V57a7.3,7.3,0,0,1,3.57.74V60a6,6,0,0,0-3.57-1.13v7a11.22,11.22,0,0,1,3.75,2.52,4.24,4.24,0,0,1,1,2.78,4.3,4.3,0,0,1-1.26,3.14A6.12,6.12,0,0,1,68.12,75.89ZM66.75,65.08V58.94a3,3,0,0,0-1.75,1,2.74,2.74,0,0,0-.65,1.84,3.08,3.08,0,0,0,.53,1.86A5.68,5.68,0,0,0,66.75,65.08Zm1.37,3v6q2.54-.55,2.54-2.74Q70.67,69.49,68.12,68.09Z"/>
+  <path class="cls-4" d="M199.23,33.78a6.71,6.71,0,0,1-.25-1.05,7.7,7.7,0,0,1-.11-1.29,4,4,0,0,1,.4-1.8,7.47,7.47,0,0,1,1-1.51,15,15,0,0,1,1.3-1.35q.7-.65,1.3-1.31a7.5,7.5,0,0,0,1-1.39,3.28,3.28,0,0,0,.4-1.6,2.94,2.94,0,0,0-.29-1.33,2.81,2.81,0,0,0-.79-1,3.47,3.47,0,0,0-1.16-.59,4.86,4.86,0,0,0-1.39-.2A6.06,6.06,0,0,0,196,21.47V18.72a9.19,9.19,0,0,1,5-1.5,7.79,7.79,0,0,1,2.23.31,5.51,5.51,0,0,1,1.84.93A4.38,4.38,0,0,1,206.31,20a4.8,4.8,0,0,1,.45,2.14,5,5,0,0,1-.41,2.06,7.45,7.45,0,0,1-1,1.66A13.21,13.21,0,0,1,204,27.28q-.72.66-1.34,1.3a7.15,7.15,0,0,0-1,1.35,3,3,0,0,0-.41,1.55,4.62,4.62,0,0,0,.17,1.3,9.19,9.19,0,0,0,.34,1Zm1.41,6.5a1.73,1.73,0,0,1-1.22-.5,1.63,1.63,0,0,1-.52-1.22,1.6,1.6,0,0,1,.52-1.22,1.7,1.7,0,0,1,2.44,0,1.6,1.6,0,0,1,.52,1.22,1.63,1.63,0,0,1-.52,1.22A1.73,1.73,0,0,1,200.64,40.28Z"/>
+  <g>
+    <g id="desk">
+      <polygon class="cls-5" points="272.42 113 127.58 113 155.8 88 235.86 88 272.42 113"/>
+      <rect class="cls-4" x="127" y="113" width="145" height="8"/>
+    </g>
+    <polygon class="cls-6" points="272.42 113 270.53 113 171.34 88 235.86 88 272.42 113"/>
+    <path class="cls-7" d="M212.59,76.16a17.69,17.69,0,0,1-1,5.92c-2.09,5.86-7.19,10-13.15,10-7.81,0-14.15-7.13-14.15-15.92a16.31,16.31,0,0,1,7.39-14,12.8,12.8,0,0,1,6.76-1.94C206.25,60.23,212.59,67.36,212.59,76.16Z"/>
+    <path class="cls-7" d="M224.18,100.42c-1.65-2.34-2.77-4-6.54-4.49-1.73-.23-5.93-.92-6.06-.91l-12-.86v0l-.28,0-.28,0v0L187,95c-.13,0-4.33.68-6.06.91-3.77.51-4.88,2.15-6.54,4.49C172.46,103.1,170.5,130,170.5,130h8l.88-12.47-1-.92,5.31-13.43-2.07,25.41c0,1.2.66,1.41,1.86,1.41h31c1.2,0,2.39-.22,2.39-1.41l-2.07-25.41,5.31,13.43-1,.92,1.1,12.41,8.25.06S226.07,103.1,224.18,100.42Z"/>
+    <path id="chair" class="cls-4" d="M177,130V103.49c0-2.74,2.13-5.49,4.74-5.49h34.52c2.61,0,4.74,2.74,4.74,5.49V130Z"/>
+  </g>
+  <g>
+    <path class="cls-8" d="M264.84,37.09v-1a9.08,9.08,0,0,1,18.16,0v1"/>
+    <path class="cls-4" d="M280,36v8h3.75A3.54,3.54,0,0,0,286,41.26V36Z"/>
+    <path class="cls-4" d="M268,36v8h-3.75A3.54,3.54,0,0,1,262,41.26V36Z"/>
+    <path class="cls-8" d="M265.62,42.23s-.67,7.4,5.38,6.73"/>
+    <rect class="cls-4" x="271" y="46" width="7" height="6" rx="1.79" ry="1.79"/>
+  </g>
+  <polygon class="cls-4" points="137.79 34.79 132 40.59 132 26 130 26 130 40.59 124.21 34.79 122.79 36.21 131 44.41 139.21 36.21 137.79 34.79"/>
+  <rect class="cls-4" x="123" y="47" width="16" height="2"/>
+  <g>
+    <polygon class="cls-8" points="342.5 75 321.5 75 332 55 342.5 75"/>
+    <polygon class="cls-4" points="331.5 70 332.5 70 333 62 331 62 331.5 70"/>
+    <circle class="cls-4" cx="332.02" cy="72.02" r="1"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-information-product-help-windows10.svg b/bcs/images/bcs-information-product-help-windows10.svg
new file mode 100644
index 0000000000..f9c36f40be
--- /dev/null
+++ b/bcs/images/bcs-information-product-help-windows10.svg
@@ -0,0 +1,122 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #d1d3d4;
+      }
+
+      .cls-2 {
+        fill: #d1e55c;
+      }
+
+      .cls-3 {
+        fill: #e6e7e8;
+      }
+
+      .cls-4 {
+        fill: #0078d7;
+      }
+
+      .cls-5 {
+        fill: #ff9f2b;
+      }
+
+      .cls-6 {
+        fill: #ff8c00;
+      }
+
+      .cls-7 {
+        fill: #556a8a;
+      }
+
+      .cls-12, .cls-8 {
+        fill: #fff;
+      }
+
+      .cls-9 {
+        fill: #e5e5e5;
+      }
+
+      .cls-10 {
+        fill: #2bc7f4;
+      }
+
+      .cls-11 {
+        fill: none;
+      }
+
+      .cls-11, .cls-12 {
+        stroke: #556a8a;
+      }
+
+      .cls-11, .cls-12, .cls-15 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-13 {
+        fill: #55d2f6;
+      }
+
+      .cls-14 {
+        fill: #e6e6e6;
+      }
+
+      .cls-15 {
+        fill: #aae9fb;
+        stroke: #00bcf2;
+      }
+    </style>
+  </defs>
+  <title>bcs-information-product-help-windows10</title>
+  <polygon class="cls-1" points="173.04 74 140.71 74 124.54 102 140.71 130 173.04 130 189.21 102 173.04 74"/>
+  <polygon class="cls-1" points="173.04 16 140.71 16 124.54 44 140.71 72 173.04 72 189.21 44 173.04 16"/>
+  <polygon class="cls-2" points="136.87 73 120.7 101 88.37 101 72.21 73 88.37 45 120.7 45 136.87 73"/>
+  <circle class="cls-3" cx="289.4" cy="73.17" r="44.4"/>
+  <g>
+    <polygon class="cls-4" points="279 71 279 48.19 256 51.43 256 71 279 71"/>
+    <polygon class="cls-4" points="282 71 316 71 316 43.33 282 47.71 282 71"/>
+    <polygon class="cls-4" points="282 73 282 97.76 316 102.34 316 73 282 73"/>
+    <polygon class="cls-4" points="279 73 256 73 256 93.74 279 96.97 279 73"/>
+  </g>
+  <polygon class="cls-2" points="241.67 73 225.5 101 193.17 101 177.01 73 193.17 45 225.5 45 241.67 73"/>
+  <g>
+    <g>
+      <g>
+        <path class="cls-5" d="M81.36,98c-.61.2-1.27.39-1.94.57C83.5,81.58,91.55,84.65,91.55,84.65l1.31,1.24,0,.16C93.19,87.17,94.28,93.86,81.36,98Z"/>
+        <path class="cls-6" d="M81.36,98c4-14,10.85-12.13,11.54-11.91C93.19,87.17,94.28,93.86,81.36,98Z"/>
+        <polygon class="cls-7" points="93.54 89.25 87.84 83.55 92.4 82.41 94.54 84.56 93.54 89.25"/>
+      </g>
+      <polygon class="cls-7" points="94.68 76.62 79.28 76.05 77 73.76 90.12 67.49 95.6 69.55 94.68 76.62"/>
+      <polygon class="cls-7" points="101.2 81.27 101.77 96.67 104.05 98.95 110.33 85.83 108.27 80.35 101.2 81.27"/>
+      <g>
+        <path class="cls-8" d="M98.13,88.06H98l-.14-.12-8.13-8.48,0-.2A33.67,33.67,0,0,1,99,62.9c7.38-7.34,24.58-10.42,25.31-10.55l.56-.1-.09.56s-.3,1.79-.92,4.4c-1.67,7-4.68,16.46-9.46,21.27C106.91,86,98.81,88.06,98.13,88.06Z"/>
+        <path class="cls-9" d="M123.39,58.2C122,63.94,119.06,73.88,114,78.94a32.91,32.91,0,0,1-15.95,9.12l-4.53-4.53a32.86,32.86,0,0,1,9.13-16C107.73,62.53,117.64,59.57,123.39,58.2Z"/>
+        <path class="cls-10" d="M125,52a74.22,74.22,0,0,0-14.76,4.4L121,67.21A99.29,99.29,0,0,0,125,52Z"/>
+        <path class="cls-11" d="M98.13,88.06H98l-.14-.12-8.13-8.48,0-.2A33.67,33.67,0,0,1,99,62.9c7.38-7.34,24.58-10.42,25.31-10.55l.56-.1-.09.56s-.3,1.79-.92,4.4c-1.67,7-4.68,16.46-9.46,21.27C106.91,86,98.81,88.06,98.13,88.06Z"/>
+      </g>
+    </g>
+    <circle class="cls-12" cx="106" cy="70" r="4"/>
+  </g>
+  <rect class="cls-11" x="148" y="79" width="18" height="25" rx="9" ry="9"/>
+  <path class="cls-8" d="M172,96.39v22.22a1.39,1.39,0,0,1-1.38,1.39H142.38a1.39,1.39,0,0,1-1.38-1.39V96.39A1.39,1.39,0,0,1,142.38,95h28.24A1.39,1.39,0,0,1,172,96.39Z"/>
+  <path class="cls-9" d="M172,96v21.84L148.75,94.64h21.84A1.41,1.41,0,0,1,172,96Z"/>
+  <path class="cls-11" d="M172,118.61a1.38,1.38,0,0,1-1.38,1.39H142.38a1.38,1.38,0,0,1-1.38-1.39V96.39A1.38,1.38,0,0,1,142.38,95h28.24A1.38,1.38,0,0,1,172,96.39Z"/>
+  <g>
+    <path class="cls-8" d="M177,30.08V55.53a1.27,1.27,0,0,1-1.25,1.28h-37.5A1.27,1.27,0,0,1,137,55.53V30.08a1.22,1.22,0,0,1,.06-.38,1.29,1.29,0,0,1,1.19-.9h37.5a1.21,1.21,0,0,1,.89.39,1.19,1.19,0,0,1,.31.56A1,1,0,0,1,177,30.08Z"/>
+    <rect class="cls-9" x="137" y="28.55" width="4" height="28.45"/>
+    <rect class="cls-9" x="173" y="29" width="4" height="28.33"/>
+    <polygon class="cls-13" points="137.65 29.12 157 41.38 176.35 29.12 137.65 29.12"/>
+    <path class="cls-11" d="M177,30.28V55.72A1.27,1.27,0,0,1,175.75,57h-37.5A1.27,1.27,0,0,1,137,55.72V30.28a1.22,1.22,0,0,1,.06-.38,1.29,1.29,0,0,1,1.19-.9h37.5a1.21,1.21,0,0,1,.89.39,1.19,1.19,0,0,1,.31.56A1,1,0,0,1,177,30.28Z"/>
+    <polyline class="cls-11" points="137.65 29.76 157 41.38 176.35 29.76"/>
+  </g>
+  <g>
+    <rect class="cls-12" x="196" y="50" width="26" height="22.7"/>
+    <path class="cls-8" d="M232,66.54V84.46c0,.85-.2,1.54-1.07,1.54H188.07c-.87,0-2.07-.69-2.07-1.54V66.54c0-.85,1.2-1.54,2.07-1.54h42.86C231.8,65,232,65.69,232,66.54Z"/>
+    <path class="cls-14" d="M232,66.54V83L214,65h16.93C231.8,65,232,65.69,232,66.54Z"/>
+    <path class="cls-11" d="M232,66.54V84.46c0,.85-.2,1.54-1.07,1.54H188.07c-.87,0-2.07-.69-2.07-1.54V66.54c0-.85,1.2-1.54,2.07-1.54h42.86C231.8,65,232,65.69,232,66.54Z"/>
+    <rect class="cls-7" x="194" y="80.56" width="30" height="5.44"/>
+    <rect class="cls-15" x="195" y="80" width="28" height="13"/>
+    <rect class="cls-7" x="192" y="79" width="34" height="2" rx="1" ry="1"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-iw-devicesetup-move-files-2.svg b/bcs/images/bcs-iw-devicesetup-move-files-2.svg
new file mode 100644
index 0000000000..8eff6a423a
--- /dev/null
+++ b/bcs/images/bcs-iw-devicesetup-move-files-2.svg
@@ -0,0 +1,76 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #fff;
+      }
+
+      .cls-2, .cls-6 {
+        fill: none;
+      }
+
+      .cls-2 {
+        stroke: #556a8a;
+      }
+
+      .cls-2, .cls-4, .cls-6 {
+        stroke-miterlimit: 10;
+      }
+
+      .cls-2, .cls-4 {
+        stroke-width: 2px;
+      }
+
+      .cls-3, .cls-7 {
+        fill: #80def9;
+      }
+
+      .cls-4 {
+        fill: #2bc7f4;
+        stroke: #0078d7;
+      }
+
+      .cls-5 {
+        fill: #00bcf2;
+      }
+
+      .cls-5, .cls-6, .cls-7 {
+        fill-rule: evenodd;
+      }
+
+      .cls-6 {
+        stroke: #80def9;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-move-files-2</title>
+  <g>
+    <g>
+      <path class="cls-1" d="M106.32,24.07h-33A1.27,1.27,0,0,0,72,25.36v79.43a1.27,1.27,0,0,0,1.27,1.28h58.45a1.27,1.27,0,0,0,1.27-1.28V49.69Z"/>
+      <path class="cls-2" d="M106.32,24.07h-33A1.27,1.27,0,0,0,72,25.36v79.43a1.27,1.27,0,0,0,1.27,1.28h58.45a1.27,1.27,0,0,0,1.27-1.28V49.69Z"/>
+      <polyline class="cls-2" points="106 24.44 106 50.07 132.21 50.07"/>
+    </g>
+    <g>
+      <path class="cls-1" d="M97.32,33h-33A1.27,1.27,0,0,0,63,34.28v79.43A1.27,1.27,0,0,0,64.27,115h58.45a1.27,1.27,0,0,0,1.27-1.28V58.62Z"/>
+      <polygon class="cls-3" points="124 59.07 97.05 59.07 97 33.07 124 59.07"/>
+      <path class="cls-2" d="M97.32,33h-33A1.27,1.27,0,0,0,63,34.28v79.43A1.27,1.27,0,0,0,64.27,115h58.45a1.27,1.27,0,0,0,1.27-1.28V58.62Z"/>
+      <polyline class="cls-2" points="97 33.07 97 59 123.26 59"/>
+    </g>
+  </g>
+  <circle class="cls-4" cx="292" cy="70" r="53.5"/>
+  <g>
+    <path class="cls-1" d="M325.81,71.18a9.12,9.12,0,0,1,7.88,9.46c0,4.13-2.31,9-7.88,9H280.73c-8.65,0-11.77-5.92-11.77-12,0-10.21,11.37-10.57,11.37-10.57s.93-11.17,10.86-13.43c8.86-2,13.84,2.63,16.25,6.21a13.59,13.59,0,0,1,11.5-.4,11.6,11.6,0,0,1,6.88,11.71"/>
+    <path class="cls-1" d="M266.09,78c0-11.38,12-13.07,12-13.07s1.54-10.91,12.44-13.71c8.44-2.17,14.85,1.63,17.58,5.86,0,0,1.83-1.3,5.9-1.19A18.45,18.45,0,0,0,302.46,41c-9.66-3.75-18.12.93-22.07,8a13.73,13.73,0,0,0-13.1-.22,14.58,14.58,0,0,0-7.48,14.32s-10.13.74-10.13,11.63a11.64,11.64,0,0,0,11.16,11.27h7.54a14.48,14.48,0,0,1-2.3-8"/>
+  </g>
+  <g>
+    <g>
+      <polygon class="cls-5" points="224.66 74.13 205 94.48 205 85 148 85 148 64 205 64 205 53.9 224.66 74.13 224.66 74.13 224.66 74.13"/>
+      <polygon class="cls-6" points="207.36 67.5 207.36 67.5 148 67.5 176.5 67.5 207.36 67.5 207.36 67.5"/>
+      <polygon class="cls-6" points="217.34 74.5 217.34 74.5 148 74.5 186.47 74.5 217.34 74.5 217.34 74.5"/>
+      <polygon class="cls-6" points="209.38 81.5 209.38 81.5 148 81.5 176.5 81.5 209.38 81.5 209.38 81.5"/>
+      <polygon class="cls-7" points="209 67.4 205 70.9 205 63.9 209 67.4"/>
+      <polygon class="cls-7" points="212 81.4 206 85.9 206 76.9 212 81.4"/>
+    </g>
+    <polygon class="cls-7" points="222 74.4 217 78.9 217 69.9 222 74.4"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-iw-devicesetup-setup-1.svg b/bcs/images/bcs-iw-devicesetup-setup-1.svg
new file mode 100644
index 0000000000..6011499c3a
--- /dev/null
+++ b/bcs/images/bcs-iw-devicesetup-setup-1.svg
@@ -0,0 +1,91 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-6, .cls-7 {
+        fill: none;
+      }
+
+      .cls-1, .cls-10, .cls-11, .cls-2, .cls-7 {
+        stroke: #556a8a;
+      }
+
+      .cls-1, .cls-10, .cls-11, .cls-2, .cls-6, .cls-7 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-1 {
+        stroke-dasharray: 3 3;
+      }
+
+      .cls-2, .cls-8 {
+        fill: #fff;
+      }
+
+      .cls-3 {
+        fill: #80def9;
+      }
+
+      .cls-4 {
+        fill: #2bc7f4;
+      }
+
+      .cls-5 {
+        fill: #9273b6;
+      }
+
+      .cls-6 {
+        stroke: #fff;
+        fill-rule: evenodd;
+      }
+
+      .cls-9 {
+        fill: #e5e5e5;
+      }
+
+      .cls-10 {
+        fill: #e6e7e8;
+      }
+
+      .cls-11 {
+        fill: #aae9fb;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-setup-1</title>
+  <g>
+    <line class="cls-1" x1="76" y1="70" x2="337" y2="70"/>
+    <rect class="cls-2" x="39" y="20" width="53" height="100" rx="4" ry="4"/>
+    <rect class="cls-3" x="44" y="32" width="43" height="72"/>
+    <path class="cls-4" d="M72.64,29H60.07a1.53,1.53,0,0,1,0-3H72.64a1.53,1.53,0,0,1,0,3Z"/>
+    <circle class="cls-4" cx="84.5" cy="111.5" r="2.5"/>
+    <circle class="cls-4" cx="46.5" cy="111.5" r="2.5"/>
+    <rect class="cls-4" x="58" y="111" width="15" height="3" rx="1" ry="1"/>
+  </g>
+  <g>
+    <path class="cls-2" d="M118.11,72.63l4.47.67a17.31,17.31,0,0,0,.46,3l-3.69,2.38a1.17,1.17,0,0,0-.66,1.59L119.8,83a1,1,0,0,0,1.43.49l4.49-.94L127.14,85l-2.58,3.5a1.19,1.19,0,0,0,0,1.6l2.22,2.26a1.44,1.44,0,0,0,1.6,0l3.53-2.53c.8.48,1.76,1.12,2.55,1.61l-1,4.47a1.1,1.1,0,0,0,.62,1.29l2.72,1.13a1,1,0,0,0,1.45-.46l2.43-4a9.35,9.35,0,0,0,2.87.67l.61,4.48a1.1,1.1,0,0,0,1.11,1.13l3-.15c.48.16,1-.32,1.12-.79l.84-4.64a9.64,9.64,0,0,0,2.88-.61l2.38,4a1.59,1.59,0,0,0,1.43.49l2.89-1.26a1.09,1.09,0,0,0,.65-1.27l-1.1-4.34a5.66,5.66,0,0,0,.62-.42c.13-.09.27-.19.4-.3.47-.35.94-.74,1.4-1l3.66,2.74a1,1,0,0,0,1.44-.15l1.34-1.32.75-.75,0,0a1,1,0,0,0,.14-1.41l-2.69-3.7a13.13,13.13,0,0,0,1.78-2.71l4.46,1.3A1.42,1.42,0,0,0,174.2,83l1.13-2.72a1.39,1.39,0,0,0-.62-1.6l-3.83-2.27c.33-1,.33-1.92.66-2.87L176,73a1.42,1.42,0,0,0,1-1.28V68.83a1.36,1.36,0,0,0-.93-1.29L171.42,67a18.27,18.27,0,0,0-.61-3.21l4-2.37a1,1,0,0,0,.5-1.44l-1.11-2.72a1.49,1.49,0,0,0-1.43-.81l-4.5,1.25c-.47-.8-.94-1.61-1.42-2.41l2.75-3.66a1.48,1.48,0,0,0-.16-1.44L167.23,48a1.2,1.2,0,0,0-1.43-.17l-3.7,2.71c-.8-.5-1.75-1.14-2.55-1.62l1-4.48a1.07,1.07,0,0,0-.62-1.28L157,41.82a1.38,1.38,0,0,0-1.45.47l-2.26,3.84c-1,0-1.92-.33-2.88-.35L150,41.14a1.4,1.4,0,0,0-1.28-1l-3-.18a1.87,1.87,0,0,0-1.12,1.1l-.68,4.49c-1.12.15-2.08.47-3.2.61l-2.21-3.85a1.11,1.11,0,0,0-1.44-.49L134.32,43a1.3,1.3,0,0,0-.82,1.43l1.1,4.33a10.34,10.34,0,0,0-2.41,1.75l-3.67-2.75a1.07,1.07,0,0,0-1.61,0L125,49.63l-.17.16a1.09,1.09,0,0,0,0,1.6l2.69,3.7a7.16,7.16,0,0,0-1.37,1.85l-.12.22c-.1.2-.2.41-.29.63l-4.47-1.3a1.09,1.09,0,0,0-1.28.62L118.68,60a1.63,1.63,0,0,0,.47,1.45l4,2.42a7.93,7.93,0,0,0-.51,2.72l-4.65.76c-.47.17-1,.64-1,1l0,3.2A1.08,1.08,0,0,0,118.11,72.63Z"/>
+    <path class="cls-5" d="M133.16,64.3A15,15,0,1,1,132,70.15,14.82,14.82,0,0,1,133.16,64.3Z"/>
+    <polyline class="cls-6" points="136.24 70.26 143.99 78.01 158.24 63.76"/>
+  </g>
+  <g>
+    <rect class="cls-7" x="221" y="36" width="27" height="36" rx="12" ry="12"/>
+    <path class="cls-8" d="M257,60V92a2,2,0,0,1-2,2H215a2,2,0,0,1-2-2V60a2,2,0,0,1,2-2H255A2,2,0,0,1,257,60Z"/>
+    <path class="cls-9" d="M257,60V91L224,58h31A2,2,0,0,1,257,60Z"/>
+    <path class="cls-7" d="M257,92a2,2,0,0,1-2,2H215a2,2,0,0,1-2-2V60a2,2,0,0,1,2-2H255a2,2,0,0,1,2,2Z"/>
+  </g>
+  <circle class="cls-2" cx="329.38" cy="71" r="32"/>
+  <g>
+    <g>
+      <circle class="cls-10" cx="316.63" cy="59.5" r="7.5"/>
+      <path class="cls-10" d="M305.13,78a11.51,11.51,0,0,1,23,0"/>
+    </g>
+    <g>
+      <circle class="cls-10" cx="342.13" cy="59.5" r="7.5"/>
+      <path class="cls-10" d="M330.63,78a11.51,11.51,0,0,1,23,0"/>
+    </g>
+    <g>
+      <circle class="cls-11" cx="328.63" cy="73.5" r="7.5"/>
+      <path class="cls-11" d="M317.13,92a11.51,11.51,0,0,1,23,0"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management- add-group-5.svg b/bcs/images/bcs-partner-advanced-management- add-group-5.svg
new file mode 100644
index 0000000000..435e4bc752
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management- add-group-5.svg	
@@ -0,0 +1,69 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+      }
+
+      .cls-2, .cls-8 {
+        fill: #e5e5e5;
+      }
+
+      .cls-2, .cls-3, .cls-9 {
+        stroke: #556a8a;
+      }
+
+      .cls-2, .cls-3, .cls-4, .cls-5, .cls-9 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-3, .cls-4, .cls-5, .cls-7 {
+        fill: #fff;
+      }
+
+      .cls-4 {
+        stroke: #00bcf2;
+      }
+
+      .cls-5 {
+        stroke: #7750a3;
+      }
+
+      .cls-6 {
+        fill: #9273b6;
+      }
+
+      .cls-9 {
+        fill: none;
+      }
+
+      .cls-10 {
+        fill: #008272;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management- add-group-5</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M258.77,52.72a43.25,43.25,0,0,0-85.48-1.37A29.37,29.37,0,0,0,126,66.46a25.54,25.54,0,0,0-6.12-.77,26,26,0,0,0,0,52H264.78c14.7-3,25.77-16.76,25.77-32.48A32.34,32.34,0,0,0,258.77,52.72Z"/>
+    <g>
+      <circle class="cls-2" cx="217.62" cy="46.5" r="16.5"/>
+      <path class="cls-2" d="M242.62,87c0-13.25-11.19-24-25-24s-25,10.75-25,24"/>
+    </g>
+    <g>
+      <circle class="cls-3" cx="186.62" cy="66.5" r="16.5"/>
+      <path class="cls-3" d="M211.62,107c0-13.25-11.19-24-25-24s-25,10.75-25,24"/>
+    </g>
+    <path class="cls-4" d="M295,34.32V34a11.57,11.57,0,0,0-.37-2.87,10.41,10.41,0,0,0-17.1-7.39A12,12,0,0,0,267.43,19c-7.62,0-13.36,6.65-13.49,14.13,0,.52.13.9.13,1.42-4,1.94-6.32,5.29-6.32,9.55a11.44,11.44,0,0,0,11.14,11.32c.44,5.27,13.18,11.64,23.6,4.1a13.46,13.46,0,0,0,6.37,1.74c7.67,0,13.89-6.8,13.89-14.47A13.89,13.89,0,0,0,295,34.32Z"/>
+    <circle class="cls-5" cx="252.62" cy="85" r="20"/>
+    <path class="cls-6" d="M149.28,73.46a.9.9,0,0,0,.86.54l1.82-.19a.9.9,0,0,0,.68-1l-.06-2.25c-.11-.6,0-1.15,1.72-2.15a1.57,1.57,0,0,1,1.55.09L158,69.7a1.06,1.06,0,0,0,1-.18l1.25-1.58a.94.94,0,0,0-.31-1.12l-1.7-1.63a1.14,1.14,0,0,1-.33-1.4s.49-2.27,1.44-2.44l2.09-.49a1.12,1.12,0,0,0,.68-1l-.34-2a.69.69,0,0,0-.81-.55h-.05l-2.26.07c-.6.09-1.88-1.49-2.15-1.76a2.25,2.25,0,0,1,0-1.69l1.21-1.86a1,1,0,0,0-.18-1.26l-1.58-.94a.9.9,0,0,0-1.13,0l-1.48,1.86c-.37.45-1.08.88-2.68.23,0,0-1.18-.69-1.32-1.25l-.46-2.36a.9.9,0,0,0-.86-.54l-2,.34a.69.69,0,0,0-.51.84v0l-.07,2.39c0,.84-1.36,1.73-1.64,2a1.48,1.48,0,0,1-1.69,0l-2-1.34a1.1,1.1,0,0,0-1.12.31l-1.25,1.58a1.24,1.24,0,0,0,.31,1.12l1.74,1.64c1,.76.41,1.87.21,2.67-.09.43-.26.86-1.24,1l-2.24.63A.9.9,0,0,0,136,62l.34,2a.9.9,0,0,0,.72.68l2.39-.2c.84,0,1.14.24,1.29.67a12.6,12.6,0,0,1,.73,1.25,1.26,1.26,0,0,1,.18,1.51l-1.34,2a1.09,1.09,0,0,0,.31,1.11l1.44,1.09a.9.9,0,0,0,1.13,0l1.5-1.87a1.43,1.43,0,0,1,1.53-.45l1.28.38c.56,0,.86.26,1.15,1.09l.62,2.23m4.57-13.22a5,5,0,0,1-4.07,5.46,4.6,4.6,0,0,1-5.4-3.63q0-.22-.06-.44a4.72,4.72,0,0,1,3.93-5.32,4.79,4.79,0,0,1,5.6,3.8l0,.12"/>
+    <g>
+      <path class="cls-7" d="M149.86,90.8c0-.35-.58-1.06-1.62-1.1l-4-.26A1.91,1.91,0,0,1,142.35,88s-1.84-3.45-.79-4.7l2.15-2.9a1.85,1.85,0,0,0-.22-2l-2.56-2.16a1.17,1.17,0,0,0-1.64.18s0,0,0,.07L136.42,79a2.26,2.26,0,0,1-2.71.52c-.68,0-1.32-.4-2-.44a3.78,3.78,0,0,1-1.84-2.18l-.46-3.71a1.7,1.7,0,0,0-1.6-1.41l-3,.5a1.5,1.5,0,0,0-1.41,1.27l.12,4c0,1-.15,2.67-3.19,3.2,0,0-2.27.4-3-.16l-3.16-2.54a1.48,1.48,0,0,0-1.68.25l-.24.28-1.91,2.28a1.17,1.17,0,0,0,.25,1.63l0,0,2.5,3.15c1.44,1.42.13,3.69.08,4.35A2.47,2.47,0,0,1,111,91.91l-4,.47A1.84,1.84,0,0,0,105.9,94l.11,3.37a2.07,2.07,0,0,0,1.61,1.11l4,.21c1.33.07,2.27.42,3.17,3.2.35.66.6,1.4-.49,2.65l-2.18,3.24a1.54,1.54,0,0,0,.24,1.7l2.57,2.15a1.5,1.5,0,0,0,1.66.09l2.85-2.85c1-1,3.92,0,4.67.27a2.1,2.1,0,0,1,1.85,1.74l.48,4A1.83,1.83,0,0,0,128,116l3-.16a1.5,1.5,0,0,0,1.41-1.27l-.1-4c0-1,4.66-4,6.2-3l1.75,1,2,1.13c.57.28.76.18,1.22-.23l2.13-2.23a1.52,1.52,0,0,0-.23-2l-2.51-2.82c-.78-.64-.37-3-.12-4.63a2.3,2.3,0,0,1,2.09-1.57l4.07-.78C150.53,94.91,149.86,90.8,149.86,90.8Zm-26.68,9.56c-.19-.16-.38-.32-.56-.49A7.72,7.72,0,0,1,121.84,89s0,0,.06-.08a8.12,8.12,0,0,1,11.3-1.17l.16.12,0,0a8.09,8.09,0,0,1,.7,11.24,7.64,7.64,0,0,1-1.33,1.28A7.82,7.82,0,0,1,123.18,100.36Z"/>
+      <path class="cls-8" d="M148.94,95.44l-4.07.78a2.3,2.3,0,0,0-2.09,1.57c-.25,1.62-.66,4,.12,4.63l2.51,2.82a1.52,1.52,0,0,1,.23,2l-2.13,2.23c-.46.41-.65.51-1.22.23l-2-1.13-7.63-8.14A7.64,7.64,0,0,0,134,99.18a8.09,8.09,0,0,0-.7-11.24l0,0-.16-.12A8.12,8.12,0,0,0,121.9,89s0,.05-.06.08l-9.65-10.45.24-.28a1.48,1.48,0,0,1,1.68-.25l3.16,2.54c.78.56,3,.16,3,.16,3-.53,3.2-2.21,3.19-3.2l-.12-4a1.5,1.5,0,0,1,1.41-1.27l3-.5a1.7,1.7,0,0,1,1.6,1.41l.46,3.71a3.78,3.78,0,0,0,1.84,2.18c.64,0,1.28.4,2,.44a2.26,2.26,0,0,0,2.71-.52l2.82-2.54s0,0,0-.07a1.17,1.17,0,0,1,1.64-.18l2.56,2.16a1.85,1.85,0,0,1,.22,2l-2.15,2.9c-1.05,1.25.79,4.7.79,4.7a1.91,1.91,0,0,0,1.94,1.43l4,.26c1,0,1.64.75,1.62,1.1C149.86,90.8,150.53,94.91,148.94,95.44Z"/>
+      <path class="cls-9" d="M142.29,109.73c.56.27.76.18,1.21-.24l2.13-2.22a1.51,1.51,0,0,0-.22-2l-2.51-2.82c-.79-.64-.37-3-.12-4.63a2.29,2.29,0,0,1,2.09-1.57l4.07-.78c1.59-.53.92-4.65.92-4.65,0-.34-.58-1.06-1.61-1.1l-4-.24c-.91,0-3.77-4.89-2.73-6.14l2.16-2.9a1.88,1.88,0,0,0-.22-2l-2.56-2.15a1.16,1.16,0,0,0-1.64.18l-.05.07L136.42,79c-.68.77-6.2-1.16-6.51-2.09l-.46-3.71a1.71,1.71,0,0,0-1.6-1.42l-3,.5a1.51,1.51,0,0,0-1.41,1.27l.12,4c0,1-.15,2.65-3.19,3.19,0,0-2.27.4-3.05-.17l-3.15-2.54a1.51,1.51,0,0,0-1.69.25l-2.15,2.56a1.16,1.16,0,0,0,.26,1.63l0,0,2.5,3.15c1.44,1.42.13,3.7.07,4.35A2.48,2.48,0,0,1,111,91.91l-4,.47a1.85,1.85,0,0,0-1.1,1.61l.12,3.38a2.09,2.09,0,0,0,1.61,1.1l4,.22c1.33.07,2.27.42,3.17,3.2.35.65.6,1.39-.48,2.66l-2.18,3.24a1.51,1.51,0,0,0,.25,1.69l2.56,2.15a1.51,1.51,0,0,0,1.67.09l2.84-2.85c1.05-.95,6.37,1.08,6.53,2l.47,4a1.83,1.83,0,0,0,1.61,1.09l3-.16a1.51,1.51,0,0,0,1.41-1.27l-.1-4c0-1,4.66-4,6.2-3Z"/>
+      <circle class="cls-9" cx="127.99" cy="94.09" r="8"/>
+    </g>
+    <rect class="cls-10" x="249" y="71" width="6" height="28"/>
+    <rect class="cls-10" x="249" y="71" width="6" height="28" transform="translate(167 337) rotate(-90)"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management- billing-7.svg b/bcs/images/bcs-partner-advanced-management- billing-7.svg
new file mode 100644
index 0000000000..50af1d2262
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management- billing-7.svg	
@@ -0,0 +1,115 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #e6e7e8;
+      }
+
+      .cls-1, .cls-2 {
+        stroke: #fff;
+        stroke-linecap: round;
+        stroke-linejoin: round;
+        stroke-width: 0.08px;
+      }
+
+      .cls-2, .cls-6 {
+        fill: #80def9;
+      }
+
+      .cls-3 {
+        fill: #f2f2f2;
+      }
+
+      .cls-10, .cls-11, .cls-12, .cls-3, .cls-4, .cls-9 {
+        fill-rule: evenodd;
+      }
+
+      .cls-4 {
+        fill: #c6df33;
+      }
+
+      .cls-15, .cls-5 {
+        fill: #fff;
+      }
+
+      .cls-5, .cls-8 {
+        stroke: #556a8a;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-7 {
+        fill: #e5e5e5;
+      }
+
+      .cls-8 {
+        fill: none;
+      }
+
+      .cls-9 {
+        fill: #bad80a;
+      }
+
+      .cls-10, .cls-17 {
+        fill: #7750a3;
+      }
+
+      .cls-11 {
+        fill: #00bcf2;
+      }
+
+      .cls-12 {
+        fill: #9273b6;
+      }
+
+      .cls-13 {
+        fill: #556a8a;
+      }
+
+      .cls-14 {
+        fill: #e4edf1;
+      }
+
+      .cls-16 {
+        fill: #2bc7f4;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management- billing-7</title>
+  <g id="ICONS">
+    <circle class="cls-1" cx="100" cy="54" r="31"/>
+    <circle class="cls-2" cx="165" cy="73" r="56.5"/>
+    <circle class="cls-1" cx="283" cy="72" r="31"/>
+    <path class="cls-3" d="M147.5,81.5a6,6,0,1,1-6-6A6,6,0,0,1,147.5,81.5Z"/>
+    <path class="cls-4" d="M286,107a12,12,0,1,1-12-12A11.94,11.94,0,0,1,286,107Z"/>
+    <rect class="cls-5" x="154" y="33" width="117" height="73"/>
+    <rect class="cls-6" x="163" y="42" width="94.4" height="16"/>
+    <rect class="cls-7" x="155" y="34" width="14" height="71"/>
+    <rect class="cls-7" x="256" y="34" width="14" height="71"/>
+    <line class="cls-8" x1="176" y1="77" x2="214" y2="77"/>
+    <line class="cls-8" x1="176" y1="85" x2="214" y2="85"/>
+    <line class="cls-8" x1="176" y1="93" x2="214" y2="93"/>
+    <g>
+      <path class="cls-9" d="M169,35.83A27.82,27.82,0,1,1,141.17,8,27.69,27.69,0,0,1,169,35.83Z"/>
+      <path class="cls-4" d="M169,35.83a27.69,27.69,0,0,1-8.29,19.8L121.36,16.29A27.82,27.82,0,0,1,169,35.83Z"/>
+    </g>
+    <g>
+      <path class="cls-10" d="M129.68,99.5A21.17,21.17,0,1,1,108.5,78.32,21.07,21.07,0,0,1,129.68,99.5Z"/>
+      <path class="cls-11" d="M105,54A12,12,0,1,1,93,42,11.94,11.94,0,0,1,105,54Z"/>
+      <path class="cls-11" d="M306,102a6,6,0,1,1-6-6A6,6,0,0,1,306,102Z"/>
+      <path class="cls-12" d="M82,32a6,6,0,1,1-6-6A6,6,0,0,1,82,32Z"/>
+      <path class="cls-12" d="M129.68,99.5a21.07,21.07,0,0,1-6.31,15.06L93.43,84.63A21.17,21.17,0,0,1,129.68,99.5Z"/>
+    </g>
+    <path class="cls-13" d="M141.56,52.81v5.13H139.1V53a14.83,14.83,0,0,1-8.18-2V46.86a11.08,11.08,0,0,0,3.75,2,13.69,13.69,0,0,0,4.43.82V37.59q-5.2-2.5-6.74-4.62a8.27,8.27,0,0,1-1.54-5,8.36,8.36,0,0,1,2.34-5.92,9.69,9.69,0,0,1,5.93-3V14.81h2.46V19q4.63.14,6.4,1.32v4a10.74,10.74,0,0,0-6.4-2V34.76q4.92,2.34,6.72,4.53a7.59,7.59,0,0,1,1.81,5,7.7,7.7,0,0,1-2.26,5.64A11,11,0,0,1,141.56,52.81ZM139.1,33.43v-11A5.39,5.39,0,0,0,136,24.18a4.91,4.91,0,0,0-1.16,3.3,5.52,5.52,0,0,0,.95,3.33A10.17,10.17,0,0,0,139.1,33.43Zm2.46,5.39V49.5q4.56-1,4.56-4.92Q146.12,41.32,141.56,38.82Z"/>
+    <path class="cls-14" d="M108.84,112.07v3.59h-2v-3.46a11.2,11.2,0,0,1-6-1.42v-3.69a8.23,8.23,0,0,0,2.74,1.47,10,10,0,0,0,3.23.6V101.8q-3.9-1.8-5.05-3.33a5.81,5.81,0,0,1-1.15-3.61,5.89,5.89,0,0,1,1.75-4.26,7.41,7.41,0,0,1,4.45-2.16v-3h2v2.91a10.35,10.35,0,0,1,4.8.93v3.54a8.42,8.42,0,0,0-4.8-1.42v7.63a14.79,14.79,0,0,1,5,3.28,5.64,5.64,0,0,1-.33,7.66A8.16,8.16,0,0,1,108.84,112.07Zm-2-14v-6.6a3.47,3.47,0,0,0-2,1.06,2.84,2.84,0,0,0-.73,2,3.2,3.2,0,0,0,.6,2A6.41,6.41,0,0,0,106.8,98.11Zm2,4.58v6.37q2.81-.59,2.81-2.93Q111.65,104.18,108.84,102.69Z"/>
+    <g>
+      <rect class="cls-7" x="244.38" y="71.99" width="43.92" height="3.99" transform="translate(25.69 210) rotate(-45)"/>
+      <path class="cls-15" d="M286.45,53.49l-.94-.94a5.34,5.34,0,0,0-7.53,0l-31,31-4.24,12.71L255.45,92l31-31A5.34,5.34,0,0,0,286.45,53.49Z"/>
+      <polygon class="cls-16" points="255.3 91.25 255.1 91.44 243.8 95.2 247.56 83.9 247.76 83.72 255.3 91.25"/>
+      <path class="cls-16" d="M287.33,57.26a4.63,4.63,0,0,1-1.36,3.3l-3.1,3.1-7.53-7.53,3.1-3.1A4.68,4.68,0,0,1,285,53L286,54A4.6,4.6,0,0,1,287.33,57.26Z"/>
+      <path class="cls-8" d="M286.45,53.49l-.94-.94a5.34,5.34,0,0,0-7.53,0l-31,31-4.24,12.71L255.45,92l31-31A5.34,5.34,0,0,0,286.45,53.49Z"/>
+      <line class="cls-8" x1="247.7" y1="83.14" x2="255.55" y2="91"/>
+    </g>
+    <path class="cls-17" d="M296.51,88.75a.9.9,0,0,0,.86.54l1.82-.19a.9.9,0,0,0,.68-1l-.06-2.25c-.11-.6,0-1.15,1.72-2.15a1.57,1.57,0,0,1,1.55.09L305.24,85a1.06,1.06,0,0,0,1-.18l1.25-1.58a.94.94,0,0,0-.31-1.12l-1.7-1.63a1.14,1.14,0,0,1-.33-1.4s.49-2.27,1.44-2.44l2.09-.49a1.12,1.12,0,0,0,.68-1l-.34-2a.69.69,0,0,0-.81-.55h-.05l-2.26.07c-.6.09-1.88-1.49-2.15-1.76a2.25,2.25,0,0,1,0-1.69l1.21-1.86a1,1,0,0,0-.18-1.26l-1.58-.94a.9.9,0,0,0-1.13,0l-1.48,1.86c-.37.45-1.08.88-2.68.23,0,0-1.18-.69-1.32-1.25l-.46-2.36a.9.9,0,0,0-.86-.54l-2,.34a.69.69,0,0,0-.51.84v0l-.07,2.39c0,.84-1.36,1.73-1.64,2a1.48,1.48,0,0,1-1.69,0l-2-1.34a1.1,1.1,0,0,0-1.12.31L285,69.37a1.24,1.24,0,0,0,.31,1.12L287,72.13c1,.76.41,1.87.21,2.67-.09.43-.26.86-1.24,1l-2.24.63a.9.9,0,0,0-.54.86l.34,2a.9.9,0,0,0,.72.68l2.39-.2c.84,0,1.14.24,1.29.67a12.6,12.6,0,0,1,.73,1.25,1.26,1.26,0,0,1,.18,1.51l-1.34,2a1.09,1.09,0,0,0,.31,1.11l1.44,1.09a.9.9,0,0,0,1.13,0l1.5-1.87a1.43,1.43,0,0,1,1.53-.45l1.28.38c.56,0,.86.26,1.15,1.09l.62,2.23m4.57-13.22A5,5,0,0,1,297,81a4.6,4.6,0,0,1-5.4-3.63q0-.22-.06-.44a4.72,4.72,0,0,1,3.93-5.32,4.79,4.79,0,0,1,5.6,3.8l0,.12"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management- install-4.svg b/bcs/images/bcs-partner-advanced-management- install-4.svg
new file mode 100644
index 0000000000..24f2df79ca
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management- install-4.svg	
@@ -0,0 +1,62 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+      }
+
+      .cls-2 {
+        fill: #556a8a;
+      }
+
+      .cls-3 {
+        fill: #adbdca;
+      }
+
+      .cls-4 {
+        fill: #fff;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-6 {
+        fill: none;
+        stroke: #556a8a;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-7 {
+        fill: #0078d7;
+      }
+
+      .cls-8 {
+        fill: #2bc7f4;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management- install-4</title>
+  <g>
+    <path class="cls-1" d="M325.08,70.39a36.68,36.68,0,0,0-72.4-1.15,25,25,0,0,0-40.09,12.69,21.82,21.82,0,1,0-5.18,43H330.17C342.63,122.41,352,110.85,352,97.66A27.27,27.27,0,0,0,325.08,70.39Z"/>
+    <polygon class="cls-2" points="209.75 129 92.75 129 100.07 121 202.9 121 209.75 129"/>
+    <polygon class="cls-3" points="198.75 127 103.75 127 107.09 123 195.51 123 198.75 127"/>
+    <polygon class="cls-2" points="174 109 122 109 116 115 180 115 174 109"/>
+    <polygon class="cls-2" points="153.25 114 146.25 114 147.65 100 151.85 100 153.25 114"/>
+    <rect class="cls-4" x="74" y="20" width="151" height="82" rx="4" ry="4"/>
+    <path class="cls-5" d="M226.25,24V36h-151V24a4,4,0,0,1,4-4h143A4,4,0,0,1,226.25,24Z"/>
+    <rect class="cls-6" x="74" y="20" width="151" height="82" rx="4" ry="4" transform="translate(299 122) rotate(180)"/>
+  </g>
+  <g>
+    <rect class="cls-2" x="129" y="89" width="40" height="2"/>
+    <polygon class="cls-2" points="167.6 63.38 149.99 81.17 149.99 37 148.01 37 148.01 81.17 130.4 63.38 129 64.79 149 85 169 64.79 167.6 63.38"/>
+  </g>
+  <g>
+    <polygon class="cls-7" points="283 88 314 88 314 61.16 283 65.5 283 88"/>
+    <polygon class="cls-7" points="281 88 281 65.85 256 69.14 256 88 281 88"/>
+    <polygon class="cls-7" points="281 90 256 90 256 109.42 281 112.7 281 90"/>
+    <polygon class="cls-7" points="283 90 283 113.2 314 117.55 314 90 283 90"/>
+  </g>
+  <path class="cls-8" d="M93.29,69.07a2.13,2.13,0,0,0,2.31.85l4.25-1.36A2.28,2.28,0,0,0,101,65.84l-1.28-5.3a3.16,3.16,0,0,1,1.21-3.74c.51-.82,1.43-1.39,1.94-2.21a3.83,3.83,0,0,1,3.74-.54l5.7,1.82a2.58,2.58,0,0,0,2.24-.88l2.13-4.37c.26-.41,0-1.7-1.29-2.5l-4.93-3A2.79,2.79,0,0,1,109,41.91l-.39-.41a3.71,3.71,0,0,0,.46-2.57c-.32-1.33,0-2.82,2.28-3.71L116.07,33a2.7,2.7,0,0,0,1.11-2.72l-1.7-4.51a1.7,1.7,0,0,0-2.24-.89l-.08,0-5.3,1.34a3.26,3.26,0,0,1-3.79-1.21c-.82-.51-1.39-1.43-2.21-1.94a5.47,5.47,0,0,1-1-4l2-5.1a2.47,2.47,0,0,0-1-2.92L97.63,9.69a2.07,2.07,0,0,0-2.67.63L92.32,15.5a3.49,3.49,0,0,1-3.4,1.87,10.58,10.58,0,0,0-2.82,0l-.41-.26a3.6,3.6,0,0,1-3.33-2L80,9.72a2.13,2.13,0,0,0-2.31-.85l-4.51,1.7a1.7,1.7,0,0,0-.89,2.24l0,.08,1,5.73c.48,2,0,2.82-1,3.4-.51.82-1.43,1.39-1.94,2.21a3.59,3.59,0,0,1-4,.94L61,22.93a2.65,2.65,0,0,0-2.43,1.36l-2.21,4.37a3,3,0,0,0,1.29,2.5l4.93,3c1.7,1,2.21,1.94,1.45,3.18a23.31,23.31,0,0,0,.37,3.08c-.09,1-.19,2.14-2.43,3l-5,2.58a2.13,2.13,0,0,0-.87,2.31l1.7,4.51a2.18,2.18,0,0,0,2.06,1.28l5.58-1.7c2-.48,2.82,0,3.4,1A30.6,30.6,0,0,1,71.17,56a3.06,3.06,0,0,1,1.19,3.59L70.13,65a2.65,2.65,0,0,0,1.29,2.5l4,1.87a2.07,2.07,0,0,0,2.67-.63l2.7-5.19a3.4,3.4,0,0,1,3.4-1.87l3.23.29c1.33-.31,2.16.19,3.28,2l2.58,5m4.4-33.65a12,12,0,0,1-7,15,11.17,11.17,0,0,1-15.11-7,11.48,11.48,0,0,1,6.8-14.59,11.63,11.63,0,0,1,15.19,6.29l.11.27"/>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management- management-4_placeholder.svg b/bcs/images/bcs-partner-advanced-management- management-4_placeholder.svg
new file mode 100644
index 0000000000..81370d6388
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management- management-4_placeholder.svg	
@@ -0,0 +1,39 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-3, .cls-4 {
+        fill: #fff;
+      }
+
+      .cls-1 {
+        stroke: #505c6d;
+      }
+
+      .cls-1, .cls-4 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-2 {
+        fill: #00bcf2;
+      }
+
+      .cls-4 {
+        stroke: #556a8a;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management- management-4</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M225.61,52.71v-.66a26.61,26.61,0,0,0-.86-6.61,23.92,23.92,0,0,0-39.32-17c-5.82-7.33-13.24-11-23.17-11-17.51,0-30.71,15.28-31,32.49,0,1.19.3,2.08.3,3.26C122.34,57.69,117,65.4,117,75.2c0,14,11,25.21,25.6,26,1.34,9.72,10.05,18.74,25,18.74,12.59,0,20.1,1,29.28-9.32a30.94,30.94,0,0,0,14.64,4c17.64,0,31.94-15.63,31.94-33.27A31.94,31.94,0,0,0,225.61,52.71Z"/>
+    <path class="cls-2" d="M205,72.06h-7V45.44l4-5.16-4-12.14h-5.32l-4,12L193,45.44V72.06h-7v6.66h4c0,2.49-2.66,5.51-4,5.61V99.81c0,4.11,2.6,8.19,5.32,8.19h8c2.72,0,5.69-4.7,5.69-8.81v-15c-1.33,0-4.36-3-4.36-5.51H205Z"/>
+    <rect class="cls-3" x="192" y="82" width="2" height="23"/>
+    <rect class="cls-3" x="197" y="82" width="2" height="23"/>
+    <path class="cls-4" d="M178.48,42.77c0-6.45-4.48-12-9.48-14.52V38.78l-6.5,5.32L156,38.78V28.25c-6,2.52-9.32,8.08-9.32,14.52s3.32,12,9.32,14.51V104a4.74,4.74,0,0,0,4.92,5h1.33c2.93,0,5.75-2.07,5.75-5V57.82A16.09,16.09,0,0,0,178.48,42.77Z"/>
+    <rect class="cls-5" x="157" y="96" width="10" height="7"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management- reports-9.svg b/bcs/images/bcs-partner-advanced-management- reports-9.svg
new file mode 100644
index 0000000000..f34b2f595e
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management- reports-9.svg	
@@ -0,0 +1,106 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-10, .cls-11, .cls-3 {
+        fill: #fff;
+      }
+
+      .cls-1 {
+        stroke: #d1d3d4;
+      }
+
+      .cls-1, .cls-10, .cls-11, .cls-2, .cls-5, .cls-9 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-2, .cls-5, .cls-9 {
+        fill: none;
+      }
+
+      .cls-2 {
+        stroke: #2ac7f4;
+      }
+
+      .cls-4 {
+        fill: #e5e5e5;
+      }
+
+      .cls-5 {
+        stroke: #556a8a;
+      }
+
+      .cls-6 {
+        fill: #414042;
+      }
+
+      .cls-7 {
+        fill: #2bc7f4;
+      }
+
+      .cls-8 {
+        fill: #55d2f6;
+      }
+
+      .cls-9 {
+        stroke: #c0b0ff;
+      }
+
+      .cls-10 {
+        stroke: #00bcf2;
+      }
+
+      .cls-11 {
+        stroke: #b4a0ff;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management- reports-9</title>
+  <g id="ICONS">
+    <g>
+      <line class="cls-1" x1="154" y1="122" x2="154" y2="27"/>
+      <line class="cls-1" x1="172" y1="122" x2="172" y2="27"/>
+      <line class="cls-1" x1="190" y1="122" x2="190" y2="27"/>
+      <line class="cls-1" x1="208" y1="122" x2="208" y2="27"/>
+      <line class="cls-1" x1="226" y1="122" x2="226" y2="27"/>
+      <line class="cls-1" x1="244" y1="122" x2="244" y2="27"/>
+      <line class="cls-1" x1="262" y1="122" x2="262" y2="27"/>
+      <line class="cls-1" x1="280" y1="122" x2="280" y2="27"/>
+      <line class="cls-1" x1="298" y1="122" x2="298" y2="27"/>
+      <line class="cls-1" x1="316" y1="122" x2="316" y2="27"/>
+      <line class="cls-1" x1="334" y1="122" x2="334" y2="27"/>
+    </g>
+    <polyline class="cls-2" points="244 88 244 121 222 121 207 40 194 121 172 121 172 69"/>
+    <rect class="cls-3" x="71" y="27" width="76" height="95" rx="2" ry="2"/>
+    <rect class="cls-4" x="71" y="28" width="13" height="93"/>
+    <rect class="cls-5" x="71" y="27" width="76" height="95" rx="2" ry="2"/>
+    <g>
+      <rect class="cls-6" x="65" y="39" width="10" height="4"/>
+      <rect class="cls-7" x="70" y="39" width="5" height="4"/>
+    </g>
+    <g>
+      <rect class="cls-6" x="65" y="55" width="10" height="4"/>
+      <rect class="cls-7" x="70" y="55" width="5" height="4"/>
+    </g>
+    <g>
+      <rect class="cls-6" x="65" y="71" width="10" height="4"/>
+      <rect class="cls-7" x="70" y="71" width="5" height="4"/>
+    </g>
+    <g>
+      <rect class="cls-6" x="65" y="87" width="10" height="4"/>
+      <rect class="cls-7" x="70" y="87" width="5" height="4"/>
+    </g>
+    <g>
+      <rect class="cls-6" x="65" y="103" width="10" height="4"/>
+      <rect class="cls-7" x="70" y="103" width="5" height="4"/>
+    </g>
+    <rect class="cls-8" x="92" y="39" width="42" height="13"/>
+    <polyline class="cls-9" points="245 121 262 121 280 57 298 121 335 121"/>
+    <circle class="cls-10" cx="244" cy="87" r="6"/>
+    <circle class="cls-11" cx="280" cy="58" r="6"/>
+    <circle class="cls-10" cx="207" cy="40" r="6"/>
+    <circle class="cls-10" cx="172" cy="63" r="6"/>
+    <line class="cls-2" x1="148" y1="121" x2="240" y2="121"/>
+    <line class="cls-9" x1="260" y1="121" x2="317" y2="121"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-add-domain-2.svg b/bcs/images/bcs-partner-advanced-management-add-domain-2.svg
new file mode 100644
index 0000000000..2fab39dd10
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-add-domain-2.svg
@@ -0,0 +1,75 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+      }
+
+      .cls-10, .cls-2, .cls-4, .cls-9 {
+        fill: #fff;
+      }
+
+      .cls-2 {
+        stroke: #bad80a;
+      }
+
+      .cls-10, .cls-2, .cls-3, .cls-6, .cls-9 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-3, .cls-6, .cls-7 {
+        fill: none;
+      }
+
+      .cls-3, .cls-6, .cls-9 {
+        stroke: #556a8a;
+      }
+
+      .cls-3 {
+        stroke-dasharray: 3 3;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-8 {
+        fill: #556a8a;
+      }
+
+      .cls-10 {
+        stroke: #7750a3;
+      }
+
+      .cls-11 {
+        fill: #008272;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-add-domain-</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M275.1,62.53C272.35,41.87,256,26,236.15,26c-19.39,0-35.49,15.19-38.75,35.19a25.49,25.49,0,0,0-17.16-6.74c-12.39,0-22.79,9.12-25.86,21.5a21.69,21.69,0,0,0-5.56-.75c-12.94,0-23.43,11.37-23.43,25.4S135.87,126,148.81,126H280.57C293.94,123.06,304,109.61,304,94.25,304,76.86,291.1,62.76,275.1,62.53Z"/>
+    <path class="cls-2" d="M157.6,42.44v-.5a20,20,0,0,0-.65-5,18,18,0,0,0-29.54-12.77C123,18.71,117.46,16,110,16,96.85,16,86.92,27.46,86.7,40.39c0,.89.22,1.56.22,2.45C80,46.18,76,52,76,59.34c0,10.52,8.27,18.94,19.23,19.56C96.24,86.2,102.79,93,114,93c9.46,0,15.1.76,22-7a23.25,23.25,0,0,0,11,3c13.25,0,24-11.75,24-25A24,24,0,0,0,157.6,42.44Z"/>
+    <line class="cls-3" x1="219" y1="44" x2="263" y2="29"/>
+    <line class="cls-3" x1="219" y1="96" x2="263" y2="111"/>
+    <g>
+      <g>
+        <circle class="cls-4" cx="184.79" cy="70" r="49.64"/>
+        <path class="cls-5" d="M184.36,120c-27,0-49.14-21.51-49.35-47.94V70.63h98.72v1.43C233.5,98.49,211.36,120,184.36,120Z"/>
+        <circle class="cls-6" cx="184.79" cy="70" r="49.64"/>
+        <ellipse class="cls-6" cx="184.79" cy="70" rx="21.84" ry="49.64"/>
+        <line class="cls-6" x1="135" y1="71" x2="235" y2="71"/>
+        <rect class="cls-7" x="135.72" y="20.36" width="99.28" height="99.28"/>
+      </g>
+      <path class="cls-6" d="M226.18,41.78c-9.36,4.12-24.25,6.78-41,6.78s-31.67-2.66-41-6.78"/>
+      <path class="cls-6" d="M226.18,98.56c-9.36-4.12-24.25-6.78-41-6.78s-31.67,2.66-41,6.78"/>
+    </g>
+    <path class="cls-8" d="M116.32,61.92a11.79,11.79,0,0,1-.45-1.88,13.67,13.67,0,0,1-.2-2.3,7.14,7.14,0,0,1,.71-3.21,13.29,13.29,0,0,1,1.77-2.69,26.79,26.79,0,0,1,2.31-2.41q1.25-1.16,2.31-2.34a13.35,13.35,0,0,0,1.77-2.48,5.83,5.83,0,0,0,.71-2.85,5.23,5.23,0,0,0-.51-2.37,5,5,0,0,0-1.41-1.73,6.19,6.19,0,0,0-2.06-1,8.64,8.64,0,0,0-2.48-.35,10.79,10.79,0,0,0-8.15,3.7v-4.9a16.37,16.37,0,0,1,8.82-2.67,13.86,13.86,0,0,1,4,.56,9.81,9.81,0,0,1,3.27,1.66,7.8,7.8,0,0,1,2.21,2.74,8.54,8.54,0,0,1,.81,3.81,8.9,8.9,0,0,1-.72,3.67,13.32,13.32,0,0,1-1.82,3,23.56,23.56,0,0,1-2.38,2.52q-1.28,1.17-2.38,2.32a12.74,12.74,0,0,0-1.82,2.41,5.41,5.41,0,0,0-.72,2.76,8.24,8.24,0,0,0,.31,2.32,16.57,16.57,0,0,0,.61,1.77Zm2.5,11.58a3.07,3.07,0,0,1-2.17-.89,2.91,2.91,0,0,1-.92-2.17,2.85,2.85,0,0,1,.92-2.17,3,3,0,0,1,4.34,0,2.86,2.86,0,0,1,.92,2.17,2.91,2.91,0,0,1-.92,2.17A3.08,3.08,0,0,1,118.83,73.5Z"/>
+    <rect class="cls-9" x="285" y="54" width="28" height="28"/>
+    <rect class="cls-10" x="255" y="18" width="28" height="28"/>
+    <rect class="cls-10" x="255" y="90" width="28" height="28"/>
+    <line class="cls-3" x1="238" y1="70" x2="282" y2="70"/>
+    <polygon class="cls-11" points="308 66 301 66 301 59 297 59 297 66 290 66 290 70 297 70 297 77 301 77 301 70 308 70 308 66"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-add-user-1.svg b/bcs/images/bcs-partner-advanced-management-add-user-1.svg
new file mode 100644
index 0000000000..30bebd62f4
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-add-user-1.svg
@@ -0,0 +1,69 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-2 {
+        fill: #fff;
+      }
+
+      .cls-1 {
+        stroke: #bad80a;
+      }
+
+      .cls-1, .cls-2, .cls-3, .cls-4 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-1, .cls-6, .cls-7 {
+        fill-rule: evenodd;
+      }
+
+      .cls-2, .cls-4 {
+        stroke: #556a8a;
+      }
+
+      .cls-3 {
+        fill: none;
+        stroke: #a7a9ac;
+      }
+
+      .cls-4 {
+        fill: #80def9;
+      }
+
+      .cls-5 {
+        fill: #00b294;
+      }
+
+      .cls-6 {
+        fill: #00bcf2;
+      }
+
+      .cls-7 {
+        fill: #9273b6;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-add-user-1</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M288,58.5A39.49,39.49,0,1,1,248.5,19,39.3,39.3,0,0,1,288,58.5Z"/>
+    <rect class="cls-2" x="130" y="30" width="117" height="73"/>
+    <rect class="cls-2" x="138" y="38" width="117" height="73"/>
+    <rect class="cls-2" x="146" y="46" width="117" height="73"/>
+    <line class="cls-3" x1="213" y1="71" x2="251" y2="71"/>
+    <line class="cls-3" x1="213" y1="79" x2="251" y2="79"/>
+    <line class="cls-3" x1="213" y1="87" x2="251" y2="87"/>
+    <g>
+      <circle class="cls-4" cx="182.5" cy="71" r="15"/>
+      <path class="cls-4" d="M159,110a23.51,23.51,0,1,1,47,0"/>
+    </g>
+    <circle class="cls-2" cx="133" cy="46" r="24"/>
+    <polygon class="cls-5" points="150 42 136 42 136 28 129 28 129 42 115 42 115 49 129 49 129 63 136 63 136 49 150 49 150 42"/>
+    <g>
+      <path class="cls-6" d="M112,73a12,12,0,1,1-12-12A11.94,11.94,0,0,1,112,73Z"/>
+      <path class="cls-6" d="M300,80a12,12,0,1,1-12-12A11.94,11.94,0,0,1,300,80Z"/>
+      <path class="cls-7" d="M281,102a6,6,0,1,1-6-6A6,6,0,0,1,281,102Z"/>
+      <path class="cls-7" d="M92,44a6,6,0,1,1-6-6A6,6,0,0,1,92,44Z"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-auto-pilot-3.svg b/bcs/images/bcs-partner-advanced-management-auto-pilot-3.svg
new file mode 100644
index 0000000000..bd992b7c7f
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-auto-pilot-3.svg
@@ -0,0 +1,88 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #556a8a;
+      }
+
+      .cls-2 {
+        fill: #adbdca;
+      }
+
+      .cls-3, .cls-6 {
+        fill: #fff;
+      }
+
+      .cls-10, .cls-4 {
+        fill: #e5e5e5;
+      }
+
+      .cls-12, .cls-5 {
+        fill: none;
+      }
+
+      .cls-10, .cls-5, .cls-6 {
+        stroke: #556a8a;
+      }
+
+      .cls-10, .cls-12, .cls-5, .cls-6 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-7 {
+        fill: #0078d7;
+      }
+
+      .cls-8 {
+        fill: #ffb900;
+      }
+
+      .cls-9 {
+        fill: #ffc52b;
+      }
+
+      .cls-11 {
+        fill: #2bc7f4;
+      }
+
+      .cls-12 {
+        stroke: #fff;
+        fill-rule: evenodd;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-auto-pilot-3</title>
+  <g id="ICONS">
+    <g>
+      <polygon class="cls-1" points="257.5 129 140.5 129 147.82 121 250.65 121 257.5 129"/>
+      <polygon class="cls-2" points="246.5 127 151.5 127 154.84 123 243.26 123 246.5 127"/>
+      <polygon class="cls-1" points="224.5 110 172.5 110 166.5 115 230.5 115 224.5 110"/>
+      <polygon class="cls-1" points="202 114 195 114 196.4 100 200.6 100 202 114"/>
+      <rect class="cls-3" x="123.5" y="20" width="151" height="82" rx="4" ry="4"/>
+      <path class="cls-4" d="M274,24V36H123V24a4,4,0,0,1,4-4H270A4,4,0,0,1,274,24Z"/>
+      <rect class="cls-5" x="123" y="20" width="151" height="82" rx="4" ry="4" transform="translate(397 122) rotate(180)"/>
+    </g>
+    <g>
+      <rect class="cls-6" x="100" y="51" width="36" height="68" rx="4" ry="4"/>
+      <rect class="cls-4" x="103" y="60" width="30" height="49"/>
+      <path class="cls-1" d="M122.19,57h-8.38a1,1,0,0,1,0-2h8.38a1,1,0,0,1,0,2Z"/>
+      <circle class="cls-1" cx="106.5" cy="113.5" r="1.5"/>
+      <circle class="cls-1" cx="130.5" cy="113.5" r="1.5"/>
+      <rect class="cls-1" x="113" y="113" width="10" height="2" rx="1" ry="1"/>
+    </g>
+    <g>
+      <polygon class="cls-7" points="117 82 117 74.47 108 75.55 108 82 117 82"/>
+      <polygon class="cls-7" points="118 82 128 82 128 72.94 118 74.35 118 82"/>
+      <polygon class="cls-7" points="118 83 118 91.43 128 92.91 128 83 118 83"/>
+      <polygon class="cls-7" points="117 83 108 83 108 90.14 117 91.3 117 83"/>
+    </g>
+    <g>
+      <path class="cls-8" d="M278.2,39l15.4-26h-19l-25,38h17.6L251,80.65l11.65-10.31L298,39Z"/>
+      <path class="cls-9" d="M298,39H278.2l15.4-26h-13l-25,38h17.6L262.62,70.34Z"/>
+    </g>
+    <path class="cls-10" d="M171.11,66.47l4.47.67a17.31,17.31,0,0,0,.46,3l-3.69,2.38a1.17,1.17,0,0,0-.66,1.59l1.11,2.73a1,1,0,0,0,1.43.49l4.49-.94,1.42,2.42-2.58,3.5a1.19,1.19,0,0,0,0,1.6l2.22,2.26a1.44,1.44,0,0,0,1.6,0l3.53-2.53c.8.48,1.76,1.12,2.55,1.61l-1,4.47a1.1,1.1,0,0,0,.62,1.29l2.72,1.13a1,1,0,0,0,1.45-.46l2.43-4a9.35,9.35,0,0,0,2.87.67l.61,4.48A1.1,1.1,0,0,0,198.28,94l3-.15c.48.16,1-.32,1.12-.79l.84-4.64a9.64,9.64,0,0,0,2.88-.61l2.38,4a1.59,1.59,0,0,0,1.43.49L212.86,91a1.09,1.09,0,0,0,.65-1.27l-1.1-4.34A5.66,5.66,0,0,0,213,85c.13-.09.27-.19.4-.3.47-.35.94-.74,1.4-1l3.66,2.74a1,1,0,0,0,1.44-.15L221.27,85l.75-.75,0,0a1,1,0,0,0,.14-1.41l-2.69-3.7a13.13,13.13,0,0,0,1.78-2.71l4.46,1.3a1.42,1.42,0,0,0,1.46-.78l1.13-2.72a1.39,1.39,0,0,0-.62-1.6l-3.83-2.27c.33-1,.33-1.92.66-2.87l4.48-.61a1.42,1.42,0,0,0,1-1.28V62.67a1.36,1.36,0,0,0-.93-1.29l-4.65-.51a18.27,18.27,0,0,0-.61-3.21l4-2.37a1,1,0,0,0,.5-1.44l-1.11-2.72a1.49,1.49,0,0,0-1.43-.81l-4.5,1.25c-.47-.8-.94-1.61-1.42-2.41l2.75-3.66a1.48,1.48,0,0,0-.16-1.44l-2.22-2.26a1.2,1.2,0,0,0-1.43-.17l-3.7,2.71c-.8-.5-1.75-1.14-2.55-1.62l1-4.48a1.07,1.07,0,0,0-.62-1.28L210,35.66a1.38,1.38,0,0,0-1.45.47L206.33,40c-1,0-1.92-.33-2.88-.35L203,35a1.4,1.4,0,0,0-1.28-1l-3-.18a1.87,1.87,0,0,0-1.12,1.1l-.68,4.49c-1.12.15-2.08.47-3.2.61l-2.21-3.85A1.11,1.11,0,0,0,190,35.7l-2.72,1.11a1.3,1.3,0,0,0-.82,1.43l1.1,4.33a10.34,10.34,0,0,0-2.41,1.75l-3.67-2.75a1.07,1.07,0,0,0-1.61,0L178,43.47l-.17.16a1.09,1.09,0,0,0,0,1.6l2.69,3.7a7.16,7.16,0,0,0-1.37,1.85L179,51c-.1.2-.2.41-.29.63l-4.47-1.3A1.09,1.09,0,0,0,173,51l-1.3,2.88a1.63,1.63,0,0,0,.47,1.45l4,2.42a7.93,7.93,0,0,0-.51,2.72l-4.65.76c-.47.17-1,.64-1,1l0,3.2A1.08,1.08,0,0,0,171.11,66.47Z"/>
+    <path class="cls-11" d="M186.16,58.14A15,15,0,1,1,185,64,14.82,14.82,0,0,1,186.16,58.14Z"/>
+    <polyline class="cls-12" points="189.24 64.1 196.99 71.85 211.24 57.6"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-faq-2.svg b/bcs/images/bcs-partner-advanced-management-faq-2.svg
new file mode 100644
index 0000000000..a89de48058
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-faq-2.svg
@@ -0,0 +1,88 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-2 {
+        fill: #fff;
+      }
+
+      .cls-1, .cls-4 {
+        stroke: #556a8a;
+        stroke-linecap: round;
+        stroke-linejoin: round;
+      }
+
+      .cls-1, .cls-10, .cls-4, .cls-6, .cls-7 {
+        stroke-width: 2px;
+      }
+
+      .cls-3 {
+        fill: #556a8a;
+      }
+
+      .cls-10, .cls-4, .cls-6 {
+        fill: none;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-6 {
+        stroke: #bcbec0;
+      }
+
+      .cls-10, .cls-6, .cls-7 {
+        stroke-miterlimit: 10;
+      }
+
+      .cls-7 {
+        fill: #2bc7f4;
+        stroke: #00bcf2;
+      }
+
+      .cls-8 {
+        fill: #d1e55c;
+      }
+
+      .cls-9 {
+        fill: #ddec85;
+      }
+
+      .cls-10 {
+        stroke: #bad80a;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-faq-2</title>
+  <g>
+    <g>
+      <rect class="cls-1" x="126" y="26" width="124" height="97"/>
+      <path class="cls-2" d="M188,121a13.75,13.75,0,0,0-9-4H137V20h43c7,0,8,10,8,10s1-10,8-10h43v97H197a13.75,13.75,0,0,0-9,4"/>
+      <rect class="cls-3" x="187" y="27" width="2" height="93.32"/>
+      <path class="cls-4" d="M188,121a13.75,13.75,0,0,0-9-4H137V20h43c7,0,8,10,8,10s1-10,8-10h43v97H197a13.75,13.75,0,0,0-9,4"/>
+      <rect class="cls-5" x="138" y="21" width="15" height="95"/>
+    </g>
+    <rect class="cls-5" x="223" y="21" width="15" height="95"/>
+  </g>
+  <g>
+    <line class="cls-6" x1="158" y1="38" x2="180" y2="38"/>
+    <line class="cls-6" x1="158" y1="53" x2="180" y2="53"/>
+    <line class="cls-6" x1="158" y1="68" x2="180" y2="68"/>
+    <line class="cls-6" x1="158" y1="83" x2="180" y2="83"/>
+    <line class="cls-6" x1="158" y1="99" x2="180" y2="99"/>
+  </g>
+  <circle class="cls-7" cx="250.88" cy="67" r="33"/>
+  <path class="cls-2" d="M248.77,75.8a12.58,12.58,0,0,1-.46-1.94,14.23,14.23,0,0,1-.2-2.38,7.4,7.4,0,0,1,.73-3.33,13.76,13.76,0,0,1,1.83-2.78,27.64,27.64,0,0,1,2.39-2.49q1.3-1.2,2.39-2.42a13.8,13.8,0,0,0,1.83-2.56,6,6,0,0,0,.73-3,5.4,5.4,0,0,0-.53-2.45A5.17,5.17,0,0,0,256,50.71a6.39,6.39,0,0,0-2.13-1.08,9,9,0,0,0-2.56-.36,11.18,11.18,0,0,0-8.44,3.83V48A17,17,0,0,1,252,45.26a14.35,14.35,0,0,1,4.12.58,10.16,10.16,0,0,1,3.39,1.71,8.07,8.07,0,0,1,2.29,2.84,8.85,8.85,0,0,1,.84,3.95,9.2,9.2,0,0,1-.75,3.8A13.7,13.7,0,0,1,260,61.21a24.4,24.4,0,0,1-2.46,2.61q-1.33,1.21-2.46,2.41a13.13,13.13,0,0,0-1.89,2.49,5.59,5.59,0,0,0-.75,2.85,8.51,8.51,0,0,0,.32,2.41,17.19,17.19,0,0,0,.63,1.83Zm2.59,12a3.19,3.19,0,0,1-2.25-.92,3,3,0,0,1-1-2.25,3,3,0,0,1,1-2.25,3.13,3.13,0,0,1,4.49,0,3,3,0,0,1,1,2.25,3,3,0,0,1-1,2.25A3.19,3.19,0,0,1,251.37,87.79Z"/>
+  <g>
+    <circle class="cls-1" cx="286" cy="87.27" r="17"/>
+    <path class="cls-3" d="M284.58,91.83a5.88,5.88,0,0,1-.22-.92,6.7,6.7,0,0,1-.1-1.13,3.51,3.51,0,0,1,.35-1.58,6.51,6.51,0,0,1,.87-1.32,13,13,0,0,1,1.13-1.18q.62-.57,1.13-1.15a6.6,6.6,0,0,0,.87-1.22,2.87,2.87,0,0,0,.35-1.4,2.56,2.56,0,0,0-.25-1.16,2.46,2.46,0,0,0-.69-.85,3,3,0,0,0-1-.51,4.24,4.24,0,0,0-1.22-.17,5.3,5.3,0,0,0-4,1.82V78.65a8,8,0,0,1,4.33-1.31,6.8,6.8,0,0,1,2,.27,4.81,4.81,0,0,1,1.61.81,3.84,3.84,0,0,1,1.09,1.35,4.21,4.21,0,0,1,.4,1.87,4.38,4.38,0,0,1-.36,1.8,6.53,6.53,0,0,1-.9,1.46,11.58,11.58,0,0,1-1.17,1.24q-.63.57-1.17,1.14a6.22,6.22,0,0,0-.9,1.18,2.65,2.65,0,0,0-.36,1.35,4,4,0,0,0,.15,1.14,8,8,0,0,0,.3.87Zm1.23,5.69a1.51,1.51,0,0,1-1.07-.44,1.43,1.43,0,0,1-.45-1.07,1.4,1.4,0,0,1,.45-1.07,1.49,1.49,0,0,1,2.13,0,1.4,1.4,0,0,1,.45,1.07,1.43,1.43,0,0,1-.45,1.07A1.51,1.51,0,0,1,285.81,97.51Z"/>
+  </g>
+  <g>
+    <path class="cls-8" d="M130.93,81.12H93.44c-2.78,0-4.44-2.41-4.44-5V39.22c0-2.6,1.7-4.22,4.44-4.22h51c2.73,0,5.55,1.58,5.55,4.22v36.9c0,2.61-2.8,5-5.55,5H141V92Z"/>
+    <g>
+      <path class="cls-9" d="M89,38.94V71l36-36H92.94A3.61,3.61,0,0,0,89,38.94Z"/>
+      <path class="cls-10" d="M130.93,81.12H93.44c-2.78,0-4.44-2.41-4.44-5V39.22c0-2.6,1.7-4.22,4.44-4.22h51c2.73,0,5.55,1.58,5.55,4.22v36.9c0,2.61-2.8,5-5.55,5H141V92Z"/>
+    </g>
+    <path class="cls-3" d="M116.2,64.45a9.18,9.18,0,0,1-.34-1.45,10.6,10.6,0,0,1-.15-1.77,5.52,5.52,0,0,1,.55-2.48,10.25,10.25,0,0,1,1.36-2.07,20.67,20.67,0,0,1,1.78-1.86q1-.89,1.78-1.8a10.31,10.31,0,0,0,1.36-1.91,4.5,4.5,0,0,0,.55-2.2,4,4,0,0,0-.4-1.83,3.87,3.87,0,0,0-1.08-1.33,4.77,4.77,0,0,0-1.59-.81,6.68,6.68,0,0,0-1.91-.27,8.33,8.33,0,0,0-6.29,2.86V43.74a12.64,12.64,0,0,1,6.81-2.06,10.71,10.71,0,0,1,3.07.43,7.58,7.58,0,0,1,2.52,1.28,6,6,0,0,1,1.71,2.12,6.6,6.6,0,0,1,.62,2.94,6.87,6.87,0,0,1-.56,2.84,10.26,10.26,0,0,1-1.41,2.29,18.26,18.26,0,0,1-1.84,1.94q-1,.9-1.84,1.79a9.82,9.82,0,0,0-1.41,1.86,4.17,4.17,0,0,0-.56,2.13,6.34,6.34,0,0,0,.24,1.79,12.57,12.57,0,0,0,.47,1.36Zm1.93,8.94a2.37,2.37,0,0,1-1.68-.69,2.24,2.24,0,0,1-.71-1.68,2.2,2.2,0,0,1,.71-1.68,2.33,2.33,0,0,1,3.35,0,2.2,2.2,0,0,1,.71,1.68,2.24,2.24,0,0,1-.71,1.68A2.38,2.38,0,0,1,118.13,73.39Z"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-find-partner-1.svg b/bcs/images/bcs-partner-advanced-management-find-partner-1.svg
new file mode 100644
index 0000000000..ffae69af7c
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-find-partner-1.svg
@@ -0,0 +1,105 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #bad80a;
+      }
+
+      .cls-2 {
+        fill: #d1e55c;
+      }
+
+      .cls-3 {
+        fill: #556a8a;
+      }
+
+      .cls-4 {
+        fill: #d1d3d4;
+      }
+
+      .cls-5 {
+        fill: #2bc7f4;
+      }
+
+      .cls-6 {
+        fill: #aae9fb;
+      }
+
+      .cls-7, .cls-9 {
+        fill: none;
+        stroke-linecap: round;
+      }
+
+      .cls-7 {
+        stroke: #fff;
+        stroke-linejoin: round;
+        stroke-width: 0.06px;
+      }
+
+      .cls-8 {
+        fill: #414042;
+      }
+
+      .cls-11, .cls-12, .cls-9 {
+        stroke: #556a8a;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-10 {
+        fill: #008272;
+      }
+
+      .cls-11 {
+        fill: #55a5e4;
+      }
+
+      .cls-12 {
+        fill: #55d2f6;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-fid-oartner-1</title>
+  <polygon class="cls-1" points="81.17 114.79 97.37 67 116 114.79 81.17 114.79"/>
+  <polygon class="cls-2" points="121 113.36 131.63 82 143.85 113.36 121 113.36"/>
+  <path class="cls-1" d="M295.6,130c-12.66-10.93-56.88-22-109.5-22S89.26,119.07,76.6,130Z"/>
+  <g>
+    <polygon class="cls-3" points="140.72 57.6 137.38 58.66 137.38 58.67 134.63 59.54 130.25 60.94 128.41 55.09 132.54 53.73 135.59 52.72 138.78 51.66 140.72 57.6"/>
+    <polygon class="cls-4" points="134.75 54.64 134.75 55.31 129.16 57.43 128.78 56.27 134.56 54.34 134.75 54.64"/>
+    <polygon class="cls-5" points="138.41 58.34 138.4 58.35 135.66 59.22 133.57 53.41 136.61 52.4 138.41 58.34"/>
+    <polygon class="cls-3" points="168.53 52.77 137.78 60.48 136 54.86 135.45 53.11 134.75 50.92 164.13 38.95 168.53 52.77"/>
+    <path class="cls-6" d="M262.57,41v-.58a23.41,23.41,0,0,0-.76-5.81,21.05,21.05,0,0,0-34.6-15C222.09,13.2,215.57,10,206.82,10c-15.41,0-27,13.44-27.29,28.59,0,1,.26,1.83.26,2.87C171.7,45.38,167,52.17,167,60.79c0,12.32,9.69,22.19,22.53,22.91,1.18,8.55,8.85,16.49,22,16.49,11.08,0,17.69.9,25.77-8.2a27.23,27.23,0,0,0,12.88,3.51c15.53,0,28.11-13.76,28.11-29.28A28.11,28.11,0,0,0,262.57,41Z"/>
+    <polygon class="cls-3" points="212.41 43.87 212.4 43.87 209.27 44.66 159.66 57.06 159.37 57.13 156.64 57.82 151.54 41.83 154.53 40.62 154.55 40.61 201.93 21.41 204.87 20.22 204.89 20.21 212.41 43.87"/>
+    <polygon class="cls-4" points="155.03 48.02 136 54.86 135.45 53.11 154.48 46.35 155.03 48.02"/>
+    <polygon class="cls-3" points="218.93 43.68 212.87 45.63 204.24 18.53 210.3 16.59 218.93 43.68 218.93 43.68"/>
+    <polygon class="cls-7" points="218.93 43.68 212.87 45.63 204.24 18.53 210.3 16.59 218.93 43.68 218.93 43.68"/>
+    <polygon class="cls-4" points="204.66 25.92 155.41 43.49 155.59 44.14 156.14 45.91 205.85 28.54 204.66 25.92"/>
+    <polygon class="cls-4" points="213.47 26.57 207.5 28.82 206.18 29.32 204.88 25.42 206.26 24.92 212.25 22.76 213.47 26.57"/>
+  </g>
+  <polygon class="cls-5" points="159.37 57.13 156.64 57.82 151.54 41.83 154.53 40.62 159.37 57.13"/>
+  <polygon class="cls-5" points="212.5 43.96 209.37 44.75 202.03 21.5 204.97 20.31 212.5 43.96"/>
+  <g>
+    <path class="cls-8" d="M175.58,118.7v0S175.61,118.73,175.58,118.7Z"/>
+    <path class="cls-3" d="M177,54.81v39h3v-39a4.08,4.08,0,0,0,3-4.08,4.33,4.33,0,0,0-4.35-4.45,4.45,4.45,0,0,0-4.43,4.45C174.27,52.59,176,54.26,177,54.81Z"/>
+    <path class="cls-3" d="M189.94,124.25l-5.87-16.15c.55-.19.44-.19.44-.19-4.41-12-4.51-12-4.51-12V91h-3v4.95c-4,12-4.18,12-4.18,12a3.87,3.87,0,0,0,.62.19c-5.87,16.15-5.84,16.15-5.84,16.15a1,1,0,0,0,.57,1.21,1,1,0,0,0,1.2-.56c5.87-16.15,5.88-16.15,5.88-16.15a1.37,1.37,0,0,1,.33.16,38.14,38.14,0,0,0,1.42-4.29V124c0,.46,0,2,1.5,2s1.5-1.54,1.5-2V110h0v-5.42c2,4.36,1.76,4.36,1.76,4.36a2.93,2.93,0,0,1,.51-.19c5.87,16.15,5.9,16.15,5.9,16.15a.94.94,0,0,0,1.77-.65Z"/>
+  </g>
+  <g>
+    <polyline class="cls-9" points="232 63.95 232 77 254.05 77"/>
+    <polygon class="cls-3" points="224.64 69.92 225.96 71.14 232 64.64 238.04 71.14 239.36 69.92 232 62 224.64 69.92"/>
+    <polygon class="cls-3" points="248.08 84.36 246.86 83.04 253.36 77 246.86 70.96 248.08 69.64 256 77 248.08 84.36"/>
+  </g>
+  <g>
+    <polyline class="cls-9" points="280 37.05 280 24 257.95 24"/>
+    <polygon class="cls-3" points="287.36 31.08 286.04 29.86 280 36.36 273.96 29.86 272.64 31.08 280 39 287.36 31.08"/>
+    <polygon class="cls-3" points="263.92 16.64 265.14 17.96 258.64 24 265.14 30.04 263.92 31.36 256 24 263.92 16.64"/>
+  </g>
+  <polygon class="cls-10" points="97 125.79 113.2 78 131.83 125.79 97 125.79"/>
+  <g>
+    <circle class="cls-11" cx="241" cy="31" r="10"/>
+    <path class="cls-11" d="M226.77,55.17c0-7.73,6.54-14,14.61-14S256,47.44,256,55.17"/>
+  </g>
+  <g>
+    <circle class="cls-12" cx="272" cy="66" r="10"/>
+    <path class="cls-12" d="M257.77,91c0-7.73,6.54-14,14.61-14S287,83.27,287,91"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-find-partner-2.svg b/bcs/images/bcs-partner-advanced-management-find-partner-2.svg
new file mode 100644
index 0000000000..221c47548e
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-find-partner-2.svg
@@ -0,0 +1,73 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-3, .cls-5, .cls-6 {
+        fill: #fff;
+      }
+
+      .cls-1 {
+        stroke: #00bcf2;
+      }
+
+      .cls-1, .cls-10, .cls-3, .cls-8, .cls-9 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-2 {
+        fill: #55d2f6;
+      }
+
+      .cls-3 {
+        stroke: #bad80a;
+      }
+
+      .cls-4 {
+        fill: #556a8a;
+      }
+
+      .cls-5 {
+        opacity: 0.12;
+      }
+
+      .cls-7 {
+        fill: #aae9fb;
+      }
+
+      .cls-10, .cls-8 {
+        fill: none;
+      }
+
+      .cls-10, .cls-8, .cls-9 {
+        stroke: #556a8a;
+      }
+
+      .cls-9 {
+        fill: #e5e5e5;
+      }
+
+      .cls-10 {
+        stroke-dasharray: 3 3;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-find-partner-2</title>
+  <path class="cls-1" d="M116,61.69a39.37,39.37,0,0,1,77.71-1.23,26.79,26.79,0,0,1,43,13.62c1.79-.44,3.07,3.92,5,3.92,12.94,0,21,5.88,21,18.81,0,16.19-17.06,23.43-30,23.43H110.55C97.19,117.52,87.12,105.12,87.12,91A29.27,29.27,0,0,1,116,61.69Z"/>
+  <path class="cls-2" d="M156.16,87.43A14.65,14.65,0,0,0,153.52,83a20.36,20.36,0,0,0-5.6-5v-.49a16.44,16.44,0,0,0-16.42-16.21,16.14,16.14,0,0,0-8.71,2.43,22,22,0,0,0-17.63-8.92A21.63,21.63,0,0,0,83.47,76.16c0,.81.2,1.42.2,2.23-6.28,3-9.93,8.31-9.93,15,0,9.56,7.52,17.22,17.49,17.78.92,6.64,9.28,11.84,19.48,11.84,8.69,0,16-3.78,18.6-9a20.28,20.28,0,0,0,26.86-26.57Z"/>
+  <path class="cls-3" d="M326.67,46.55A11.72,11.72,0,0,0,324.57,43a16.29,16.29,0,0,0-4.48-4v-.39a13.15,13.15,0,0,0-13.13-13,12.91,12.91,0,0,0-7,1.95,17.58,17.58,0,0,0-14.11-7.13,17.3,17.3,0,0,0-17.35,17c0,.65.16,1.13.16,1.78-5,2.43-7.94,6.65-7.94,12,0,7.65,6,13.78,14,14.22.73,5.31,7.43,9.47,15.58,9.47,6.95,0,12.83-3,14.88-7.2a16.23,16.23,0,0,0,21.48-21.26Z"/>
+  <g>
+    <path class="cls-4" d="M276.58,106.62l-1.11,1.11-3,3a4,4,0,0,1-5.66,0L222,65.94a4,4,0,0,1,0-5.66l4.11-4.11a4,4,0,0,1,5.66,0L276.58,101A4,4,0,0,1,276.58,106.62Z"/>
+    <path class="cls-5" d="M276.58,106.62l-1.11,1.11a4,4,0,0,1-5.66,0L225,62.94a4,4,0,0,1,0-5.66l1.11-1.11a4,4,0,0,1,5.66,0L276.58,101A4,4,0,0,1,276.58,106.62Z"/>
+    <path class="cls-6" d="M215.86,12a36.17,36.17,0,0,0-36.12,36.13c0,.62,0,1.26.05,1.88a36.12,36.12,0,0,0,72.14,0c0-.62.05-1.26.05-1.9A36.18,36.18,0,0,0,215.86,12Z"/>
+    <path class="cls-7" d="M252.78,48c0,.64,0,1.28-.05,1.9H180.59c0-.62-.05-1.26-.05-1.88a36.12,36.12,0,0,1,72.25,0Z"/>
+    <path class="cls-8" d="M180.14,48.1A36.12,36.12,0,1,0,216.25,12,36.16,36.16,0,0,0,180.14,48.1Z"/>
+  </g>
+  <g>
+    <circle class="cls-9" cx="216.75" cy="37.68" r="11.98"/>
+    <path class="cls-9" d="M198.11,68.3a18.63,18.63,0,1,1,37.27,0"/>
+  </g>
+  <g>
+    <path class="cls-10" d="M89.75,91V54c.05-5.36,4-13,13-13s13,6.85,13,13V78c0,8.55,6.82,15,13,15s12.91-7.89,12.91-17c0-7.82-2.09-18,12.75-18h17.16"/>
+    <polygon class="cls-4" points="164.95 66.18 163.59 64.72 170.81 58 163.59 51.29 164.95 49.82 173.75 58 164.95 66.18"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-intune-1.svg b/bcs/images/bcs-partner-advanced-management-intune-1.svg
new file mode 100644
index 0000000000..ba86b50274
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-intune-1.svg
@@ -0,0 +1,76 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-5 {
+        fill: #fff;
+      }
+
+      .cls-1 {
+        stroke: #bad80a;
+      }
+
+      .cls-1, .cls-3 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-2 {
+        fill: #80def9;
+      }
+
+      .cls-3 {
+        fill: #fcfcfc;
+        stroke: #556a8a;
+      }
+
+      .cls-4 {
+        fill: #556a8a;
+      }
+
+      .cls-6 {
+        fill: #e5e5e5;
+      }
+
+      .cls-7 {
+        fill: #aae9fb;
+      }
+
+      .cls-8 {
+        fill: #999;
+      }
+
+      .cls-9 {
+        fill: #acacac;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-intune-1</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M178,50.13v-.58a23.51,23.51,0,0,0-.76-5.84,21.14,21.14,0,0,0-34.74-15C137.32,22.22,130.77,19,122,19c-15.47,0-27.14,13.5-27.4,28.71,0,1,.26,1.84.26,2.88C86.72,54.53,82,61.34,82,70c0,12.37,9.73,22.28,22.62,23,1.19,8.59,8.88,16.56,22.07,16.56,11.12,0,17.76.9,25.87-8.23a27.34,27.34,0,0,0,12.94,3.53c15.59,0,28.23-13.81,28.23-29.4A28.22,28.22,0,0,0,178,50.13Z"/>
+    <g>
+      <path class="cls-2" d="M299.79,74.62a.06.06,0,0,1-.06-.05,32.53,32.53,0,0,0-64.2-1.07.06.06,0,0,1-.1,0A22.14,22.14,0,0,0,200,84.79a.06.06,0,0,1-.07,0A19.3,19.3,0,0,0,176,104.52C176.48,115,185.51,123,196,123h108.3c11-2.25,19.35-12.49,19.35-24.2A24.19,24.19,0,0,0,299.79,74.62Z"/>
+      <g>
+        <rect class="cls-3" x="152" y="33" width="103" height="76" rx="4" ry="4"/>
+        <path class="cls-4" d="M259.86,114H147.38c-3.77,0-4.38-2-4.38-2H264A4.86,4.86,0,0,1,259.86,114Z"/>
+        <polygon class="cls-4" points="142.9 112 151.7 106 254 106 263.9 112 142.9 112"/>
+        <polygon class="cls-5" points="147 112 152.32 108 253.44 108 259 112 147 112"/>
+        <rect class="cls-6" x="157" y="39" width="93" height="59"/>
+      </g>
+    </g>
+    <g>
+      <rect class="cls-3" x="128" y="60" width="33" height="61" rx="4" ry="4"/>
+      <rect class="cls-7" x="132" y="68" width="25" height="44"/>
+      <path class="cls-8" d="M149.19,66h-8.38a1,1,0,0,1,0-2h8.38a1,1,0,0,1,0,2Z"/>
+      <path class="cls-8" d="M146.68,117h-3.35c-.18,0-.32-.45-.32-1s.15-1,.32-1h3.35c.18,0,.32.45.32,1S146.85,117,146.68,117Z"/>
+    </g>
+    <polygon class="cls-9" points="204.5 104.05 201.2 103.59 201.2 101.42 204.5 100.75 204.5 104.05"/>
+    <g id="Layer_80" data-name="Layer 80">
+      <g>
+        <polygon class="cls-4" points="219.91 80.22 227.25 74.87 219.91 69.53 219.91 80.22"/>
+        <polygon class="cls-4" points="219.91 80.58 227.25 74.87 219.91 69.17 219.91 80.58"/>
+        <path class="cls-4" d="M222,77V73H175V47h42V57h3V46a2.26,2.26,0,0,0-2.23-2H173.58c-1.07,0-2.58.94-2.58,2V74.52A3.11,3.11,0,0,0,173.58,77H191c.07,5,0,6.43-11,6.43V86h31V83.43c-11,0-10.76-1.43-10.69-6.43Z"/>
+        <path class="cls-4" d="M231.32,59H199.88a4.35,4.35,0,0,0-4.21-3,4.46,4.46,0,1,0,0,8.91c1.92,0,3.56-1.87,4.21-2.87H230V89H217V78h-4V91.27A1.85,1.85,0,0,0,214.92,93h16.39A1.64,1.64,0,0,0,233,91.27v-31C233,59.26,232.32,59,231.32,59ZM225,91h-4V90h4Z"/>
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-learn-about-1.svg b/bcs/images/bcs-partner-advanced-management-learn-about-1.svg
new file mode 100644
index 0000000000..5237e929eb
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-learn-about-1.svg
@@ -0,0 +1,70 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-2, .cls-6, .cls-9 {
+        fill: #fff;
+      }
+
+      .cls-1 {
+        stroke: #00bcf2;
+      }
+
+      .cls-1, .cls-4, .cls-9 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-3 {
+        fill: #e5e5e5;
+      }
+
+      .cls-4 {
+        fill: none;
+      }
+
+      .cls-4, .cls-9 {
+        stroke: #556a8a;
+      }
+
+      .cls-5 {
+        fill: #556a8a;
+      }
+
+      .cls-6 {
+        opacity: 0.16;
+      }
+
+      .cls-7 {
+        fill: #55d2f6;
+      }
+
+      .cls-8 {
+        fill: #2bc7f4;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-learn-about-1</title>
+  <path class="cls-1" d="M163.26,40.11v-.55a22,22,0,0,0-.71-5.46,19.77,19.77,0,0,0-32.5-14C125.24,14,119.11,11,110.9,11,96.43,11,85.52,23.63,85.27,37.85c0,1,.25,1.72.25,2.7-7.6,3.68-12,10.05-12,18.15,0,11.57,9.1,20.84,21.16,21.51,1.11,8,8.31,15.49,20.64,15.49,10.4,0,16.61.84,24.2-7.7a25.57,25.57,0,0,0,12.1,3.3c14.58,0,26.4-12.92,26.4-27.5A26.4,26.4,0,0,0,163.26,40.11Z"/>
+  <path class="cls-2" d="M280,28v76a2,2,0,0,1-2,2H160a2,2,0,0,1-2-2V28a2,2,0,0,1,2-2H278A2,2,0,0,1,280,28Z"/>
+  <path class="cls-3" d="M173,27v79H160a2,2,0,0,1-1-.29V27Z"/>
+  <path class="cls-3" d="M266,27v79h13a2,2,0,0,0,1-.29V27Z"/>
+  <rect class="cls-4" x="158.04" y="26" width="122" height="80" rx="2" ry="2"/>
+  <g>
+    <ellipse class="cls-5" cx="109.5" cy="29.46" rx="10" ry="12.46"/>
+    <path class="cls-5" d="M92.5,101.43V140h11.09c1.54-13.16,3.6-30.57,3.94-32.83.43-2.76,4.7-2.76,5.12,0,.35,2.26,2.74,19.67,4.45,32.83h10.4V99h6l-.33-12.33-.67-25.2,8.42,2.19a4.54,4.54,0,0,0,1.93.25,4.49,4.49,0,0,0,1.48-.38l19-9.45a4.54,4.54,0,1,0-3.75-8.27L143,52.64,127.08,48c-.93-.28-1.91-.57-2.94-.86l0,0c-2.06-.58-4.18-1.16-5.79-1.59l-2.7-.72-6,12.48h-.1l-6-12.48s-5.77,1.3-9.89,2.39L92,47.6A8.84,8.84,0,0,0,86.48,52,11.43,11.43,0,0,0,85.2,56.4c-.61,6.36-.6,20.59-1.12,26.31-.19,2-.2,8.56,2.07,11.48A88.76,88.76,0,0,0,92.5,101.43Z"/>
+    <path class="cls-6" d="M163.36,54.08l-19,9.45a4.49,4.49,0,0,1-1.48.38,4.54,4.54,0,0,1-1.93-.25l-8.42-2.19.67,25.2L133.5,99l-47-47A8.84,8.84,0,0,1,92,47.6l1.63-.44c4.12-1.09,9.89-2.39,9.89-2.39l6,12.48h.1l6-12.48,2.7.72c1.61.43,3.73,1,5.79,1.59l0,0c1,.29,2,.58,2.94.86L143,52.64l16.63-6.83a4.54,4.54,0,1,1,3.75,8.27Z"/>
+  </g>
+  <rect class="cls-5" x="152" y="23" width="135" height="5"/>
+  <g>
+    <path class="cls-2" d="M219.36,121a43.94,43.94,0,1,1,31-12.86,43.62,43.62,0,0,1-31,12.86Z"/>
+    <path class="cls-3" d="M188.19,45.86a43.56,43.56,0,0,1,61.6,61.6Z"/>
+    <path class="cls-5" d="M219.36,35a42.66,42.66,0,1,1-30.14,12.49A42.35,42.35,0,0,1,219.36,35m0-2a44.66,44.66,0,1,0,31.56,13.08A44.49,44.49,0,0,0,219.36,33Z"/>
+    <polygon class="cls-7" points="192.89 51.16 211.21 85.78 245.83 104.11 223.68 71.87 192.89 51.16"/>
+    <polygon class="cls-8" points="192.89 51.16 245.83 104.11 227.51 69.48 192.89 51.16"/>
+    <line class="cls-9" x1="219.72" y1="40.19" x2="219.72" y2="50.27"/>
+    <line class="cls-9" x1="219.72" y1="104.99" x2="219.72" y2="115.07"/>
+    <line class="cls-9" x1="181.92" y1="77" x2="192" y2="77"/>
+    <line class="cls-9" x1="246.72" y1="77" x2="256.8" y2="77"/>
+    <circle class="cls-2" cx="219.36" cy="77.63" r="4.32"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-password-3.svg b/bcs/images/bcs-partner-advanced-management-password-3.svg
new file mode 100644
index 0000000000..f1f91ab410
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-password-3.svg
@@ -0,0 +1,56 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #55d2f6;
+      }
+
+      .cls-2, .cls-4, .cls-7 {
+        fill: #fff;
+      }
+
+      .cls-2 {
+        stroke: #bad80a;
+      }
+
+      .cls-2, .cls-3, .cls-7 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-3 {
+        fill: none;
+      }
+
+      .cls-3, .cls-7 {
+        stroke: #556a8a;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-6 {
+        fill: #aae9fb;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-password-3</title>
+  <g id="ICONS">
+    <g>
+      <path class="cls-1" d="M169.26,62.46l-5.21-1a20.86,20.86,0,0,0-.4-3.59l4.44-2.62a1.37,1.37,0,0,0,.84-1.84l-1.17-3.25a1.18,1.18,0,0,0-1.66-.64l-5.3.89-1.56-2.89,3.19-4a1.41,1.41,0,0,0,.08-1.87L160,38.91a1.69,1.69,0,0,0-1.88-.08l-4.27,2.81c-.91-.6-2-1.4-2.91-2l1.37-5.2a1.29,1.29,0,0,0-.68-1.54l-3.13-1.45a1.19,1.19,0,0,0-1.72.48l-3,4.57a10.81,10.81,0,0,0-3.34-.91l-.51-5.28a1.29,1.29,0,0,0-1.25-1.38l-3.57,0c-.56-.21-1.15.33-1.36.88l-1.19,5.4a11.12,11.12,0,0,0-3.41.59L126.53,31a1.9,1.9,0,0,0-1.66-.64l-3.45,1.35a1.27,1.27,0,0,0-.82,1.46l1.08,5.13c-1,.52-1.94,1.41-2.91,1.94l-4.17-3.39a1.22,1.22,0,0,0-1.69.11l-1.64,1.49-.91.84,0,0a1.21,1.21,0,0,0-.24,1.65l3,4.46a15.48,15.48,0,0,0-2.21,3.1l-5.18-1.74a1.67,1.67,0,0,0-1.74.86l-1.46,3.13a1.63,1.63,0,0,0,.67,1.91l4.38,2.83c-.43,1.11-.48,2.24-.91,3.35l-5.28.51a1.65,1.65,0,0,0-1.2,1.45L100,64.21a1.64,1.64,0,0,0,1,1.56l5.42.81a21.72,21.72,0,0,0,.57,3.78L102.22,73a1.19,1.19,0,0,0-.64,1.67l1.17,3.25a1.76,1.76,0,0,0,1.65,1l5.32-1.26,1.56,2.89-3.39,4.17a1.77,1.77,0,0,0,.11,1.7l2.51,2.74a1.42,1.42,0,0,0,1.67.27l4.47-3c.91.61,2,1.41,2.91,2l-1.36,5.21a1.26,1.26,0,0,0,.68,1.53l3.3,1.66a1.62,1.62,0,0,0,1.72-.49l2.83-4.39c1.13.05,2.24.48,3.36.53l.31,5.47a1.64,1.64,0,0,0,1.45,1.19l3.56.35a2.26,2.26,0,0,0,1.37-1.25l1-5.22c1.32-.13,2.46-.46,3.78-.58L144,97a1.29,1.29,0,0,0,1.67.64l3.24-1.17a1.53,1.53,0,0,0,1-1.65l-1.08-5.12a13.15,13.15,0,0,0,2.91-1.94l4.17,3.39a1.26,1.26,0,0,0,1.88.08l2.34-2.14.21-.19a1.33,1.33,0,0,0,.46-1,1.29,1.29,0,0,0-.38-.92l-3-4.47a9.25,9.25,0,0,0,2.21-3.09l5.19,1.74a1.28,1.28,0,0,0,1.53-.68L168,77.26a1.9,1.9,0,0,0-.49-1.72l-4.56-3a9.44,9.44,0,0,0,.71-3.17l5.49-.69c.57-.16,1.16-.7,1.18-1.08l.17-3.75A1.28,1.28,0,0,0,169.26,62.46ZM135,72.47a9,9,0,1,1,9-9A9,9,0,0,1,135,72.47Z"/>
+      <path class="cls-2" d="M260.25,53.36a39.37,39.37,0,0,0-77.71-1.23,26.79,26.79,0,0,0-43,13.62,23.42,23.42,0,1,0-5.56,46.16H265.72c13.37-2.71,23.43-15.12,23.43-29.28A29.27,29.27,0,0,0,260.25,53.36Z"/>
+      <g>
+        <rect class="cls-3" x="196.52" y="36.9" width="39" height="51" rx="12" ry="12"/>
+        <path class="cls-4" d="M248.52,116.17a2.84,2.84,0,0,1-2.84,2.83H187.37a2.84,2.84,0,0,1-2.84-2.83V70.83A2.84,2.84,0,0,1,187.37,68h58.31a2.84,2.84,0,0,1,2.84,2.83Z"/>
+        <path class="cls-5" d="M247.41,71v44.64L199.89,68.16h44.64A2.89,2.89,0,0,1,247.41,71Z"/>
+        <path class="cls-3" d="M247.52,116.17a2.84,2.84,0,0,1-2.84,2.83H186.37a2.84,2.84,0,0,1-2.84-2.83V70.83A2.84,2.84,0,0,1,186.37,68h58.31a2.84,2.84,0,0,1,2.84,2.83Z"/>
+      </g>
+      <g>
+        <path class="cls-6" d="M272.3,86.71a19.17,19.17,0,1,0-6.85,8.93v6.26h6.07v7h8v8h12V105.24Z"/>
+        <path class="cls-3" d="M272.3,86.71a19.17,19.17,0,1,0-6.85,8.93v6.26h6.07v7h8v8h12V105.24Z"/>
+        <circle class="cls-7" cx="249.33" cy="72.99" r="4.05"/>
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-resources-6_placeholder.svg b/bcs/images/bcs-partner-advanced-management-resources-6_placeholder.svg
new file mode 100644
index 0000000000..1a4d5ad540
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-resources-6_placeholder.svg
@@ -0,0 +1,37 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-2 {
+        fill: #fff;
+      }
+
+      .cls-1, .cls-4 {
+        stroke: #556a8a;
+        stroke-linecap: round;
+        stroke-linejoin: round;
+        stroke-width: 2px;
+      }
+
+      .cls-3 {
+        fill: #2bc7f4;
+      }
+
+      .cls-4 {
+        fill: none;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-resources-6</title>
+  <g id="ICONS">
+    <rect class="cls-1" x="130" y="25" width="124" height="97"/>
+    <path class="cls-2" d="M192,120a13.75,13.75,0,0,0-9-4H141V19h43c7,0,8,10,8,10s1-10,8-10h43v97H201a13.75,13.75,0,0,0-9,4"/>
+    <rect class="cls-3" x="191" y="26" width="2" height="93.32"/>
+    <path class="cls-4" d="M192,120a13.75,13.75,0,0,0-9-4H141V19h43c7,0,8,10,8,10s1-10,8-10h43v97H201a13.75,13.75,0,0,0-9,4"/>
+    <rect class="cls-5" x="142" y="20" width="15" height="95"/>
+    <rect class="cls-5" x="227" y="20" width="15" height="95"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-settings-8.svg b/bcs/images/bcs-partner-advanced-management-settings-8.svg
new file mode 100644
index 0000000000..5b556a7ce0
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-settings-8.svg
@@ -0,0 +1,85 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #d1d3d4;
+        opacity: 0.51;
+      }
+
+      .cls-2 {
+        fill: #f1f2f2;
+      }
+
+      .cls-3, .cls-9 {
+        fill: #fff;
+      }
+
+      .cls-4 {
+        fill: #e5e5e5;
+      }
+
+      .cls-10, .cls-5 {
+        fill: none;
+      }
+
+      .cls-5, .cls-9 {
+        stroke: #556a8a;
+      }
+
+      .cls-10, .cls-5, .cls-9 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-6 {
+        fill: #2bc7f4;
+      }
+
+      .cls-7 {
+        fill: #556a8a;
+      }
+
+      .cls-8 {
+        fill: #bad80a;
+      }
+
+      .cls-10 {
+        stroke: #00bcf2;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-settings-8</title>
+  <g id="ICONS">
+    <rect class="cls-1" y="53" width="400" height="50"/>
+    <rect class="cls-2" y="60" width="400" height="6"/>
+    <rect class="cls-2" y="89" width="400" height="6"/>
+    <rect class="cls-2" y="74" width="400" height="6"/>
+    <g>
+      <path class="cls-3" d="M185.19,25H117.81A4.89,4.89,0,0,0,113,29.93v82.14a4.89,4.89,0,0,0,4.81,4.93h67.38a4.89,4.89,0,0,0,4.81-4.93V29.93A4.89,4.89,0,0,0,185.19,25Z"/>
+      <path class="cls-4" d="M190,29.29V43H113V29.29A4.2,4.2,0,0,1,117.1,25H185.9A4.2,4.2,0,0,1,190,29.29Z"/>
+      <path class="cls-5" d="M185.19,25H117.81A4.89,4.89,0,0,0,113,29.93v82.14a4.89,4.89,0,0,0,4.81,4.93h67.38a4.89,4.89,0,0,0,4.81-4.93V29.93A4.89,4.89,0,0,0,185.19,25Z"/>
+      <rect class="cls-3" x="127" y="24" width="49" height="12"/>
+      <path class="cls-6" d="M165.36,24a15.26,15.26,0,0,0-1.07-5.69,13.93,13.93,0,0,0-7.38-7.38,14,14,0,0,0-10.75,0,14.35,14.35,0,0,0-4.41,3,14.06,14.06,0,0,0-3,4.41A15.26,15.26,0,0,0,137.71,24h-8.64V34H174V24Zm-13.82-.13a4.5,4.5,0,1,1,4.32-4.5A4.41,4.41,0,0,1,151.54,23.87Z"/>
+      <polyline class="cls-5" points="122.1 60.98 131.6 70.48 153.2 48.88"/>
+      <polyline class="cls-5" points="122.1 88.62 131.6 98.13 153.2 76.53"/>
+      <line class="cls-5" x1="154" y1="63" x2="182" y2="63"/>
+      <line class="cls-5" x1="154" y1="92" x2="182" y2="92"/>
+    </g>
+    <path class="cls-7" d="M220.6,76H201.4a2.39,2.39,0,0,0-2.4,2.36v8.27A2.39,2.39,0,0,0,201.4,89H201V78h20V89h-.4a2.39,2.39,0,0,0,2.4-2.36V78.36A2.39,2.39,0,0,0,220.6,76Z"/>
+    <path class="cls-3" d="M236.36,85H185.64A5.75,5.75,0,0,0,180,90.84v29.43a1.71,1.71,0,0,0,1.7,1.73H240.3a1.63,1.63,0,0,0,.88-.22,1.82,1.82,0,0,0,.81-1.51V90.84A5.75,5.75,0,0,0,236.36,85Z"/>
+    <rect class="cls-4" x="180" y="114" width="62" height="8"/>
+    <path class="cls-5" d="M236.36,85H185.64A5.75,5.75,0,0,0,180,90.84v29.43a1.71,1.71,0,0,0,1.7,1.73H240.3a1.63,1.63,0,0,0,.88-.22,1.82,1.82,0,0,0,.81-1.51V90.84A5.75,5.75,0,0,0,236.36,85Z"/>
+    <rect class="cls-8" x="181" y="101" width="60" height="5"/>
+    <rect class="cls-9" x="192" y="97" width="8" height="13.91" rx="2" ry="2"/>
+    <line class="cls-9" x1="196" y1="100" x2="196" y2="108"/>
+    <rect class="cls-9" x="222" y="97" width="8" height="13.91" rx="2" ry="2"/>
+    <line class="cls-9" x1="226" y1="100" x2="226" y2="108"/>
+    <g>
+      <path class="cls-8" d="M228.75,66.93l.39-3.06c.22-1.15.56-1.57,1.31-1.66l1.61-.75a1.9,1.9,0,0,1,2.1.29l2.34,2.17a1.2,1.2,0,0,0,1.49-.17L239.66,62a1.45,1.45,0,0,0,.2-1.53l-2.15-2.39a1.68,1.68,0,0,1-.06-2,16.77,16.77,0,0,1,.73-1.78c.11-.6.45-1,1.56-1.13l3.18-.19a1.2,1.2,0,0,0,.82-1L244,49.3a1.2,1.2,0,0,0-.87-1l-3.07-.4c-1.32,0-1.63-.55-1.83-1.1-.42-1-1.43-2.36-.24-3.56l2-2.49a1.65,1.65,0,0,0,.19-1.54l-1.95-1.84a1.46,1.46,0,0,0-1.54-.19l-2.39,2.15a2,2,0,0,1-2.24.27c-.42-.31-2.42-1.21-2.54-2.32l-.56-3.14v0a.92.92,0,0,0-.83-1L225.46,33a1.2,1.2,0,0,0-1,.87l-.14,3.2c-.08.76-1.5,1.9-1.5,1.9-2,1.17-3,.74-3.57.22L216.91,37a1.2,1.2,0,0,0-1.49.17l-1.9,1.55a1.35,1.35,0,0,0,0,1.69l2,2.22a3,3,0,0,1,.33,2.23c-.31.41-1.68,2.74-2.5,2.73l-3,.35h-.07a.92.92,0,0,0-1,.88l-.06,2.65a1.49,1.49,0,0,0,1.08,1.19l2.85.23c1.29,0,2.37,2.93,2.37,2.93a1.52,1.52,0,0,1-.16,1.91l-1.93,2.48a1.25,1.25,0,0,0-.19,1.54l1.95,1.84a1.41,1.41,0,0,0,1.29.05l2.6-2a2.1,2.1,0,0,1,2-.42c2.45,1,2.72,1.7,2.69,2.5l.36,3a1.2,1.2,0,0,0,1.09,1.2l2.44-.1a1.2,1.2,0,0,0,1-.87m-8.59-16.51q0-.08,0-.16a6.37,6.37,0,0,1,6.64-6.09A6.29,6.29,0,0,1,233,50.4q0,.3,0,.6a6.12,6.12,0,0,1-6.4,5.82,6.59,6.59,0,0,1-6.42-6.4"/>
+      <path class="cls-3" d="M243.09,77.59l5.51.24a3.06,3.06,0,0,1,3.06,1.66c.64,2.08,1.64,5.13.74,6.12l-2.76,4.2a2,2,0,0,0,.09,2.72L253,95.05c.69.45,1,.55,1.65.07L257,93.25l2.1-1.7c1.84-1.6,8.56,1.43,8.74,2.71l.65,5.33a2,2,0,0,0,2.1,1.4l4-.38a2.44,2.44,0,0,0,1.89-1.76l-.15-5.39a2.8,2.8,0,0,1,2.1-2.65c.93-.57,4.54-2.31,6.1-1.26l4.31,3.2a2,2,0,0,0,2.17-.44L294,89a2,2,0,0,0,0-2.29l-3.5-3.84c-1.68-1.43-1.49-2.46-1.16-3.39.65-3.84,1.82-4.48,3.55-4.83l5.24-1.05A2.76,2.76,0,0,0,300,71.81l-.51-4.46a2.45,2.45,0,0,0-1.75-1.92l-5.41.16a3.29,3.29,0,0,1-3.16-2.08c-.19-.86-2.36-3.59-.74-5.74l2.68-4.63a.07.07,0,0,1,0,0,1.56,1.56,0,0,0,0-2.19l-3-2.63-.37-.32a2,2,0,0,0-2.26,0l-3.67,4c-.92.89-4,.8-4,.8-4.11-.11-4.64-2.29-4.82-3.6l-.61-5.26a2,2,0,0,0-2.1-1.4l-4.11-.07a2.27,2.27,0,0,0-1.83,2.17l.11,5a5,5,0,0,1-2,3.23c-.83.18-1.61.77-2.5,1a3,3,0,0,1-3.67-.16l-4.21-2.8s0-.06-.08-.08a1.56,1.56,0,0,0-2.19.08l-3,3.34a2.46,2.46,0,0,0,.1,2.69l3.39,3.4c1.62,1.44-.13,6.34-.13,6.34a2.54,2.54,0,0,1-2.28,2.26l-5.15,1.11c-1.36.25-2,1.31-1.92,1.76C241,71.66,240.89,77.2,243.09,77.59Zm22.34,3.47a10.17,10.17,0,0,1-2-1.43,10.77,10.77,0,0,1-1.26-14.94l0,0,.19-.19a10.81,10.81,0,0,1,15.11-.65s.08.06.09.09a10.27,10.27,0,0,1,1.07,14.41c-.2.26-.42.51-.64.75A10.41,10.41,0,0,1,265.43,81.05Z"/>
+      <path class="cls-4" d="M243.09,77.59l5.51.24a3.06,3.06,0,0,1,3.06,1.66c.64,2.08,1.64,5.13.74,6.12l-2.76,4.2a2,2,0,0,0,.09,2.72L253,95.05c.69.45,1,.55,1.65.07L257,93.25l8.47-12.2a10.17,10.17,0,0,1-2-1.43,10.77,10.77,0,0,1-1.26-14.94l0,0,.19-.19a10.81,10.81,0,0,1,15.11-.65s.08.06.09.09l10.68-15.63-.37-.32a2,2,0,0,0-2.26,0l-3.67,4c-.92.89-4,.8-4,.8-4.11-.11-4.64-2.29-4.82-3.6l-.61-5.26a2,2,0,0,0-2.1-1.4l-4.11-.07a2.27,2.27,0,0,0-1.83,2.17l.11,5a5,5,0,0,1-2,3.23c-.83.18-1.61.77-2.5,1a3,3,0,0,1-3.67-.16l-4.21-2.8s0-.06-.08-.08a1.56,1.56,0,0,0-2.19.08l-3,3.34a2.46,2.46,0,0,0,.1,2.69l3.39,3.4c1.62,1.44-.13,6.34-.13,6.34a2.54,2.54,0,0,1-2.28,2.26l-5.15,1.11c-1.36.25-2,1.31-1.92,1.76C241,71.66,240.89,77.2,243.09,77.59Z"/>
+      <path class="cls-10" d="M254.61,95.12c-.68.47-1,.39-1.65-.08l-3.24-2.52a2,2,0,0,1-.1-2.72l2.76-4.2c.91-1-.09-4.05-.73-6.12a3,3,0,0,0-3.06-1.66l-5.51-.24c-2.2-.38-2.11-5.94-2.11-5.94-.1-.44.55-1.51,1.91-1.76l5.16-1.09c1.2-.13,4-7.17,2.41-8.62l-3.41-3.39a2.5,2.5,0,0,1-.1-2.7l3-3.33a1.55,1.55,0,0,1,2.19-.09l.08.08,4.21,2.79c1,.89,7.94-2.73,8.16-4l-.11-5a2.27,2.27,0,0,1,1.83-2.18l4.11.07a2,2,0,0,1,2.1,1.39l.61,5.29c.17,1.3.71,3.46,4.82,3.59,0,0,3.06.08,4-.81l3.66-4a2,2,0,0,1,2.27,0l3.33,3a1.55,1.55,0,0,1,0,2.19l0,0-2.69,4.63c-1.62,2.15.54,4.89.75,5.74a3.3,3.3,0,0,0,3.16,2.08l5.4-.16a2.46,2.46,0,0,1,1.76,1.91l.5,4.47a2.78,2.78,0,0,1-1.91,1.76l-5.24,1.06c-1.74.35-2.91,1-3.55,4.83-.34.93-.52,2,1.15,3.4l3.5,3.84A2,2,0,0,1,294,89l-3,3.33a2,2,0,0,1-2.18.44l-4.29-3.2c-1.57-1-8.18,2.66-8.21,3.91l.16,5.4a2.44,2.44,0,0,1-1.91,1.75l-4,.37a2,2,0,0,1-2.1-1.39l-.64-5.32c-.18-1.28-6.9-4.32-8.74-2.71Z"/>
+      <circle class="cls-10" cx="270.42" cy="71.75" r="10.65" transform="translate(-7.56 40.12) rotate(-8.37)"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-technical-support-4.svg b/bcs/images/bcs-partner-advanced-management-technical-support-4.svg
new file mode 100644
index 0000000000..00fe5333f8
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-technical-support-4.svg
@@ -0,0 +1,88 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-3 {
+        fill: #fff;
+      }
+
+      .cls-1, .cls-11, .cls-6 {
+        stroke: #556a8a;
+      }
+
+      .cls-1 {
+        stroke-linecap: round;
+        stroke-linejoin: round;
+      }
+
+      .cls-1, .cls-11, .cls-5 {
+        stroke-width: 2px;
+      }
+
+      .cls-10, .cls-2 {
+        fill: #aae9fb;
+      }
+
+      .cls-4 {
+        fill: #e5e5e5;
+      }
+
+      .cls-11, .cls-5, .cls-6 {
+        fill: none;
+      }
+
+      .cls-5 {
+        stroke: #2bc7f4;
+      }
+
+      .cls-11, .cls-5, .cls-6, .cls-9 {
+        stroke-miterlimit: 10;
+      }
+
+      .cls-6 {
+        stroke-width: 3px;
+      }
+
+      .cls-7 {
+        fill: #556a8a;
+      }
+
+      .cls-8 {
+        fill: #3a96dd;
+      }
+
+      .cls-10, .cls-8, .cls-9 {
+        fill-rule: evenodd;
+      }
+
+      .cls-9 {
+        fill: #80def9;
+        stroke: #aae9fb;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-technical-support-4</title>
+  <path class="cls-1" d="M170.6,47.47V47a20,20,0,0,0-.65-5,18,18,0,0,0-29.54-12.77C136,23.73,130.46,21,123,21c-13.15,0-23.08,11.48-23.3,24.41,0,.89.22,1.56.22,2.45C93,51.21,89,57,89,64.36c0,10.52,8.27,18.94,19.23,19.56,1,7.3,7.55,14.08,18.77,14.08,9.46,0,15.1.76,22-7a23.25,23.25,0,0,0,11,3c13.25,0,24-11.75,24-25A24,24,0,0,0,170.6,47.47Z"/>
+  <path class="cls-2" d="M260,62.7a40,40,0,0,0-79.18-1.27A27,27,0,0,0,163.35,55,27.36,27.36,0,0,0,137,75.46a23.6,23.6,0,0,0-5.67-.71,24.13,24.13,0,0,0,0,48.25H265.59c13.62-2.79,23.87-15.57,23.87-30.16A30,30,0,0,0,260,62.7Z"/>
+  <circle class="cls-3" cx="218.34" cy="70.2" r="43.2"/>
+  <path class="cls-4" d="M262,70.2c0,23.86-19.7,43.2-44,43.2V27C242.3,27,262,46.34,262,70.2Z"/>
+  <circle class="cls-5" cx="218.34" cy="70.2" r="43.2"/>
+  <g>
+    <path class="cls-6" d="M196.41,65.45V63.11a21.11,21.11,0,1,1,42.21,0v2.35"/>
+    <path class="cls-7" d="M229,63.28V82h8.1c2.27-.78,4.86-4,4.86-6.41V63.28Z"/>
+    <path class="cls-7" d="M206,64V82.72h-8.1c-2.27-.78-4.86-4-4.86-6.41V64Z"/>
+    <path class="cls-6" d="M200.32,81.09s-1.56,17.2,12.51,15.63"/>
+    <rect class="cls-7" x="212" y="91" width="16" height="10" rx="3" ry="3"/>
+  </g>
+  <g>
+    <g>
+      <polygon class="cls-8" points="148.23 105.66 168.58 86 159 86 159 37 138 37 138 86 128 86 148.23 105.66 148.23 105.66 148.23 105.66"/>
+      <polygon class="cls-9" points="141.5 87.38 141.5 87.38 141.5 37 141.5 56.38 141.5 87.38 141.5 87.38"/>
+      <polygon class="cls-9" points="148.5 98.14 148.5 98.14 148.5 37 148.5 67.14 148.5 98.14 148.5 98.14"/>
+      <polygon class="cls-9" points="155.5 89.38 155.5 89.38 155.5 37 155.5 56.38 155.5 89.38 155.5 89.38"/>
+      <polygon class="cls-10" points="141.5 90 145 86 138 86 141.5 90"/>
+      <polygon class="cls-10" points="155.5 93 160 87 151 87 155.5 93"/>
+    </g>
+    <polygon class="cls-10" points="148.5 102 153 97 144 97 148.5 102"/>
+  </g>
+  <path class="cls-11" d="M174,94v16a1.9,1.9,0,0,1-1.77,2H123.77a1.9,1.9,0,0,1-1.77-2V94"/>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-troubleshooting-3.svg b/bcs/images/bcs-partner-advanced-management-troubleshooting-3.svg
new file mode 100644
index 0000000000..d70739d1c2
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-troubleshooting-3.svg
@@ -0,0 +1,78 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #556a8a;
+      }
+
+      .cls-2 {
+        fill: #adbdca;
+      }
+
+      .cls-3 {
+        fill: #fff;
+      }
+
+      .cls-4 {
+        fill: #e5e5e5;
+      }
+
+      .cls-5, .cls-9 {
+        fill: none;
+      }
+
+      .cls-5 {
+        stroke: #556a8a;
+      }
+
+      .cls-5, .cls-8 {
+        stroke-miterlimit: 10;
+      }
+
+      .cls-5, .cls-8, .cls-9 {
+        stroke-width: 2px;
+      }
+
+      .cls-6 {
+        fill: #ffb900;
+      }
+
+      .cls-7 {
+        fill: #ffd055;
+      }
+
+      .cls-8 {
+        fill: #2bc7f4;
+        stroke: #00bcf2;
+      }
+
+      .cls-9 {
+        stroke: #fff;
+        stroke-linecap: round;
+        stroke-linejoin: round;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-troubleshooting-3</title>
+  <g>
+    <polygon class="cls-1" points="235.5 128 118.5 128 125.82 120 228.65 120 235.5 128"/>
+    <polygon class="cls-2" points="224.5 126 129.5 126 132.84 122 221.26 122 224.5 126"/>
+    <polygon class="cls-1" points="203 108 151 108 145 115 209 115 203 108"/>
+    <polygon class="cls-1" points="180.5 112.5 173.5 112.5 174.9 98.5 179.1 98.5 180.5 112.5"/>
+    <rect class="cls-3" x="101" y="19" width="151" height="82" rx="4" ry="4"/>
+    <path class="cls-4" d="M252,23V35H101V23a4,4,0,0,1,4-4H248A4,4,0,0,1,252,23Z"/>
+    <rect class="cls-5" x="101" y="19" width="151" height="82" rx="4" ry="4" transform="translate(353 120) rotate(180)"/>
+  </g>
+  <g>
+    <polygon class="cls-6" points="206 88 146 88 176 34 206 88"/>
+    <polygon class="cls-7" points="206 88 176 88 176 34 206 88"/>
+    <polygon class="cls-1" points="175.13 75 178.23 75 179.26 48 174.1 48 175.13 75"/>
+    <circle class="cls-1" cx="176.68" cy="79.6" r="3.5"/>
+  </g>
+  <path class="cls-1" d="M290.48,73.74,257.26,107l-7.78,7.78-5.06,5a4,4,0,0,1-5.66,0l-4.36-4.36a4,4,0,0,1,0-5.66l5.06-5,7.78-7.78,33.22-33.23a4,4,0,0,1,5.66,0l4.36,4.36A4,4,0,0,1,290.48,73.74Z"/>
+  <path class="cls-3" d="M266.43,51.25c0,.66,0,1.31.05,1.95a37,37,0,0,0,74,0c0-.64.05-1.29.05-1.93a37,37,0,0,0-74.07,0Z"/>
+  <path class="cls-4" d="M266.43,51.25c0,.66,0,1.31.05,1.95h74c0-.64.05-1.29.05-1.93a37,37,0,0,0-74.07,0Z"/>
+  <path class="cls-5" d="M303.48,14.23a37,37,0,1,0,37,37A37.08,37.08,0,0,0,303.48,14.23Z"/>
+  <circle class="cls-8" cx="303.3" cy="51.63" r="26.93"/>
+  <polyline class="cls-9" points="284.87 53.05 299.05 67.22 323.85 42.42"/>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-windows10-2.svg b/bcs/images/bcs-partner-advanced-management-windows10-2.svg
new file mode 100644
index 0000000000..dbfef70e2d
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-windows10-2.svg
@@ -0,0 +1,59 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-2, .cls-6 {
+        fill: #fff;
+      }
+
+      .cls-1 {
+        stroke: #00bcf2;
+      }
+
+      .cls-1, .cls-4 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-3 {
+        fill: #e5e5e5;
+      }
+
+      .cls-4 {
+        fill: none;
+        stroke: #556a8a;
+      }
+
+      .cls-5 {
+        fill: #556a8a;
+      }
+
+      .cls-6 {
+        opacity: 0.16;
+      }
+
+      .cls-7 {
+        fill: #0078d7;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-windows10-2</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M175.26,40.11v-.55a22,22,0,0,0-.71-5.46,19.77,19.77,0,0,0-32.5-14C137.24,14,131.11,11,122.9,11c-14.47,0-25.38,12.63-25.63,26.85,0,1,.25,1.72.25,2.7-7.6,3.68-12,10.05-12,18.15,0,11.57,9.1,20.84,21.16,21.51,1.11,8,8.31,15.49,20.64,15.49,10.4,0,16.61.84,24.2-7.7a25.57,25.57,0,0,0,12.1,3.3c14.58,0,26.4-12.92,26.4-27.5A26.4,26.4,0,0,0,175.26,40.11Z"/>
+    <path class="cls-2" d="M295,36v76a2,2,0,0,1-2,2H175a2,2,0,0,1-2-2V36a2,2,0,0,1,2-2H293A2,2,0,0,1,295,36Z"/>
+    <path class="cls-3" d="M188,35v79H175a2,2,0,0,1-1-.29V35Z"/>
+    <path class="cls-3" d="M281,35v79h13a2,2,0,0,0,1-.29V35Z"/>
+    <rect class="cls-4" x="173.04" y="34" width="122" height="80" rx="2" ry="2"/>
+    <g>
+      <ellipse class="cls-5" cx="124.5" cy="29.46" rx="10" ry="12.46"/>
+      <path class="cls-5" d="M107.5,101.43V140h11.09c1.54-13.16,3.6-30.57,3.94-32.83.43-2.76,4.7-2.76,5.12,0,.35,2.26,2.74,19.67,4.45,32.83h10.4V99h6l-.33-12.33-.67-25.2,8.42,2.19a4.54,4.54,0,0,0,1.93.25,4.49,4.49,0,0,0,1.48-.38l19-9.45a4.54,4.54,0,1,0-3.75-8.27L158,52.64,142.08,48c-.93-.28-1.91-.57-2.94-.86l0,0c-2.06-.58-4.18-1.16-5.79-1.59l-2.7-.72-6,12.48h-.1l-6-12.48s-5.77,1.3-9.89,2.39L107,47.6A8.84,8.84,0,0,0,101.48,52a11.43,11.43,0,0,0-1.28,4.42c-.61,6.36-.6,20.59-1.12,26.31-.19,2-.2,8.56,2.07,11.48A88.76,88.76,0,0,0,107.5,101.43Z"/>
+      <path class="cls-6" d="M178.36,54.08l-19,9.45a4.49,4.49,0,0,1-1.48.38,4.54,4.54,0,0,1-1.93-.25l-8.42-2.19.67,25.2L148.5,99l-47-47A8.84,8.84,0,0,1,107,47.6l1.63-.44c4.12-1.09,9.89-2.39,9.89-2.39l6,12.48h.1l6-12.48,2.7.72c1.61.43,3.73,1,5.79,1.59l0,0c1,.29,2,.58,2.94.86L158,52.64l16.63-6.83a4.54,4.54,0,1,1,3.75,8.27Z"/>
+    </g>
+    <rect class="cls-5" x="167" y="31" width="135" height="5"/>
+    <g>
+      <polygon class="cls-7" points="229 73 229 54.3 209 56.79 209 73 229 73"/>
+      <polygon class="cls-7" points="231 73 256 73 256 50.74 231 54.01 231 73"/>
+      <polygon class="cls-7" points="231 75 231 93.68 256 97.11 256 75 231 75"/>
+      <polygon class="cls-7" points="229 75 209 75 209 90.67 229 93.38 229 75"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-advanced-management-windows10pc-3.svg b/bcs/images/bcs-partner-advanced-management-windows10pc-3.svg
new file mode 100644
index 0000000000..5e772085f1
--- /dev/null
+++ b/bcs/images/bcs-partner-advanced-management-windows10pc-3.svg
@@ -0,0 +1,96 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #aae9fb;
+      }
+
+      .cls-2 {
+        fill: #556a8a;
+      }
+
+      .cls-3 {
+        fill: #adbdca;
+      }
+
+      .cls-10, .cls-11, .cls-4, .cls-8 {
+        fill: #fff;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-13, .cls-6 {
+        fill: none;
+      }
+
+      .cls-11, .cls-6 {
+        stroke: #556a8a;
+        stroke-miterlimit: 10;
+      }
+
+      .cls-11, .cls-13, .cls-6 {
+        stroke-width: 2px;
+      }
+
+      .cls-7 {
+        fill: #59b4d9;
+      }
+
+      .cls-8 {
+        opacity: 0.5;
+      }
+
+      .cls-10, .cls-8 {
+        isolation: isolate;
+      }
+
+      .cls-9 {
+        fill: #b8d432;
+      }
+
+      .cls-10 {
+        opacity: 0.1;
+      }
+
+      .cls-12 {
+        fill: #9273b6;
+      }
+
+      .cls-13 {
+        stroke: #fff;
+        stroke-linecap: round;
+        stroke-linejoin: round;
+        fill-rule: evenodd;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-advanced-management-windows10pc-3</title>
+  <rect class="cls-1" x="27.5" y="26" width="345" height="14"/>
+  <rect class="cls-1" x="27.5" y="53" width="345" height="14"/>
+  <rect class="cls-1" x="27.5" y="80" width="345" height="14"/>
+  <polygon class="cls-2" points="244.75 127 127.75 127 135.07 119 237.9 119 244.75 127"/>
+  <polygon class="cls-3" points="233.75 125 138.75 125 142.09 121 230.51 121 233.75 125"/>
+  <polygon class="cls-2" points="211.75 108.5 159.75 108.5 153.75 114.5 217.75 114.5 211.75 108.5"/>
+  <polygon class="cls-2" points="189.25 112 182.25 112 183.65 98 187.85 98 189.25 112"/>
+  <rect class="cls-4" x="110.75" y="18" width="151" height="82" rx="4" ry="4"/>
+  <path class="cls-5" d="M261.25,22V34h-151V22a4,4,0,0,1,4-4h143A4,4,0,0,1,261.25,22Z"/>
+  <rect class="cls-6" x="110" y="18" width="151" height="82" rx="4" ry="4" transform="translate(371 118) rotate(180)"/>
+  <g>
+    <path class="cls-7" d="M184,92a5.49,5.49,0,0,1-3.91-1.62L155.62,65.91a5.53,5.53,0,0,1,0-7.83l24.47-24.47a5.53,5.53,0,0,1,7.83,0l24.46,24.47a5.53,5.53,0,0,1,0,7.83L187.91,90.38A5.49,5.49,0,0,1,184,92"/>
+    <path class="cls-4" d="M200.34,57.31a4.68,4.68,0,0,0-3.92,7.26l-9.29,9.29a5.46,5.46,0,0,0-.79-.45V49.71a4.69,4.69,0,1,0-4.68,0V73.42a5.38,5.38,0,0,0-.76.42l-9.3-9.3a4.82,4.82,0,1,0-2.41,1.88L179,76.2a5.46,5.46,0,1,0,10.06,0l9.81-9.81a4.64,4.64,0,0,0,1.49.26,4.69,4.69,0,0,0,0-9.38Z"/>
+    <rect class="cls-8" x="191.21" y="41.87" width="3.03" height="24.81" transform="translate(18.08 152.2) rotate(-45.01)"/>
+    <rect class="cls-8" x="162.89" y="52.78" width="24.81" height="3.03" transform="translate(12.95 139.86) rotate(-45)"/>
+    <path class="cls-9" d="M187.2,78.34a3.25,3.25,0,1,1-3.25-3.25,3.25,3.25,0,0,1,3.25,3.25"/>
+    <path class="cls-9" d="M186.61,45.67A2.61,2.61,0,1,1,184,43.06a2.61,2.61,0,0,1,2.61,2.61"/>
+    <path class="cls-9" d="M170.28,62a2.61,2.61,0,1,1-2.61-2.61A2.61,2.61,0,0,1,170.28,62"/>
+    <path class="cls-9" d="M202.95,62a2.61,2.61,0,1,1-2.61-2.61A2.61,2.61,0,0,1,202.95,62"/>
+    <path class="cls-10" d="M187.91,33.62a5.53,5.53,0,0,0-7.83,0L155.62,58.09a5.53,5.53,0,0,0,0,7.83l13.85,13.85,26.06-38.53Z"/>
+  </g>
+  <g>
+    <path class="cls-11" d="M232.11,91.63l4.47.67a17.31,17.31,0,0,0,.46,3l-3.69,2.38a1.17,1.17,0,0,0-.66,1.59L233.8,102a1,1,0,0,0,1.43.49l4.49-.94,1.42,2.42-2.58,3.5a1.19,1.19,0,0,0,0,1.6l2.22,2.26a1.44,1.44,0,0,0,1.6,0l3.53-2.53c.8.48,1.76,1.12,2.55,1.61l-1,4.47a1.1,1.1,0,0,0,.62,1.29l2.72,1.13a1,1,0,0,0,1.45-.46l2.43-4a9.35,9.35,0,0,0,2.87.67l.61,4.48a1.1,1.1,0,0,0,1.11,1.13l3-.15c.48.16,1-.32,1.12-.79l.84-4.64a9.64,9.64,0,0,0,2.88-.61l2.38,4a1.59,1.59,0,0,0,1.43.49l2.89-1.26a1.09,1.09,0,0,0,.65-1.27l-1.1-4.34a5.66,5.66,0,0,0,.62-.42c.13-.09.27-.19.4-.3.47-.35.94-.74,1.4-1l3.66,2.74a1,1,0,0,0,1.44-.15l1.34-1.32.75-.75,0,0a1,1,0,0,0,.14-1.41l-2.69-3.7a13.13,13.13,0,0,0,1.78-2.71l4.46,1.3a1.42,1.42,0,0,0,1.46-.78l1.13-2.72a1.39,1.39,0,0,0-.62-1.6l-3.83-2.27c.33-1,.33-1.92.66-2.87L290,92a1.42,1.42,0,0,0,1-1.28V87.83a1.36,1.36,0,0,0-.93-1.29L285.42,86a18.27,18.27,0,0,0-.61-3.21l4-2.37a1,1,0,0,0,.5-1.44l-1.11-2.72a1.49,1.49,0,0,0-1.43-.81l-4.5,1.25c-.47-.8-.94-1.61-1.42-2.41l2.75-3.66a1.48,1.48,0,0,0-.16-1.44L281.23,67a1.2,1.2,0,0,0-1.43-.17l-3.7,2.71c-.8-.5-1.75-1.14-2.55-1.62l1-4.48a1.07,1.07,0,0,0-.62-1.28L271,60.82a1.38,1.38,0,0,0-1.45.47l-2.26,3.84c-1,0-1.92-.33-2.88-.35L264,60.14a1.4,1.4,0,0,0-1.28-1l-3-.18a1.87,1.87,0,0,0-1.12,1.1l-.68,4.49c-1.12.15-2.08.47-3.2.61l-2.21-3.85a1.11,1.11,0,0,0-1.44-.49L248.32,62a1.3,1.3,0,0,0-.82,1.43l1.1,4.33a10.34,10.34,0,0,0-2.41,1.75l-3.67-2.75a1.07,1.07,0,0,0-1.61,0L239,68.63l-.17.16a1.09,1.09,0,0,0,0,1.6l2.69,3.7a7.16,7.16,0,0,0-1.37,1.85l-.12.22c-.1.2-.2.41-.29.63l-4.47-1.3a1.09,1.09,0,0,0-1.28.62L232.68,79a1.63,1.63,0,0,0,.47,1.45l4,2.42a7.93,7.93,0,0,0-.51,2.72l-4.65.76c-.47.17-1,.64-1,1l0,3.2A1.08,1.08,0,0,0,232.11,91.63Z"/>
+    <path class="cls-12" d="M247.16,83.3A15,15,0,1,1,246,89.15,14.82,14.82,0,0,1,247.16,83.3Z"/>
+    <polyline class="cls-13" points="250.24 89.26 257.99 97.01 272.24 82.76"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-get-started-1.svg b/bcs/images/bcs-partner-get-started-1.svg
new file mode 100644
index 0000000000..3fda6d92c6
--- /dev/null
+++ b/bcs/images/bcs-partner-get-started-1.svg
@@ -0,0 +1,116 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+        opacity: 0.7;
+      }
+
+      .cls-10, .cls-2, .cls-6 {
+        fill: none;
+      }
+
+      .cls-2, .cls-6, .cls-7, .cls-8 {
+        stroke: #556a8a;
+      }
+
+      .cls-12, .cls-2, .cls-6, .cls-7, .cls-8 {
+        stroke-miterlimit: 10;
+      }
+
+      .cls-10, .cls-12, .cls-2, .cls-6, .cls-7, .cls-8 {
+        stroke-width: 2px;
+      }
+
+      .cls-2 {
+        stroke-dasharray: 3 3;
+      }
+
+      .cls-3 {
+        fill: #556a8a;
+      }
+
+      .cls-12, .cls-4, .cls-8 {
+        fill: #fff;
+      }
+
+      .cls-5 {
+        fill: #bad80a;
+      }
+
+      .cls-15, .cls-7 {
+        fill: #e5e5e5;
+      }
+
+      .cls-9 {
+        fill: #ffc52b;
+      }
+
+      .cls-10 {
+        stroke: #fff;
+        stroke-linecap: round;
+        stroke-linejoin: round;
+        fill-rule: evenodd;
+      }
+
+      .cls-11 {
+        fill: #2bc7f4;
+      }
+
+      .cls-12 {
+        stroke: #00bcf2;
+      }
+
+      .cls-13 {
+        fill: #ff9f2b;
+      }
+
+      .cls-14 {
+        fill: #ff8c00;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-get-started-1</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M264.1,55.27A39.37,39.37,0,0,0,186.39,54a26.79,26.79,0,0,0-43,13.62,23.42,23.42,0,1,0-5.56,46.16H269.57C282.94,111.1,293,98.7,293,84.54A29.27,29.27,0,0,0,264.1,55.27Z"/>
+    <g>
+      <polyline class="cls-2" points="136 96.22 220.03 96 220 51.82 269 51.82 269 95 337.83 95"/>
+      <polygon class="cls-3" points="331.2 103.18 329.84 101.72 337.06 95 329.84 88.29 331.2 86.82 340 95 331.2 103.18"/>
+    </g>
+    <g>
+      <polygon class="cls-4" points="198.2 77 235 77 228.6 97 203.18 97 198.2 77"/>
+      <polygon class="cls-5" points="198.2 77 235 77 232.6 84 199.8 84 198.2 77"/>
+      <polyline class="cls-6" points="198.2 77 235 77 228.92 97 203.07 97 195.46 69 188 69"/>
+      <polyline class="cls-6" points="201.63 91.73 204.98 103 231 103"/>
+      <circle class="cls-7" cx="210" cy="107" r="4"/>
+      <circle class="cls-7" cx="224" cy="107" r="4"/>
+    </g>
+    <g>
+      <path class="cls-8" d="M239.89,51.39l3.58.54a13.85,13.85,0,0,0,.37,2.43l-3,1.9a.94.94,0,0,0-.53,1.27l.89,2.18a.81.81,0,0,0,1.14.39l3.59-.75,1.14,1.94L245,64.09a1,1,0,0,0,0,1.28l1.78,1.81a1.16,1.16,0,0,0,1.28,0l2.82-2c.64.38,1.41.9,2,1.29L252.18,70a.88.88,0,0,0,.5,1l2.18.9a.82.82,0,0,0,1.16-.37l1.94-3.2a7.48,7.48,0,0,0,2.3.54l.49,3.58a.88.88,0,0,0,.89.9l2.43-.12c.38.13.78-.26.9-.63l.67-3.71a7.72,7.72,0,0,0,2.3-.49l1.9,3.2a1.27,1.27,0,0,0,1.14.39l2.31-1a.87.87,0,0,0,.52-1l-.88-3.47a4.53,4.53,0,0,0,.5-.34l.32-.24c.38-.28.75-.59,1.12-.82l2.93,2.19a.82.82,0,0,0,1.15-.12L280,66.18l.6-.6,0,0a.83.83,0,0,0,.11-1.13l-2.15-3A10.5,10.5,0,0,0,280,59.31l3.57,1a1.13,1.13,0,0,0,1.17-.62l.9-2.18a1.11,1.11,0,0,0-.5-1.28l-3.06-1.82c.26-.76.26-1.54.53-2.3l3.58-.49a1.13,1.13,0,0,0,.78-1v-2.3a1.09,1.09,0,0,0-.74-1l-3.72-.41a14.61,14.61,0,0,0-.49-2.57l3.21-1.9a.81.81,0,0,0,.4-1.15l-.89-2.18a1.19,1.19,0,0,0-1.14-.65l-3.6,1c-.38-.64-.75-1.29-1.14-1.93l2.2-2.93a1.18,1.18,0,0,0-.13-1.15l-1.78-1.81a1,1,0,0,0-1.14-.14l-3,2.17c-.64-.4-1.4-.91-2-1.3l.78-3.58a.86.86,0,0,0-.5-1l-2.3-1a1.1,1.1,0,0,0-1.16.38l-1.81,3.07c-.77,0-1.54-.26-2.3-.28l-.35-3.71a1.12,1.12,0,0,0-1-.77L262,25.29a1.5,1.5,0,0,0-.9.88l-.54,3.59c-.9.12-1.66.38-2.56.49l-1.77-3.08a.89.89,0,0,0-1.15-.39l-2.18.89a1,1,0,0,0-.66,1.14l.88,3.46a8.27,8.27,0,0,0-1.93,1.4l-2.94-2.2a.86.86,0,0,0-1.29,0L245.39,33l-.14.13a.87.87,0,0,0,0,1.28l2.15,3a5.73,5.73,0,0,0-1.1,1.48l-.1.18c-.08.16-.16.33-.23.5l-3.58-1a.87.87,0,0,0-1,.5l-1,2.3a1.3,1.3,0,0,0,.38,1.16l3.19,1.94a6.34,6.34,0,0,0-.41,2.18l-3.72.61c-.38.14-.77.51-.77.78l0,2.56A.86.86,0,0,0,239.89,51.39Z"/>
+      <circle class="cls-9" cx="263" cy="49.35" r="12"/>
+      <polyline class="cls-10" points="254.5 49.82 260.5 55.82 270.5 44.82"/>
+    </g>
+    <circle class="cls-11" cx="310" cy="95" r="6"/>
+    <circle class="cls-11" cx="182" cy="95" r="6"/>
+    <circle class="cls-11" cx="220" cy="53" r="6"/>
+    <path class="cls-12" d="M150.51,60.83v-.6a24.19,24.19,0,0,0-.78-6A21.75,21.75,0,0,0,114,38.78c-5.29-6.66-12-10-21.06-10C77,28.8,65,42.69,64.72,58.34c0,1.08.27,1.89.27,3-8.36,4-13.22,11.06-13.22,20,0,12.73,10,22.92,23.27,23.67,1.22,8.83,9.14,17,22.71,17,11.45,0,18.27.93,26.62-8.47a28.13,28.13,0,0,0,13.31,3.63c16,0,29-14.21,29-30.25A29,29,0,0,0,150.51,60.83Z"/>
+    <g>
+      <g>
+        <g>
+          <path class="cls-13" d="M96.73,96.37c-.89.29-1.84.56-2.83.83C99.84,72.54,111.55,77,111.55,77l1.91,1.81.07.23C113.94,80.68,115.53,90.41,96.73,96.37Z"/>
+          <path class="cls-14" d="M96.73,96.37c5.81-20.31,15.79-17.66,16.8-17.33C113.94,80.68,115.53,90.41,96.73,96.37Z"/>
+          <polygon class="cls-3" points="114.46 83.7 106.16 75.4 112.8 73.74 115.91 76.87 114.46 83.7"/>
+        </g>
+        <polygon class="cls-3" points="116.11 65.31 93.7 64.48 90.38 61.16 109.47 52.03 117.45 55.03 116.11 65.31"/>
+        <polygon class="cls-3" points="125.6 72.08 126.43 94.5 129.75 97.82 138.88 78.72 135.89 70.74 125.6 72.08"/>
+        <g>
+          <path class="cls-4" d="M121.13,82h-.25l-.2-.18L108.85,69.45l0-.29a49,49,0,0,1,13.44-23.81C133.08,34.67,158.12,30.17,159.18,30l.82-.14-.14.82s-.44,2.61-1.33,6.4c-2.44,10.26-6.81,24-13.77,31C133.91,78.93,122.12,82,121.13,82Z"/>
+          <path class="cls-15" d="M157.89,38.52c-2,8.35-6.29,22.81-13.62,30.17-10.82,10.9-22.6,13.16-23.21,13.28l-6.6-6.6s2.1-12.12,13.29-23.25C135.1,44.81,149.53,40.5,157.89,38.52Z"/>
+          <path class="cls-11" d="M138,36.37l1.07-.39a122.11,122.11,0,0,1,19.75-5.32l1-.17-.17,1a122.35,122.35,0,0,1-5.32,19.75l-.39,1.07Z"/>
+          <path class="cls-6" d="M121.13,82h-.25l-.2-.18L108.85,69.45l0-.29a49,49,0,0,1,13.44-23.81C133.08,34.67,158.12,30.17,159.18,30l.82-.14-.14.82s-.44,2.61-1.33,6.4c-2.44,10.26-6.81,24-13.77,31C133.91,78.93,122.12,82,121.13,82Z"/>
+        </g>
+      </g>
+      <circle class="cls-8" cx="132.81" cy="56.56" r="6"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-identity-manager.svg b/bcs/images/bcs-partner-identity-manager.svg
new file mode 100644
index 0000000000..c75db3c46f
--- /dev/null
+++ b/bcs/images/bcs-partner-identity-manager.svg
@@ -0,0 +1,91 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-12 {
+        fill: #80def9;
+      }
+
+      .cls-2, .cls-7, .cls-9 {
+        fill: none;
+      }
+
+      .cls-2 {
+        stroke: #00bcf2;
+        stroke-linecap: round;
+      }
+
+      .cls-12, .cls-2, .cls-4, .cls-9 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-3 {
+        fill: #00bcf2;
+      }
+
+      .cls-10, .cls-4 {
+        fill: #fff;
+      }
+
+      .cls-12, .cls-4, .cls-9 {
+        stroke: #556a8a;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-6 {
+        fill: #2bc7f4;
+      }
+
+      .cls-8 {
+        fill: #556a8a;
+      }
+
+      .cls-11 {
+        fill: #f1f2f2;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-identity-manager</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M327.31,58.4a36.36,36.36,0,0,0-71.78-1.14,24.75,24.75,0,0,0-39.75,12.58,21.63,21.63,0,1,0-5.14,42.64H332.36c12.35-2.51,21.64-14,21.64-27A27,27,0,0,0,327.31,58.4Z"/>
+    <g>
+      <line class="cls-2" x1="119" y1="62" x2="193" y2="62"/>
+      <polygon class="cls-3" points="186.24 70.18 184.87 68.72 192.09 62 184.87 55.29 186.24 53.82 195.03 62 186.24 70.18"/>
+    </g>
+    <g>
+      <rect class="cls-4" x="57" y="24" width="53" height="91"/>
+      <g>
+        <rect class="cls-5" x="83" y="25" width="26" height="89"/>
+        <rect class="cls-6" x="59" y="47" width="24" height="3"/>
+        <polygon class="cls-7" points="95 33 59 33 59 36 95 36 95 33 95 33"/>
+        <polyline class="cls-7" points="95 33 59 33 59 36 95 36 95 33"/>
+        <rect class="cls-6" x="59" y="40" width="24" height="3"/>
+        <rect class="cls-6" x="59" y="33" width="24" height="3"/>
+        <rect class="cls-8" x="83" y="33" width="28" height="3"/>
+        <rect class="cls-8" x="83" y="40" width="28" height="3"/>
+        <rect class="cls-8" x="83" y="47" width="28" height="3"/>
+      </g>
+      <rect class="cls-8" x="57" y="33" width="4" height="3"/>
+      <rect class="cls-8" x="57" y="40" width="4" height="3"/>
+      <rect class="cls-8" x="57" y="47" width="4" height="3"/>
+    </g>
+    <g>
+      <circle class="cls-4" cx="112.67" cy="83.6" r="12.08"/>
+      <path class="cls-4" d="M93.35,115A19.33,19.33,0,0,1,132,115Z"/>
+    </g>
+    <g>
+      <rect class="cls-9" x="268.73" y="41.87" width="27" height="36" rx="12" ry="12"/>
+      <path class="cls-10" d="M304.73,65.87v32a2,2,0,0,1-2,2H262.69a2,2,0,0,1-2-2v-32a2,2,0,0,1,2-2h40.09A2,2,0,0,1,304.73,65.87Z"/>
+      <path class="cls-5" d="M304.73,65.87v31l-33-33h31A2,2,0,0,1,304.73,65.87Z"/>
+      <path class="cls-9" d="M304.73,97.87a2,2,0,0,1-2,2H262.69a2,2,0,0,1-2-2v-32a2,2,0,0,1,2-2h40.09a2,2,0,0,1,2,2Z"/>
+    </g>
+    <g>
+      <path class="cls-11" d="M254.1,82.49a15.33,15.33,0,1,0-5.48,7.14v5h4.86v5.6h6.4v6.4h9.6V97.31Z"/>
+      <path class="cls-9" d="M254.1,82.49a15.33,15.33,0,1,0-5.48,7.14v5h4.86v5.6h6.4v6.4h9.6V97.31Z"/>
+      <circle class="cls-12" cx="235.73" cy="71.51" r="3.24"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-install-2.svg b/bcs/images/bcs-partner-install-2.svg
new file mode 100644
index 0000000000..e112e26bc1
--- /dev/null
+++ b/bcs/images/bcs-partner-install-2.svg
@@ -0,0 +1,90 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #556a8a;
+      }
+
+      .cls-2, .cls-5 {
+        fill: #fcfcfc;
+      }
+
+      .cls-3 {
+        fill: #e5e5e5;
+      }
+
+      .cls-4 {
+        fill: none;
+      }
+
+      .cls-4, .cls-5 {
+        stroke: #556a8a;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-6 {
+        fill: #999;
+      }
+
+      .cls-7 {
+        fill: #2bc7f4;
+      }
+
+      .cls-8 {
+        fill: #414042;
+      }
+
+      .cls-9 {
+        fill: #e4edf1;
+      }
+
+      .cls-10 {
+        fill: #fff;
+      }
+
+      .cls-11 {
+        fill: #ffb900;
+      }
+
+      .cls-12 {
+        fill: #ffc52b;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-install-2</title>
+  <g id="ICONS">
+    <g>
+      <g>
+        <polygon class="cls-1" points="219.53 111.62 213.84 111.62 214.79 98.33 218.58 98.33 219.53 111.62"/>
+        <polygon class="cls-1" points="240.49 109 192.56 109 187.03 112 246.03 112 240.49 109"/>
+      </g>
+      <path class="cls-2" d="M280.6,30.92V97.4H153V30.92A4,4,0,0,1,157,27H276.64A4,4,0,0,1,280.6,30.92Z"/>
+      <path class="cls-3" d="M280.6,30.92V46.8H153V30.92A4,4,0,0,1,157,27H276.64A4,4,0,0,1,280.6,30.92Z"/>
+      <path class="cls-4" d="M280,98V31.89A3.93,3.93,0,0,0,276.06,28H156.94A3.93,3.93,0,0,0,153,31.89V98Z"/>
+    </g>
+    <g>
+      <rect class="cls-5" x="269" y="67" width="30" height="55" rx="4" ry="4"/>
+      <rect class="cls-3" x="272" y="74.99" width="23" height="40"/>
+      <path class="cls-6" d="M288.27,73h-7.54c-.4,0-.73-.45-.73-1s.33-1,.73-1h7.54c.4,0,.73.45.73,1S288.67,73,288.27,73Z"/>
+    </g>
+    <rect class="cls-1" x="197" y="83" width="36" height="2"/>
+    <polygon class="cls-1" points="232.44 56.59 216 73.04 216 35 214 35 214 73.04 197.86 56.59 196.53 58.02 215.26 76.9 233.91 58.02 232.44 56.59"/>
+    <path class="cls-7" d="M314.49,68.58a1.2,1.2,0,0,0,1.27.46l2.32-.75a1.2,1.2,0,0,0,.6-1.5l-.7-2.91c-.31-.74-.31-1.51,1.65-3.28a2.1,2.1,0,0,1,2-.31l3.13,1a1.41,1.41,0,0,0,1.2-.5l1.19-2.4a1.25,1.25,0,0,0-.71-1.37l-2.67-1.65a1.52,1.52,0,0,1-.81-1.73s0-3.09,1.2-3.58l2.59-1.21a1.49,1.49,0,0,0,.6-1.49l-1-2.46a.92.92,0,0,0-1.21-.49l-.06,0-2.92.71c-.76.29-2.86-1.42-3.29-1.7a3,3,0,0,1-.47-2.2l1.06-2.76a1.35,1.35,0,0,0-.58-1.59l-2.32-.79a1.2,1.2,0,0,0-1.46.36l-1.41,2.83c-.36.69-1.16,1.45-3.42,1,0,0-1.73-.57-2.07-1.26l-1.25-3a1.2,1.2,0,0,0-1.27-.46l-2.46,1a.92.92,0,0,0-.43,1.23v0l.57,3.14c.27,1.09-1.29,2.63-1.58,3.06a2,2,0,0,1-2.19.53l-3-1.18a1.46,1.46,0,0,0-1.37.71l-1.19,2.4a1.65,1.65,0,0,0,.71,1.37l2.72,1.65c1.54.71,1.05,2.32,1,3.42,0,.59-.1,1.2-1.33,1.67L294.5,56.1a1.2,1.2,0,0,0-.46,1.27l1,2.46a1.2,1.2,0,0,0,1.13.69l3-.93c1.09-.27,1.55,0,1.86.52a16.77,16.77,0,0,1,1.3,1.42,1.68,1.68,0,0,1,.64,1.91l-1.18,3a1.45,1.45,0,0,0,.71,1.36l2.17,1a1.2,1.2,0,0,0,1.46-.36l1.43-2.85a1.9,1.9,0,0,1,1.86-1l1.77.15c.73-.17,1.2.1,1.8,1.1l1.43,2.74m2.3-18.47A6.59,6.59,0,0,1,313,58.36a6.12,6.12,0,0,1-8-3.23q-.12-.27-.21-.56a6.29,6.29,0,0,1,3.65-8,6.37,6.37,0,0,1,8.34,3.4l.06.15"/>
+    <g>
+      <rect class="cls-5" x="75" y="44" width="92" height="68" rx="4" ry="4"/>
+      <path class="cls-8" d="M171,118H70.18A4,4,0,0,1,66,115H175S173.79,118,171,118Z"/>
+      <polygon class="cls-1" points="66.1 115 74.02 110 168 110 175 115 66.1 115"/>
+      <polygon class="cls-9" points="70 115 74.6 112 167.36 112 171 115 70 115"/>
+      <rect class="cls-7" x="81" y="51" width="80" height="53"/>
+      <polygon class="cls-10" points="116 75.9 116 62 101 64.61 101 75.9 116 75.9"/>
+      <polygon class="cls-10" points="118 76 136 76 136 59.64 118 62.03 118 76"/>
+      <polygon class="cls-10" points="118 78 118 91.85 136 94.35 136 78 118 78"/>
+      <polygon class="cls-10" points="116 78 101 78 101 89.45 116 91.48 116 78"/>
+    </g>
+    <g>
+      <path class="cls-11" d="M281.74,32.9,295.16,12H279.95L259.88,41.7H274L261,66.14,278.17,50.8l20.51-17.9Z"/>
+      <path class="cls-12" d="M281.74,32.9,295.16,12h-6.44L268.67,41.7H274L261,66.14,278.17,50.8l20.51-17.9Z"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-office-migration-1.svg b/bcs/images/bcs-partner-office-migration-1.svg
new file mode 100644
index 0000000000..4d3078c578
--- /dev/null
+++ b/bcs/images/bcs-partner-office-migration-1.svg
@@ -0,0 +1,67 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+      }
+
+      .cls-2 {
+        fill: #d1d3d4;
+      }
+
+      .cls-3 {
+        fill: #556a8a;
+      }
+
+      .cls-4 {
+        fill: #fff;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-6, .cls-8 {
+        fill: none;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-6 {
+        stroke: #556a8a;
+      }
+
+      .cls-7 {
+        fill: #d83b01;
+      }
+
+      .cls-8 {
+        stroke: #00bcf2;
+        stroke-linecap: round;
+      }
+
+      .cls-9 {
+        fill: #00bcf2;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-identitiy-integration-1</title>
+  <g id="ICONS">
+    <g>
+      <rect class="cls-1" x="83" y="63.13" width="233" height="4.87"/>
+      <rect class="cls-2" x="83" y="72.13" width="233" height="4.87"/>
+      <rect class="cls-1" x="83" y="81.13" width="233" height="4.87"/>
+      <polygon class="cls-3" points="222.61 123 177.39 123 172.17 128 227.83 128 222.61 123"/>
+      <polygon class="cls-3" points="203.05 123.94 196.95 123.94 198.17 107.75 201.83 107.75 203.05 123.94"/>
+      <rect class="cls-4" x="134" y="38" width="132" height="72" rx="4" ry="4" transform="translate(400 148) rotate(180)"/>
+      <path class="cls-5" d="M265,57V42.57C265,40,263.78,38,261.11,38H138.9a4.76,4.76,0,0,0-4.9,4.57V57Z"/>
+      <rect class="cls-6" x="134" y="38" width="132" height="72" rx="4" ry="4" transform="translate(400 148) rotate(180)"/>
+    </g>
+    <polygon class="cls-7" points="223 95 223 95.61 223 53.45 204.64 48.59 173.31 59.36 174.51 90.41 187 86.38 187 60.96 205 57.08 205 94.44 172.84 90.41 203 100.58 203 100.58 221.94 95.48 222.68 95 223 95"/>
+    <g>
+      <line class="cls-8" x1="138" y1="23" x2="262" y2="23"/>
+      <polygon class="cls-9" points="144.76 31.18 146.13 29.71 138.91 23 146.13 16.29 144.76 14.82 135.97 23 144.76 31.18"/>
+      <polygon class="cls-9" points="255.24 31.18 253.87 29.71 261.1 23 253.87 16.29 255.24 14.82 264.03 23 255.24 31.18"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-policies-set-device-config-1.svg b/bcs/images/bcs-partner-policies-set-device-config-1.svg
new file mode 100644
index 0000000000..78c1851ca6
--- /dev/null
+++ b/bcs/images/bcs-partner-policies-set-device-config-1.svg
@@ -0,0 +1,85 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+        opacity: 0.7;
+      }
+
+      .cls-2 {
+        fill: #5b7484;
+      }
+
+      .cls-3 {
+        fill: #adbdca;
+      }
+
+      .cls-10, .cls-11, .cls-4 {
+        fill: #fff;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-6, .cls-8 {
+        fill: none;
+      }
+
+      .cls-6 {
+        stroke: #51636b;
+      }
+
+      .cls-10, .cls-11, .cls-6, .cls-8, .cls-9 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-7 {
+        fill: #556a8a;
+      }
+
+      .cls-10, .cls-8, .cls-9 {
+        stroke: #556a8a;
+      }
+
+      .cls-9 {
+        fill: #55d2f6;
+      }
+
+      .cls-11 {
+        stroke: #2bc7f4;
+      }
+
+      .cls-12 {
+        fill: #2bc7f4;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-policies-set-device-config-1</title>
+  <path class="cls-1" d="M288.1,67c-2.75-17.56-19.14-31-39-31-19.39,0-35.49,12.91-38.75,29.91a28.11,28.11,0,0,0-17.16-5.73c-12.39,0-22.79,7.75-25.86,18.28a25.29,25.29,0,0,0-5.56-.64c-12.94,0-23.43,9.66-23.43,21.59S148.87,121,161.81,121H293.57C306.94,118.5,317,107.07,317,94,317,79.23,304.1,67.24,288.1,67Z"/>
+  <polygon class="cls-2" points="228.38 110 133.62 110 139.54 103 222.84 103 228.38 110"/>
+  <polygon class="cls-3" points="219.47 108 142.53 108 145.23 105 216.85 105 219.47 108"/>
+  <polygon class="cls-2" points="201.31 95 159.88 95 155.09 100 206.09 100 201.31 95"/>
+  <polygon class="cls-2" points="183.43 98.5 177.76 98.5 178.89 87.16 182.3 87.16 183.43 98.5"/>
+  <rect class="cls-4" x="120" y="22" width="122" height="66" rx="4" ry="4"/>
+  <path class="cls-5" d="M242,26V38H120V26a4,4,0,0,1,4-4H238A4,4,0,0,1,242,26Z"/>
+  <rect class="cls-6" x="120" y="22" width="122" height="66" rx="4" ry="4" transform="translate(362 110) rotate(180)"/>
+  <g>
+    <polygon class="cls-7" points="177 58 177 42.62 161 44.68 161 58 177 58"/>
+    <polygon class="cls-7" points="179 58 200 58 200 40 179 42.7 179 58"/>
+    <polygon class="cls-7" points="179 60 179 75.17 200 78 200 60 179 60"/>
+    <polygon class="cls-7" points="177 60 161 60 161 72.68 177 74.92 177 60"/>
+  </g>
+  <g>
+    <path class="cls-4" d="M315,57.75a7.51,7.51,0,0,1-.61,3,7.76,7.76,0,0,1-4.13,4.12,7.43,7.43,0,0,1-3,.61L303,65v40.11c0,3-1.88,6.89-6,6.89H261V57.08A10.57,10.57,0,0,1,261,56a4.38,4.38,0,0,1,.31-1.22,7.15,7.15,0,0,1,.64-1.19,7.28,7.28,0,0,1,1-1.27,2.25,2.25,0,0,1,.24-.21,7.39,7.39,0,0,1,2.23-1.45,7.88,7.88,0,0,1,3-.61h38.75a7.6,7.6,0,0,1,3,.61,7.76,7.76,0,0,1,4.13,4.12A7.51,7.51,0,0,1,315,57.75Z"/>
+    <path class="cls-5" d="M315,57.75a7.51,7.51,0,0,1-.61,3,7.76,7.76,0,0,1-4.13,4.12,7.43,7.43,0,0,1-3,.61L303,65v1H261V57.08A10.57,10.57,0,0,1,261,56a4.38,4.38,0,0,1,.31-1.22,7.15,7.15,0,0,1,.64-1.19,7.28,7.28,0,0,1,1-1.27,2.25,2.25,0,0,1,.24-.21,7.39,7.39,0,0,1,2.23-1.45,7.88,7.88,0,0,1,3-.61h38.75a7.6,7.6,0,0,1,3,.61,7.76,7.76,0,0,1,4.13,4.12A7.51,7.51,0,0,1,315,57.75Z"/>
+    <path class="cls-8" d="M315,57.75a7.48,7.48,0,0,1-.61,3,7.62,7.62,0,0,1-1.66,2.46,7.82,7.82,0,0,1-2.47,1.66,7.38,7.38,0,0,1-3,.61L303,65v40.11c0,3-1.88,6.89-6,6.89h-7.88L261,104V57.75a15.22,15.22,0,0,1,.05-1.8,4.3,4.3,0,0,1,.31-1.22A7.73,7.73,0,0,1,263,52.27a7.82,7.82,0,0,1,2.47-1.66,7.54,7.54,0,0,1,3-.61h38.75a7.54,7.54,0,0,1,3,.61,7.82,7.82,0,0,1,2.47,1.66,7.73,7.73,0,0,1,1.66,2.46A7.49,7.49,0,0,1,315,57.75Z"/>
+    <path class="cls-7" d="M307.13,61.63a3.75,3.75,0,0,0,1.51-.3,3.94,3.94,0,0,0,2.06-2.06,3.94,3.94,0,0,0,0-3,3.94,3.94,0,0,0-2.06-2.06,3.94,3.94,0,0,0-3,0,3.94,3.94,0,0,0-2.06,2.06,3.75,3.75,0,0,0-.3,1.51L302.88,62Z"/>
+    <path class="cls-9" d="M294,112c-3-1-5-2.89-5-8,0-6,6-8,5.43-8H262a8,8,0,0,0,0,16h31.27"/>
+  </g>
+  <path class="cls-10" d="M82.45,77.45l4.47.67a17.31,17.31,0,0,0,.46,3l-3.69,2.38A1.17,1.17,0,0,0,83,85.13l1.11,2.73a1,1,0,0,0,1.43.49l4.49-.94,1.42,2.42-2.58,3.5a1.19,1.19,0,0,0,0,1.6l2.22,2.26a1.44,1.44,0,0,0,1.6,0l3.53-2.53c.8.48,1.76,1.12,2.55,1.61l-1,4.47a1.1,1.1,0,0,0,.62,1.29l2.72,1.13a1,1,0,0,0,1.45-.46l2.43-4a9.35,9.35,0,0,0,2.87.67l.61,4.48a1.1,1.1,0,0,0,1.11,1.13l3-.15c.48.16,1-.32,1.12-.79l.84-4.64a9.64,9.64,0,0,0,2.88-.61l2.38,4a1.59,1.59,0,0,0,1.43.49L124.2,102a1.09,1.09,0,0,0,.65-1.27l-1.1-4.34a5.66,5.66,0,0,0,.62-.42c.13-.09.27-.19.4-.3.47-.35.94-.74,1.4-1l3.66,2.74a1,1,0,0,0,1.44-.15l1.34-1.32.75-.75,0,0a1,1,0,0,0,.14-1.41l-2.69-3.7a13.13,13.13,0,0,0,1.78-2.71l4.46,1.3a1.42,1.42,0,0,0,1.46-.78l1.13-2.72a1.39,1.39,0,0,0-.62-1.6l-3.83-2.27c.33-1,.33-1.92.66-2.87l4.48-.61a1.42,1.42,0,0,0,1-1.28V73.65a1.36,1.36,0,0,0-.93-1.29l-4.65-.51a18.27,18.27,0,0,0-.61-3.21l4-2.37a1,1,0,0,0,.5-1.44l-1.11-2.72a1.49,1.49,0,0,0-1.43-.81l-4.5,1.25c-.47-.8-.94-1.61-1.42-2.41L134,56.48a1.48,1.48,0,0,0-.16-1.44l-2.22-2.26a1.2,1.2,0,0,0-1.43-.17l-3.7,2.71c-.8-.5-1.75-1.14-2.55-1.62l1-4.48a1.07,1.07,0,0,0-.62-1.28l-2.87-1.3a1.38,1.38,0,0,0-1.45.47l-2.26,3.84c-1,0-1.92-.33-2.88-.35L114.35,46a1.4,1.4,0,0,0-1.28-1l-3-.18a1.87,1.87,0,0,0-1.12,1.1l-.68,4.49c-1.12.15-2.08.47-3.2.61l-2.21-3.85a1.11,1.11,0,0,0-1.44-.49l-2.72,1.11a1.3,1.3,0,0,0-.82,1.43l1.1,4.33a10.34,10.34,0,0,0-2.41,1.75l-3.67-2.75a1.07,1.07,0,0,0-1.61,0l-1.92,1.9-.17.16a1.09,1.09,0,0,0,0,1.6l2.69,3.7a7.16,7.16,0,0,0-1.37,1.85l-.12.22c-.1.2-.2.41-.29.63l-4.47-1.3a1.09,1.09,0,0,0-1.28.62L83,64.81a1.63,1.63,0,0,0,.47,1.45l4,2.42A7.93,7.93,0,0,0,87,71.4l-4.65.76c-.47.17-1,.64-1,1l0,3.2A1.08,1.08,0,0,0,82.45,77.45Z"/>
+  <path class="cls-11" d="M97.5,69.12A15,15,0,1,1,96.34,75,14.82,14.82,0,0,1,97.5,69.12Z"/>
+  <path class="cls-7" d="M120.53,68.27l-2.83,2.83-2.4.42.28-2.55,2.83-2.83a5.11,5.11,0,0,0-5.09.85,4.24,4.24,0,0,0-.57,4.81l-9.69,9.69a1.44,1.44,0,0,0,.21,2.05,1.26,1.26,0,0,0,1.91.07l9.69-9.69a4.24,4.24,0,0,0,4.81-.57A5.11,5.11,0,0,0,120.53,68.27Z"/>
+  <path class="cls-12" d="M110.73,74.73,107,71l-.71-2.12-3.54-2.12-1.41,1.41,2.12,3.54,2.12.71,3.73,3.73a2,2,0,0,0,.51,1.92l6.36,6.36A2,2,0,0,0,119,81.61l-6.36-6.36A2,2,0,0,0,110.73,74.73Z"/>
+</svg>
diff --git a/bcs/images/bcs-partner-policies-view-policies-2.svg b/bcs/images/bcs-partner-policies-view-policies-2.svg
new file mode 100644
index 0000000000..a9864295ae
--- /dev/null
+++ b/bcs/images/bcs-partner-policies-view-policies-2.svg
@@ -0,0 +1,78 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #c6df33;
+      }
+
+      .cls-2, .cls-3 {
+        fill: #fff;
+      }
+
+      .cls-2 {
+        stroke: #00bcf2;
+      }
+
+      .cls-2, .cls-5, .cls-7 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-4 {
+        fill: #e5e5e5;
+      }
+
+      .cls-5 {
+        fill: none;
+      }
+
+      .cls-5, .cls-7 {
+        stroke: #556a8a;
+      }
+
+      .cls-6 {
+        fill: #556a8a;
+      }
+
+      .cls-7 {
+        fill: #55d2f6;
+      }
+
+      .cls-8 {
+        fill: #bad80a;
+      }
+
+      .cls-8, .cls-9 {
+        fill-rule: evenodd;
+      }
+
+      .cls-9 {
+        fill: #d1e55c;
+      }
+
+      .cls-10 {
+        fill: #2bc7f4;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-policies-view-policies-2</title>
+  <path class="cls-1" d="M192.94,46.5v-.45a18,18,0,0,0-.58-4.47A16.18,16.18,0,0,0,165.77,30.1c-3.94-5-8.95-7.42-15.67-7.42-11.84,0-20.77,10.33-21,22,0,.8.2,1.4.2,2.21-6.22,3-9.83,8.23-9.83,14.85,0,9.47,7.45,17,17.31,17.6.91,6.57,6.8,12.67,16.89,12.67,8.51,0,13.59.69,19.8-6.3a20.92,20.92,0,0,0,9.9,2.7c11.93,0,21.6-10.57,21.6-22.5A21.6,21.6,0,0,0,192.94,46.5Z"/>
+  <path class="cls-2" d="M254.1,62c-2.75-17.56-19.14-31-39-31-19.39,0-35.49,12.91-38.75,29.91a28.11,28.11,0,0,0-17.16-5.73c-12.39,0-22.79,7.75-25.86,18.28a25.29,25.29,0,0,0-5.56-.64c-12.94,0-23.43,9.66-23.43,21.59S114.87,116,127.81,116H259.57C272.94,113.5,283,102.07,283,89,283,74.23,270.1,62.24,254.1,62Z"/>
+  <g>
+    <path class="cls-3" d="M268.38,32.38a9.09,9.09,0,0,1-.73,3.64,9.22,9.22,0,0,1-2,3,9.41,9.41,0,0,1-3,2,8.84,8.84,0,0,1-3.62.74l-5.12-.61a1.15,1.15,0,0,0-.56.9V89.67c0,3.57-1.71,8.33-6.67,8.33h-9.48l-33.85-9.68V32.38a18.5,18.5,0,0,1,.06-2.18,5.23,5.23,0,0,1,.37-1.48,9.39,9.39,0,0,1,5-5,9,9,0,0,1,3.62-.74h46.64a9,9,0,0,1,3.62.74,9.39,9.39,0,0,1,5,5A9.1,9.1,0,0,1,268.38,32.38Z"/>
+    <path class="cls-4" d="M268.78,32.87a9.09,9.09,0,0,1-.74,3.65,9.39,9.39,0,0,1-5,5,9,9,0,0,1-3.64.74s-5.14-.29-5.14.3v.3H203.44V32.06a12.79,12.79,0,0,1,.06-1.37,5.3,5.3,0,0,1,.38-1.48,8.65,8.65,0,0,1,.77-1.44,8.81,8.81,0,0,1,1.23-1.54,2.72,2.72,0,0,1,.29-.25,9,9,0,0,1,2.7-1.75,9.54,9.54,0,0,1,3.64-.74h46.89a9.2,9.2,0,0,1,3.64.74,9.39,9.39,0,0,1,5,5A9.09,9.09,0,0,1,268.78,32.87Z"/>
+    <path class="cls-5" d="M268.38,32.38a9.09,9.09,0,0,1-.73,3.64,9.22,9.22,0,0,1-2,3,9.41,9.41,0,0,1-3,2,8.84,8.84,0,0,1-3.62.74l-5.12-.61a1.15,1.15,0,0,0-.56.9V89.67c0,3.57-1.71,8.33-6.67,8.33h-9.48l-33.85-9.68V32.38a18.5,18.5,0,0,1,.06-2.18,5.23,5.23,0,0,1,.37-1.48,9.39,9.39,0,0,1,5-5,9,9,0,0,1,3.62-.74h46.64a9,9,0,0,1,3.62.74,9.39,9.39,0,0,1,5,5A9.1,9.1,0,0,1,268.38,32.38Z"/>
+    <path class="cls-6" d="M259.26,36.55a4.54,4.54,0,0,0,1.83-.37,4.76,4.76,0,0,0,2.49-2.49,4.76,4.76,0,0,0,0-3.66,4.76,4.76,0,0,0-2.49-2.49,4.76,4.76,0,0,0-3.66,0A4.76,4.76,0,0,0,254.93,30a4.54,4.54,0,0,0-.37,1.83L254.11,37Z"/>
+    <path class="cls-7" d="M242.9,98c-3.56-1.19-5.93-3.43-5.93-9.5,0-7.12,7.17-9.5,6.44-9.5H204.95a9.5,9.5,0,0,0,0,19H242"/>
+  </g>
+  <g>
+    <path class="cls-8" d="M184.34,86.36a23,23,0,1,1-23-23A22.88,22.88,0,0,1,184.34,86.36Z"/>
+    <path class="cls-9" d="M184.24,86.36a22.88,22.88,0,0,1-6.85,16.36L144.87,70.21a23,23,0,0,1,39.37,16.15Z"/>
+  </g>
+  <g>
+    <path class="cls-6" d="M179.58,86.38c0,3.76-8.17,13-18.24,13s-18.24-9.22-18.24-13c0-4.12,8.17-12,18.24-12S179.58,82.62,179.58,86.38Z"/>
+    <circle class="cls-3" cx="161.34" cy="86.88" r="8.64"/>
+    <circle class="cls-10" cx="161.34" cy="86.88" r="5.76"/>
+    <circle class="cls-3" cx="163.26" cy="84" r="2.88"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-prepare-office-1.svg b/bcs/images/bcs-partner-prepare-office-1.svg
new file mode 100644
index 0000000000..4a32ab1c8a
--- /dev/null
+++ b/bcs/images/bcs-partner-prepare-office-1.svg
@@ -0,0 +1,66 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+      }
+
+      .cls-2 {
+        fill: #556a8a;
+      }
+
+      .cls-3, .cls-4 {
+        fill: #fff;
+      }
+
+      .cls-3 {
+        stroke: #bad80a;
+      }
+
+      .cls-3, .cls-6, .cls-8 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-6, .cls-8 {
+        fill: none;
+        stroke: #556a8a;
+      }
+
+      .cls-7 {
+        fill: #d83b01;
+      }
+
+      .cls-8 {
+        stroke-linecap: round;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-prepare-office-1</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M328.07,65.17l-8.31-1.58a33.25,33.25,0,0,0-.64-5.72l7.08-4.18a2.18,2.18,0,0,0,1.34-2.93l-1.87-5.18a1.88,1.88,0,0,0-2.65-1L314.58,46l-2.49-4.61L317.18,35a2.25,2.25,0,0,0,.13-3l-4-4.38c-.57-.62-1.77-.67-3-.13L303.51,32c-1.45-1-3.19-2.23-4.64-3.2l2.18-8.29A2.06,2.06,0,0,0,300,18l-5-2.31a1.9,1.9,0,0,0-2.74.77l-4.83,7.29a17.23,17.23,0,0,0-5.33-1.45l-.81-8.42a2.05,2.05,0,0,0-2-2.2l-5.69,0c-.89-.33-1.83.53-2.17,1.4l-1.9,8.61a17.72,17.72,0,0,0-5.44.94L259.94,15a3,3,0,0,0-2.65-1l-5.5,2.15a2,2,0,0,0-1.31,2.33l1.72,8.18c-1.53.83-3.09,2.25-4.64,3.09l-6.65-5.4a1.94,1.94,0,0,0-2.69.18l-2.61,2.38-1.45,1.34,0,0a1.93,1.93,0,0,0-.38,2.63L238.49,38c-1.28,1.74-2.84,3.17-3.52,4.94l-8.26-2.77a2.65,2.65,0,0,0-2.77,1.37l-2.33,5a2.6,2.6,0,0,0,1.07,3l7,4.51c-.69,1.77-.77,3.57-1.45,5.34l-8.42.81a2.63,2.63,0,0,0-1.91,2.31L217.64,68a2.61,2.61,0,0,0,1.67,2.49L228,71.74a34.62,34.62,0,0,0,.91,6l-7.69,4.15a1.9,1.9,0,0,0-1,2.66L222,89.76a2.8,2.8,0,0,0,2.63,1.61l8.48-2L235.62,94l-5.41,6.65a2.83,2.83,0,0,0,.18,2.71l4,4.37a2.26,2.26,0,0,0,2.66.43l7.13-4.78c1.45,1,3.19,2.25,4.64,3.2l-2.17,8.31a2,2,0,0,0,1.08,2.44l5.26,2.65a2.58,2.58,0,0,0,2.74-.78l4.51-7c1.8.08,3.57.77,5.36.85l.49,8.72a2.61,2.61,0,0,0,2.31,1.9l5.68.56a3.6,3.6,0,0,0,2.18-2l1.59-8.32c2.1-.21,3.92-.73,6-.92l3.86,7.37a2.06,2.06,0,0,0,2.66,1l5.17-1.87a2.44,2.44,0,0,0,1.63-2.63l-1.72-8.16a21,21,0,0,0,4.64-3.09l6.65,5.41a2,2,0,0,0,3,.13l3.73-3.41.33-.3a2.11,2.11,0,0,0,.73-1.51,2.06,2.06,0,0,0-.61-1.47l-4.77-7.13a14.75,14.75,0,0,0,3.52-4.93L321,95.13A2,2,0,0,0,323.44,94l2.65-5.28a3,3,0,0,0-.78-2.74L318,81.21a15.06,15.06,0,0,0,1.13-5.05l8.75-1.1c.91-.26,1.85-1.12,1.88-1.72l.27-6A2,2,0,0,0,328.07,65.17Zm-54.62,16a14.35,14.35,0,1,1,14.35-14.35A14.35,14.35,0,0,1,273.44,81.13Z"/>
+    <g>
+      <polygon class="cls-2" points="205.51 115 160.28 115 155.06 119 210.72 119 205.51 115"/>
+      <polygon class="cls-2" points="185.57 115.94 179.47 115.94 180.69 99.75 184.35 99.75 185.57 115.94"/>
+      <path class="cls-3" d="M144,61.52v-.59a23.88,23.88,0,0,0-.87-5.9A21.41,21.41,0,0,0,108,39.87c-5.19-6.54-11.83-9.79-20.69-9.79-15.63,0-27.42,13.64-27.69,29,0,1.06.26,1.85.26,2.91-8.21,4-13,10.86-13,19.6,0,12.49,9.83,22.5,22.85,23.24,1.2,8.67,9,16.73,22.29,16.73,11.24,0,17.94.91,26.14-8.32a27.62,27.62,0,0,0,13.07,3.56c15.75,0,28.61-14,28.61-29.7A29.21,29.21,0,0,0,144,61.52Z"/>
+      <rect class="cls-4" x="118" y="30" width="132" height="72" rx="4" ry="4" transform="translate(368 132) rotate(180)"/>
+      <path class="cls-5" d="M249,46V34.57a4.34,4.34,0,0,0-4.4-4.57H122.4A4.34,4.34,0,0,0,118,34.57V46Z"/>
+      <rect class="cls-6" x="118" y="30" width="132" height="72" rx="4" ry="4" transform="translate(368 132) rotate(180)"/>
+    </g>
+    <polygon class="cls-7" points="200 86 200 86 200 52.83 186.76 49 164.02 57.47 163.9 81.91 172 78.74 172 58.74 188 55.68 188 85.08 164.83 81.91 187 89.91 187 89.91 200.12 86.14 200 86 200 86"/>
+    <g>
+      <line class="cls-8" x1="90" y1="68" x2="135" y2="68"/>
+      <polygon class="cls-2" points="128.7 76.18 127.34 74.72 134.56 68 127.34 61.29 128.7 59.82 137.5 68 128.7 76.18"/>
+    </g>
+    <g>
+      <path class="cls-4" d="M293.7,70.4,298,73.9a3.06,3.06,0,0,1,1.44,3.17c-.74,2.05-1.77,5.08-3.09,5.33l-4.73,1.7A2,2,0,0,0,290,86.32l1.07,4c.28.77.43,1,1.28,1l3-.08,2.7-.09c2.43-.18,6,6.29,5.35,7.42l-2.69,4.65a2,2,0,0,0,.84,2.38l3.44,2.12a2.44,2.44,0,0,0,2.57-.27l3.12-4.39a2.8,2.8,0,0,1,3.27-.85c1.08.1,5,.89,5.63,2.66l1.51,5.15a2,2,0,0,0,2,1l4.37-.87a2,2,0,0,0,1.36-1.83l-.48-5.18c-.48-2.16.29-2.86,1.12-3.41,2.82-2.67,4.14-2.48,5.74-1.72l4.82,2.31a2.76,2.76,0,0,0,2.59-.27l2.28-3.87a2.45,2.45,0,0,0-.24-2.59l-4.42-3.12A3.29,3.29,0,0,1,339,86.87c.36-.8.28-4.29,2.87-5l4.93-2.09a.07.07,0,0,1,.06,0A1.56,1.56,0,0,0,348.16,78l-.78-3.88-.1-.48a2,2,0,0,0-1.8-1.36l-5.31,1c-1.27.16-3.67-1.76-3.67-1.76-3.21-2.56-2.33-4.62-1.69-5.77l2.68-4.57a2,2,0,0,0-.84-2.38l-3.25-2.53a2.27,2.27,0,0,0-2.77.63l-2.9,4a5,5,0,0,1-3.54,1.37c-.77-.36-1.75-.35-2.57-.73a3,3,0,0,1-2.84-2.33l-1.68-4.77s0-.08,0-.11a1.56,1.56,0,0,0-1.8-1.26l-4.37.89a2.46,2.46,0,0,0-1.54,2.21l.66,4.76c.43,2.13-3.92,5-3.92,5a2.54,2.54,0,0,1-3.18.43l-4.78-2.21a2.09,2.09,0,0,0-2.59.25S292.18,68.76,293.7,70.4ZM309.47,86.6a10.17,10.17,0,0,1-.74-2.34,10.77,10.77,0,0,1,8-12.69v0l.26,0a10.81,10.81,0,0,1,12.46,8.57.56.56,0,0,1,0,.13,10.27,10.27,0,0,1-7.81,12.16c-.32.08-.64.15-1,.22A10.41,10.41,0,0,1,309.47,86.6Z"/>
+      <path class="cls-5" d="M293.7,70.4,298,73.9a3.06,3.06,0,0,1,1.44,3.17c-.74,2.05-1.77,5.08-3.09,5.33l-4.73,1.7A2,2,0,0,0,290,86.32l1.07,4c.28.77.43,1,1.28,1l3-.08,14.1-4.65a10.17,10.17,0,0,1-.74-2.34,10.77,10.77,0,0,1,8-12.69v0l.26,0a10.81,10.81,0,0,1,12.46,8.57.56.56,0,0,1,0,.13l17.94-6.06-.1-.48a2,2,0,0,0-1.8-1.36l-5.31,1c-1.27.16-3.67-1.76-3.67-1.76-3.21-2.56-2.33-4.62-1.69-5.77l2.68-4.57a2,2,0,0,0-.84-2.38l-3.25-2.53a2.27,2.27,0,0,0-2.77.63l-2.9,4a5,5,0,0,1-3.54,1.37c-.77-.36-1.75-.35-2.57-.73a3,3,0,0,1-2.84-2.33l-1.68-4.77s0-.08,0-.11a1.56,1.56,0,0,0-1.8-1.26l-4.37.89a2.46,2.46,0,0,0-1.54,2.21l.66,4.76c.43,2.13-3.92,5-3.92,5a2.54,2.54,0,0,1-3.18.43l-4.78-2.21a2.09,2.09,0,0,0-2.59.25S292.18,68.76,293.7,70.4Z"/>
+      <path class="cls-6" d="M292.36,91.33c-.83,0-1-.27-1.27-1.05l-1.07-4a2,2,0,0,1,1.56-2.23l4.73-1.69c1.33-.25,2.36-3.29,3.1-5.33A3,3,0,0,0,298,73.9L293.7,70.4c-1.52-1.63,1.89-6,1.89-6a2.1,2.1,0,0,1,2.59-.26L303,66.36c1,.62,7.52-3.3,7.11-5.43l-.68-4.76a2.5,2.5,0,0,1,1.54-2.22l4.37-.88a1.55,1.55,0,0,1,1.8,1.25s0,.08,0,.12l1.69,4.76c.3,1.33,8,2.6,8.94,1.7l2.91-4a2.27,2.27,0,0,1,2.77-.64l3.24,2.53a2,2,0,0,1,.84,2.38l-2.69,4.59c-.64,1.14-1.52,3.19,1.69,5.76,0,0,2.4,1.91,3.67,1.75l5.3-1a2,2,0,0,1,1.82,1.37l.88,4.37a1.55,1.55,0,0,1-1.34,1.73h-.05l-4.93,2.09c-2.59.75-2.51,4.24-2.86,5a3.3,3.3,0,0,0,1.27,3.56l4.41,3.12a2.46,2.46,0,0,1,.26,2.59L342.64,100a2.78,2.78,0,0,1-2.59.26L335.23,98c-1.6-.77-2.92-1-5.74,1.72-.83.54-1.59,1.24-1.13,3.41l.49,5.17a2,2,0,0,1-1.37,1.82l-4.37.88a2,2,0,0,1-2-1l-1.5-5.14c-.62-1.78-8.13-2.8-8.91-1.81l-3.12,4.41a2.44,2.44,0,0,1-2.57.25l-3.43-2.12a2,2,0,0,1-.84-2.38l2.68-4.64c.63-1.13-2.92-7.61-5.35-7.42Z"/>
+      <circle class="cls-6" cx="319.05" cy="82.16" r="10.65" transform="translate(94.15 322.92) rotate(-61.39)"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-remove-3.svg b/bcs/images/bcs-partner-remove-3.svg
new file mode 100644
index 0000000000..c0391193d3
--- /dev/null
+++ b/bcs/images/bcs-partner-remove-3.svg
@@ -0,0 +1,150 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #55d2f6;
+      }
+
+      .cls-2 {
+        fill: #556a8a;
+      }
+
+      .cls-3, .cls-7 {
+        fill: #fff;
+      }
+
+      .cls-4, .cls-5, .cls-8 {
+        fill: none;
+      }
+
+      .cls-4, .cls-5, .cls-6 {
+        stroke: #556a8a;
+      }
+
+      .cls-4, .cls-5, .cls-6, .cls-7, .cls-8 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-5 {
+        stroke-linecap: round;
+      }
+
+      .cls-6 {
+        fill: #e5e5e5;
+      }
+
+      .cls-7, .cls-8 {
+        stroke: #a80000;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-remove-3</title>
+  <g id="ICONS">
+    <g>
+      <rect class="cls-1" x="144" y="115" width="144" height="8"/>
+      <polygon class="cls-2" points="237.51 113 192.28 113 187.06 117 242.72 117 237.51 113"/>
+      <polygon class="cls-2" points="217.57 113.94 211.47 113.94 212.69 97.75 216.35 97.75 217.57 113.94"/>
+      <rect class="cls-3" x="150" y="28" width="132" height="72" rx="4" ry="4" transform="translate(432 128) rotate(180)"/>
+      <path class="cls-1" d="M281.45,44V32.57A4.71,4.71,0,0,0,276.61,28H154.4a4.71,4.71,0,0,0-4.84,4.57V44Z"/>
+      <rect class="cls-4" x="150" y="28" width="132" height="72" rx="4" ry="4" transform="translate(432 128) rotate(180)"/>
+    </g>
+    <g>
+      <g>
+        <g>
+          <rect class="cls-2" x="177" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="177" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="177" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="177" y="68" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="183" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="183" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="183" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="183" y="68" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="189" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="68" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="195" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="68" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="201" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="225" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="231" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="225" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="231" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="237" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="74" width="4" height="4"/>
+        </g>
+      </g>
+      <g>
+        <g>
+          <rect class="cls-2" x="177" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="177" y="80" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="183" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="183" y="80" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="189" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="80" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="195" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="80" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="201" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="225" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="225" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="231" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="86" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="86" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="86" width="4" height="4"/>
+        </g>
+      </g>
+    </g>
+    <g>
+      <line class="cls-5" x1="117" y1="69" x2="140.66" y2="69"/>
+      <polygon class="cls-2" points="135.02 75.95 133.86 74.71 140 69 133.86 63.29 135.02 62.05 142.5 69 135.02 75.95"/>
+    </g>
+    <g>
+      <line class="cls-5" x1="305.5" y1="69" x2="329.16" y2="69"/>
+      <polygon class="cls-2" points="323.52 75.95 322.36 74.71 328.5 69 322.36 63.29 323.52 62.05 331 69 323.52 75.95"/>
+    </g>
+    <g>
+      <circle class="cls-6" cx="94.5" cy="55" r="18"/>
+      <path class="cls-6" d="M67,100a27.5,27.5,0,0,1,55,0"/>
+    </g>
+    <circle class="cls-7" cx="282" cy="68" r="17"/>
+    <line class="cls-8" x1="293" y1="80" x2="269" y2="56"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-reset-windows-4.svg b/bcs/images/bcs-partner-reset-windows-4.svg
new file mode 100644
index 0000000000..a4edc0ec2e
--- /dev/null
+++ b/bcs/images/bcs-partner-reset-windows-4.svg
@@ -0,0 +1,85 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1, .cls-4, .cls-8 {
+        fill: #fff;
+      }
+
+      .cls-1 {
+        stroke: #bad80a;
+      }
+
+      .cls-1, .cls-6 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-2 {
+        fill: #556a8a;
+      }
+
+      .cls-3 {
+        fill: #adbdca;
+      }
+
+      .cls-5 {
+        fill: #c8edfb;
+      }
+
+      .cls-6 {
+        fill: none;
+        stroke: #556a8a;
+      }
+
+      .cls-7 {
+        fill: #2bc7f4;
+      }
+
+      .cls-7, .cls-8 {
+        fill-rule: evenodd;
+      }
+
+      .cls-9 {
+        fill: #9273b6;
+      }
+
+      .cls-10 {
+        fill: #e5e5e5;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-reset-windows-4</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M283.19,39.54h-3.32c-2,.64-4,1.18-5.89,1.64a31,31,0,0,0-54.26-19.64,35.06,35.06,0,0,0-20.34-6.63c-15.29,0-29,11.23-30.59,24.84A28,28,0,0,0,131,66c0,13.38,9.39,27.56,21.93,30.33a16.66,16.66,0,0,0,5.78.67H283.19C299.79,97,311,82.06,311,67.14,311,51.48,299.79,39.54,283.19,39.54Z"/>
+    <g>
+      <polygon class="cls-2" points="213.92 129 111.99 129 118.36 122 207.96 122 213.92 129"/>
+      <polygon class="cls-3" points="204.34 127 121.57 127 124.48 124 201.52 124 204.34 127"/>
+      <polygon class="cls-2" points="185.51 115 140.28 115 135.06 119 190.72 119 185.51 115"/>
+      <polygon class="cls-2" points="165.57 115.94 159.47 115.94 160.69 103.75 164.35 103.75 165.57 115.94"/>
+      <rect class="cls-4" x="98" y="34" width="132" height="72" rx="4" ry="4" transform="translate(328 140) rotate(180)"/>
+      <path class="cls-5" d="M229.45,50V38.57A4.71,4.71,0,0,0,224.61,34H102.4a4.71,4.71,0,0,0-4.84,4.57V50Z"/>
+      <rect class="cls-6" x="98" y="34" width="132" height="72" rx="4" ry="4" transform="translate(328 140) rotate(180)"/>
+    </g>
+    <g>
+      <path class="cls-6" d="M137.51,83.4a26.51,26.51,0,1,0-1.34-23.87"/>
+      <polygon class="cls-2" points="136.31 58.52 136.31 44 134 44 134 60.94 150.84 60.94 150.84 58.52 136.31 58.52"/>
+    </g>
+    <path class="cls-7" d="M260.54,44.69l-3.79-.54c-.27-.81-.27-1.62-.54-2.43l3.25-1.89a1,1,0,0,0,.54-1.35l-1.08-2.16c0-.54-.54-.81-1.08-.81L254,36.58a5.89,5.89,0,0,0-1.35-2.16l2.17-3.24a.82.82,0,0,0,0-1.08L253,28.2a.82.82,0,0,0-1.08,0l-3.25,2.16c-.54-.54-1.35-.81-1.89-1.35l.81-3.79c.27-.27,0-.81-.54-1.08l-2.17-.81a1.19,1.19,0,0,0-1.35.27l-1.89,3.24c-.81-.27-1.62-.27-2.71-.54l-.54-3.79a.86.86,0,0,0-.81-.81h-2.71a.86.86,0,0,0-.81.81l-.54,3.79c-.81.27-1.62.27-2.44.54l-1.89-3.24c-.27-.54-.81-.54-1.35-.54l-2.44,1.08c-.27,0-.54.54-.54,1.08L225.89,29a5.89,5.89,0,0,0-2.17,1.35l-3.25-2.16a.82.82,0,0,0-1.08,0l-1.89,1.89a.82.82,0,0,0,0,1.08l2.17,3.24c-.54.54-.81,1.35-1.35,1.89l-3.79-.81c-.27-.27-.81,0-1.08.54l-1.08,2.16c0,.54,0,1.08.54,1.35l3.25,1.89c-.27.81-.27,1.89-.54,2.7l-3.79.54a.86.86,0,0,0-.81.81v2.7a.72.72,0,0,0,.81.81l3.79.54a7.89,7.89,0,0,0,.54,2.43l-3.25,1.89a1,1,0,0,0-.54,1.35l1.08,2.43c0,.27.54.54,1.08.54l3.79-1.08a5.89,5.89,0,0,0,1.35,2.16l-2.17,3.24a1.21,1.21,0,0,0,0,1.35l1.89,1.62c.27.27.81.54,1.08.27l3.25-2.43a4.86,4.86,0,0,0,1.89,1.35l-.81,3.79c-.27.27,0,.81.54,1.08l2.17,1.08c.54,0,1.08,0,1.35-.54l1.89-3.24a8,8,0,0,0,2.71.54l.54,3.79a.86.86,0,0,0,.81.81h2.71a.86.86,0,0,0,.81-.81l.54-3.79a7.91,7.91,0,0,0,2.44-.54l1.89,3.24a1,1,0,0,0,1.35.54L247,69.57c.27,0,.54-.54.54-1.08l-1.08-3.79a5.89,5.89,0,0,0,2.17-1.35l3.25,2.43c.27.27.81,0,1.08-.27l1.89-1.62a1.21,1.21,0,0,0,0-1.35l-2.17-3.24A11.45,11.45,0,0,0,254,57.4l3.79,1.08a1.45,1.45,0,0,0,1.08-.81L260,55.51c0-.54,0-1.08-.54-1.35l-3.25-1.89c.27-.81.27-1.62.54-2.7l3.79-.54a.72.72,0,0,0,.81-.81V45.5a.86.86,0,0,0-.81-.81Z"/>
+    <path class="cls-8" d="M251.6,50.91a1.25,1.25,0,0,1-1.89.81l-6.23-4.06c-.81-.27-.81-1.08,0-1.62L249.71,42a1.4,1.4,0,0,1,1.89.81,19.71,19.71,0,0,1,.54,4.06,16.56,16.56,0,0,1-.54,4.06Z"/>
+    <path class="cls-8" d="M250,38.74a1.24,1.24,0,0,1-.81,1.89l-7.31,1.62c-.81.27-1.35-.27-1.08-1.08l1.62-7.3c.27-1.08,1.08-1.35,1.89-.81a17.88,17.88,0,0,1,3.25,2.43A17.86,17.86,0,0,1,250,38.74Z"/>
+    <path class="cls-8" d="M232.11,31.17a15.51,15.51,0,0,1,8.12,0,1.24,1.24,0,0,1,.81,1.89L237,39.55c-.54.81-1.35.81-1.62,0l-4.06-6.49a1.24,1.24,0,0,1,.81-1.89Z"/>
+    <path class="cls-8" d="M240.23,46.85a4.06,4.06,0,0,1-8.12,0,4.07,4.07,0,0,1,8.12,0Z"/>
+    <path class="cls-8" d="M228.05,32.79a1.25,1.25,0,0,1,1.89.81l1.62,7.3c.27.81-.27,1.35-1.35,1.35l-7-1.89c-1.08-.27-1.35-1.08-.81-1.89a9.76,9.76,0,0,1,2.44-3.24,17.88,17.88,0,0,1,3.25-2.43Z"/>
+    <path class="cls-8" d="M220.47,50.64a16.56,16.56,0,0,1-.54-4.06,19.71,19.71,0,0,1,.54-4.06,1.16,1.16,0,0,1,1.89-.54l6.5,3.79a1,1,0,0,1,0,1.89l-6.5,3.79c-.81.54-1.62.27-1.89-.81Z"/>
+    <path class="cls-8" d="M222.1,55a1.19,1.19,0,0,1,.81-1.89l7.31-1.89c.81-.27,1.35.27,1.35,1.35l-1.89,7.3a1.4,1.4,0,0,1-1.89.81,17.88,17.88,0,0,1-3.25-2.43C223.18,56.59,222.1,55,222.1,55Z"/>
+    <path class="cls-8" d="M240,62.27a16.61,16.61,0,0,1-4.06.54,19.77,19.77,0,0,1-4.06-.54,1.4,1.4,0,0,1-.81-1.89l4.06-6.22c.54-.81,1.35-.81,1.62,0l4.06,6.22c.54.81.27,1.62-.81,1.89Z"/>
+    <path class="cls-8" d="M244,60.64c-.81.54-1.62.27-1.89-.81l-1.62-7.3c-.27-.81.27-1.35,1.35-1.08l7.31,1.62A1.4,1.4,0,0,1,250,55a17.86,17.86,0,0,1-2.44,3.24A28.06,28.06,0,0,1,244,60.64Z"/>
+    <path class="cls-9" d="M249.73,101.58l.62-2.23c.29-.83.59-1.11,1.15-1.09l1.28-.38a1.43,1.43,0,0,1,1.53.45l1.5,1.87a.9.9,0,0,0,1.13,0l1.44-1.09a1.09,1.09,0,0,0,.31-1.11l-1.34-2a1.26,1.26,0,0,1,.18-1.51,12.6,12.6,0,0,1,.73-1.25c.15-.44.44-.7,1.29-.67l2.39.2a.9.9,0,0,0,.72-.68l.34-2a.9.9,0,0,0-.54-.86l-2.24-.63c-1-.16-1.15-.59-1.24-1-.2-.8-.81-1.91.21-2.67l1.74-1.64a1.24,1.24,0,0,0,.31-1.12L260,80.62a1.1,1.1,0,0,0-1.12-.31l-2,1.34a1.48,1.48,0,0,1-1.69,0c-.28-.27-1.67-1.16-1.64-2l-.07-2.39v0a.69.69,0,0,0-.51-.84L251,76a.9.9,0,0,0-.86.54l-.46,2.36c-.14.56-1.32,1.25-1.32,1.25-1.6.65-2.3.23-2.68-.23l-1.48-1.86a.9.9,0,0,0-1.13,0L241.5,79a1,1,0,0,0-.18,1.26l1.21,1.86a2.25,2.25,0,0,1,0,1.69c-.28.27-1.55,1.85-2.15,1.76l-2.26-.07h-.05a.69.69,0,0,0-.81.55l-.34,2a1.12,1.12,0,0,0,.68,1l2.09.49c1,.17,1.44,2.44,1.44,2.44a1.14,1.14,0,0,1-.33,1.4l-1.7,1.63a.94.94,0,0,0-.31,1.12L240,97.63a1.06,1.06,0,0,0,1,.18l2.15-1.21a1.57,1.57,0,0,1,1.55-.09c1.71,1,1.83,1.56,1.72,2.15l-.06,2.25a.9.9,0,0,0,.68,1l1.82.19a.9.9,0,0,0,.86-.54m-4.58-13.21,0-.12a4.79,4.79,0,0,1,5.6-3.8,4.72,4.72,0,0,1,3.93,5.32q0,.22-.06.44a4.6,4.6,0,0,1-5.4,3.63,5,5,0,0,1-4.07-5.46"/>
+    <g>
+      <path class="cls-4" d="M263.87,60l3.2,2.63a2.3,2.3,0,0,1,1.08,2.38c-.56,1.54-1.33,3.82-2.32,4l-3.55,1.27A1.52,1.52,0,0,0,261.11,72l.8,3c.21.58.33.76,1,.79l2.25-.06,2-.07c1.83-.13,4.49,4.73,4,5.58l-2,3.49a1.5,1.5,0,0,0,.63,1.79l2.58,1.59a1.83,1.83,0,0,0,1.93-.2l2.35-3.3A2.1,2.1,0,0,1,279.1,84c.81.08,3.77.67,4.23,2l1.14,3.87a1.5,1.5,0,0,0,1.5.72l3.29-.66a1.54,1.54,0,0,0,1-1.38l-.36-3.89c-.36-1.62.22-2.15.84-2.56,2.12-2,3.11-1.87,4.32-1.29l3.62,1.74a2.07,2.07,0,0,0,1.94-.2l1.71-2.91a1.84,1.84,0,0,0-.18-1.94l-3.32-2.35a2.47,2.47,0,0,1-1-2.67c.27-.6.21-3.22,2.15-3.78l3.7-1.57h0a1.17,1.17,0,0,0,1-1.31l-.59-2.92-.08-.36a1.48,1.48,0,0,0-1.36-1l-4,.72c-1,.12-2.75-1.32-2.75-1.32-2.42-1.92-1.75-3.47-1.27-4.34l2-3.44a1.5,1.5,0,0,0-.63-1.79l-2.44-1.9a1.7,1.7,0,0,0-2.08.47l-2.18,3a3.78,3.78,0,0,1-2.66,1c-.58-.27-1.32-.26-1.93-.55a2.26,2.26,0,0,1-2.13-1.75L281.46,48s0-.06,0-.09A1.17,1.17,0,0,0,280.1,47l-3.28.67a1.85,1.85,0,0,0-1.16,1.66l.5,3.58c.32,1.6-2.94,3.75-2.94,3.75a1.91,1.91,0,0,1-2.39.33l-3.59-1.66a1.57,1.57,0,0,0-1.95.19S262.73,58.81,263.87,60Zm11.85,12.18a7.64,7.64,0,0,1-.55-1.76,8.09,8.09,0,0,1,6-9.53v0l.2,0a8.12,8.12,0,0,1,9.36,6.44.42.42,0,0,1,0,.1,7.72,7.72,0,0,1-5.87,9.13l-.73.16A7.82,7.82,0,0,1,275.72,72.22Z"/>
+      <path class="cls-10" d="M263.87,60l3.2,2.63a2.3,2.3,0,0,1,1.08,2.38c-.56,1.54-1.33,3.82-2.32,4l-3.55,1.27A1.52,1.52,0,0,0,261.11,72l.8,3c.21.58.33.76,1,.79l2.25-.06,10.6-3.49a7.64,7.64,0,0,1-.55-1.76,8.09,8.09,0,0,1,6-9.53v0l.2,0a8.12,8.12,0,0,1,9.36,6.44.42.42,0,0,1,0,.1l13.48-4.55-.08-.36a1.48,1.48,0,0,0-1.36-1l-4,.72c-1,.12-2.75-1.32-2.75-1.32-2.42-1.92-1.75-3.47-1.27-4.34l2-3.44a1.5,1.5,0,0,0-.63-1.79l-2.44-1.9a1.7,1.7,0,0,0-2.08.47l-2.18,3a3.78,3.78,0,0,1-2.66,1c-.58-.27-1.32-.26-1.93-.55a2.26,2.26,0,0,1-2.13-1.75L281.46,48s0-.06,0-.09A1.17,1.17,0,0,0,280.1,47l-3.28.67a1.85,1.85,0,0,0-1.16,1.66l.5,3.58c.32,1.6-2.94,3.75-2.94,3.75a1.91,1.91,0,0,1-2.39.33l-3.59-1.66a1.57,1.57,0,0,0-1.95.19S262.73,58.81,263.87,60Z"/>
+      <path class="cls-6" d="M262.86,75.77c-.62,0-.75-.2-1-.79l-.81-3a1.51,1.51,0,0,1,1.17-1.67l3.55-1.27c1-.19,1.77-2.47,2.33-4a2.29,2.29,0,0,0-1.09-2.38L263.88,60c-1.14-1.22,1.42-4.52,1.42-4.52a1.58,1.58,0,0,1,1.95-.19L270.83,57c.78.47,5.65-2.48,5.34-4.08l-.51-3.58a1.88,1.88,0,0,1,1.16-1.67L280.1,47a1.16,1.16,0,0,1,1.35.94V48l1.27,3.58c.23,1,6,2,6.72,1.28l2.18-3a1.71,1.71,0,0,1,2.08-.48l2.44,1.9a1.51,1.51,0,0,1,.63,1.79l-2,3.45c-.48.86-1.14,2.4,1.27,4.33,0,0,1.8,1.43,2.76,1.31l4-.72a1.51,1.51,0,0,1,1.37,1l.66,3.28a1.16,1.16,0,0,1-1,1.3h0L300,68.63c-1.94.56-1.89,3.18-2.15,3.78a2.48,2.48,0,0,0,1,2.68l3.31,2.34a1.85,1.85,0,0,1,.19,1.95l-1.72,2.91a2.09,2.09,0,0,1-1.95.19l-3.62-1.73c-1.2-.58-2.2-.72-4.31,1.29-.62.4-1.2.94-.85,2.56l.37,3.89a1.51,1.51,0,0,1-1,1.37l-3.28.66a1.51,1.51,0,0,1-1.51-.72l-1.13-3.86c-.47-1.34-6.11-2.1-6.7-1.36L274.3,87.9a1.83,1.83,0,0,1-1.93.19l-2.58-1.59a1.51,1.51,0,0,1-.63-1.79l2-3.48c.47-.85-2.19-5.71-4-5.58Z"/>
+      <circle class="cls-6" cx="282.92" cy="68.88" r="8" transform="translate(86.98 284.28) rotate(-61.39)"/>
+    </g>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-partner-upgrade-2.svg b/bcs/images/bcs-partner-upgrade-2.svg
new file mode 100644
index 0000000000..6caf6e7678
--- /dev/null
+++ b/bcs/images/bcs-partner-upgrade-2.svg
@@ -0,0 +1,60 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+        opacity: 0.7;
+      }
+
+      .cls-2 {
+        fill: #556a8a;
+      }
+
+      .cls-3 {
+        fill: #adbdca;
+      }
+
+      .cls-4, .cls-7 {
+        fill: #fff;
+      }
+
+      .cls-5 {
+        fill: #e5e5e5;
+      }
+
+      .cls-6 {
+        fill: none;
+        stroke: #556a8a;
+      }
+
+      .cls-6, .cls-7 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-7 {
+        stroke: #00bcf2;
+      }
+
+      .cls-8 {
+        fill: #bad80a;
+      }
+    </style>
+  </defs>
+  <title>bcs-partner-upgrade-2</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M300.29,67.13a39.37,39.37,0,0,0-77.71-1.23,26.79,26.79,0,0,0-43,13.62A23.42,23.42,0,1,0,174,125.67H305.76c13.37-2.71,23.43-15.12,23.43-29.28A29.27,29.27,0,0,0,300.29,67.13Z"/>
+    <g>
+      <polygon class="cls-2" points="252 130 135 130 142.32 122 245.15 122 252 130"/>
+      <polygon class="cls-3" points="241 128 146 128 149.34 124 237.76 124 241 128"/>
+      <polygon class="cls-2" points="216 110 164 110 158 116 222 116 216 110"/>
+      <polygon class="cls-2" points="195.25 115.25 188.25 115.25 189.65 101.25 193.85 101.25 195.25 115.25"/>
+      <rect class="cls-4" x="116" y="21" width="151" height="82" rx="4" ry="4"/>
+      <path class="cls-5" d="M267,26V38H116V26a4,4,0,0,1,4-4H263A4,4,0,0,1,267,26Z"/>
+      <rect class="cls-6" x="116" y="22" width="151" height="82" rx="4" ry="4" transform="translate(383 126) rotate(180)"/>
+    </g>
+    <polygon class="cls-2" points="208.64 63.12 191 45.33 191 89 189 89 189 45.33 171.43 63.12 170.06 61.71 190.06 41.5 210.05 61.71 208.64 63.12"/>
+    <path class="cls-7" d="M134.21,35.37v-.42a16.83,16.83,0,0,0-.55-4.18A15.14,15.14,0,0,0,108.79,20a17.52,17.52,0,0,0-14.66-6.94c-11.08,0-19.43,9.67-19.62,20.55,0,.75.19,1.31.19,2.07-5.82,2.82-9.2,7.7-9.2,13.89,0,8.86,7,16,16.2,16.47.85,6.15,6.36,11.86,15.8,11.86,8,0,12.72.64,18.53-5.89a19.58,19.58,0,0,0,9.26,2.53c11.16,0,20.21-9.89,20.21-21.05A20.21,20.21,0,0,0,134.21,35.37Z"/>
+    <path class="cls-8" d="M109,65.3a1.32,1.32,0,0,0,1.44.53l2.64-.84a1.41,1.41,0,0,0,.7-1.69L113,60a2,2,0,0,1,.75-2.32c.32-.51.89-.87,1.2-1.37a2.37,2.37,0,0,1,2.32-.34l3.54,1.13a1.6,1.6,0,0,0,1.39-.55l1.32-2.71c.16-.25,0-1.06-.8-1.55l-3.06-1.89a1.73,1.73,0,0,1-.91-2l-.24-.25a2.3,2.3,0,0,0,.28-1.59c-.2-.82,0-1.75,1.41-2.3l3-1.35a1.68,1.68,0,0,0,.69-1.69l-1.06-2.8a1.06,1.06,0,0,0-1.39-.55l0,0-3.29.83a2,2,0,0,1-2.35-.75c-.51-.32-.87-.89-1.37-1.2a3.4,3.4,0,0,1-.59-2.48L115,31.16a1.53,1.53,0,0,0-.64-1.82l-2.62-.91a1.29,1.29,0,0,0-1.66.39L108.42,32a2.16,2.16,0,0,1-2.11,1.16,6.56,6.56,0,0,0-1.75,0L104.3,33a2.24,2.24,0,0,1-2.07-1.23l-1.48-3.36a1.32,1.32,0,0,0-1.44-.53L96.53,29A1.06,1.06,0,0,0,96,30.37l0,0L96.62,34c.3,1.23,0,1.75-.59,2.11-.32.51-.89.87-1.2,1.37a2.23,2.23,0,0,1-2.48.58L89,36.66a1.65,1.65,0,0,0-1.51.84l-1.37,2.71a1.88,1.88,0,0,0,.8,1.55L90,43.65c1.06.63,1.37,1.2.9,2a14.46,14.46,0,0,0,.23,1.91c-.05.64-.12,1.33-1.51,1.88L86.46,51a1.32,1.32,0,0,0-.54,1.44L87,55.25a1.35,1.35,0,0,0,1.28.79L91.72,55c1.23-.3,1.75,0,2.11.59a19,19,0,0,1,1.47,1.61A1.9,1.9,0,0,1,96,59.42L94.65,62.8a1.65,1.65,0,0,0,.8,1.55l2.46,1.16a1.29,1.29,0,0,0,1.66-.39l1.68-3.22a2.11,2.11,0,0,1,2.11-1.16l2,.18c.82-.19,1.34.12,2,1.26l1.6,3.1m2.73-20.88a7.46,7.46,0,0,1-4.34,9.32A6.93,6.93,0,0,1,98,49.36a7.12,7.12,0,0,1,4.22-9.05,7.22,7.22,0,0,1,9.43,3.91l.07.17"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-user-management-add-customer-1.svg b/bcs/images/bcs-user-management-add-customer-1.svg
new file mode 100644
index 0000000000..ce7d0b8c16
--- /dev/null
+++ b/bcs/images/bcs-user-management-add-customer-1.svg
@@ -0,0 +1,99 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #80def9;
+        opacity: 0.7;
+      }
+
+      .cls-10, .cls-2 {
+        fill: none;
+      }
+
+      .cls-10, .cls-11, .cls-2 {
+        stroke: #556a8a;
+      }
+
+      .cls-10, .cls-11, .cls-2, .cls-4 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-2 {
+        stroke-dasharray: 3 3;
+      }
+
+      .cls-3 {
+        fill: #556a8a;
+      }
+
+      .cls-11, .cls-4, .cls-7 {
+        fill: #fff;
+      }
+
+      .cls-4 {
+        stroke: #00bcf2;
+      }
+
+      .cls-5 {
+        fill: #ff9f2b;
+      }
+
+      .cls-6 {
+        fill: #ff8c00;
+      }
+
+      .cls-8 {
+        fill: #e5e5e5;
+      }
+
+      .cls-9 {
+        fill: #2bc7f4;
+      }
+
+      .cls-12 {
+        fill: #008272;
+      }
+    </style>
+  </defs>
+  <title>bcs-user-management-add-customer-1</title>
+  <g id="ICONS">
+    <path class="cls-1" d="M142.81,117.84a27.43,27.43,0,0,1,0-54.85,26.16,26.16,0,0,1,2.87.16A30.78,30.78,0,0,1,188.9,47.57a43.37,43.37,0,0,1,83.57,3.94A33.42,33.42,0,0,1,302,84.56c0,16.11-11.2,30.07-26.63,33.2l-.39.08Z"/>
+    <g>
+      <polyline class="cls-2" points="158.67 87.27 198.08 87.05 237.72 44.49 316.18 44.13"/>
+      <polygon class="cls-3" points="309.59 52.34 308.22 50.88 315.41 44.13 308.16 37.45 309.51 35.98 318.35 44.12 309.59 52.34"/>
+    </g>
+    <path class="cls-4" d="M155.51,63.83v-.6a24.19,24.19,0,0,0-.78-6A21.75,21.75,0,0,0,119,41.78c-5.29-6.66-12-10-21.06-10C82,31.8,70,45.69,69.72,61.34c0,1.08.27,1.89.27,3-8.36,4-13.22,11.06-13.22,20,0,12.73,10,22.92,23.27,23.67,1.22,8.83,9.14,17,22.71,17,11.45,0,18.27.93,26.62-8.47a28.13,28.13,0,0,0,13.31,3.63c16,0,29-14.21,29-30.25A29,29,0,0,0,155.51,63.83Z"/>
+    <g>
+      <g>
+        <g>
+          <path class="cls-5" d="M101.73,99.37c-.89.29-1.84.56-2.83.83C104.84,75.54,116.55,80,116.55,80l1.91,1.81.07.23C118.94,83.68,120.53,93.41,101.73,99.37Z"/>
+          <path class="cls-6" d="M101.73,99.37c5.81-20.31,15.79-17.66,16.8-17.33C118.94,83.68,120.53,93.41,101.73,99.37Z"/>
+          <polygon class="cls-3" points="119.46 86.7 111.16 78.4 117.8 76.74 120.91 79.87 119.46 86.7"/>
+        </g>
+        <polygon class="cls-3" points="121.11 68.31 98.7 67.48 95.38 64.16 114.47 55.03 122.45 58.03 121.11 68.31"/>
+        <polygon class="cls-3" points="130.6 75.08 131.43 97.5 134.75 100.82 143.88 81.72 140.89 73.74 130.6 75.08"/>
+        <g>
+          <path class="cls-7" d="M126.13,85h-.25l-.2-.18L113.85,72.45l0-.29a49,49,0,0,1,13.44-23.81C138.08,37.67,163.12,33.17,164.18,33l.82-.14-.14.82s-.44,2.61-1.33,6.4c-2.44,10.26-6.81,24-13.77,31C138.91,81.93,127.12,85,126.13,85Z"/>
+          <path class="cls-8" d="M162.89,41.52c-2,8.35-6.29,22.81-13.62,30.17-10.82,10.9-22.6,13.16-23.21,13.28l-6.6-6.6s2.1-12.12,13.29-23.25C140.1,47.81,154.53,43.5,162.89,41.52Z"/>
+          <path class="cls-9" d="M143,39.37l1.07-.39a122.11,122.11,0,0,1,19.75-5.32l1-.17-.17,1a122.35,122.35,0,0,1-5.32,19.75l-.39,1.07Z"/>
+          <path class="cls-10" d="M126.13,85h-.25l-.2-.18L113.85,72.45l0-.29a49,49,0,0,1,13.44-23.81C138.08,37.67,163.12,33.17,164.18,33l.82-.14-.14.82s-.44,2.61-1.33,6.4c-2.44,10.26-6.81,24-13.77,31C138.91,81.93,127.12,85,126.13,85Z"/>
+        </g>
+      </g>
+      <circle class="cls-11" cx="137.81" cy="59.56" r="6"/>
+    </g>
+    <g>
+      <circle class="cls-11" cx="231.39" cy="48.89" r="25"/>
+      <g>
+        <circle class="cls-4" cx="231.75" cy="40.41" r="8.44"/>
+        <path class="cls-4" d="M218.25,62.34a13.5,13.5,0,1,1,27,0"/>
+      </g>
+    </g>
+    <g>
+      <circle class="cls-4" cx="198.08" cy="87.37" r="13"/>
+      <rect class="cls-12" x="196.13" y="78.27" width="3.9" height="18.2"/>
+      <rect class="cls-12" x="196.13" y="78.27" width="3.9" height="18.2" transform="translate(110.71 285.45) rotate(-90)"/>
+    </g>
+    <path class="cls-4" d="M302.43,79.92v-.31a12.41,12.41,0,0,0-.4-3.08,11.16,11.16,0,0,0-18.35-7.93,12.92,12.92,0,0,0-10.81-5.12c-8.17,0-14.33,7.13-14.47,15.16,0,.55.14,1,.14,1.52-4.29,2.08-6.78,5.68-6.78,10.25a12.27,12.27,0,0,0,11.95,12.15c.63,4.53,4.69,8.75,11.65,8.75,5.87,0,9.38.47,13.66-4.35a14.44,14.44,0,0,0,6.83,1.86c8.23,0,14.91-7.29,14.91-15.53A14.9,14.9,0,0,0,302.43,79.92Z"/>
+  </g>
+</svg>
diff --git a/bcs/images/bcs-user-management-remove-customer-2.svg b/bcs/images/bcs-user-management-remove-customer-2.svg
new file mode 100644
index 0000000000..d6e01e0d1e
--- /dev/null
+++ b/bcs/images/bcs-user-management-remove-customer-2.svg
@@ -0,0 +1,150 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #55d2f6;
+      }
+
+      .cls-2 {
+        fill: #556a8a;
+      }
+
+      .cls-3, .cls-7 {
+        fill: #fff;
+      }
+
+      .cls-4, .cls-5, .cls-8 {
+        fill: none;
+      }
+
+      .cls-4, .cls-5, .cls-6 {
+        stroke: #556a8a;
+      }
+
+      .cls-4, .cls-5, .cls-6, .cls-7, .cls-8 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-5 {
+        stroke-linecap: round;
+      }
+
+      .cls-6 {
+        fill: #e5e5e5;
+      }
+
+      .cls-7, .cls-8 {
+        stroke: #a80000;
+      }
+    </style>
+  </defs>
+  <title>bcs-user-management-remove-customer-2</title>
+  <g id="ICONS">
+    <g>
+      <rect class="cls-1" x="144" y="115" width="144" height="8"/>
+      <polygon class="cls-2" points="237.51 113 192.28 113 187.06 117 242.72 117 237.51 113"/>
+      <polygon class="cls-2" points="217.57 113.94 211.47 113.94 212.69 97.75 216.35 97.75 217.57 113.94"/>
+      <rect class="cls-3" x="150" y="28" width="132" height="72" rx="4" ry="4" transform="translate(432 128) rotate(180)"/>
+      <path class="cls-1" d="M281.45,44V32.57A4.71,4.71,0,0,0,276.61,28H154.4a4.71,4.71,0,0,0-4.84,4.57V44Z"/>
+      <rect class="cls-4" x="150" y="28" width="132" height="72" rx="4" ry="4" transform="translate(432 128) rotate(180)"/>
+    </g>
+    <g>
+      <g>
+        <g>
+          <rect class="cls-2" x="177" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="177" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="177" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="177" y="68" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="183" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="183" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="183" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="183" y="68" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="189" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="68" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="195" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="68" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="201" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="50" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="56" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="225" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="231" y="62" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="225" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="231" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="237" y="68" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="74" width="4" height="4"/>
+        </g>
+      </g>
+      <g>
+        <g>
+          <rect class="cls-2" x="177" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="177" y="80" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="183" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="183" y="80" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="189" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="80" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="195" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="80" width="4" height="4"/>
+        </g>
+        <g>
+          <rect class="cls-2" x="201" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="213" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="219" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="225" y="74" width="4" height="4"/>
+          <rect class="cls-2" x="225" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="231" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="207" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="80" width="4" height="4"/>
+          <rect class="cls-2" x="189" y="86" width="4" height="4"/>
+          <rect class="cls-2" x="195" y="86" width="4" height="4"/>
+          <rect class="cls-2" x="201" y="86" width="4" height="4"/>
+        </g>
+      </g>
+    </g>
+    <g>
+      <line class="cls-5" x1="117" y1="69" x2="140.66" y2="69"/>
+      <polygon class="cls-2" points="135.02 75.95 133.86 74.71 140 69 133.86 63.29 135.02 62.05 142.5 69 135.02 75.95"/>
+    </g>
+    <g>
+      <line class="cls-5" x1="305.5" y1="69" x2="329.16" y2="69"/>
+      <polygon class="cls-2" points="323.52 75.95 322.36 74.71 328.5 69 322.36 63.29 323.52 62.05 331 69 323.52 75.95"/>
+    </g>
+    <g>
+      <circle class="cls-6" cx="94.5" cy="55" r="18"/>
+      <path class="cls-6" d="M67,100a27.5,27.5,0,0,1,55,0"/>
+    </g>
+    <circle class="cls-7" cx="282" cy="68" r="17"/>
+    <line class="cls-8" x1="293" y1="80" x2="269" y2="56"/>
+  </g>
+</svg>
diff --git a/bcs/index.md b/bcs/index.md
index 867e2c8492..c196e0e254 100644
--- a/bcs/index.md
+++ b/bcs/index.md
@@ -1 +1,942 @@
-# Placeholder
\ No newline at end of file
+--- 
+layout: HubPage
+hide_bc: true
+author: CelesteDG
+ms.author: celested
+ms.topic: hub-page
+audience: microsoft-business 
+title: Microsoft 365 Business documentation and resources
+description: Learn about the product documentation and resources available for Microsoft 365 Business partners, IT admins, information workers, and business owners.
+---
+<div id="main" class="v2">
+    <div class="container">
+        <ul class="cardsY panelContent featuredContent">
+            <li>
+                <a href="http://www.microsoft.com/en-us/microsoft-365/business">
+                    <div class="cardSize">
+                        <div class="cardPadding">
+                            <div class="card">
+                                <div class="cardImageOuter">
+                                    <div class="cardImage">
+                                        <img data-hoverimage="/media/common/ih_learn-about.svg" src="/media/common/ih_learn-about.svg" alt="Learn about Microsoft 365 Business" />
+                                    </div>
+                                </div>
+                                <div class="cardText">
+                                    <span class="likeAnH3">Learn about<br />Microsoft 365 Business</span>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </a>
+            </li>
+            <li>
+                <a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364">
+                    <div class="cardSize">
+                        <div class="cardPadding">
+                            <div class="card">
+                                <div class="cardImageOuter">
+                                    <div class="cardImage">
+                                        <img data-hoverimage="/media/common/ih_tools.svg" src="/media/common/ih_tools.svg" alt="Get started using Microsoft 365 Business" />
+                                    </div>
+                                </div>
+                                <div class="cardText">
+                                    <span class="likeAnH3">For Partners and IT admins:<br />Get Started with Microsoft 365 Business</span>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </a>
+            </li>
+        </ul>
+    </div>
+    <div class="container">
+        <h1>Microsoft 365 Business documentation and resources</h1>
+        <ul class="pivots">
+            <li>
+                <a href="#partner-it">Partner/IT admin</a>
+                <ul id="partner-it">
+                    <li>
+                        <a data-default="true" href="#getstarted">Get Started</a>
+                        <ul id="getstarted" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Learn how you can bring together the best-in-class productivity and collaboration capabilities of Office 365 with device management and security solutions to safeguard business data for small and midsize businesses (SMB).</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="http://www.microsoft.com/en-us/microsoft-365/business">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-learn-about-1.svg" alt="Learn more about Microsoft 365 Business" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Learn about Microsoft 365 Business</h3>
+                                                    <p>Want to learn more about Microsoft 365 Business? Start here.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="support/microsoft-365-business-faqs.md">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-faq-2.svg" alt="Browse the list of frequently asked questions" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Microsoft 365 Business FAQ</h3>
+                                                    <p>Browse our list of Frequently Asked Questions.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-get-started-1.svg" alt="Get started with Microsoft 365 Business" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Get started with Microsoft 365 Business</h3>
+                                                    <p>Learn about Microsoft 365 Business, how to purchase it for your customer, and follow the setup instructions.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+                    <li>
+                        <a href="#user-mgmt">User management</a>
+                        <ul id="user-mgmt" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Manage customers/users in your organization.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/96153102-1db1-4df8-bca5-38cea80b65ce">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-user-management-add-customer-1.svg" alt="Add a new user and assign licenses" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Add a new customer/user</h3>
+                                                    <p>Onboarding a new user? Use the admin center to add a new user and assign licenses.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/d5155593-3bac-4d8d-9d8b-f4513a81479e">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-user-management-remove-customer-2.svg" alt="Follow the links to remove a customer/user" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Remove a customer/user</h3>
+                                                    <p>Need to remove a user? You'll need to <a href="https://support.office.com/article/80bdae57-f8bc-4e40-a58c-956007117ecb">remove company data from devices</a> and <a href="https://support.office.com/article/c4db6caf-74df-4734-b1dd-53e371c7a3c3">reset Windows 10 devices to their factory settings</a>.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+                    <li>
+                        <a href="#device-mgmt">Device management</a>
+                        <ul id="device-mgmt" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Find help on managing your organization's devices from the Microsoft 365 Business admin center.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/ed34fff3-2881-4ed4-9906-1ba6bb8dd804">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-prepare-office-1.svg" alt="Prepare for Office client installation" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Prepare for Office client installation</h3>
+                                                    <p>Use Microsoft 365 Business to automatically install the 32-bit Office apps to Windows 10 computers and keep them current with updates.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/cbc6bfe5-565a-4fb8-95f0-b06e7b74ac46">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-install-2.svg" alt="Install or uninstall Office on Windows 10 devices" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Automatically install or uninstall Office on Windows 10 devices</h3>
+                                                    <p>Find out how to quickly and easily install Office on Windows 10 PCs from the Microsoft 365 Business admin center.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/80bdae57-f8bc-4e40-a58c-956007117ecb">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-remove-3.svg" alt="Remove company data from devices" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Remove company data from devices</h3>
+                                                    <p>Use Microsoft 365 Business to remove company data that your users have installed on their devices.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/c4db6caf-74df-4734-b1dd-53e371c7a3c3">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-reset-windows-4.svg" alt="Reset Windows 10 devices to their factory settings" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Reset Windows 10 devices to their factory settings</h3>
+                                                    <p>Learn how to perform a factory reset to revert a Windows 10 device to its original settings.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+                    <li>
+                        <a href="#policies">Policies</a>
+                        <ul id="policies" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Configure app management and device policies for your organization.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/bd66c26c-73a4-45a8-8642-3ea4ee7cd89d">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-policies-set-device-config-1.svg" alt="Set device configurations for Windows 10 PCs" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Set device configurations for Windows 10 PCs</h3>
+                                                    <p>Learn how to create, edit, or delete an app management policy in Microsoft 365 Business.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/6b70fa27-d171-4593-8ecf-f78bb4ed2e99">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-policies-view-policies-2.svg" alt="View policies and devices" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>View policies and devices</h3>
+                                                    <p>Use the Microsoft 365 Business admin center to configure the policies and devices for your organization.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+                    <li>
+                        <a href="#migration">Migration</a>
+                        <ul id="migration" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>See these articles if you've got a pre-existing setup and you're deploying Microsoft 365 Business.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="#">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-office-migration-1.svg" alt="Identity integration" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Migrate from another Office 365 SKU to Microsoft 365 Business</h3>
+                                                    <p>Coming soon</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="#">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-identity-manager.svg" alt="Identity integration" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Identity migration</h3>
+                                                    <p>Got on-premises AD and plan to move your organization’s identity management to the cloud? Do a one-time sync using <a href="https://support.office.com/article/365-1b3b5318-6977-42ed-b5c7-96fa74b08846">Azure AD Connect</a>, or, if you have Exchange servers and plan to also migrate email to the cloud, do a one-time sync using <a href="https://support.office.com/article/FDECCEED-0702-4AF3-85BE-F2A0013937EF">Minimal hybrid migration</a>.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/2d7ff45e-0da0-4caa-89a9-48cabf41f193">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-upgrade-2.svg" alt="Upgrade to Windows 10" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Upgrade to Windows 10</h3>
+                                                    <p>Set up Windows 10 PCs for Microsoft 365 Business users.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>                                        
+                        </ul>
+                    </li>
+                    <li>
+                        <a href="#troub-support">Troubleshooting and support</a>
+                        <ul id="troub-support" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Looking for help or can't find what you need? Try these resources.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="https://www.microsoft.com/solution-providers/search">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-find-partner-1.svg" alt="Find a Microsoft-certified service provider" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Find a Partner</h3>
+                                                    <p>Visit the Microsoft Partner Center to locate a Microsoft-certified solution provider who can help you locally or remotely. </p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="#">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-troubleshooting-3.svg" alt="Find solutions for common Microsoft 365 Business issues" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Troubleshoot problems - Coming soon</h3>
+                                                    <p>Find solutions for common Microsoft 365 Business issues.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="#">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-technical-support-4.svg" alt="Submit a technical support request for Microsoft 365 Business" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Microsoft Technical Support - Coming soon</h3>
+                                                    <p>Submit a technical support request for Microsoft 365 Business.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>                           
+                        </ul>
+                    </li>
+                    <li>
+                        <a href="#adv-mgmt">Advanced management</a>
+                        <ul id="adv-mgmt" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>See these links for more in-depth information about these products and features.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="https://docs.microsoft.com/intune">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-intune-1.svg" alt="Microsoft Intune" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Microsoft Intune</h3>
+                                                    <p>Need to update other policies or take advantage of the full Intune capabilities? </p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://docs.microsoft.com/windows">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-windows10-2.svg" alt="Learn more about Windows 10" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Windows 10</h3>
+                                                    <p>Learn more about Windows 10.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://msdn.microsoft.com/partner-center/autopilot">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-auto-pilot-3.svg" alt="Use Windows AutoPilot to deploy Windows 10 devices" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Set up Windows 10 devices using Windows AutoPilot</h3>
+                                                    <p>Deploy Windows 10 devices using Windows AutoPilot from the Partner Center.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+                    <li>
+                        <a href="#general-admin">General administration</a>
+                        <ul id="general-admin" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Get help on the most common admin tasks in the Microsoft 365 Business admin center. The Microsoft 365 Business admin center is lot like the Office 365 admin center so the admin guidance we provide for Office 365 admin center also apply to Microsoft 365 Business.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/1970f7d6-03b5-442f-b385-5880b9c256ec">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-add-user-1.svg" alt="Add a user" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Add a user</h3>
+                                                    <p>Add user accounts in the Microsoft 365 Business admin center so people in your organization can sign in and access Office 365 for business.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/365-2d2fa996-b760-411d-a5cc-190d63f13207">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-add-domain-2.svg" alt="Add a domain and other FAQs about domains" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Add a domain</h3>
+                                                    <p>See this article to find answers to Frequently Asked Questions about domains in Microsoft 365 Business.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <!--
+                            <li>
+                                <a href="#">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management- management-4_placeholder.svg" alt="Manage changes" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Change management</h3>
+                                                    <p>tbd</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            -->
+                            <li>
+                                <a href="https://support.office.com/article/74a1ef8b-3844-4d08-9980-9f8f7a36000f">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management- add-group-5.svg" alt="Add a group" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Add a group</h3>
+                                                    <p>Create or delete groups, add or remove members in a group, and customize how they work.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/7a5d073b-7fae-4aa5-8f96-9ecd041aba9c">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-password-3.svg" alt="Manage passwords" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Password management</h3>
+                                                    <p>Learn how to <a href="https://support.office.com/article/5bc3f460-13cc-48c0-abd6-b80bae72d04a">reset passwords</a>, <a href="https://support.office.com/article/0F54736F-EB22-414C-8273-498A0918678F">set the password expiration policy for your organization</a>, and more.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/ea7bf1b2-1c2f-477f-a813-313e3ce0d896">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management- billing-7.svg" alt="Billing" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Billing</h3>
+                                                    <p>Get admin help with billing in Microsoft 365 Business.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/a27f1a99-3557-4f85-9560-a28e3d822a40">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management- reports-9.svg" alt="Reports" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Reports</h3>
+                                                    <p>Get groups report to see the activity overview across products in your organization.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/46c667f7-5073-47b9-a75f-05a60cf77d91">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-settings-8.svg" alt="Settings" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Common management tasks</h3>
+                                                    <p>Check these quick links for the most common admin tasks in Office 365.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Not finding the info that you need? Check out the <a href="https://support.office.com/article/17d3ff3f-3601-466e-b5a1-482b31cfb791" target="_blank">Office 365 Admin Help</a> for more info. </p>
+                                </div>
+                            </li>
+                        </ul>
+                    </li>
+                </ul>
+            </li>
+            <li>
+                <a href="#i-worker">Information worker</a>
+                <ul id="i-worker">
+                    <li>
+                        <a data-default="true" href="#i-worker-1">Set up devices</a>
+                        <ul id="i-worker-1" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Employees and other users can follow the guidance here to set up devices.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/d868561b-d340-4c04-a973-e2575d7f09bc">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-iw-devicesetup-setup-1.svg" alt="Set up mobile devices for Microsoft 365 Business users" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Set up mobile devices for Microsoft 365 Business users</h3>
+                                                    <p>Find out how to install Office on an iPhone or an Android phone. After you follow these steps, your work files created in Office apps will be protected by Microsoft 365 Business.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/eb8244aa-a302-481a-b2b5-d34e88b18ec7">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-iw-devicesetup-move-files-2.svg" alt="Move files to OneDrive for Business" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Move files to OneDrive for Business</h3>
+                                                    <p>Optional. Use OneDrive for Business or a third-party tool to move files associated with your Windows profile.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/2d7ff45e-0da0-4caa-89a9-48cabf41f193">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-windows10pc-3.svg" alt="Set up Windows 10 PCs" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Set up Windows 10 PCs</h3>
+                                                    <p>Join your Windows 10 PC to your organization's Azure Active Directory and sync your device to start using your Microsoft 365 Business account.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://support.office.com/article/c654bd23-d256-4ac7-8fba-0c993bf5a771">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management- install-4.svg" alt="Install Windows for Microsoft 365 Business users" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Install Windows for Microsoft 365 Business users</h3>
+                                                    <p>Setting up new PCs? Install Windows for Microsoft 365 Business users.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+                    <li>
+                        <a data-default="true" href="#i-worker-2">Product help</a>
+                        <ul id="i-worker-2" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>When you're using Office or Windows and have a question about how to do something, you can search the product help for info. </p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="http://support.office.com">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1"> 
+                                                        <img src="images/bcs-information-product-help-office.svg" alt="Office help and training" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Office help and training</h3>
+                                                    <p>Discover everything you need to know about Office products.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="http://support.microsoft.com/products/windows">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1"> 
+                                                        <img src="images/bcs-information-product-help-windows10.svg" alt="Windows help" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Windows 10 help</h3>
+                                                    <p>Get help, how-to, and other info for all things Windows.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+                </ul>
+            </li>
+            <li>
+                <a href="#bus-owner">Business owner</a>
+                <ul id="bus-owner">
+                    <li>
+                        <a data-default="true" href="#bus-owner-1">Get started</a>
+                        <ul id="bus-owner-1" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>Learn about Microsoft 365 Business and find out how you can start using it for your business.</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="http://www.microsoft.com/en-us/microsoft-365/business">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-learn-about-1.svg" alt="Learn more about Microsoft 365 Business" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Learn about Microsoft 365 Business</h3>
+                                                    <p>Want to learn more about Microsoft 365 Business and wondering whether it's the right solution for your business? Start here. </p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="support/microsoft-365-business-faqs.md">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-faq-2.svg" alt="Browse the list of frequently asked questions" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Microsoft 365 Business FAQ</h3>
+                                                    <p>Browse our list of Frequently Asked Questions.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://www.microsoft.com/solution-providers/search">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management-find-partner-1.svg" alt="Find a Microsoft-certified service provider" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Find a Partner</h3>
+                                                    <p>Visit the Microsoft Partner Center to locate a Microsoft-certified solution provider who can help you locally or remotely. </p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+                    <!--
+                    <li>
+                        <a data-default="true" href="#bus-owner-2">Placeholder 2</a>
+                        <ul id="bus-owner-2" class="cardsC">
+                            <li class="fullSpan">
+                                <div class="container intro">
+                                    <p>TBD - Introductory text</p>
+                                </div>
+                            </li>
+                            <li>
+                                <a href="#">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="/media/common/placeholder.svg" alt="" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Card 1</h3>
+                                                    <p>tbd</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="#">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="/media/common/placeholder.svg" alt="" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Card 2</h3>
+                                                    <p>tbd</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            -->
+                        </ul>
+                    </li>
+                </ul>
+            </li>
+        </ul>
+    </div>
+</div>
diff --git a/bcs/support/microsoft-365-business-faqs.md b/bcs/support/microsoft-365-business-faqs.md
new file mode 100644
index 0000000000..7f9d9778a9
--- /dev/null
+++ b/bcs/support/microsoft-365-business-faqs.md
@@ -0,0 +1,332 @@
+--- 
+title: Microsoft 365 Business Frequently Asked Questions 
+description: Find answers to the most frequently asked questions about Microsoft 365 Business, a new solution designed for small and midsize businesses (SMB). 
+author: CelesteDG 
+ms.author: celested 
+ms.topic: article 
+ms.prod: microsoft-365-business
+audience: microsoft-business 
+keywords: Microsoft 365 Business, Microsoft 365, SMB, FAQ, frequently asked questions, answers
+ms.date: 07/10/2017
+---
+
+# Microsoft 365 Business Frequently Asked Questions
+
+## Introduction
+
+What is Microsoft 365 Business? 
+--------------------------------
+
+Microsoft 365 Business is a new solution designed for small and midsize businesses (SMB), bringing together the best-in-class productivity and collaboration capabilities of Office 365 with device management and security solutions to safeguard business data.
+
+Microsoft 365 Business enables you to:
+
+-   **Create your best with tools like** Word, Excel, PowerPoint, Outlook, OneNote and Access.
+-   **Be productive from anywhere,** with business-class email from Outlook and access to cloud files with OneDrive for Business.
+-   **Conduct online meetings and get instant messaging** with Skype for Business.
+-   **Collaborate in real time with the chat-based workspace** Microsoft Teams.
+-   **Safeguard your business** by enforcing malware protection for Windows devices, with Windows Defender.
+-   **Help protect your data and intellectual property** with App Protection for Office mobile apps on iOS and Android devices, and
+    Mobile Device Management (MDM) for Windows 10 PCs.
+-   **Save time and be protected** with consistent configuration across newly deployed PCs running Windows 10 Business and auto deployment
+    of Office 365 apps, provided by Windows AutoPilot.
+-   **Be secured and always up to date** with Office 365 updates and Windows 10.
+-   **Simply manage technology costs** in one subscription, with simple per user, per month pricing.
+
+Where can I find out more about Microsoft 365 Business? 
+--------------------------------------------------------
+
+Customers and partners can visit [http://www.microsoft.com/microsoft-365/business](http://www.microsoft.com/microsoft-365/business) where they can sign up to see a demo of Microsoft 365 Business in
+action. The preview will be accessible from the web site on August 2, 2017.
+
+Who should consider adopting Microsoft 365 Business? 
+-----------------------------------------------------
+
+Microsoft 365 Business was built for small and midsize customers that have little to no IT resources on staff and want best-in-class productivity and collaboration capabilities of Office 365 together with
+device management and security solutions that safeguard business data.
+
+How can I get Microsoft 365 Business for my business? 
+------------------------------------------------------
+
+Microsoft 365 Business may be purchased through a [Microsoft Partner](https://partnercenter.microsoft.com/en-us/pcv/search) or directly from
+[Microsoft](http://www.microsoft.com/microsoft-365/business). In choosing whether to purchase directly from Microsoft or via a Microsoft Partner, you should consider your on-staff capability and desire to
+maintain an IT infrastructure. A Microsoft Partner can help you deploy and manage your IT infrastructure including Microsoft solutions.
+
+How much will Microsoft 365 Business cost? 
+-------------------------------------------
+
+Microsoft 365 Business will be offered at USD\$20.00/mo./user based on an annual contract if purchased directly from Microsoft. When purchased through a Microsoft Partner, pricing can vary based on the services the
+partner provides and their pricing model for Microsoft 365 Business. There are no planned pricing discounts for government, education or non-profit organizations.
+
+How are customers billed for Microsoft 365 Business subscriptions? 
+-------------------------------------------------------------------
+
+When Microsoft 365 Business is purchased via a Microsoft Partner, the bill will come from that Partner and may include additional products and services outside of the subscription pricing. When purchased directly
+from Microsoft, the customer is billed by Microsoft.
+
+Is there a cap to how many Microsoft 365 Business seats a customer can have? 
+-----------------------------------------------------------------------------
+
+Microsoft 365 Business was designed for small to medium sized businesses with low to medium IT complexity requirements. Customers may purchase up to 300 Microsoft 365 Business licenses for their organization. Depending
+on their organization’s IT requirements, they may add Microsoft 365 Enterprise licenses to the same environment.
+
+When considering an environment consisting of multiple subscription types, customers should work with their trusted IT advisors to determine how best to manage and secure the various subscriptions as Microsoft 365
+Business and Microsoft 365 Enterprise use different capabilities to secure and manage applications and data.
+
+Can I combine Microsoft 365 Business with other Microsoft subscription offerings? 
+----------------------------------------------------------------------------------
+
+Yes, customers can combine their Microsoft 365 Business subscriptions with plans and add-ons from Azure, Dynamics and Office 365.
+
+Does everyone in my business required to have a Microsoft 365 Business subscription? 
+-------------------------------------------------------------------------------------
+
+No, not everyone needs a Microsoft 365 Business subscription, although the security and management benefits are available only to those users with devices managed with a Microsoft 365 Business subscription.
+
+Standardizing an IT environment serves to help reduce maintenance and security costs over time and is a state that businesses should strive to attain. However, we recognize that some small and medium size customers
+update their software primarily when they upgrade their hardware, over an extended period of time. Businesses can deploy Microsoft 365 Business to part of their organization, but for best protection of sensitive
+business data and consistent collaboration experiences, deployment to all users is recommended.
+
+How can I know if the hardware and software I run today is compatible with Microsoft 365 Business? 
+---------------------------------------------------------------------------------------------------
+
+If the hardware you run today runs Windows 7 Professional or later, it likely meets the minimum requirements for Microsoft 365 Business.
+Certain Windows 10 features such as Cortana, Windows Hello and multi-touch require specific hardware that is only available on newer PCs. See the [Windows 10 Pro system
+requirements](https://www.microsoft.com/en-us/windows/windows-10-specifications) for additional details.
+
+Existing desktop (Win32) application compatibility is strong in Windows 10, with most existing applications working without any changes. Customers and their trusted IT advisors should read the recommended
+application testing process for [Windows 10 compatibility](https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-compatibility#recommended-application-testing-process)
+and review the [Office system requirements](https://products.office.com/en-us/office-system-requirements#subscription-plans-section) to ensure a smooth transition to Microsoft 365 Business.
+
+What is Windows 10 Business? 
+-----------------------------
+
+Windows 10 Business is a set of cloud-services and device management capabilities that complement Windows 10 Pro and enable the centralized management and security controls of Microsoft 365 Business. Windows 10 Business also comes with Windows AutoPilot, a service that streamlines the deployment of new Windows 10 PCs. If you have devices that are licensed for Windows 7, 8 and 8.1 Professional, Microsoft 365 Business provides an upgrade to Windows 10 Pro which is the prerequisite for deploying Windows 10 Business.
+
+How does Microsoft 365 Business help support my company’s Bring Your Own Device (BYOD) policy? 
+-----------------------------------------------------------------------------------------------
+
+Many employees prefer to use their own mobile phones or tablets to access personal and work information rather than carrying multiple devices for each purpose. The use of personal devices for work, while commonplace, increases the risk that business information could end up in the wrong hands. Many competing mobile data protection solutions require users to switch to a specific mode on their device or use another complex mechanism that users may find intrusive and therefore avoid using.
+
+Microsoft 365 Business offers customers a simple but powerful means of enabling employees to use their personal devices for work while providing the business with the ability to prevent those devices from accessing, retaining and/or sharing business information. More specifically:
+
+-   **App Protection for Office mobile** helps **apps** protect Office data, including email, calendar, contacts, and documents on iOS and Android mobile devices, by enforcing policies such as automatically deleting business data after a prescribed amount of time of not connecting to the service, requiring that information is stored only to OneDrive for Business, requiring a PIN/fingerprint verification to access Office apps, and preventing company data from being copied from an Office app into personal apps.
+-   **Mobile Device Management** (MDM) for Windows 10 devices allows businesses to choose to set and enforce capabilities such as Windows Defender protection for malware, automatic updates, and turning off screens after a prescribed amount of time. In addition, lost or stolen Windows 10 devices can be completely wiped of business applications and data through the Admin center.
+
+How does Microsoft 365 Business help protect PCs in my organization from malicious attacks? 
+--------------------------------------------------------------------------------------------
+
+PCs managed with Microsoft 365 Business are protected with Windows Defender, which is the No. 1 antivirus feature on Windows 10, protecting more computers against viruses, malware, spyware, and other threats than
+any other solution. With Microsoft 365 Business, businesses can ensure Windows Defender protection is running and always up to date on all their Windows 10 devices.
+
+### What's the difference between Office 365 Business Premium, Microsoft 365 Business and Microsoft 365 Enterprise? 
+
+Microsoft has a variety of productivity and security management offerings that small to medium-sized customers may consider when upgrading their desktop and device infrastructure, each bringing increasingly powerful features and functionality.
+
+**Office 365 Business Premium** delivers best-in-class productivity with Office 365 apps and services but does not include the application protection and device management capabilities of Microsoft 365 Business.
+
+**Microsoft 365 Business** combines Office 365 apps and services with mobile application management and Windows 10 Pro to enable remote management and help protect devices against viruses and malware. It includes a simplified management console through which device and data policies may be administered. Many small to midsize businesses can be best served with Microsoft 365 Business, although those in highly regulated industries may require more advanced functionality provided by Microsoft 365 Enterprise plans (E3 and E5).
+
+**Microsoft 365 Enterprise** is a set of licensing plans that offer increased levels of mobility and security management over Microsoft 365 Business and are designed for enterprise customers and those customers that are required or regulated to provide the highest level of protection for their data. In addition, Microsoft 365 Business plans provide additional functionality including business intelligence and analytics tools.
+
+Can I switch my Office 365 plan to Microsoft 365 Business? 
+-----------------------------------------------------------
+
+Yes, customers may switch their plans from a qualifying Office 365 plan to Microsoft 365 Business is generally available. Depending on the customer’s current plan there may be a decrease or increase in monthly charges.
+
+In what regions will Microsoft 365 Business be available? 
+----------------------------------------------------------
+
+The Microsoft 365 Business will be available to all partners and customers where Office 365 is available. [See the list of Office 365 international availability for languages, countries and regions](https://products.office.com/en-us/business/international-availability).
+
+## Public Preview 
+
+Who has access to the Microsoft 365 Business preview? 
+------------------------------------------------------
+
+The Microsoft 365 Business preview is available to new customers as well as existing Office 365 subscribers in all [markets where Office 365 is currently available](https://products.office.com/en-us/business/international-availability).
+
+I’m an existing Office 365 customer. Can I access the Microsoft 365 Business preview? 
+--------------------------------------------------------------------------------------
+
+Microsoft 365 Business can be used with existing Office 365 Business Premium subscriptions. Office 365 Business Premium subscribers that move to Microsoft 365 Business would not experience any end-user impacts (re-install Office, lose functionality, etc) upon assignment of the license. Customers running Office 365 Enterprise E3/E5 may experience end user impacts if they move to Microsoft 365 Business, it is not a recommended transition path at this time.
+
+When will Microsoft 365 Business preview be available? 
+-------------------------------------------------------
+
+The Microsoft 365 Business preview will be available starting on August 2, 2017.
+
+In what regions is the Microsoft 365 Business preview available? 
+-----------------------------------------------------------------
+
+The Microsoft 365 Business preview is available to all partners and customers where Office 365 is available. [See the list of Office 365 international availability for languages, countries and regions](https://products.office.com/en-us/business/international-availability).
+
+When will Microsoft 365 Business be generally available? 
+---------------------------------------------------------
+
+Microsoft 365 Business is expected to be generally available toward the end of the calendar year.
+
+Is there a limit to how many users can experience the preview? 
+---------------------------------------------------------------
+
+Each organization can up to 300 users on Microsoft 365 Business during the preview.
+
+What should customers and partners know before running Microsoft 365 Business within their organization? 
+---------------------------------------------------------------------------------------------------------
+
+Customers that wish to experience the complete capabilities of Microsoft 365 Business must be running Windows 7, 8.1 or 10 Pro\* on their existing desktops. Customers who use on-premises Active Directory must switch to cloud identity and management as part of their deployment. Existing Windows 10 Pro PCs should be running Creators Update if they have not already done so.
+
+\*Devices running Windows 7 or 8.1 Pro are eligible for an upgrade to
+Windows 10 Pro within the Microsoft 365 Business preview.
+
+Is there any charge for the Microsoft 365 Business preview? 
+------------------------------------------------------------
+
+No, Microsoft will not charge for the preview. If you work with an outside [IT partner](https://partnercenter.microsoft.com/en-us/pcv/search) and require assistance to deploy Microsoft 365 Business preview, they may charge you for their deployment services and assistance. At the end of the preview customers may convert to a paid subscription to continue using Microsoft 365 Business.
+
+I’m an existing Office 365 customer. Will I be charged for an Office 365 subscription while I am using the Microsoft 365 Business preview?
+
+Customers will continue to be charged for any active Office 365 plan to which they are subscribed.
+
+What is the best way to deploy Microsoft 365 Business in my organization? 
+--------------------------------------------------------------------------
+
+Partner-assisted deployment is the recommended way to deploy Microsoft 365 Business preview. Contact your Microsoft Partner and ask them if they are participating in the Microsoft 365 Business Preview Trial. Your Partner is well-equipped to help customers understand their options and make the best recommendations for deploying Microsoft 365 Business preview in your organization.
+
+If you do not have a Microsoft partner, you can find one [here](https://partnercenter.microsoft.com/en-us/pcv/search).
+
+## Deployment 
+
+What should customers consider when planning a Microsoft 365 Business deployment? 
+----------------------------------------------------------------------------------
+
+The most direct path to a successful Microsoft 365 Business deployment is to engage with a Microsoft Partner. They have extensive training and experience with a wide variety of customer scenarios and are best equipped to understand your environment and needs. Customers that have experienced IT on staff can use the [Microsoft 365 Business Getting Started](https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364) to assist them in their Microsoft 365 Business deployment.
+
+Does Microsoft 365 Business include the full capabilities of Microsoft Intune? 
+-------------------------------------------------------------------------------
+
+Microsoft 365 Business includes a robust set of mobile app management capabilities powered by Microsoft Intune. These are a subset of Intune features, specifically chosen to meet the needs of SMBs and organized to be easily managed via a simplified administration experience. If a company requires the full capabilities of Intune, they can purchase a Microsoft 365 Enterprise plan.
+
+Does Microsoft 365 Business allow customers to manage Macs? 
+------------------------------------------------------------
+
+The security and management capabilities of Microsoft 365 Business pertain to iOS, Android mobile devices, and Windows PCs.
+
+What is Windows AutoPilot? 
+---------------------------
+
+Windows AutoPilot is a service that streamlines the deployment of new Windows 10 PCs. This process can be done when the end-user logs on to Microsoft 365 Business for the first time— without IT ever touching the device—by leveraging centralized management controls of Microsoft 365 Business. You can also use Windows AutoPilot for existing PCs that are running Windows 10 Professional Creators Update and have been factory reset. Details about Windows AutoPilot can be found in [this June blog post](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-AutoPilot/).
+
+## Compatibility 
+
+Can I add Office 365 E5 add-ons to Microsoft 365 Business? 
+-----------------------------------------------------------
+
+All the add-ons that can be added to Office 365 Business Premium can be added to Microsoft 365 Business. This means that you can purchase Advanced Threat Protection, Advanced Security Management, Customer Lockbox, Advanced eDiscovery, MyAnalytics, PowerBI Pro, and PSTN Conferencing.
+
+Can I add Cloud PBX and PSTN Calling plans to Microsoft 365 Business? 
+----------------------------------------------------------------------
+
+At this time, these capabilities are reserved for customers who have more advanced needs. Customers who require Cloud PBX or PSTN Calling plans should look at Microsoft 365 Enterprise offerings.
+
+Can I use add on Archiving or additional storage to Microsoft 365 Business? 
+----------------------------------------------------------------------------
+
+Yes, you can add on additional archiving or storage to Microsoft 365 Business.
+
+Can Microsoft 365 Business customers use Windows Defender Advanced Threat Protection? 
+--------------------------------------------------------------------------------------
+
+No, customers that require Windows Defender Advanced Threat Protection need either Windows 10 Enterprise E5 or Microsoft 365 Enterprise E5.
+
+Can I use Windows Information Protection with Microsoft 365 Business? 
+----------------------------------------------------------------------
+
+Yes, Windows Information Protection (WIP) is a feature of Windows 10 Pro and helps businesses prevent accidental leaks by restricting user and app access to business files based on policies you define. Your business data is protected no matter where it lives on your devices—without affecting your user experience. Microsoft 365 Business includes controls to ensure Windows Information Protection is properly configured and automatically deployed to end-user devices.
+
+Can customers use Microsoft 365 Business with on-premises Active Directory? 
+----------------------------------------------------------------------------
+
+To realize the full value of Windows 10, Windows 10 PCs need to be joined to Azure Active Directory. You may use Microsoft 365 Business with Windows 10 devices
+joined to on-premises Active Directory but it is not recommended because you won’t be able to enforce policies from the Microsoft 365 Business Admin console.
+
+Can customers create hosted Windows 10 VMs with a Microsoft 365 Business subscription? 
+---------------------------------------------------------------------------------------
+
+No, customers that require virtualization should purchase Windows 10 Enterprise or a Microsoft 365 Enterprise subscription.
+
+## Partner Opportunity 
+
+Where can I learn more about the opportunities and benefits in becoming a Microsoft Partner? 
+---------------------------------------------------------------------------------------------
+
+IT service providers that are not already Microsoft partners can learn more about the Microsoft Cloud Solution Provider program at
+[https://partner.microsoft.com/cloud-solution-provider](https://partner.microsoft.com/cloud-solution-provider).
+
+Where can I learn how to sell Microsoft 365 Business? 
+------------------------------------------------------
+
+Partners now selling Office 365 can use the same consultative selling methods to sell Microsoft 365 Business. In addition, we are introducing resources and training for your sales team to understand the customers’ existing desktop environment, Active Directory reliance, mobility and security needs to effectively communicate the full value of Microsoft 365 Business in a way that is relevant to the customer. Find these resources on the Office Partner portal at
+[http://partners.office.com](http://partners.office.com/).
+
+How can Microsoft 365 Business help partners increase the profitability? 
+-------------------------------------------------------------------------
+
+Microsoft 365 Business will help partners reduce costs through greater operational efficiencies and enhance revenue through the sale of additional services. The Forrester Research, Microsoft 365 Business Total Economic Impact (TEI) Study, June 2017 [(available on the partner portal)](http://partners.office.com/), demonstrates that Microsoft 365 Business will have positive impact on partner profitability.
+
+In the TEI study partners reported that with Microsoft 365 Business they
+expect:
+
+-   20%-point increase in \[one-time\] deployment and advisory services revenue
+-   10%-point increase in attach rate of managed services
+-   8%-point increase in consulting and \[ongoing\] managed services profit margins (from lower costs)
+
+What resources are available to partners to sell, deploy and support Microsoft 365 Business?
+
+Microsoft provides a wide selection of resources for CSP partners to market, sell, and support Microsoft 365 Business. They can be found at
+[http://partners.office.com](http://partners.office.com/).
+
+What up-sell opportunities does Microsoft 365 Business give partners? 
+----------------------------------------------------------------------
+
+Microsoft 365 Business allows partners to maintain their trusted advisor position with customers, by creating a solid and secure platform upon which to sell additional services, or upgrade existing products and services. Microsoft 365 Business provides an opportunity to have an upgrade discussion with customers now using Exchange Server, Exchange Online or Office 365 Business Essentials. Partners may also gain additional revenue from increased managed services and/or per-user
+support fees.
+
+With the new Windows AutoPilot feature included in Microsoft 365 Business, partners who have been reluctant to sell new Windows devices due to deployment logistics and costs may now find this opportunity much more attractive. Customers who are confident in the security of their onpremise and mobile devices are also more likely to invest in additional services, such as Dynamics 365.
+
+Should partners sell Microsoft 365 Business over other plans from Microsoft? 
+-----------------------------------------------------------------------------
+
+A Microsoft Cloud Solution Provider should always sell the plan that best suits its customer business needs and budget. For example, if a customer must comply with privacy and security regulations, a CSP may sell Microsoft 365 Business plus any add-ons that help the customer meet its requirements or may suggest the advanced security and management provided by Microsoft 365 Business E SKUs.
+
+I have devices that are not genuine; will Microsoft 365 Business make my devices genuine? 
+------------------------------------------------------------------------------------------
+
+No, Microsoft 365 Business does not make an otherwise non-genuine version of Windows, genuine. Microsoft 365 Business does provide an upgrade benefit allowing those customers running genuine Windows 7, 8 or 8.1 Pro to upgrade to the most recent, genuine version of Windows 10 Pro.
+
+How do partners make any money offering the Microsoft 365 Business preview to their customers? 
+-----------------------------------------------------------------------------------------------
+
+Partners can realize revenue opportunities by deploying Microsoft 365 Business preview and providing other managed services that support the solution.
+
+What is the exact name of the Microsoft 365 Business preview SKU and when will it be available? 
+------------------------------------------------------------------------------------------------
+
+The Microsoft 365 Business preview is called the Microsoft 365 Business Preview Trial and will be on August 2 CSP Price List.
+
+How can I convert a preview customer subscription to Microsoft 365 Business when it is generally available? 
+------------------------------------------------------------------------------------------------------------
+
+We will provide more information on converting Microsoft 365 Business preview customers to subscribers later.
+
+What support is available to CSP partners for the Microsoft 365 Business Preview? 
+----------------------------------------------------------------------------------
+
+The same support channels available to CSP partners today (premier support and advanced support program) have been trained on Microsoft 365
+Business and are ready to provide partners with support.
+
+What is the GDPR and how does Microsoft 365 Business help customers with their compliance obligations? 
+-------------------------------------------------------------------------------------------------------
+
+The General Data Protection Regulation (GDPR) is a comprehensive new privacy law that gives residents of the European Union (EU) greater control over their “personal data” and requires organizations to maintain the integrity of that personal data. The GDPR requires organizations that control, or process personal data tied to EU residents to only use third-party data processors that meet the GDPR’s requirements for personal data processing. In March 2017, Microsoft made
+available contractual guarantees that provide these assurances. Customers who have questions about how Microsoft can help them meet their additional GDPR obligations should learn about the advanced compliance and security capabilities available as add-ons (e.g. Azure Information Protection) and in other Suites (e.g. Microsoft 365 Enterprise E5). To learn more, visit [www.microsoft.com/gdpr](http://www.microsoft.com/gdpr).
\ No newline at end of file
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index f15a7db11b..7a75e9bddd 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -16,6 +16,13 @@ localizationpriority: medium
 
 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
 
+## July 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Windows updates](manage-windows-updates-for-surface-hub.md) | Changed deferral recommendations for Windows Updates |
+| [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Added Whiteboard URLs to prerequisites |
+
 ## June 2017
 
 | New or changed topic | Description |
diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
index 102a9c8006..c8ae01ad93 100644
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@@ -70,9 +70,9 @@ This table gives examples of deployment rings.
 
 | Deployment ring | Ring size | Servicing branch | Deferral for feature updates | Deferral for quality updates (security fixes, drivers, and other updates) | Validation step |
 | --------- | --------- | --------- | --------- | --------- | --------- |
-| Evaluation (e.g. non-critical or test devices) | Small | Current Branch (CB) | None. Devices receive feature updates immediately after CB is released. | None. Devices receive quality updates immediately after CB is released. | Manually test and evaluate new functionality. Pause updates if there are issues. |
-| Pilot (e.g. devices used by select teams) | Medium | Current Branch for Business (CBB) | None. Devices receive feature updates immediately once CBB is released. | None. Devices receive quality updates immediately after CBB is released. | Monitor device usage and user feedback. Pause updates if there are issues. |
-| Broad deployment (e.g. most of the devices in your organization) | Large | Current Branch for Business (CBB) |  60 days after CBB is released. | 14 days after CBB is released. | Monitor device usage and user feedback. Pause updates if there are issues. |
+| Preview (e.g. non-critical or test devices) | Small | Current Branch (CB) | None. Devices receive feature updates immediately after CB is released. | None. Devices receive quality updates immediately after CB is released. | Manually test and evaluate new functionality. Pause updates if there are issues. |
+| Release (e.g. devices used by select teams) | Medium | Current Branch for Business (CBB) | None. Devices receive feature updates immediately once CBB is released. | None. Devices receive quality updates immediately after CBB is released. | Monitor device usage and user feedback. Pause updates if there are issues. |
+| Broad deployment (e.g. most of the devices in your organization) | Large | Current Branch for Business (CBB) |  120 days after CBB is released. | 7-14 days after CBB is released. | Monitor device usage and user feedback. Pause updates if there are issues. |
 | Mission critical (e.g. devices in executive boardrooms) | Small | Current Branch for Business (CBB) |  180 days after CBB is released (maximum deferral for feature updates). | 30 days after CBB is released (maximum deferral for quality updates). | Monitor device usage and user feedback. |
 
 
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index 9f8deab97e..9c2be02127 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 06/19/2017
+ms.date: 07/13/2017
 localizationpriority: medium
 ---
 
@@ -28,6 +28,7 @@ To get Whiteboard to Whiteboard collaboration up and running, you’ll need to m
 - Currently not utilizing Office 365 Germany or Office 365 	operated by 21Vianet
 - Surface Hub needs to be updated to Windows 10, version 1607 or newer
 - Port 443 needs to be open since Whiteboard makes standard https requests
+- Whiteboard.ms, wbd.ms, \*.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies
 
  
 >[!NOTE]
diff --git a/education/get-started/TOC.md b/education/get-started/TOC.md
index b4b33d20fc..4d7123cb43 100644
--- a/education/get-started/TOC.md
+++ b/education/get-started/TOC.md
@@ -1,3 +1,11 @@
 # [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
-# [Change history for Microsoft Education get started](change-history-ms-edu-get-started.md)
+## [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
+## [Use School Data Sync to import student data](use-school-data-sync.md)
+## [Enable Microsoft Teams for your school](enable-microsoft-teams.md)
+## [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
+## [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
+## [Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
+### [Set up Windows 10 devices using Windows OOBE](set-up-windows-education-devices.md)
+## [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md)
+# [Change history for Microsoft Education Get Started](change-history-ms-edu-get-started.md)
 
diff --git a/education/get-started/change-history-ms-edu-get-started.md b/education/get-started/change-history-ms-edu-get-started.md
index 484ed4a299..2e9b13b1a7 100644
--- a/education/get-started/change-history-ms-edu-get-started.md
+++ b/education/get-started/change-history-ms-edu-get-started.md
@@ -1,5 +1,5 @@
 ---
-title: Change history for Microsoft Education Get started
+title: Change history for Microsoft Education Get Started
 description: New and changed topics in the Microsoft Education get started guide.
 keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history
 ms.prod: w10
@@ -8,13 +8,27 @@ ms.sitesec: library
 ms.pagetype: edu
 author: CelesteDG
 ms.author: celested
-ms.date: 06/26/2017
+ms.date: 07/03/2017
 ---
 
-# Change history for Microsoft Education Get started
+# Change history for Microsoft Education Get Started
 
 This topic lists the changes in the Microsoft Education IT admin get started.
 
+## July 2017
+
+| New or changed topic | Description |
+| --- | ---- |
+| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Broke up the get started guide to highlight each phase in the Microsoft Education deployment and management process. |
+| [Set up an Office 365 Education tenant](set-up-office365-edu-tenant.md) | New. Shows the video and step-by-step guide on how to set up an Office 365 for Education tenant. |
+| [Use School Data Sync to import student data](use-school-data-sync.md) | New. Shows the video and step-by-step guide on School Data Sync and sample CSV files to import student data in a trial environment. |
+| [Enable Microsoft Teams for your school](enable-microsoft-teams.md) | New. Shows how IT admins can enable and deploy Microsoft Teams in schools. |
+| [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) | New. Shows the video and step-by-step guide on how to accept the services agreement and ensure your Microsoft Store account is associated with Intune for Education. |
+| [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) | New. Shows the video and step-by-step guide on how to set up Intune for Education, buy apps from the Microsoft Store for Education, and install the apps for all users in your tenant. |
+| [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) | New. Shows options available to you when you need to set up new Windows 10 devices and enroll them to your education tenant. Each option contains a video and step-by-step guide. |
+| [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) | New. Shows the video and step-by-step guide on how to finish preparing your Windows 10 devices for use in the classroom. |
+
+
 ## June 2017
 
 | New or changed topic | Description |
diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md
new file mode 100644
index 0000000000..0e5e235abd
--- /dev/null
+++ b/education/get-started/configure-microsoft-store-for-education.md
@@ -0,0 +1,59 @@
+---
+title: Configure Microsoft Store for Education
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: get-started
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 07/10/2017
+---
+
+# Configure Microsoft Store for Education
+
+You'll need to configure Microsoft Store for Education to accept the services agreement and make sure your Microsoft Store account is associated with Intune for Education.
+
+You can watch the video to see how this is done, or follow the step-by-step guide. </br>
+
+<center><iframe src="https://www.youtube.com/embed/Jnbssq0gC_g" width="960" height="540" allowFullScreen frameBorder="0"></iframe></center>
+<!--
+<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/Jnbssq0gC_g?ecver=2" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>
+-->
+
+You can watch the descriptive audio version here: [Microsoft Education: Configure Microsoft Store for Education (DA)](https://www.youtube.com/watch?v=bStgEpHbEXw)
+
+## Associate your Microsoft Store account with Intune for Education
+
+1. Sign in to <a href="https://educationstore.microsoft.com" target="_blank">Microsoft Store for Education</a>.
+2. Accept the Microsoft Store for Business and Education Services Agreement. 
+
+  This will take you to the Microsoft Store for Education portal.
+
+  **Figure 1** - Microsoft Store for Education portal
+
+  ![Microsoft Store for Education portal](images/msfe_store_portal.png)
+
+3. In the Microsoft Store portal, click **Manage** to go to the Microsoft Store **Overview** page.
+4. Find the **Overview** page, find the **Store settings** tile and click **Management tools**.
+
+  **Figure 2** - Select management tools from the list of Store settings options
+
+  ![Select management tools from list of Store settings options](images/msfe_storesettings_select_managementtools.png)
+
+4. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune for Education ready for use with Microsoft Store for Education.
+
+  **Figure 3** - Activate Intune for Education as the management tool
+
+  ![Activate Intune for Education as the management tool](images/msfe_managementtools_activateintune.png) 
+
+Your Microsoft Store for Education account is now linked to Intune for Education so let's set that up next.
+
+> [!div class="nextstepaction"]
+> [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
+
+## Related topic
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/get-started/enable-microsoft-teams.md b/education/get-started/enable-microsoft-teams.md
new file mode 100644
index 0000000000..ff0fbe19c7
--- /dev/null
+++ b/education/get-started/enable-microsoft-teams.md
@@ -0,0 +1,54 @@
+---
+title: Enable Microsoft Teams for your school
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: get-started
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 07/10/2017
+---
+
+# Enable Microsoft Teams for your school
+
+Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education. 
+
+To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school. 
+
+## Enable Microsoft Teams for your school
+
+1. Sign in to <a href="https://portal.office.com" target="_blank">Office 365</a> with your work or school account.
+2. Click **Admin** to go to the Office 365 admin center.
+3. Go to **Settings > Services & add-ins**.
+4. On the **Services & add-ins** page, select **Microsoft Teams**.
+
+  **Figure 1** - Select Microsoft Teams from the list of services & add-ins
+
+  ![Enable Microsoft Teams for your school](images/o365_settings_services_msteams.png)
+
+5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**.
+
+  **Figure 2** - Select the license that you want to configure
+
+  ![Select the Microsoft Teams license that you want to configure](images/o365_msteams_settings.png)
+
+6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization.
+
+  **Figure 3** - Turn on Microsoft Teams for your organization
+
+  ![Turn on Microsoft Teams for your organization](images/o365_msteams_turnon.png)
+
+7. Click **Save**.
+
+You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the <a href="https://aka.ms/MeetTeamsEdu" target="_blank">Meet Microsoft Teams</a> page.
+
+> [!div class="nextstepaction"]
+> [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
+
+
+## Related topic
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md
new file mode 100644
index 0000000000..133ad0bf2e
--- /dev/null
+++ b/education/get-started/finish-setup-and-other-tasks.md
@@ -0,0 +1,178 @@
+---
+title: Finish Windows 10 device setup and other tasks
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: get-started
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 07/10/2017
+---
+
+# Finish Windows 10 device setup and other tasks
+Once you've set up your Windows 10 education device, it's worth checking to verify the following:
+
+> [!div class="checklist"]
+> * Correct device setup
+> * Device is Azure AD joined
+
+You can watch the video to see how this is done, or follow the step-by-step guide. </br>
+
+<center><iframe src="https://www.youtube.com/embed/nhQ_4okWFmk" width="960" height="540" allowFullScreen frameBorder="0"></iframe></center>
+<!--
+<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/nhQ_4okWFmk?ecver=2" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>
+-->
+You can watch the descriptive audio version here: [Microsoft Education: Verify Windows 10 education devices are Azure AD joined and managed (DA)](https://www.youtube.com/watch?v=_hVIxaEsu2Y)
+
+## Verify correct device setup
+Verify that the device is set up correctly and boots without any issues.
+
+**Verify that the device was set up correctly**
+1. Confirm that the Start menu contains a simple configuration.
+2. Confirm that the Store and built-in apps are installed and working. The apps pushed down from Intune for Education will appear under **Recently added**. 
+
+  > [!NOTE]  
+  > It may take some time before some apps are pushed down to your device from Intune for Education. Check again later if you don't see some of the apps you provisioned for the user.
+
+  **Figure 1** - Sample list of apps for a user
+
+  ![Apps list contains the apps provisioned for the user](images/win10_start_checkapps.png)
+
+## Verify the device is Azure AD joined
+Let's now verify that the device is joined to your organization's Azure AD and shows up as being managed in Microsoft Intune for Education.
+
+**Verify if the device is joined to Azure AD**
+1. Log in to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>.
+2. Select **Groups** and select **All Devices**.
+3. In the **All Devices** page, see the list of devices and verify that the device you're signed into appears on the list.
+
+  **Figure 2** - List of all managed devices
+
+  ![Verify that the device is managed in Intune for Education](images/i4e_groups_alldevices_listofaadjdevices.png)
+
+4. On the Windows 10 education device, click **Start** and go to **Settings**. 
+5. Select **Accounts > Access work or school**.
+6. In the **Access work or school** page, confirm that the device is connected to the organization's Azure AD.
+
+  **Figure 3** - Confirm that the Windows 10 device is joined to Azure AD
+
+  ![Confirm that the Windows 10 device is joined to Azure AD](images/win10_confirmaadj.png)
+
+**That's it! You're done!** You've completed basic cloud setup, deployment, and management using Microsoft Education. 
+
+You can follow the rest of the walkthrough to finish setup and complete other tasks, such as:
+
+> [!div class="checklist"]
+> * Update group settings in Intune for Education
+> * Configure Azure settings
+> * Complete Office 365 for Education setup
+> * Add more users
+> * Connect other devices, like BYOD devices, to your cloud infrastructure
+
+You can watch the following video to see how to update group settings in Intune for Education and configure Azure settings. Or, you can follow the step-by-step guide for these tasks and the other tasks listed above.
+
+<center><iframe src="https://www.youtube.com/embed/M6-k73dZOfw" width="960" height="540" allowFullScreen frameBorder="0"></iframe></center>
+<!--
+<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/M6-k73dZOfw?ecver=2" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>
+-->
+You can watch the descriptive audio version here: [Microsoft Education: Update settings, apps, and Azure AD settings for your education tenant (DA)](https://www.youtube.com/watch?v=-Rz3VcDXbzs)
+
+## Update group settings in Intune for Education
+If you need to make changes or updates to any of the apps or settings for the group(s), follow these steps.
+
+1. Log in to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>.
+2. Click **Groups** and then choose **Settings** in the taskbar at the top of the page.
+3. You will see the same settings groups that you saw in express setup for Intune for Education as well as other settings categories such as **Windows Defender settings**, **Device sharing**, **Edition upgrade**, and so on.
+
+  **Figure 4** - See the list of available settings in Intune for Education
+
+  ![See the list of available settings in Intune for Education](images/i4e_groups_settingslist_full.png)
+
+4. Keep the default settings or configure the settings according to your school's policies. 
+
+  For example, you can configure the diagnostic data sent to Microsoft in **Basic device settings > Send diagnostic data**. 
+
+5. Click **Save** or **Discard changes**.
+
+## Configure Azure settings
+After completing the basic setup for your cloud infrastructure and confirming that it is up and running, it's time to prepare for additional devices to be added and enable capabilities for the user to use.
+
+### Enable many devices to be added by a single person 
+When a device is owned by the school, you may need to have a single persion adding many devices to your cloud infrastructure. 
+
+Follow the steps in this section to enable a single person to add many devices to your cloud infrastructure.
+
+1. Sign in to the <a href="https://portal.office.com" target="_blank">Office 365 admin center</a>.
+2. Configure the device settings for the school's Active Directory. To do this, go to the new Azure portal, <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a>.
+3. Select **Azure Active Directory > Users and groups > Device settings**.
+
+  **Figure 5** - Device settings in the new Azure portal
+
+  ![Configure device settings in the new Azure portal](images/azure_newportal_usersandgroups_devicesettings.png)
+
+4. Find the setting **Maximum number of devices per user** and change the value to **Unlimited**.
+5. Click **Save** to update device settings.
+
+### Enable roaming settings for users
+When students move from using one device to another, they may need to have their settings roam with them and be made available on other devices. 
+
+Follow the steps in this section to ensure that settings for the each user follow them when they move from one device to another.
+
+1. Sign in to the <a href="https://portal.office.com" target="_blank">Office 365 admin center</a>.
+3. Go to the new Azure portal, <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a>.
+3. Select **Azure Active Directory > Users and groups > Device settings**.
+4. Find the setting **Users may sync settings and enterprise app data** and change the value to **All**.
+
+  **Figure 6** - Enable settings to roam with users
+
+  ![Enable settings to roam with users](images/azure_usersandgroups_devicesettings_ers.png)
+
+5. Click **Save** to update device settings.
+
+## Complete Office 365 for Education setup
+Now that your basic cloud infrastructure is up and running, it's time to complete the rest of the Office 365 for Education setup. You can find detailed information about completing Office 365 setup, services and applications, troubleshooting, and more by reading the <a href="https://support.office.com/en-US/Article/set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa#ID0EAAAABAAA=Education" target="_blank">Office 365 admin documentation</a>.
+
+## Add more users
+After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more users and you want the same policies to apply to these users. You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Intune for Education.
+
+See <a href="https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc" target="_blank">Add users to Office 365</a> to learn more. Once you're done adding new users, go to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a> and verify that the same users were added to the Intune for Education groups as well.
+
+## Connect other devices to your cloud infrastructure
+Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [6. Set up Windows 10 devices](#6-set-up-windows-10-devices). For other devices, such as those personally-owned by teachers who need to connect to the school network to access work or school resources (BYOD), you can follow the steps in this section to get these devices connected.
+
+  > [!NOTE]  
+  > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device.
+
+**To connect a personal device to your work or school**
+
+1. On your Windows device, go to **Settings > Accounts**.
+2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
+3. In the **Set up a work or school account** window, enter the user's account info.
+
+  For example, if a teacher connects their personal device to the school network, they'll see the following screen after typing in their account information.
+
+  **Figure 7** - Device is now managed by Intune for Education
+
+  ![Device is managed by Intune for Education](images/byob_aad_enrollment_intune.png)
+
+4. Enter the account password and then click **Sign in** to authenticate the user.
+
+   Depending on the organization's policy, the user may be asked to update the password.
+
+5. After the user's credentails are validated, the window will refresh and will now include an entry that shows the device is now connected to the organization's MDM. This means the device is now enrolled in Intune for Education MDM and the account should have access to the organization's resources.
+
+  **Figure 8** - Device is connected to organization's MDM
+
+  ![Device is connected to organization's MDM](images/win10_connectedtoorgmdm.png)
+
+6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [6.3 Verify the device is Azure AD joined](#63-verify-the-device-is-azure-ad-joined). 
+
+  It may take several minutes before the new device shows up so check again later.
+
+  
+## Related topic
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/get-started-with-microsoft-education-fullpage.md b/education/get-started/get-started-with-microsoft-education-fullpage.md
new file mode 100644
index 0000000000..5658cacec9
--- /dev/null
+++ b/education/get-started/get-started-with-microsoft-education-fullpage.md
@@ -0,0 +1,765 @@
+---
+title: Deploy and manage a full cloud IT solution with Microsoft Education
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: hero-article
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 06/26/2017
+---
+
+# Get started: Deploy and manage a full cloud IT solution with Microsoft Education
+
+![Learn how to deploy and manage a cloud solution with MSES!](images/mses_getstarted_banner.png)
+
+**Applies to:**
+
+-   Office 365 for Education, School Data Sync, Microsoft Intune for Education, Microsoft Store for Education, Windows 10 Creators Update, Set up School PCs
+
+Hello, IT administrators! In this walkthrough, we'll show you how you can quickly and easily use the new Microsoft Education system, consisting of new and existing cloud services and tools, to implement a full IT cloud solution for your school.
+
+## What is Microsoft Education?
+**Microsoft Education** consists of these new and existing services and tools from Microsoft:
+- **Microsoft Intune for Education** for simple set up, control, and management of the resources for your school including apps, devices, and settings
+- **Office 365 for Education** provides online apps for work from anywhere and desktop apps for advanced functionality, built for working together and available across devices, and it's free for schools, teachers, and students
+  - **School Data Sync** to help automate the process for importing and integrating School Information System (SIS) data that you can use with Office 365
+  - **OneNote Class Notebook** to organize course content, create and deliver interactive lessons to some or all students, collaborate and provide private feedback to individual students, and connect with major LMS and SIS partners for assignment workflow
+- **Microsoft Teams** to bring conversations, content, and apps together in one place and create collaborate classrooms, connect in professional learning communities, and communicate with school staff 
+- **Learning Tools** are moving beyond the OneNote desktop app and is now available in Office Lens, OneNote Online, Word Online, and Word desktop
+- **Whiteboard** to create interactive lessons on the big screen, share and collaborate real-time by connecting to Class Notebook and Classroom
+- **Windows 10, version 1703 (Creators Update)** which brings 3D for everyone and other new and updated Windows features
+- **Minecraft: Education Edition** which provides an open and immersive environment to promote creativity, collaboration, and problem-solving 
+
+With Microsoft Education, schools can:
+- **Use affordable devices and simple setup** - Boost creativity and get started instantly with Windows 10 devices that support Windows Ink. Set up devices in minutes and stay in control with the new Intune for Education.
+- **Collaborate in a modern classroom** - Help students become career-ready with Office apps like Word, Excel, PowerPoint, and OneNote. Increase comprehension and outcomes with the most advanced teaching apps like integrated Learning Tools.
+- **Go beyond the browser with inspiring apps for classroom learning** - Inspire with Minecraft: Education Edition and innovative apps from the Microsoft Store for Education.
+
+Go to the <a href="https://www.microsoft.com/en-us/education" target="_blank">Microsoft Education site</a> to learn more. See <a href="https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools" target="_blank">How to buy</a> to learn about pricing and purchasing options for schools, students, and teachers as well as academic pricing and offers for qualified K-12 and higher education institutions.
+
+## What we're doing
+In this walkthrough, we'll show you the basics on how to:
+> [!div class="checklist"]
+> * Acquire an Office 365 for Education tenant, if you don't already have one
+> * Import school, student, teacher, and class data using School Data Sync (SDS)
+> * Deploy Microsoft Teams to enable groups and teams in your school to communicate and collaborate
+> * Manage apps and settings deployment with Intune for Education
+> * Acquire additional apps in Microsoft Store for Education
+> * Use the Set up School PCs app to quickly set up and provision your Windows 10 education devices
+> * Log in and use the devices
+
+This diagram shows a high-level view of what we cover in this walkthrough. The numbers correspond to the sections in the walkthrough and roughly correspond to the flow of the overall process; but, note that not all sections in this walkthrough are shown in the diagram.
+
+**Figure 1** - Microsoft Education IT administrator workflow
+
+![Deploy and manage a full cloud IT solution using Microsoft Education](images/microsoft_education_it_getstarted_workflow.png)
+
+## Prerequisites
+Complete these tasks before you start the walkthrough:
+- Make sure all the devices that you want to configure, such as student PCs, have the latest Windows 10, version 1703 image installed.
+
+  We recommend Windows 10, version 1703 to take advantage of all the new features and functionality that Windows supports. This version of Windows is also compatible with the latest version of the Set up School PCs app and the versions must match in order for Set up School PCs to provision the devices. 
+
+  If you don't have Windows 10, version 1703 installed on your devices, we recommend upgrading. This process takes a while so start this task before proceeding with this walkthrough. 
+
+- Have an education-verified tenant to qualify for an Office 365 for Education subscription. You also need to be education-verified to use School Data Sync and Intune for Education.
+
+  If you don't have an education-verified domain, don't worry. We'll show you the steps on how to do this. 
+
+  > [!NOTE] 
+  > If you need to get education-verified, it may take up to two weeks for the verification process to be completed.
+
+## Setup options
+ To make sure you have a successful experience with deploying and managing a full cloud IT solution with Microsoft Education, select the scenario that best describes your school or how you'd like to get started.
+
+
+| [Get started with Microsoft Education in production environment](#noo365prodenv) | [Try out Microsoft Education in trial environment](#noo365trialenv) | [School uses Office 365, try out Intune for Education now](#schooluseso365tryi4e) | 
+| ----------------------------------------- | ------------------------------------------------ | ---------------------------------------------- |
+| * My school doesn't use Office 365 for Education | * My school doesn't use Office 365 for Education | * My school uses Office 365 for Education |
+| * My school is not an education-verified tenant | * My school is not an education-verified tenant | * My school is an education-verified tenant |
+| * I would like to get started with Microsoft Education in a production environment | * I would like to try out Microsoft Education in a trial environment | * I would like to apply the Intune for Education trial code to my school's production environment |
+| * Longest, need to start from scratch | * Simplest, but may take longer to start | * Fastest, Office 365 and SDS already set up |
+
+
+### <a name="noo365prodenv"></a>Option 1: Get started with Microsoft Education in a production environment
+Trying out Microsoft Education in a production environment means you'll be using real school data as you evaluate the features and tools. This requires more time to get fully set up and going. 
+
+To get started with Microsoft Education in a production environment:
+
+* Go to <a href="https://aka.ms/sdssignup" target="_blank">https://aka.ms/sdssignup</a> and fill out the form to sign up for School Data Sync and receive a free, one-on-one support from Microsoft.
+
+  A team from Microsoft will contact you to help get started with Microsoft Education. 
+
+If you want a quicker way to evaluate Microsoft Education, you can [use a trial environment instead](#noo365trialenv).
+
+### <a name="noo365trialenv"></a>Option 2: Try out Microsoft Education in a trial environment
+Once you get an Office 365 education-verified tenant, trying out Microsoft Education in a trial environment is an easy way to evaluate all the features and tools. Here, you'll use promo codes and sample files as you follow the walkthrough. 
+
+To get started with Microsoft Education in a trial environment, follow these steps.
+
+1. [Set up a new Office 365 for Education tenant](#1-set-up-a-new-office-365-for-education-tenant).
+
+  Wait for your tenant to be education-verified before proceeding with the next step. Verification can take up to a few days.
+
+2. Once you have an education-verified tenant, click <a href="https://aka.ms/intuneforedupreviewtrial" target="_blank">https://aka.ms/intuneforedupreviewtrial</a> to apply the Intune for Education trial promo code. 
+  1. In the Intune for Education Trial page, on the upper right, click **Sign in** next to **Want to add this to an existing subscription?**.
+  2. Sign in with your global admin credentials. 
+
+3. Sign in to <a href="https://portal.office.com/adminportal" target="_blank">Office 365 admin portal</a> and:
+  1. Select **Admin > Users** and then search for your admin account. 
+  2. In the user page, select **Product licenses** and expand the **Office 365 Education** license you assigned to yourself. 
+  3. Confirm that School Data Sync is turned on.
+
+3. Skip ahead and follow the rest of the instructions in this walkthrough beginning with [2. Use School Data Sync to import student data](#2-use-school-data-sync-to-import-student-data).
+
+### <a name="schooluseso365tryi4e"></a>Option 3: Try out Intune for Education
+Already have an Office 365 for Education verified tenant? Just sign in with your global admin credentials to apply the Intune for Education preview trial code to your tenant and follow the rest of the walkthrough.
+
+1. Click <a href="https://aka.ms/intuneforedupreviewtrial" target="_blank">https://aka.ms/intuneforedupreviewtrial</a> to get started.
+2. In the **Intune for Education Trial** page, on the upper right, click **Sign in** next to **Want to add this to an existing subscription?**.
+
+  **Figure 2** - Intune for Education trial sign in page
+
+  ![Intune for Education trial sign in page](images/i4e_trialsigninpage.png)
+
+3. Enter your Office 365 global admin credentials to apply the Intune for Education trial to your tenant.
+4. If you don't already have Microsoft Teams deployed to your tenant, you can start with [3. Enable Microsoft Teams for your school](#3-enable-microsoft-teams-for-your-school) and then follow the rest of the instructions in this walkthrough. 
+
+## 1. Set up a new Office 365 for Education tenant
+Schools can use Office 365 to save time and be more productive. Built with powerful tools and accessible from any device, setting it up is the first step in getting your school to the cloud. 
+
+Don't have an Office 365 for Education verified tenant or just starting out? Follow these steps to set up an Office 365 for Education tenant. [Learn more about Office 365 for Education plans and pricing](https://products.office.com/en-us/academic/compare-office-365-education-plans).
+
+1. Go to the <a href="https://signup.microsoft.com/Signup?OfferId=03ee83a5-5cb4-4545-aca9-33ead43f222a,d764709a-7763-45ef-a2a8-db5b8b6ae704&DL=ENTERPRISEPREMIUM_FACULTY" target="_blank">Office 365 for Education sign up page</a> to sign up for a free subscription for your school.
+2. Create an account and a user ID and password to use to sign into your account. 
+
+  **Figure 3** - Office 365 account creation
+
+  ![Create an Office 365 account](images/o365_createaccount.png)
+
+3. Save your sign-in info so you can use it to sign in to <a href="https://portal.office.com" target="_blank">https://portal.office.com</a> (the sign-in page). Click **You're ready to go...** 
+4. In the **Verify eligibility for Microsoft Office 365 for Education** screen:
+  1. Add your domain name and follow the steps to confirm ownership of the domain. 
+  2. Choose your DNS hosting provider to see step-by-step instructions on how to confirm that you own the domain.
+ 
+    In some cases, you may need to wait several hours for the DNS verification to complete. You can click **I'll verify later** and come back later and log into the Office 365 portal and then go to the **Admin** center and select **Domains** to check the status entry for your domain.
+
+    You may need to fill in other information to provide that you qualify for an education tenant. Provide and submit the info to Microsoft to continue verification for your tenant.  
+
+As part of setting up a basic cloud infrastructure, you don't need to complete the rest of the Office 365 for Education setup so we will skip the rest of setup for now and start importing school data. You can pick up where you left off with Office 365 for Education setup once you've completed the rest of the steps in the walkthrough. See [7.3 Complete Office 365 for Education setup](#73-complete-office-365-education-setup) for info.
+
+
+## 2. Use School Data Sync to import student data
+School Data Sync (SDS) helps you import Student Information System (SIS) data into Office 365. It helps automate the process for importing and integrating SIS data that you can use with Office 365 and apps like OneNote Class Notebooks. 
+
+Follow all the steps in this section to use SDS and sample CSV files in a trial environment. To use SDS in a production environment, see step 2 in [Try out Microsoft Education in a production environment](#noo365prodenv) instead.
+
+**<a name="downloadcsvsamples"></a>Download sample school data**
+
+1. Go to the <a href="https://aka.ms/sdsscripts" target="_blank">O365-EDU-Tools GitHub site</a>.
+2. Click the green **Clone or download** button to download the SDS sample files.
+
+  **Figure 4** - Download the SDS sample files from GitHub
+
+  ![Download the SDS sample files from GitHub](images/sds_github_downloadsample.png)
+
+3. In the **Clone with HTTPS** pop-up window, choose **Download ZIP** and note the location where you're saving the folder.
+4. Go to the folder where you saved the .zip and unzip the files.
+5. Open the **O365-EDU-Tools-master** folder and then open the **CSV Samples** subfolder. Confirm that you can see the following sample CSV files.
+
+  **Figure 5** - Sample CSV files
+
+  ![Use the sample CSV files](images/sds_sample_csv_files_us_uk.png)
+
+  > [!NOTE] 
+  > - The sample CSV files uses sample accounts and passwords. If you are using the sample files for testing, remember the accounts and their corresponding passwords. You may be asked to change the password during your first sign in. 
+  > - If you are modifying the sample CSV files to use in your organization, change the accounts and passwords to match the user accounts and passwords in your organization.
+  > - If you are using CSV files from your existing production environment, see the detailed instructions in step 5 in the next section.
+
+To learn more about the CSV files that are required and the info you need to include in each file, see <a href="https://aka.ms/sdscsvattributes" target="_blank">CSV files for School Data Sync</a>. If you run into any issues, see <a href="https://aka.ms/sdserrors" target="_blank">School Data Sync errors and troubleshooting</a>.
+
+**<a name="usesdstoimportdata"></a>Use SDS to import student data**
+
+1. If you haven't done so already, go to the SDS portal, <a href="http://sds.microsoft.com" target="_blank">https://sds.microsoft.com</a>.
+2. Click **Sign in**. You will see the **Settings** option for **Manage School Data Sync**.
+
+  **Figure 6** - Settings for managing SDS
+
+  ![Settings for managing SDS](images/sds_settings_manage_sds_firstsignin.png)
+
+3. Turn on **School Data Sync**. You will get a notification that it is turned on. Click **OK**.
+
+  New menu options will appear on the left of the SDS portal.
+
+  **Figure 7** - New menu options appear after SDS is turned on
+
+  ![New menu options appear after SDS is turned on](images/sds_sds_on_newmenuitemsappear.png)
+
+4. Click **+ Add Profile** from the sync dashboard or from the menu on the left to start syncing school data.
+
+  This opens up the new profile setup wizard within the main page.
+
+  **Figure 8** - New SDS profile setup wizard
+
+  ![New SDS profile setup wizard](images/sds_add_new_profile_062317.png)
+
+5. For the new profile, in the **How do you want to connect to your school?** screen:
+  1. Enter a name for your profile, such as *Contoso_Elementary_Profile*.
+  2. Select a sync method for your profile. For this walkthrough, select **Upload CSV Files**.
+  3. Select the type of CSV files that you're using. For this walkthrough, select **CSV files: SDS Format**.  
+  4. Click **Start**.
+
+6. In the **Sync options** screen:
+  1. In the **Select new or existing users** section, you can select either **Existing users** or **New users** based on the scenaro that applies to you. For this walkthrough, select **New users**.
+  2. In the **Import data** section:
+    1. Click **Upload Files** to bring up the **Select data files to be uploaded** window.
+    2. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import.
+    3. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**.
+    4. In the **Select data files to be uploaded** window, confirm that all six CSV files (School.csv, Section.csv, Student.csv, StudentEnrollment.csv, Teacher.csv, and TeacherRoster.csv) are listed and then click **Upload**.
+
+      > [!NOTE]
+      > After you click **Upload**, the status in the **Select data files to be uploaded** window will indicate that files are being uploaded and verified.
+
+    5. After all the files are successfully uploaded, click **OK**. 
+
+  3. Select the domain for the schools/sections. This domain will be used for the Section email addresses created during setup. If you have more than one domain, make sure you select the appropriate domain for the sync profile and subsequent sections being created.
+  4. In the **Select school and section properties** section, ensure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties, or deselect any properties, make sure you have the properties and values contained within the CSV files. For the walkthrough, you don't have to change the default.
+  5. In the **Sync option for Section Group Display Name**, check the box if you want to allow teachers to overwrite the section names. Otherwise, SDS will always reset the display name value for sections to the value contained within the CSV files.
+  6. In the **Student enrollment option** section:
+    * If you want to sync your student roster data immediately, leave the box unchecked.
+    * If you prefer to sync student enrollment/rostering data at a later date, check this box and then pick a date by clicking the empty box and selecting the appropriate date in the calendar when you would like to begin syncing your student roster data. Some schools prefer to delay syncing student roster data so they don't expose rosters before the start of the new term, semester, or school year.  
+  7. In the **License Options** section, check the box for **Intune for Education** to allow students and teachers to receive the Intune for Education license. This will also create the SDS dynamic groups and security groups, which will be used within Intune for Education.
+  8. Click **Next**.
+
+    **Figure 9** - Sync options for the new profile
+
+    ![Specify sync options for the new SDS profile](images/sds_profile_sync_options_062317.png)
+
+7. In the **Teacher options** screen:
+  1. Select the domain for the teachers. SDS appends the selected domain suffix to the teacher's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The teacher will log in to Office 365 with the UserPrincipalName once the account is created.
+  2. In the **Select teacher properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
+  3. In the **Teacher licenses** section, choose the SKU to assign licenses for teachers. For example, **STANDARDWOFFPACK_FACULTY**.
+  4. Click **Next**.
+
+    **Figure 10** - Specify options for teacher mapping
+
+    ![Specify options for teacher mapping](images/sds_profile_teacher_options_062317.png)
+
+8. In the **Student options** screen:
+  1. Select the domain for the students. SDS appends the selected domain suffix to the student's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The student will log in to Office 365 with the UserPrincipalName once the account is created.
+  2. In the **Select student properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
+  3. In the **Student licenses** section, choose the SKU to assign licenses for students. For example, **STANDARDWOFFPACK_STUDENT**.
+  4. Click **Next**.
+
+    **Figure 11** - Specify options for student mapping
+
+    ![Specify options for student mapping](images/sds_profile_student_options_062317.png)
+
+9. In the profile **Review** page, review the summary and confirm that the options selected are correct. 
+10. Click **Create profile**. You will see a notification that your profile is being submitted and then you will see a page for your profile. 
+
+  **Figure 12** - SDS profile page
+
+  ![SDS profile page](images/sds_profile_profilepage_settingup_062317.png) 
+
+11. After the profile is created and the status indicates as **Setting up**, refresh the page until you see the status change to **Sync in progress**. Beneath the **Sync in progress** status, you will see which of the 5 sync stages SDS is working on:
+  * Stage 1 - Validating data
+  * Stage 2 - Processing schools and sections
+  * Stage 3 - Processing students and teachers
+  * Stage 4 - Adding students and teachers into sections
+  * Stage 5 - Setting up security groups
+
+  If you don't see a **Sync in progress** status on the sync profile, and receive an error message instead, this indicates that SDS has encountered data issues during the pre-sync validation check and has not started syncing your data. This gives you the opportunity to fix the errors identified by the pre-sync validation checks before continuing. Once you've fixed any errors or if you prefer to continue with the errors and begin syncing your data anyway, click the **Resume sync** button to start the sync process.
+
+  Once you've completed all five sync stages, your profile status will update one final time. 
+    * If you haven't encountered any errors, you will see a green check mark which states **Everything is ok**, and the profile status will change to **Sync complete. Ready for more data.** 
+    * If SDS encountered sync errors, you will see a red status icon that indicates an error, and a profile status of **Sync complete. Profile contains multiple errors**. Download the available error report to identify and fix your sync errors. Once complete, upload new files as needed and re-sync your data until errors are resolved.
+
+  Here are some examples of what the sync status can look like:
+
+  **Figure 13** - New profile: Sync in progress
+
+  ![Sync in progress for the new profile](images/sds_profile_status_syncinprogress_062317.png)
+
+  **Figure 14** - New profile: Sync complete - no errors
+
+  ![New profile sync complete with no errors](images/sds_profile_status_everythingok_062317.png)
+
+  **Figure 15** - New profile: Sync complete - with errors
+
+  ![New profile sync complete with errors](images/sds_profile_status_syncerrors_062317.png)
+
+  Sync times, like file download times, can vary widely depending on when you start the sync, how much data you are syncing, the complexity of your data (such as the number of users, schools, and class enrollments), overall system/network load, and other factors. Two people who start a sync at the same time may not have their syncs complete at the same time.
+
+  You can refresh the page to confirm that your profile synced successfully.
+
+That's it for importing sample school data using SDS.
+
+## 3. Enable Microsoft Teams for your school
+Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education. 
+
+To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school. 
+
+**Enable Microsoft Teams for your school**
+
+1. Sign in to <a href="https://portal.office.com" target="_blank">Office 365</a> with your work or school account.
+2. Click **Admin** to go to the Office 365 admin center.
+3. Go to **Settings > Services & add-ins**.
+4. On the **Services & add-ins** page, select **Microsoft Teams**.
+
+  **Figure 16** - Select Microsoft Teams from the list of services & add-ins
+
+  ![Enable Microsoft Teams for your school](images/o365_settings_services_msteams.png)
+
+5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**.
+
+  **Figure 17** - Select the license that you want to configure
+
+  ![Select the Microsoft Teams license that you want to configure](images/o365_msteams_settings.png)
+
+6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization.
+
+  **Figure 18** - Turn on Microsoft Teams for your organization
+
+  ![Turn on Microsoft Teams for your organization](images/o365_msteams_turnon.png)
+
+7. Click **Save**.
+
+You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the <a href="https://aka.ms/MeetTeamsEdu" target="_blank">Meet Microsoft Teams</a> page.
+
+## 4. Configure Microsoft Store for Education
+You'll need to configure Microsoft Store for Education to accept the services agreement and make sure your Microsoft Store account is associated with Intune for Education.
+
+**Associate your Microsoft Store account with Intune for Education**
+
+1. Sign in to <a href="https://educationstore.microsoft.com" target="_blank">Microsoft Store for Education</a>.
+2. Accept the Microsoft Store for Business and Education Services Agreement. 
+
+  This will take you to the Microsoft Store for Education portal.
+
+  **Figure 19** - Microsoft Store for Education portal
+
+  ![Microsoft Store for Education portal](images/msfe_store_portal.png)
+
+3. In the Microsoft Store portal, click **Manage** to go to the Microsoft Store **Overview** page.
+4. Find the **Overview** page, find the **Store settings** tile and click **Management tools**.
+
+  **Figure 20** - Select management tools from the list of Store settings options
+
+  ![Select management tools from list of Store settings options](images/msfe_storesettings_select_managementtools.png)
+
+4. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune for Education ready for use with Microsoft Store for Education.
+
+  **Figure 21** - Activate Intune for Education as the management tool
+
+  ![Activate Intune for Education as the management tool](images/msfe_managementtools_activateintune.png) 
+
+Your Microsoft Store for Education account is now linked to Intune for Education so let's set that up next.
+
+## 5. Use Intune for Education to manage groups, apps, and settings
+Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the <a href="https://docs.microsoft.com/intune-education" target="_blank">Intune for Education documentation</a>. 
+
+### Example - Set up Intune for Education, buy apps from the Store, and install the apps
+In this walkthrough, we'll go through a sample scenario and walk you through the steps to:
+- [Use express configuration to quickly set up Intune for Education](#setupintune)
+- [Use Intune for Education to buy apps from the Microsoft Store for Education](#addappsfrommsfe)
+- [Use Intune for Education to install the apps for all users in your tenant](#installappsallusers)
+
+Note that for verified education tenants, Microsoft automatically provisions your app catalog with these apps so you will see them appear on your Intune for Education catalog even before you've bought any apps:
+- Excel 
+- Fresh Paint
+- Minecraft: Education Edition
+- OneNote
+- PowerPoint
+- Sway
+- Word
+
+  > [!NOTE]
+  > Apps that you own in the Microsoft Store for Education are automatically available in Intune for Education. Any changes you make to your purchases get reflected in Intune for Education.
+
+
+**<a name="setupintune"></a>Set up Intune for Education**
+
+Intune for Education provides an **Express configuration** option so you can get going right away. We'll use that option here.
+
+1. Log into the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>. You will see the Intune for Education dashboard once you're logged in.
+
+  **Figure 22** - Intune for Education dashboard
+
+  ![Intune for Education dashboard](images/i4e_portal.png)
+
+2. On the dashboard, click **Launch Express Configuration**, or select the **Express configuration** option on the menu on the left.
+3. In the **Welcome to Intune for Education** screen, click **Get started**.
+  
+  **Figure 23** - Click Get started to set up Intune for Education
+
+  ![Click Get Started to configure groups, apps, and settings](images/i4e_expressconfiguration_welcome.png)
+
+4. In the **Get school information (optional)** screen, it should indicate that SDS is already configured. Click **Next**.
+
+  **Figure 24** - SDS is configured
+
+  ![SDS is already configured](images/i4e_expressconfiguration_sdsconfigured.png)
+
+5. In the **Choose group** screen, select **All Users**. All apps and settings that we select during express setup will apply to this group. 
+
+  You can choose another group during this step, but note that your experience may vary from what we show in the walkthrough.
+
+6. The **Next** button will appear at the bottom of the screen after you select **All Users**. Click **Next**.
+
+  > [!TIP]
+  > At the top of the screen, did you notice the **Choose group** button change to a green check mark? This means we are done with that step. If you change your mind or need to make changes, simply click on the button to go back to that step. Try it!
+  >
+  > **Figure 25** - Click on the buttons to go back to that step
+  >
+  > ![Click on the buttons to back to that step](images/i4e_expressconfiguration_choosebuttontogoback.png)
+
+7. In the **Choose apps** screen, you will see a selection of Web apps, Microsoft Store apps, and desktop (Win32) apps. You will also see a list of popular apps from each category. 
+
+  - Add or remove apps by clicking on them. A blue checkmark means the app is added and will be installed for all members of the group selected in the **Choose group** step.
+  
+    In this walkthrough, it's up to you to select the apps you choose to install. Just remember what they are so that later in the walkthrough you can verify that the apps were installed correctly on the device.
+
+    > [!TIP]
+    > Web apps are pushed as links in the Windows Start menu under **All apps**. If you want apps to appear in Microsoft Edge browser tabs, use the **Homepages** setting for Microsoft Edge through **Express configuration** or **Manage Users and Devices**.
+
+  **Figure 26** - Choose the apps that you want to install for the group
+
+  ![Choose apps to install for the group](images/i4e_expressconfiguration_chooseapps_selected_cropped.png)
+
+8. When you're done choosing apps, click **Next** at the bottom of the screen.
+
+  If you select Microsoft Store apps, you will see a notification that Intune for Education is getting these apps.
+
+8. In the **Choose settings** screen, we will set the settings to apply to the group. Click the reverse caret (downward-facing arrow) to expand the settings group and get more information about each setting in that settings group.
+
+  **Figure 27** - Expand the settings group to get more details
+
+  ![Expand the settings group to get more info](images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.png)
+
+9. For this walkthrough, set the following settings:
+  - In the **Microsoft Edge settings** group, change the **Do-Not-Track headers** setting to **Require**.
+  - In the **App settings** group, change the **Microsoft Store for Business apps** setting to **Block**, and then set the **Require Microsoft Store for Business apps to be installed from private store** to **Require**.
+
+  **Figure 28** - Set some additional settings
+
+  ![Set some additional settings](images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.png)
+
+10. Click **Next**. In the **Review** screen, you will see a summary of the apps and settings you selected to apply.
+
+  **Figure 29** - Review the group, apps, and settings you configured
+
+  ![Review the group, apps, and settings you configured](images/i4e_expressconfiguration_review.png)
+
+11. Click **Save** to end express configuration.
+12. You will see the **You're done!** screen which lets you choose one of two options. 
+
+  **Figure 30** - All done with Intune for Education express configuration
+
+  ![Done with Intune for Education express configuration](images/i4e_expressconfiguration_alldone.png)
+
+13. Click **All done** or click the **X** on the upper-right corner of the screen to dismiss this screen and go back to the dashboard.
+
+
+**<a name="addappsfrommsfe"></a>Add apps bought from Microsoft Store for Education**
+
+- **Example 1 - Minecraft: Education Edition**
+
+  If you would like to purchase Minecraft: Education Edition or want to learn how to get, distribute, and manage permissions for Minecraft: Education Edition, see <a href="https://docs.microsoft.com/education/windows/school-get-minecraft" target="_blank">For IT administrators - get Minecraft: Education Edition</a>.
+
+- **Example 2 - Free educational/reference apps**
+
+  1. In the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>, click **Apps** from the menu on the left.
+
+    **Figure 31** - Click on **Apps** to see the list of apps for your tenant
+
+    ![Click Apps to see the list of apps for your tenant](images/i4e_dashboard_clickapps.png)
+
+  2. In the **Store apps** section, click **+ New app**. This will take you to the Microsoft Store for Education portal and you will already be signed in.
+
+    **Figure 32** - Select the option to add a new Store app
+
+    ![Select the option to add a new Store app](images/i4e_apps_newstoreapp_selected.png)
+
+  3. In the Microsoft Store page, check some of the categories for suggested apps or search the Store for a free educational or reference app. Find ones that you haven't already installed during express setup for Intune for Education.
+  
+    For example, these apps are free:
+    - Duolingo - Learn Languages for Free
+    - Flashcards Pro 
+    - Khan Academy
+    - My Study Life
+
+  4. Find or select the app you want to install and click **Get the app**.
+  5. In the app's Store page, click the **...** button and select **Add to private store**.
+  6. Repeat steps 3-5 to install another app or move to the next step.
+  7. In the Microsoft Store for Education portal, select **Manage > Apps & software > Manage apps** to verify that the apps you purchased appear in your inventory.
+
+    For example, if you bought Duolingo and Khan Academy, they will show up in your inventory along with the apps that Microsoft automatically provisioned for your education tenant.
+
+    **Figure 33** - Apps inventory in Microsoft Store for Education
+
+    ![Apps inventory in Store for Business](images/msfe_manageapps_inventory_grouped.png)
+
+    In the **Private store** column of the **Apps & software** page, the status for some apps will indicate that it's "In private store" while others will say "Not in private store". We won't go over this in the walkthrough, but you can learn more about this in <a href="https://docs.microsoft.com/microsoft-store/distribute-apps-from-your-private-store" target="_blank">Distribute apps using your private store</a>.
+
+    > [!NOTE]  
+    > You'll see in the above screenshot that some apps say that **Add is in progress**. Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps. 
+
+**<a name="installappsallusers"></a>Install apps for all users**
+
+Now that you've bought the apps, use Intune for Education to specify the group to install the apps for. Here, we'll show you how to install the apps you bought for all devices used by all users in your tenant. 
+
+1. In the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>, click the **Groups** option from the menu on the left.
+
+  **Figure 34** - Groups page in Intune for Education
+
+  ![Groups page in Intune for Education](images/i4e_groupspage.png)
+
+2. In the **Groups** page, select **All Users** from the list of groups on the left, and then click **Users** in the taskbar at the top of the **All Users** page. 
+
+  **Figure 35** - List of all users in the tenant
+
+  ![List of all users in the tenant](images/i4e_groups_allusers_users_steps.png)
+
+3. In the taskbar at the top, select **Apps** and then click **Edit apps** to see a list of available apps.
+
+  **Figure 36** - Edit apps to assign them to users
+
+  ![Edit apps to assign them to users](images/i4e_groups_allusers_appspage_editapps.png)
+
+4. Select the apps to deploy to the group. A blue checkmark will appear next to the apps you select. 
+
+  **Figure 37** - Select the apps to deploy to the group
+
+  ![Select the apps to deploy to the group](images/i4e_groups_allusers_selectappstodeploy.png)
+
+5. Once you're done, click **Save** at the bottom of the page to deploy the selected apps to the group.
+6. You'll be notified that app assignments are being updated. The updated **All Users** groups page now include the apps you selected. 
+
+  **Figure 38** - Updated list of assigned apps
+
+  ![Updated list of assigned apps](images/i4e_groups_allusers_updatedappslist.png)
+
+You're now done assigning apps to all users in your tenant. It's time to set up your Windows 10 device(s) and check that your cloud infrastructure is correctly set up and your apps are being pushed to your devices from the cloud.
+
+## 6. Set up Windows 10 devices
+
+### 6.1 Set up devices using Set up School PCs or Windows OOBE
+We recommend using the latest build of Windows 10, version 1703 on your education devices. To set up new Windows 10 devices and enroll them to your education tenant, choose from one of these options:
+- **Option 1: [Use the Set up School PCs app](#usesetupschoolpcs)** - You can use the app to create a setup file that you can use to quickly set up one or more Windows 10 devices.
+- **Option 2: [Go through Windows OOBE and join the device to Azure AD](#usewindowsoobandjoinaad)** - You can go through a typical Windows 10 device setup or first-run experience to configure your device.
+
+**<a name="usesetupschoolpcs"></a>Option 1: Set up a device using the Set up School PCs app**
+
+IT administrators and technical teachers can use the Set up School PCs app to quickly set up PCs for students. A student PC set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
+
+![Set up School PCs app](images/suspc_getstarted_050817.png)
+
+Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recommended education settings, using a quick USB setup. This app guides you through the creation of a student PC provisioning package and helps you save it to a USB drive. From there, just plug the USB drive into student PCs running Windows 10 Creators Update (version 1703). It automatically:
+- Joins each student PC to your organization's Office 365 and Azure Active Directory tenant
+- Enrolls each student PC into a mobile device management (MDM) provider, like Intune for Education, if licensed in your tenant. You can manage all the settings Set up School PCs sets later through MDM.
+- Removes OEM preinstalled software from each student PC
+- Auto-configures and saves a wireless network profile on each student PC
+- Gives a friendly and unique name to each student device for future management
+- Sets Microsoft-recommended school PC settings, including shared PC mode which provides faster sign-in and automatic account cleanup
+- Enables optional guest account for younger students, lost passwords, or visitors
+- Enables optional secure testing account
+- Locks down the student PC to prevent mischievous activity:
+    * Prevents students from removing the PC from the school's device management system
+    * Prevents students from removing the Set up School PCs settings
+- Keeps student PCs up-to-date without interfering with class time using Windows Update and maintenance hours
+- Customizes the Start layout with Office
+- Installs OneDrive for storing cloud-based documents and Sway for creating interactive reports, presentations, and more
+- Uninstalls apps not specific to education, such as Solitaire
+- Prevents students from adding personal Microsoft accounts to the PC
+
+**To set up a device using the Set up School PCs app**
+
+1. Follow the steps in <a href="https://docs.microsoft.com/en-us/education/windows/use-set-up-school-pcs-app" target="_blank">Use the Set up School PCs app</a> to quickly set up one or more student PCs.
+2. Follow the steps in [5.2 Verify correct device setup](#52-verify-correct-device-setup).
+
+
+**<a name="usewindowsoobandjoinaad"></a>Option 2: Set up a device using Windows OOBE**
+
+1. If you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired or Ethernet connection.
+2. Go through the Windows device setup experience. On a new or reset device, this starts with the **Let's start with region. Is this right?** screen.
+
+  **Figure 39** - Let's start with region
+
+  ![Let's start with region](images/win10_letsstartwithregion.png)
+
+3. Continue with setup. In the **How would you like to set up?** screen, select **Set up for an organization**.
+
+  **Figure 40** - Select setup for an organization
+
+  ![Select setup for an organization](images/win10_setupforanorg.png)
+
+4. Sign in using the user's account and password. Depending on the user password setting, you may be prompted to update the password.
+5. Choose privacy settings for the device. Location, speech recognition, diagnostics, and other settings are all on by default. Configure the settings based on the school's policies. 
+6. Click **Accept** to go through the rest of device setup.
+
+
+### 6.2 Verify correct device setup
+Verify that the device is set up correctly and boots without any issues.
+
+**Verify that the device was set up correctly**
+1. Confirm that the Start menu contains a simple configuration.
+2. Confirm that the Store and built-in apps are installed and working. The apps pushed down from Intune for Education will appear under **Recently added**. 
+
+  > [!NOTE]  
+  > It may take some time before some apps are pushed down to your device from Intune for Education. Check again later if you don't see some of the apps you provisioned for the user.
+
+  **Figure 41** - Sample list of apps for a user
+
+  ![Apps list contains the apps provisioned for the user](images/win10_start_checkapps.png)
+
+### 6.3 Verify the device is Azure AD joined
+Let's now verify that the device is joined to your organization's Azure AD and shows up as being managed in Microsoft Intune for Education.
+
+**Verify if the device is joined to Azure AD**
+1. Log in to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>.
+2. Select **Groups** and select **All Devices**.
+3. In the **All Devices** page, see the list of devices and verify that the device you're signed into appears on the list.
+
+  **Figure 42** - List of all managed devices
+
+  ![Verify that the device is managed in Intune for Education](images/i4e_groups_alldevices_listofaadjdevices.png)
+
+4. On the Windows 10 education device, click **Start** and go to **Settings**. 
+5. Select **Accounts > Access work or school**.
+6. In the **Access work or school** page, confirm that the device is connected to the organization's Azure AD.
+
+  **Figure 43** - Confirm that the Windows 10 device is joined to Azure AD
+
+  ![Confirm that the Windows 10 device is joined to Azure AD](images/win10_confirmaadj.png)
+
+**That's it! You're done!** You've completed basic cloud setup, deployment, and management using Microsoft Education. You can continue follow the rest of the walkthrough to finish setup and complete other tasks.
+
+
+## 7. Finish setup and other tasks
+
+### 7.1 Update group settings in Intune for Education
+If you need to make changes or updates to any of the apps or settings for the group(s), follow these steps.
+
+1. Log in to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>.
+2. Click **Groups** and then choose **Settings** in the taskbar at the top of the page.
+3. You will see the same settings groups that you saw in express setup for Intune for Education as well as other settings categories such as **Windows Defender settings**, **Device sharing**, **Edition upgrade**, and so on.
+
+  **Figure 44** - See the list of available settings in Intune for Education
+
+  ![See the list of available settings in Intune for Education](images/i4e_groups_settingslist_full.png)
+
+4. Keep the default settings or configure the settings according to your school's policies. 
+
+  For example, you can configure the diagnostic data sent to Microsoft in **Basic device settings > Send diagnostic data**. 
+
+5. Click **Save** or **Discard changes**.
+
+### 7.2 Configure Azure settings
+After completing the basic setup for your cloud infrastructure and confirming that it is up and running, it's time to prepare for additional devices to be added and enable capabilities for the user to use.
+
+#### Enable many devices to be added by a single person 
+When a device is owned by the school, you may need to have a single persion adding many devices to your cloud infrastructure. 
+
+Follow the steps in this section to enable a single person to add many devices to your cloud infrastructure.
+
+1. Sign in to the <a href="https://portal.office.com" target="_blank">Office 365 admin center</a>.
+2. Configure the device settings for the school's Active Directory. To do this, go to the new Azure portal, <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a>.
+3. Select **Azure Active Directory > Users and groups > Device settings**.
+
+  **Figure 45** - Device settings in the new Azure portal
+
+  ![Configure device settings in the new Azure portal](images/azure_newportal_usersandgroups_devicesettings.png)
+
+4. Find the setting **Maximum number of devices per user** and change the value to **Unlimited**.
+5. Click **Save** to update device settings.
+
+#### Enable roaming settings for users
+When students move from using one device to another, they may need to have their settings roam with them and be made available on other devices. 
+
+Follow the steps in this section to ensure that settings for the each user follow them when they move from one device to another.
+
+1. Sign in to the <a href="https://portal.office.com" target="_blank">Office 365 admin center</a>.
+3. Go to the new Azure portal, <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a>.
+3. Select **Azure Active Directory > Users and groups > Device settings**.
+4. Find the setting **Users may sync settings and enterprise app data** and change the value to **All**.
+
+  **Figure 46** - Enable settings to roam with users
+
+  ![Enable settings to roam with users](images/azure_usersandgroups_devicesettings_ers.png)
+
+5. Click **Save** to update device settings.
+
+### 7.3 Complete Office 365 for Education setup
+Now that your basic cloud infrastructure is up and running, it's time to complete the rest of the Office 365 for Education setup. You can find detailed information about completing Office 365 setup, services and applications, troubleshooting, and more by reading the <a href="https://support.office.com/en-US/Article/set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa#ID0EAAAABAAA=Education" target="_blank">Office 365 admin documentation</a>.
+
+### 7.4 Add more users
+After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more users and you want the same policies to apply to these users. You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Intune for Education.
+
+See <a href="https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc" target="_blank">Add users to Office 365</a> to learn more. Once you're done adding new users, go to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a> and verify that the same users were added to the Intune for Education groups as well.
+
+### 7.5 Connect other devices to your cloud infrastructure
+Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [6. Set up Windows 10 devices](#6-set-up-windows-10-devices). For other devices, such as those personally-owned by teachers who need to connect to the school network to access work or school resources (BYOD), you can follow the steps in this section to get these devices connected.
+
+  > [!NOTE]  
+  > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device.
+
+**To connect a personal device to your work or school**
+
+1. On your Windows device, go to **Settings > Accounts**.
+2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
+3. In the **Set up a work or school account** window, enter the user's account info.
+
+  For example, if a teacher connects their personal device to the school network, they'll see the following screen after typing in their account information.
+
+  **Figure 47** - Device is now managed by Intune for Education
+
+  ![Device is managed by Intune for Education](images/byob_aad_enrollment_intune.png)
+
+4. Enter the account password and then click **Sign in** to authenticate the user.
+
+   Depending on the organization's policy, the user may be asked to update the password.
+
+5. After the user's credentails are validated, the window will refresh and will now include an entry that shows the device is now connected to the organization's MDM. This means the device is now enrolled in Intune for Education MDM and the account should have access to the organization's resources.
+
+  **Figure 48** - Device is connected to organization's MDM
+
+  ![Device is connected to organization's MDM](images/win10_connectedtoorgmdm.png)
+
+6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [6.3 Verify the device is Azure AD joined](#63-verify-the-device-is-azure-ad-joined). 
+
+  It may take several minutes before the new device shows up so check again later.
+
+
+## Get more info
+
+### Microsoft Education documentation and resources hub
+See the <a href="https://docs.microsoft.com/education" target="_blank">Microsoft Education documentation and resources</a> hub for links to more content for IT admins, teachers, students, and education app developers.
+
+### Info related to this walkthrough
+
+**For IT admins**
+
+To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
+- <a href="https://docs.microsoft.com/education/windows/education-scenarios-store-for-business" target="_blank">Working with Microsoft Store for Education</a>
+- *Resources for anyone who uses Office 365* and *Resources for admins* in <a href="https://support.office.com/en-US/article/Get-started-with-Office-365-Education-AB02ABE5-A1EE-458C-B749-5B44416CCF14" target="_blank">Get started with Office 365 for Education</a>
+- School Data Sync deployment options
+  - Deployment using CSV files: <a href="https://aka.ms/sdscsv" target="_blank">How to deploy School Data Sync by using CSV files</a> and <a href="https://aka.ms/sdscsvattributes" target="_blank">CSV files for School Data Sync</a>
+  - Deployment using PowerSchool Sync: <a href="https://aka.ms/sdspowerschool" target="_blank">How to deploy School Data Sync by using PowerSchool Sync</a> and <a href="https://aka.ms/sdspowerschoolattributes" target="_blank">School Data Sync required attributes for PowerSchool Sync</a>
+  - Deployment using Clever Sync: <a href="https://aka.ms/sdsclever" target="_blank">How to deploy School Data Sync by using Clever Sync</a> and <a href="https://aka.ms/sdscleverattributes" target="_blank">School Data Sync required attributes for Clever sync</a>
+  - Deployment using OneRoster CSV files: <a href="https://aka.ms/sdsoneroster" target="_blank">How to deploy School Data Sync by using OneRoster CSV files</a>
+
+**For teachers**
+
+Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:
+- *Resources for anyone who uses Office 365* in <a href="https://support.office.com/en-US/article/Get-started-with-Office-365-Education-AB02ABE5-A1EE-458C-B749-5B44416CCF14" target="_blank">Get started with Office 365 for Education</a>
+- <a href="https://education.microsoft.com/windows-10-online-resources-for-teachers" target="_blank">Windows 10 online resources for teachers</a>
+
+
+
+
diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md
index 78b9e46ccf..e4714cf402 100644
--- a/education/get-started/get-started-with-microsoft-education.md
+++ b/education/get-started/get-started-with-microsoft-education.md
@@ -10,7 +10,7 @@ localizationpriority: high
 ms.pagetype: edu
 author: CelesteDG
 ms.author: celested
-ms.date: 06/26/2017
+ms.date: 07/10/2017
 ---
 
 # Get started: Deploy and manage a full cloud IT solution with Microsoft Education
@@ -44,13 +44,14 @@ Go to the <a href="https://www.microsoft.com/en-us/education" target="_blank">Mi
 
 ## What we're doing
 In this walkthrough, we'll show you the basics on how to:
-- Acquire an Office 365 for Education tenant, if you don't already have one
-- Import school, student, teacher, and class data using School Data Sync (SDS)
-- Deploy Microsoft Teams to enable groups and teams in your school to communicate and collaborate
-- Manage apps and settings deployment with Intune for Education
-- Acquire additional apps in Microsoft Store for Education
-- Use the Set up School PCs app to quickly set up and provision your Windows 10 education devices
-- Log in and use the devices
+> [!div class="checklist"]
+> * Acquire an Office 365 for Education tenant, if you don't already have one
+> * Import school, student, teacher, and class data using School Data Sync (SDS)
+> * Deploy Microsoft Teams to enable groups and teams in your school to communicate and collaborate
+> * Manage apps and settings deployment with Intune for Education
+> * Acquire additional apps in Microsoft Store for Education
+> * Use the Set up School PCs app to quickly set up and provision your Windows 10 education devices
+> * Log in and use the devices
 
 This diagram shows a high-level view of what we cover in this walkthrough. The numbers correspond to the sections in the walkthrough and roughly correspond to the flow of the overall process; but, note that not all sections in this walkthrough are shown in the diagram.
 
@@ -101,7 +102,7 @@ Once you get an Office 365 education-verified tenant, trying out Microsoft Educa
 
 To get started with Microsoft Education in a trial environment, follow these steps.
 
-1. [Set up a new Office 365 for Education tenant](#1-set-up-a-new-office-365-for-education-tenant).
+1. [Set up a new Office 365 for Education tenant](set-up-office365-edu-tenant.md).
 
   Wait for your tenant to be education-verified before proceeding with the next step. Verification can take up to a few days.
 
@@ -114,7 +115,7 @@ To get started with Microsoft Education in a trial environment, follow these ste
   2. In the user page, select **Product licenses** and expand the **Office 365 Education** license you assigned to yourself. 
   3. Confirm that School Data Sync is turned on.
 
-3. Skip ahead and follow the rest of the instructions in this walkthrough beginning with [2. Use School Data Sync to import student data](#2-use-school-data-sync-to-import-student-data).
+3. Skip ahead and follow the rest of the instructions in this walkthrough beginning with [Use School Data Sync to import student data](use-school-data-sync.md).
 
 ### <a name="schooluseso365tryi4e"></a>Option 3: Try out Intune for Education
 Already have an Office 365 for Education verified tenant? Just sign in with your global admin credentials to apply the Intune for Education preview trial code to your tenant and follow the rest of the walkthrough.
@@ -127,613 +128,20 @@ Already have an Office 365 for Education verified tenant? Just sign in with your
   ![Intune for Education trial sign in page](images/i4e_trialsigninpage.png)
 
 3. Enter your Office 365 global admin credentials to apply the Intune for Education trial to your tenant.
-4. If you don't already have Microsoft Teams deployed to your tenant, you can start with [3. Enable Microsoft Teams for your school](#3-enable-microsoft-teams-for-your-school) and then follow the rest of the instructions in this walkthrough. 
+4. If you don't already have Microsoft Teams deployed to your tenant, you can start with [Enable Microsoft Teams for your school](enable-microsoft-teams.md) and then follow the rest of the instructions in this walkthrough. 
 
-## 1. Set up a new Office 365 for Education tenant
-Schools can use Office 365 to save time and be more productive. Built with powerful tools and accessible from any device, setting it up is the first step in getting your school to the cloud. 
+## End-to-end process
+The end-to-end process for deploying and managing a full cloud IT solution with Microsoft Education is outlined here. Depending on scenario, you may not need to implement all these steps. 
 
-Don't have an Office 365 for Education verified tenant or just starting out? Follow these steps to set up an Office 365 for Education tenant. [Learn more about Office 365 for Education plans and pricing](https://products.office.com/en-us/academic/compare-office-365-education-plans).
-
-1. Go to the <a href="https://signup.microsoft.com/Signup?OfferId=03ee83a5-5cb4-4545-aca9-33ead43f222a,d764709a-7763-45ef-a2a8-db5b8b6ae704&DL=ENTERPRISEPREMIUM_FACULTY" target="_blank">Office 365 for Education sign up page</a> to sign up for a free subscription for your school.
-2. Create an account and a user ID and password to use to sign into your account. 
-
-  **Figure 3** - Office 365 account creation
-
-  ![Create an Office 365 account](images/o365_createaccount.png)
-
-3. Save your sign-in info so you can use it to sign in to <a href="https://portal.office.com" target="_blank">https://portal.office.com</a> (the sign-in page). Click **You're ready to go...** 
-4. In the **Verify eligibility for Microsoft Office 365 for Education** screen:
-  1. Add your domain name and follow the steps to confirm ownership of the domain. 
-  2. Choose your DNS hosting provider to see step-by-step instructions on how to confirm that you own the domain.
- 
-    In some cases, you may need to wait several hours for the DNS verification to complete. You can click **I'll verify later** and come back later and log into the Office 365 portal and then go to the **Admin** center and select **Domains** to check the status entry for your domain.
-
-    You may need to fill in other information to provide that you qualify for an education tenant. Provide and submit the info to Microsoft to continue verification for your tenant.  
-
-As part of setting up a basic cloud infrastructure, you don't need to complete the rest of the Office 365 for Education setup so we will skip the rest of setup for now and start importing school data. You can pick up where you left off with Office 365 for Education setup once you've completed the rest of the steps in the walkthrough. See [7.3 Complete Office 365 for Education setup](#73-complete-office-365-education-setup) for info.
-
-
-## 2. Use School Data Sync to import student data
-School Data Sync (SDS) helps you import Student Information System (SIS) data into Office 365. It helps automate the process for importing and integrating SIS data that you can use with Office 365 and apps like OneNote Class Notebooks. 
-
-Follow all the steps in this section to use SDS and sample CSV files in a trial environment. To use SDS in a production environment, see step 2 in [Try out Microsoft Education in a production environment](#noo365prodenv) instead.
-
-**<a name="downloadcsvsamples"></a>Download sample school data**
-
-1. Go to the <a href="https://aka.ms/sdsscripts" target="_blank">O365-EDU-Tools GitHub site</a>.
-2. Click the green **Clone or download** button to download the SDS sample files.
-
-  **Figure 4** - Download the SDS sample files from GitHub
-
-  ![Download the SDS sample files from GitHub](images/sds_github_downloadsample.png)
-
-3. In the **Clone with HTTPS** pop-up window, choose **Download ZIP** and note the location where you're saving the folder.
-4. Go to the folder where you saved the .zip and unzip the files.
-5. Open the **O365-EDU-Tools-master** folder and then open the **CSV Samples** subfolder. Confirm that you can see the following sample CSV files.
-
-  **Figure 5** - Sample CSV files
-
-  ![Use the sample CSV files](images/sds_sample_csv_files_us_uk.png)
-
-  > [!NOTE] 
-  > - The sample CSV files uses sample accounts and passwords. If you are using the sample files for testing, remember the accounts and their corresponding passwords. You may be asked to change the password during your first sign in. 
-  > - If you are modifying the sample CSV files to use in your organization, change the accounts and passwords to match the user accounts and passwords in your organization.
-  > - If you are using CSV files from your existing production environment, see the detailed instructions in step 5 in the next section.
-
-To learn more about the CSV files that are required and the info you need to include in each file, see <a href="https://aka.ms/sdscsvattributes" target="_blank">CSV files for School Data Sync</a>. If you run into any issues, see <a href="https://aka.ms/sdserrors" target="_blank">School Data Sync errors and troubleshooting</a>.
-
-**<a name="usesdstoimportdata"></a>Use SDS to import student data**
-
-1. If you haven't done so already, go to the SDS portal, <a href="http://sds.microsoft.com" target="_blank">https://sds.microsoft.com</a>.
-2. Click **Sign in**. You will see the **Settings** option for **Manage School Data Sync**.
-
-  **Figure 6** - Settings for managing SDS
-
-  ![Settings for managing SDS](images/sds_settings_manage_sds_firstsignin.png)
-
-3. Turn on **School Data Sync**. You will get a notification that it is turned on. Click **OK**.
-
-  New menu options will appear on the left of the SDS portal.
-
-  **Figure 7** - New menu options appear after SDS is turned on
-
-  ![New menu options appear after SDS is turned on](images/sds_sds_on_newmenuitemsappear.png)
-
-4. Click **+ Add Profile** from the sync dashboard or from the menu on the left to start syncing school data.
-
-  This opens up the new profile setup wizard within the main page.
-
-  **Figure 8** - New SDS profile setup wizard
-
-  ![New SDS profile setup wizard](images/sds_add_new_profile_062317.png)
-
-5. For the new profile, in the **How do you want to connect to your school?** screen:
-  1. Enter a name for your profile, such as *Contoso_Elementary_Profile*.
-  2. Select a sync method for your profile. For this walkthrough, select **Upload CSV Files**.
-  3. Select the type of CSV files that you're using. For this walkthrough, select **CSV files: SDS Format**.  
-  4. Click **Start**.
-
-6. In the **Sync options** screen:
-  1. In the **Select new or existing users** section, you can select either **Existing users** or **New users** based on the scenaro that applies to you. For this walkthrough, select **New users**.
-  2. In the **Import data** section:
-    1. Click **Upload Files** to bring up the **Select data files to be uploaded** window.
-    2. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import.
-    3. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**.
-    4. In the **Select data files to be uploaded** window, confirm that all six CSV files (School.csv, Section.csv, Student.csv, StudentEnrollment.csv, Teacher.csv, and TeacherRoster.csv) are listed and then click **Upload**.
-
-      > [!NOTE]
-      > After you click **Upload**, the status in the **Select data files to be uploaded** window will indicate that files are being uploaded and verified.
-
-    5. After all the files are successfully uploaded, click **OK**. 
-
-  3. Select the domain for the schools/sections. This domain will be used for the Section email addresses created during setup. If you have more than one domain, make sure you select the appropriate domain for the sync profile and subsequent sections being created.
-  4. In the **Select school and section properties** section, ensure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties, or deselect any properties, make sure you have the properties and values contained within the CSV files. For the walkthrough, you don't have to change the default.
-  5. In the **Sync option for Section Group Display Name**, check the box if you want to allow teachers to overwrite the section names. Otherwise, SDS will always reset the display name value for sections to the value contained within the CSV files.
-  6. In the **Student enrollment option** section:
-    * If you want to sync your student roster data immediately, leave the box unchecked.
-    * If you prefer to sync student enrollment/rostering data at a later date, check this box and then pick a date by clicking the empty box and selecting the appropriate date in the calendar when you would like to begin syncing your student roster data. Some schools prefer to delay syncing student roster data so they don't expose rosters before the start of the new term, semester, or school year.  
-  7. In the **License Options** section, check the box for **Intune for Education** to allow students and teachers to receive the Intune for Education license. This will also create the SDS dynamic groups and security groups, which will be used within Intune for Education.
-  8. Click **Next**.
-
-    **Figure 9** - Sync options for the new profile
-
-    ![Specify sync options for the new SDS profile](images/sds_profile_sync_options_062317.png)
-
-7. In the **Teacher options** screen:
-  1. Select the domain for the teachers. SDS appends the selected domain suffix to the teacher's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The teacher will log in to Office 365 with the UserPrincipalName once the account is created.
-  2. In the **Select teacher properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
-  3. In the **Teacher licenses** section, choose the SKU to assign licenses for teachers. For example, **STANDARDWOFFPACK_FACULTY**.
-  4. Click **Next**.
-
-    **Figure 10** - Specify options for teacher mapping
-
-    ![Specify options for teacher mapping](images/sds_profile_teacher_options_062317.png)
-
-8. In the **Student options** screen:
-  1. Select the domain for the students. SDS appends the selected domain suffix to the student's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The student will log in to Office 365 with the UserPrincipalName once the account is created.
-  2. In the **Select student properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
-  3. In the **Student licenses** section, choose the SKU to assign licenses for students. For example, **STANDARDWOFFPACK_STUDENT**.
-  4. Click **Next**.
-
-    **Figure 11** - Specify options for student mapping
-
-    ![Specify options for student mapping](images/sds_profile_student_options_062317.png)
-
-9. In the profile **Review** page, review the summary and confirm that the options selected are correct. 
-10. Click **Create profile**. You will see a notification that your profile is being submitted and then you will see a page for your profile. 
-
-  **Figure 12** - SDS profile page
-
-  ![SDS profile page](images/sds_profile_profilepage_settingup_062317.png) 
-
-11. After the profile is created and the status indicates as **Setting up**, refresh the page until you see the status change to **Sync in progress**. Beneath the **Sync in progress** status, you will see which of the 5 sync stages SDS is working on:
-  * Stage 1 - Validating data
-  * Stage 2 - Processing schools and sections
-  * Stage 3 - Processing students and teachers
-  * Stage 4 - Adding students and teachers into sections
-  * Stage 5 - Setting up security groups
-
-  If you don't see a **Sync in progress** status on the sync profile, and receive an error message instead, this indicates that SDS has encountered data issues during the pre-sync validation check and has not started syncing your data. This gives you the opportunity to fix the errors identified by the pre-sync validation checks before continuing. Once you've fixed any errors or if you prefer to continue with the errors and begin syncing your data anyway, click the **Resume sync** button to start the sync process.
-
-  Once you've completed all five sync stages, your profile status will update one final time. 
-    * If you haven't encountered any errors, you will see a green check mark which states **Everything is ok**, and the profile status will change to **Sync complete. Ready for more data.** 
-    * If SDS encountered sync errors, you will see a red status icon that indicates an error, and a profile status of **Sync complete. Profile contains multiple errors**. Download the available error report to identify and fix your sync errors. Once complete, upload new files as needed and re-sync your data until errors are resolved.
-
-  Here are some examples of what the sync status can look like:
-
-  **Figure 13** - New profile: Sync in progress
-
-  ![Sync in progress for the new profile](images/sds_profile_status_syncinprogress_062317.png)
-
-  **Figure 14** - New profile: Sync complete - no errors
-
-  ![New profile sync complete with no errors](images/sds_profile_status_everythingok_062317.png)
-
-  **Figure 15** - New profile: Sync complete - with errors
-
-  ![New profile sync complete with errors](images/sds_profile_status_syncerrors_062317.png)
-
-  Sync times, like file download times, can vary widely depending on when you start the sync, how much data you are syncing, the complexity of your data (such as the number of users, schools, and class enrollments), overall system/network load, and other factors. Two people who start a sync at the same time may not have their syncs complete at the same time.
-
-  You can refresh the page to confirm that your profile synced successfully.
-
-That's it for importing sample school data using SDS.
-
-## 3. Enable Microsoft Teams for your school
-Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education. 
-
-To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school. 
-
-**Enable Microsoft Teams for your school**
-
-1. Sign in to <a href="https://portal.office.com" target="_blank">Office 365</a> with your work or school account.
-2. Click **Admin** to go to the Office 365 admin center.
-3. Go to **Settings > Services & add-ins**.
-4. On the **Services & add-ins** page, select **Microsoft Teams**.
-
-  **Figure 16** - Select Microsoft Teams from the list of services & add-ins
-
-  ![Enable Microsoft Teams for your school](images/o365_settings_services_msteams.png)
-
-5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**.
-
-  **Figure 17** - Select the license that you want to configure
-
-  ![Select the Microsoft Teams license that you want to configure](images/o365_msteams_settings.png)
-
-6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization.
-
-  **Figure 18** - Turn on Microsoft Teams for your organization
-
-  ![Turn on Microsoft Teams for your organization](images/o365_msteams_turnon.png)
-
-7. Click **Save**.
-
-You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the <a href="https://aka.ms/MeetTeamsEdu" target="_blank">Meet Microsoft Teams</a> page.
-
-## 4. Configure Microsoft Store for Education
-You'll need to configure Microsoft Store for Education to accept the services agreement and make sure your Microsoft Store account is associated with Intune for Education.
-
-**Associate your Microsoft Store account with Intune for Education**
-
-1. Sign in to <a href="https://educationstore.microsoft.com" target="_blank">Microsoft Store for Education</a>.
-2. Accept the Microsoft Store for Business and Education Services Agreement. 
-
-  This will take you to the Microsoft Store for Education portal.
-
-  **Figure 19** - Microsoft Store for Education portal
-
-  ![Microsoft Store for Education portal](images/msfe_store_portal.png)
-
-3. In the Microsoft Store portal, click **Manage** to go to the Microsoft Store **Overview** page.
-4. Find the **Overview** page, find the **Store settings** tile and click **Management tools**.
-
-  **Figure 20** - Select management tools from the list of Store settings options
-
-  ![Select management tools from list of Store settings options](images/msfe_storesettings_select_managementtools.png)
-
-4. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune for Education ready for use with Microsoft Store for Education.
-
-  **Figure 21** - Activate Intune for Education as the management tool
-
-  ![Activate Intune for Education as the management tool](images/msfe_managementtools_activateintune.png) 
-
-Your Microsoft Store for Education account is now linked to Intune for Education so let's set that up next.
-
-## 5. Use Intune for Education to manage groups, apps, and settings
-Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the <a href="https://docs.microsoft.com/intune-education" target="_blank">Intune for Education documentation</a>. 
-
-### Example - Set up Intune for Education, buy apps from the Store, and install the apps
-In this walkthrough, we'll go through a sample scenario and walk you through the steps to:
-- [Use express configuration to quickly set up Intune for Education](#setupintune)
-- [Use Intune for Education to buy apps from the Microsoft Store for Education](#addappsfrommsfe)
-- [Use Intune for Education to install the apps for all users in your tenant](#installappsallusers)
-
-Note that for verified education tenants, Microsoft automatically provisions your app catalog with these apps so you will see them appear on your Intune for Education catalog even before you've bought any apps:
-- Excel 
-- Fresh Paint
-- Minecraft: Education Edition
-- OneNote
-- PowerPoint
-- Sway
-- Word
-
-  > [!NOTE]
-  > Apps that you own in the Microsoft Store for Education are automatically available in Intune for Education. Any changes you make to your purchases get reflected in Intune for Education.
-
-
-**<a name="setupintune"></a>Set up Intune for Education**
-
-Intune for Education provides an **Express configuration** option so you can get going right away. We'll use that option here.
-
-1. Log into the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>. You will see the Intune for Education dashboard once you're logged in.
-
-  **Figure 22** - Intune for Education dashboard
-
-  ![Intune for Education dashboard](images/i4e_portal.png)
-
-2. On the dashboard, click **Launch Express Configuration**, or select the **Express configuration** option on the menu on the left.
-3. In the **Welcome to Intune for Education** screen, click **Get started**.
-  
-  **Figure 23** - Click Get started to set up Intune for Education
-
-  ![Click Get Started to configure groups, apps, and settings](images/i4e_expressconfiguration_welcome.png)
-
-4. In the **Get school information (optional)** screen, it should indicate that SDS is already configured. Click **Next**.
-
-  **Figure 24** - SDS is configured
-
-  ![SDS is already configured](images/i4e_expressconfiguration_sdsconfigured.png)
-
-5. In the **Choose group** screen, select **All Users**. All apps and settings that we select during express setup will apply to this group. 
-
-  You can choose another group during this step, but note that your experience may vary from what we show in the walkthrough.
-
-6. The **Next** button will appear at the bottom of the screen after you select **All Users**. Click **Next**.
-
-  > [!TIP]
-  > At the top of the screen, did you notice the **Choose group** button change to a green check mark? This means we are done with that step. If you change your mind or need to make changes, simply click on the button to go back to that step. Try it!
-  >
-  > **Figure 25** - Click on the buttons to go back to that step
-  >
-  > ![Click on the buttons to back to that step](images/i4e_expressconfiguration_choosebuttontogoback.png)
-
-7. In the **Choose apps** screen, you will see a selection of Web apps, Microsoft Store apps, and desktop (Win32) apps. You will also see a list of popular apps from each category. 
-
-  - Add or remove apps by clicking on them. A blue checkmark means the app is added and will be installed for all members of the group selected in the **Choose group** step.
-  
-    In this walkthrough, it's up to you to select the apps you choose to install. Just remember what they are so that later in the walkthrough you can verify that the apps were installed correctly on the device.
-
-    > [!TIP]
-    > Web apps are pushed as links in the Windows Start menu under **All apps**. If you want apps to appear in Microsoft Edge browser tabs, use the **Homepages** setting for Microsoft Edge through **Express configuration** or **Manage Users and Devices**.
-
-  **Figure 26** - Choose the apps that you want to install for the group
-
-  ![Choose apps to install for the group](images/i4e_expressconfiguration_chooseapps_selected_cropped.png)
-
-8. When you're done choosing apps, click **Next** at the bottom of the screen.
-
-  If you select Microsoft Store apps, you will see a notification that Intune for Education is getting these apps.
-
-8. In the **Choose settings** screen, we will set the settings to apply to the group. Click the reverse caret (downward-facing arrow) to expand the settings group and get more information about each setting in that settings group.
-
-  **Figure 27** - Expand the settings group to get more details
-
-  ![Expand the settings group to get more info](images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.png)
-
-9. For this walkthrough, set the following settings:
-  - In the **Microsoft Edge settings** group, change the **Do-Not-Track headers** setting to **Require**.
-  - In the **App settings** group, change the **Microsoft Store for Business apps** setting to **Block**, and then set the **Require Microsoft Store for Business apps to be installed from private store** to **Require**.
-
-  **Figure 28** - Set some additional settings
-
-  ![Set some additional settings](images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.png)
-
-10. Click **Next**. In the **Review** screen, you will see a summary of the apps and settings you selected to apply.
-
-  **Figure 29** - Review the group, apps, and settings you configured
-
-  ![Review the group, apps, and settings you configured](images/i4e_expressconfiguration_review.png)
-
-11. Click **Save** to end express configuration.
-12. You will see the **You're done!** screen which lets you choose one of two options. 
-
-  **Figure 30** - All done with Intune for Education express configuration
-
-  ![Done with Intune for Education express configuration](images/i4e_expressconfiguration_alldone.png)
-
-13. Click **All done** or click the **X** on the upper-right corner of the screen to dismiss this screen and go back to the dashboard.
-
-
-**<a name="addappsfrommsfe"></a>Add apps bought from Microsoft Store for Education**
-
-- **Example 1 - Minecraft: Education Edition**
-
-  If you would like to purchase Minecraft: Education Edition or want to learn how to get, distribute, and manage permissions for Minecraft: Education Edition, see <a href="https://docs.microsoft.com/education/windows/school-get-minecraft" target="_blank">For IT administrators - get Minecraft: Education Edition</a>.
-
-- **Example 2 - Free educational/reference apps**
-
-  1. In the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>, click **Apps** from the menu on the left.
-
-    **Figure 31** - Click on **Apps** to see the list of apps for your tenant
-
-    ![Click Apps to see the list of apps for your tenant](images/i4e_dashboard_clickapps.png)
-
-  2. In the **Store apps** section, click **+ New app**. This will take you to the Microsoft Store for Education portal and you will already be signed in.
-
-    **Figure 32** - Select the option to add a new Store app
-
-    ![Select the option to add a new Store app](images/i4e_apps_newstoreapp_selected.png)
-
-  3. In the Microsoft Store page, check some of the categories for suggested apps or search the Store for a free educational or reference app. Find ones that you haven't already installed during express setup for Intune for Education.
-  
-    For example, these apps are free:
-    - Duolingo - Learn Languages for Free
-    - Flashcards Pro 
-    - Khan Academy
-    - My Study Life
-
-  4. Find or select the app you want to install and click **Get the app**.
-  5. In the app's Store page, click the **...** button and select **Add to private store**.
-  6. Repeat steps 3-5 to install another app or move to the next step.
-  7. In the Microsoft Store for Education portal, select **Manage > Apps & software > Manage apps** to verify that the apps you purchased appear in your inventory.
-
-    For example, if you bought Duolingo and Khan Academy, they will show up in your inventory along with the apps that Microsoft automatically provisioned for your education tenant.
-
-    **Figure 33** - Apps inventory in Microsoft Store for Education
-
-    ![Apps inventory in Store for Business](images/msfe_manageapps_inventory_grouped.png)
-
-    In the **Private store** column of the **Apps & software** page, the status for some apps will indicate that it's "In private store" while others will say "Not in private store". We won't go over this in the walkthrough, but you can learn more about this in <a href="https://docs.microsoft.com/microsoft-store/distribute-apps-from-your-private-store" target="_blank">Distribute apps using your private store</a>.
-
-    > [!NOTE]  
-    > You'll see in the above screenshot that some apps say that **Add is in progress**. Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps. 
-
-**<a name="installappsallusers"></a>Install apps for all users**
-
-Now that you've bought the apps, use Intune for Education to specify the group to install the apps for. Here, we'll show you how to install the apps you bought for all devices used by all users in your tenant. 
-
-1. In the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>, click the **Groups** option from the menu on the left.
-
-  **Figure 34** - Groups page in Intune for Education
-
-  ![Groups page in Intune for Education](images/i4e_groupspage.png)
-
-2. In the **Groups** page, select **All Users** from the list of groups on the left, and then click **Users** in the taskbar at the top of the **All Users** page. 
-
-  **Figure 35** - List of all users in the tenant
-
-  ![List of all users in the tenant](images/i4e_groups_allusers_users_steps.png)
-
-3. In the taskbar at the top, select **Apps** and then click **Edit apps** to see a list of available apps.
-
-  **Figure 36** - Edit apps to assign them to users
-
-  ![Edit apps to assign them to users](images/i4e_groups_allusers_appspage_editapps.png)
-
-4. Select the apps to deploy to the group. A blue checkmark will appear next to the apps you select. 
-
-  **Figure 37** - Select the apps to deploy to the group
-
-  ![Select the apps to deploy to the group](images/i4e_groups_allusers_selectappstodeploy.png)
-
-5. Once you're done, click **Save** at the bottom of the page to deploy the selected apps to the group.
-6. You'll be notified that app assignments are being updated. The updated **All Users** groups page now include the apps you selected. 
-
-  **Figure 38** - Updated list of assigned apps
-
-  ![Updated list of assigned apps](images/i4e_groups_allusers_updatedappslist.png)
-
-You're now done assigning apps to all users in your tenant. It's time to set up your Windows 10 device(s) and check that your cloud infrastructure is correctly set up and your apps are being pushed to your devices from the cloud.
-
-## 6. Set up Windows 10 devices
-
-### 6.1 Set up devices using Set up School PCs or Windows OOBE
-We recommend using the latest build of Windows 10, version 1703 on your education devices. To set up new Windows 10 devices and enroll them to your education tenant, choose from one of these options:
-- **Option 1: [Use the Set up School PCs app](#usesetupschoolpcs)** - You can use the app to create a setup file that you can use to quickly set up one or more Windows 10 devices.
-- **Option 2: [Go through Windows OOBE and join the device to Azure AD](#usewindowsoobandjoinaad)** - You can go through a typical Windows 10 device setup or first-run experience to configure your device.
-
-**<a name="usesetupschoolpcs"></a>Option 1: Set up a device using the Set up School PCs app**
-
-IT administrators and technical teachers can use the Set up School PCs app to quickly set up PCs for students. A student PC set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
-
-![Set up School PCs app](images/suspc_getstarted_050817.png)
-
-Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recommended education settings, using a quick USB setup. This app guides you through the creation of a student PC provisioning package and helps you save it to a USB drive. From there, just plug the USB drive into student PCs running Windows 10 Creators Update (version 1703). It automatically:
-- Joins each student PC to your organization's Office 365 and Azure Active Directory tenant
-- Enrolls each student PC into a mobile device management (MDM) provider, like Intune for Education, if licensed in your tenant. You can manage all the settings Set up School PCs sets later through MDM.
-- Removes OEM preinstalled software from each student PC
-- Auto-configures and saves a wireless network profile on each student PC
-- Gives a friendly and unique name to each student device for future management
-- Sets Microsoft-recommended school PC settings, including shared PC mode which provides faster sign-in and automatic account cleanup
-- Enables optional guest account for younger students, lost passwords, or visitors
-- Enables optional secure testing account
-- Locks down the student PC to prevent mischievous activity:
-    * Prevents students from removing the PC from the school's device management system
-    * Prevents students from removing the Set up School PCs settings
-- Keeps student PCs up-to-date without interfering with class time using Windows Update and maintenance hours
-- Customizes the Start layout with Office
-- Installs OneDrive for storing cloud-based documents and Sway for creating interactive reports, presentations, and more
-- Uninstalls apps not specific to education, such as Solitaire
-- Prevents students from adding personal Microsoft accounts to the PC
-
-**To set up a device using the Set up School PCs app**
-
-1. Follow the steps in <a href="https://docs.microsoft.com/en-us/education/windows/use-set-up-school-pcs-app" target="_blank">Use the Set up School PCs app</a> to quickly set up one or more student PCs.
-2. Follow the steps in [5.2 Verify correct device setup](#52-verify-correct-device-setup).
-
-
-**<a name="usewindowsoobandjoinaad"></a>Option 2: Set up a device using Windows OOBE**
-
-1. If you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired or Ethernet connection.
-2. Go through the Windows device setup experience. On a new or reset device, this starts with the **Let's start with region. Is this right?** screen.
-
-  **Figure 39** - Let's start with region
-
-  ![Let's start with region](images/win10_letsstartwithregion.png)
-
-3. Continue with setup. In the **How would you like to set up?** screen, select **Set up for an organization**.
-
-  **Figure 40** - Select setup for an organization
-
-  ![Select setup for an organization](images/win10_setupforanorg.png)
-
-4. Sign in using the user's account and password. Depending on the user password setting, you may be prompted to update the password.
-5. Choose privacy settings for the device. Location, speech recognition, diagnostics, and other settings are all on by default. Configure the settings based on the school's policies. 
-6. Click **Accept** to go through the rest of device setup.
-
-
-### 6.2 Verify correct device setup
-Verify that the device is set up correctly and boots without any issues.
-
-**Verify that the device was set up correctly**
-1. Confirm that the Start menu contains a simple configuration.
-2. Confirm that the Store and built-in apps are installed and working. The apps pushed down from Intune for Education will appear under **Recently added**. 
-
-  > [!NOTE]  
-  > It may take some time before some apps are pushed down to your device from Intune for Education. Check again later if you don't see some of the apps you provisioned for the user.
-
-  **Figure 41** - Sample list of apps for a user
-
-  ![Apps list contains the apps provisioned for the user](images/win10_start_checkapps.png)
-
-### 6.3 Verify the device is Azure AD joined
-Let's now verify that the device is joined to your organization's Azure AD and shows up as being managed in Microsoft Intune for Education.
-
-**Verify if the device is joined to Azure AD**
-1. Log in to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>.
-2. Select **Groups** and select **All Devices**.
-3. In the **All Devices** page, see the list of devices and verify that the device you're signed into appears on the list.
-
-  **Figure 42** - List of all managed devices
-
-  ![Verify that the device is managed in Intune for Education](images/i4e_groups_alldevices_listofaadjdevices.png)
-
-4. On the Windows 10 education device, click **Start** and go to **Settings**. 
-5. Select **Accounts > Access work or school**.
-6. In the **Access work or school** page, confirm that the device is connected to the organization's Azure AD.
-
-  **Figure 43** - Confirm that the Windows 10 device is joined to Azure AD
-
-  ![Confirm that the Windows 10 device is joined to Azure AD](images/win10_confirmaadj.png)
-
-**That's it! You're done!** You've completed basic cloud setup, deployment, and management using Microsoft Education. You can continue follow the rest of the walkthrough to finish setup and complete other tasks.
-
-
-## 7. Finish setup and other tasks
-
-### 7.1 Update group settings in Intune for Education
-If you need to make changes or updates to any of the apps or settings for the group(s), follow these steps.
-
-1. Log in to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>.
-2. Click **Groups** and then choose **Settings** in the taskbar at the top of the page.
-3. You will see the same settings groups that you saw in express setup for Intune for Education as well as other settings categories such as **Windows Defender settings**, **Device sharing**, **Edition upgrade**, and so on.
-
-  **Figure 44** - See the list of available settings in Intune for Education
-
-  ![See the list of available settings in Intune for Education](images/i4e_groups_settingslist_full.png)
-
-4. Keep the default settings or configure the settings according to your school's policies. 
-
-  For example, you can configure the diagnostic data sent to Microsoft in **Basic device settings > Send diagnostic data**. 
-
-5. Click **Save** or **Discard changes**.
-
-### 7.2 Configure Azure settings
-After completing the basic setup for your cloud infrastructure and confirming that it is up and running, it's time to prepare for additional devices to be added and enable capabilities for the user to use.
-
-#### Enable many devices to be added by a single person 
-When a device is owned by the school, you may need to have a single persion adding many devices to your cloud infrastructure. 
-
-Follow the steps in this section to enable a single person to add many devices to your cloud infrastructure.
-
-1. Sign in to the <a href="https://portal.office.com" target="_blank">Office 365 admin center</a>.
-2. Configure the device settings for the school's Active Directory. To do this, go to the new Azure portal, <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a>.
-3. Select **Azure Active Directory > Users and groups > Device settings**.
-
-  **Figure 45** - Device settings in the new Azure portal
-
-  ![Configure device settings in the new Azure portal](images/azure_newportal_usersandgroups_devicesettings.png)
-
-4. Find the setting **Maximum number of devices per user** and change the value to **Unlimited**.
-5. Click **Save** to update device settings.
-
-#### Enable roaming settings for users
-When students move from using one device to another, they may need to have their settings roam with them and be made available on other devices. 
-
-Follow the steps in this section to ensure that settings for the each user follow them when they move from one device to another.
-
-1. Sign in to the <a href="https://portal.office.com" target="_blank">Office 365 admin center</a>.
-3. Go to the new Azure portal, <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a>.
-3. Select **Azure Active Directory > Users and groups > Device settings**.
-4. Find the setting **Users may sync settings and enterprise app data** and change the value to **All**.
-
-  **Figure 46** - Enable settings to roam with users
-
-  ![Enable settings to roam with users](images/azure_usersandgroups_devicesettings_ers.png)
-
-5. Click **Save** to update device settings.
-
-### 7.3 Complete Office 365 for Education setup
-Now that your basic cloud infrastructure is up and running, it's time to complete the rest of the Office 365 for Education setup. You can find detailed information about completing Office 365 setup, services and applications, troubleshooting, and more by reading the <a href="https://support.office.com/en-US/Article/set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa#ID0EAAAABAAA=Education" target="_blank">Office 365 admin documentation</a>.
-
-### 7.4 Add more users
-After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more users and you want the same policies to apply to these users. You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Intune for Education.
-
-See <a href="https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc" target="_blank">Add users to Office 365</a> to learn more. Once you're done adding new users, go to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a> and verify that the same users were added to the Intune for Education groups as well.
-
-### 7.5 Connect other devices to your cloud infrastructure
-Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [6. Set up Windows 10 devices](#6-set-up-windows-10-devices). For other devices, such as those personally-owned by teachers who need to connect to the school network to access work or school resources (BYOD), you can follow the steps in this section to get these devices connected.
-
-  > [!NOTE]  
-  > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device.
-
-**To connect a personal device to your work or school**
-
-1. On your Windows device, go to **Settings > Accounts**.
-2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
-3. In the **Set up a work or school account** window, enter the user's account info.
-
-  For example, if a teacher connects their personal device to the school network, they'll see the following screen after typing in their account information.
-
-  **Figure 47** - Device is now managed by Intune for Education
-
-  ![Device is managed by Intune for Education](images/byob_aad_enrollment_intune.png)
-
-4. Enter the account password and then click **Sign in** to authenticate the user.
-
-   Depending on the organization's policy, the user may be asked to update the password.
-
-5. After the user's credentails are validated, the window will refresh and will now include an entry that shows the device is now connected to the organization's MDM. This means the device is now enrolled in Intune for Education MDM and the account should have access to the organization's resources.
-
-  **Figure 48** - Device is connected to organization's MDM
-
-  ![Device is connected to organization's MDM](images/win10_connectedtoorgmdm.png)
-
-6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [6.3 Verify the device is Azure AD joined](#63-verify-the-device-is-azure-ad-joined). 
-
-  It may take several minutes before the new device shows up so check again later.
+Click the link to watch the video or follow the step-by-step guidance for each.
 
+1. [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
+2. [Use School Data Sync to import student data](use-school-data-sync.md)
+3. [Enable Microsoft Teams for your school](enable-microsoft-teams.md)
+4. [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
+5. [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
+6. [Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
+7. [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md)
 
 ## Get more info
 
diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md
new file mode 100644
index 0000000000..eae9c0f114
--- /dev/null
+++ b/education/get-started/set-up-office365-edu-tenant.md
@@ -0,0 +1,53 @@
+---
+title: Set up an Office 365 Education tenant
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: get-started
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 07/10/2017
+---
+
+# Set up an Office 365 Education tenant
+
+Schools can use Office 365 to save time and be more productive. Built with powerful tools and accessible from any device, setting it up is the first step in getting your school to the cloud. 
+
+Don't have an Office 365 for Education verified tenant or just starting out? Follow these steps to set up an Office 365 for Education tenant. [Learn more about Office 365 for Education plans and pricing](https://products.office.com/en-us/academic/compare-office-365-education-plans). </br>
+
+<center><iframe src="https://www.youtube.com/embed/X7bscA-knaY" width="960" height="540" allowFullScreen frameBorder="0"></iframe></center>
+<!--
+<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/X7bscA-knaY?ecver=2" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>
+-->
+You can watch the descriptive audio version here: [Microsoft Education: Set up an Office 365 Education tenant (DA)](https://www.youtube.com/watch?v=d5tQ8KoB3ic)
+
+## To set up a new Office 365 Education tenant
+
+1. Go to the <a href="https://signup.microsoft.com/Signup?OfferId=03ee83a5-5cb4-4545-aca9-33ead43f222a,d764709a-7763-45ef-a2a8-db5b8b6ae704&DL=ENTERPRISEPREMIUM_FACULTY" target="_blank">Office 365 for Education sign up page</a> to sign up for a free subscription for your school.
+2. Create an account and a user ID and password to use to sign into your account. 
+
+  **Figure 1** - Office 365 account creation
+
+  ![Create an Office 365 account](images/o365_createaccount.png)
+
+3. Save your sign-in info so you can use it to sign in to <a href="https://portal.office.com" target="_blank">https://portal.office.com</a> (the sign-in page). Click **You're ready to go...** 
+4. In the **Verify eligibility for Microsoft Office 365 for Education** screen:
+  1. Add your domain name and follow the steps to confirm ownership of the domain. 
+  2. Choose your DNS hosting provider to see step-by-step instructions on how to confirm that you own the domain.
+ 
+    In some cases, you may need to wait several hours for the DNS verification to complete. You can click **I'll verify later** and come back later and log into the Office 365 portal and then go to the **Admin** center and select **Domains** to check the status entry for your domain.
+
+    You may need to fill in other information to provide that you qualify for an education tenant. Provide and submit the info to Microsoft to continue verification for your tenant.  
+
+As part of setting up a basic cloud infrastructure, you don't need to complete the rest of the Office 365 for Education setup so we will skip the rest of setup for now and start importing school data. You can pick up where you left off with Office 365 for Education setup once you've completed the rest of the steps in the walkthrough. See *Complete Office 365 for Education setup* in [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) for info.
+
+> [!div class="nextstepaction"]
+> [Use School Data Sync to import student data](use-school-data-sync.md)
+
+
+## Related topic
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/get-started/set-up-windows-10-education-devices.md b/education/get-started/set-up-windows-10-education-devices.md
new file mode 100644
index 0000000000..4616229fa7
--- /dev/null
+++ b/education/get-started/set-up-windows-10-education-devices.md
@@ -0,0 +1,30 @@
+---
+title: Set up Windows 10 education devices
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: get-started
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 07/10/2017
+---
+
+# Set up Windows 10 education devices
+
+We recommend using the latest build of Windows 10, version 1703 on your education devices. 
+
+To set up new Windows 10 devices and enroll them to your education tenant, choose from one of these options and follow the link to watch the video or follow the step-by-step guide:
+- **Option 1: [Use the Set up School PCs app](https://docs.microsoft.com/en-us/education/windows/use-set-up-school-pcs-app)** - You can use the app to create a setup file that you can use to quickly set up one or more Windows 10 devices.
+- **Option 2: [Go through Windows OOBE and join the device to Azure AD](set-up-windows-education-devices.md)** - You can go through a typical Windows 10 device setup or first-run experience to configure your device.
+
+
+> [!div class="nextstepaction"]
+> [Finish setup and other tasks](finish-setup-and-other-tasks.md)
+
+
+## Related topic
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md
new file mode 100644
index 0000000000..5fa0dfd262
--- /dev/null
+++ b/education/get-started/set-up-windows-education-devices.md
@@ -0,0 +1,49 @@
+---
+title: Set up Windows 10 devices using Windows OOBE
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: get-started
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 07/10/2017
+---
+
+# Set up Windows 10 devices using Windows OOBE
+
+If you are setting up a Windows 10 device invidividually, and network bandwidth is not an issue, you can go through the Windows 10 first-run setup experience, also known as OOBE (out-of-box-experience) to set up the device, and join it to your school's Office 365 and Azure Active Directory.
+
+You can watch the video to see how this is done, or follow the step-by-step guide. </br>
+
+<center><iframe src="https://www.youtube.com/embed/nADWqBYvqXk" width="960" height="540" allowFullScreen frameBorder="0"></iframe></center>
+<!--
+<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/nADWqBYvqXk?ecver=2" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>
+-->
+You can watch the descriptive audio version here: [Microsoft Education: Set up a new Windows 10 education devices using the Windows setup experience (DA)](https://www.youtube.com/watch?v=_UtS1Cz2Pno)
+
+## To set up Windows 10 devices using OOBE
+
+1. If you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired or Ethernet connection.
+2. Go through the Windows device setup experience. On a new or reset device, this starts with the **Let's start with region. Is this right?** screen.
+
+  **Figure 1** - Let's start with region
+
+  ![Let's start with region](images/win10_letsstartwithregion.png)
+
+3. Continue with setup. In the **How would you like to set up?** screen, select **Set up for an organization**.
+
+  **Figure 2** - Select setup for an organization
+
+  ![Select setup for an organization](images/win10_setupforanorg.png)
+
+4. Sign in using the user's account and password. Depending on the user password setting, you may be prompted to update the password.
+5. Choose privacy settings for the device. Location, speech recognition, diagnostics, and other settings are all on by default. Configure the settings based on the school's policies. 
+6. Click **Accept** to go through the rest of device setup.
+
+
+## Related topic
+[Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
\ No newline at end of file
diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md
new file mode 100644
index 0000000000..6177eb9d53
--- /dev/null
+++ b/education/get-started/use-intune-for-education.md
@@ -0,0 +1,214 @@
+---
+title: Use Intune for Education to manage groups, apps, and settings
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: get-started
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 07/10/2017
+---
+
+# Use Intune for Education to manage groups, apps, and settings
+
+Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the <a href="https://docs.microsoft.com/intune-education" target="_blank">Intune for Education documentation</a>. 
+
+## Example - Set up Intune for Education, buy apps from the Store, and install the apps
+In this walkthrough, we'll go through a sample scenario and walk you through the steps to:
+- [Use express configuration to quickly set up Intune for Education](#set-up-intune-for-education)
+- [Use Intune for Education to buy apps from the Microsoft Store for Education](#add-apps-bought-from-microsoft-store-for-education)
+- [Use Intune for Education to install the apps for all users in your tenant](#install-apps-for-all-users)
+
+Note that for verified education tenants, Microsoft automatically provisions your app catalog with these apps so you will see them appear on your Intune for Education catalog even before you've bought any apps:
+- Excel 
+- Fresh Paint
+- Minecraft: Education Edition
+- OneNote
+- PowerPoint
+- Sway
+- Word
+
+  > [!NOTE]
+  > Apps that you own in the Microsoft Store for Education are automatically available in Intune for Education. Any changes you make to your purchases get reflected in Intune for Education.
+
+You can watch the video to see how this is done, or follow the step-by-step guide. </br>
+
+<center><iframe src="https://www.youtube.com/embed/c3BLoZZw3TQ" width="960" height="540" allowFullScreen frameBorder="0"></iframe></center>
+
+<!--
+<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/c3BLoZZw3TQ?ecver=2" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>
+-->
+You can watch the descriptive audio version here: [Microsoft Education: Use Intune for Education to manage groups, apps, and settings (DA)](https://youtu.be/Tejxfc4V7cQ)
+
+## Set up Intune for Education
+Intune for Education provides an **Express configuration** option so you can get going right away. We'll use that option here.
+
+1. Log into the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>. You will see the Intune for Education dashboard once you're logged in.
+
+  **Figure 1** - Intune for Education dashboard
+
+  ![Intune for Education dashboard](images/i4e_portal.png)
+
+2. On the dashboard, click **Launch Express Configuration**, or select the **Express configuration** option on the menu on the left.
+3. In the **Welcome to Intune for Education** screen, click **Get started**.
+  
+  **Figure 2** - Click Get started to set up Intune for Education
+
+  ![Click Get Started to configure groups, apps, and settings](images/i4e_expressconfiguration_welcome.png)
+
+4. In the **Get school information (optional)** screen, it should indicate that SDS is already configured. Click **Next**.
+
+  **Figure 3** - SDS is configured
+
+  ![SDS is already configured](images/i4e_expressconfiguration_sdsconfigured.png)
+
+5. In the **Choose group** screen, select **All Users**. All apps and settings that we select during express setup will apply to this group. 
+
+  You can choose another group during this step, but note that your experience may vary from what we show in the walkthrough.
+
+6. The **Next** button will appear at the bottom of the screen after you select **All Users**. Click **Next**.
+
+  > [!TIP]
+  > At the top of the screen, did you notice the **Choose group** button change to a green check mark? This means we are done with that step. If you change your mind or need to make changes, simply click on the button to go back to that step. Try it!
+  >
+  > **Figure 4** - Click on the buttons to go back to that step
+  >
+  > ![Click on the buttons to back to that step](images/i4e_expressconfiguration_choosebuttontogoback.png)
+
+7. In the **Choose apps** screen, you will see a selection of Web apps, Microsoft Store apps, and desktop (Win32) apps. You will also see a list of popular apps from each category. 
+
+  - Add or remove apps by clicking on them. A blue checkmark means the app is added and will be installed for all members of the group selected in the **Choose group** step.
+  
+    In this walkthrough, it's up to you to select the apps you choose to install. Just remember what they are so that later in the walkthrough you can verify that the apps were installed correctly on the device.
+
+    > [!TIP]
+    > Web apps are pushed as links in the Windows Start menu under **All apps**. If you want apps to appear in Microsoft Edge browser tabs, use the **Homepages** setting for Microsoft Edge through **Express configuration** or **Manage Users and Devices**.
+
+  **Figure 5** - Choose the apps that you want to install for the group
+
+  ![Choose apps to install for the group](images/i4e_expressconfiguration_chooseapps_selected_cropped.png)
+
+8. When you're done choosing apps, click **Next** at the bottom of the screen.
+
+  If you select Microsoft Store apps, you will see a notification that Intune for Education is getting these apps.
+
+8. In the **Choose settings** screen, we will set the settings to apply to the group. Click the reverse caret (downward-facing arrow) to expand the settings group and get more information about each setting in that settings group.
+
+  **Figure 6** - Expand the settings group to get more details
+
+  ![Expand the settings group to get more info](images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.png)
+
+9. For this walkthrough, set the following settings:
+  - In the **Microsoft Edge settings** group, change the **Do-Not-Track headers** setting to **Require**.
+  - In the **App settings** group, change the **Microsoft Store for Business apps** setting to **Block**, and then set the **Require Microsoft Store for Business apps to be installed from private store** to **Require**.
+
+  **Figure 28** - Set some additional settings
+
+  ![Set some additional settings](images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.png)
+
+10. Click **Next**. In the **Review** screen, you will see a summary of the apps and settings you selected to apply.
+
+  **Figure 7** - Review the group, apps, and settings you configured
+
+  ![Review the group, apps, and settings you configured](images/i4e_expressconfiguration_review.png)
+
+11. Click **Save** to end express configuration.
+12. You will see the **You're done!** screen which lets you choose one of two options. 
+
+  **Figure 8** - All done with Intune for Education express configuration
+
+  ![Done with Intune for Education express configuration](images/i4e_expressconfiguration_alldone.png)
+
+13. Click **All done** or click the **X** on the upper-right corner of the screen to dismiss this screen and go back to the dashboard.
+
+## Add apps bought from Microsoft Store for Education
+
+- **Example 1 - Minecraft: Education Edition**
+
+  If you would like to purchase Minecraft: Education Edition or want to learn how to get, distribute, and manage permissions for Minecraft: Education Edition, see <a href="https://docs.microsoft.com/education/windows/school-get-minecraft" target="_blank">For IT administrators - get Minecraft: Education Edition</a>.
+
+- **Example 2 - Free educational/reference apps**
+
+  1. In the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>, click **Apps** from the menu on the left.
+
+    **Figure 9** - Click on **Apps** to see the list of apps for your tenant
+
+    ![Click Apps to see the list of apps for your tenant](images/i4e_dashboard_clickapps.png)
+
+  2. In the **Store apps** section, click **+ New app**. This will take you to the Microsoft Store for Education portal and you will already be signed in.
+
+    **Figure 10** - Select the option to add a new Store app
+
+    ![Select the option to add a new Store app](images/i4e_apps_newstoreapp_selected.png)
+
+  3. In the Microsoft Store page, check some of the categories for suggested apps or search the Store for a free educational or reference app. Find ones that you haven't already installed during express setup for Intune for Education.
+  
+    For example, these apps are free:
+    - Duolingo - Learn Languages for Free
+    - Flashcards Pro 
+    - Khan Academy
+    - My Study Life
+
+  4. Find or select the app you want to install and click **Get the app**.
+  5. In the app's Store page, click the **...** button and select **Add to private store**.
+  6. Repeat steps 3-5 to install another app or move to the next step.
+  7. In the Microsoft Store for Education portal, select **Manage > Apps & software > Manage apps** to verify that the apps you purchased appear in your inventory.
+
+    For example, if you bought Duolingo and Khan Academy, they will show up in your inventory along with the apps that Microsoft automatically provisioned for your education tenant.
+
+    **Figure 11** - Apps inventory in Microsoft Store for Education
+
+    ![Apps inventory in Store for Business](images/msfe_manageapps_inventory_grouped.png)
+
+    In the **Private store** column of the **Apps & software** page, the status for some apps will indicate that it's "In private store" while others will say "Not in private store". We won't go over this in the walkthrough, but you can learn more about this in <a href="https://docs.microsoft.com/microsoft-store/distribute-apps-from-your-private-store" target="_blank">Distribute apps using your private store</a>.
+
+    > [!NOTE]  
+    > You'll see in the above screenshot that some apps say that **Add is in progress**. Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps. 
+
+## Install apps for all users
+
+Now that you've bought the apps, use Intune for Education to specify the group to install the apps for. Here, we'll show you how to install the apps you bought for all devices used by all users in your tenant. 
+
+1. In the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>, click the **Groups** option from the menu on the left.
+
+  **Figure 12** - Groups page in Intune for Education
+
+  ![Groups page in Intune for Education](images/i4e_groupspage.png)
+
+2. In the **Groups** page, select **All Users** from the list of groups on the left, and then click **Users** in the taskbar at the top of the **All Users** page. 
+
+  **Figure 13** - List of all users in the tenant
+
+  ![List of all users in the tenant](images/i4e_groups_allusers_users_steps.png)
+
+3. In the taskbar at the top, select **Apps** and then click **Edit apps** to see a list of available apps.
+
+  **Figure 14** - Edit apps to assign them to users
+
+  ![Edit apps to assign them to users](images/i4e_groups_allusers_appspage_editapps.png)
+
+4. Select the apps to deploy to the group. A blue checkmark will appear next to the apps you select. 
+
+  **Figure 15** - Select the apps to deploy to the group
+
+  ![Select the apps to deploy to the group](images/i4e_groups_allusers_selectappstodeploy.png)
+
+5. Once you're done, click **Save** at the bottom of the page to deploy the selected apps to the group.
+6. You'll be notified that app assignments are being updated. The updated **All Users** groups page now include the apps you selected. 
+
+  **Figure 16** - Updated list of assigned apps
+
+  ![Updated list of assigned apps](images/i4e_groups_allusers_updatedappslist.png)
+
+You're now done assigning apps to all users in your tenant. It's time to set up your Windows 10 device(s) and check that your cloud infrastructure is correctly set up and your apps are being pushed to your devices from the cloud.
+
+> [!div class="nextstepaction"]
+> [Set up Windows 10 devices](set-up-windows-10-education-devices.md)
+
+
+## Related topic
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md
new file mode 100644
index 0000000000..105a60374a
--- /dev/null
+++ b/education/get-started/use-school-data-sync.md
@@ -0,0 +1,178 @@
+---
+title: Use School Data Sync to import student data
+description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
+keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: get-started
+localizationpriority: high
+ms.pagetype: edu
+author: CelesteDG
+ms.author: celested
+ms.date: 07/10/2017
+---
+
+# Use School Data Sync to import student data
+
+School Data Sync (SDS) helps you import Student Information System (SIS) data into Office 365. It helps automate the process for importing and integrating SIS data that you can use with Office 365 and apps like OneNote Class Notebooks. 
+
+Follow all the steps in this section to use SDS and sample CSV files in a trial environment. To use SDS in a production environment, see step 2 in [Try out Microsoft Education in a production environment](https://docs.microsoft.com/en-us/education/get-started/get-started-with-microsoft-education#setup-options) instead.
+
+You can watch the video to see how this is done, or follow the step-by-step guide.</br>
+
+<center><iframe src="https://www.youtube.com/embed/ehSU8jr8T24" width="960" height="540" allowFullScreen frameBorder="0"></iframe></center>
+<!--
+<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/ehSU8jr8T24?ecver=2" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>
+-->
+
+You can watch the descriptive audio version here: [Microsoft Education: Use School Data Sync to import student data (DA)](https://www.youtube.com/watch?v=l4b086IMtvc)
+
+
+## Download sample school data
+
+1. Go to the <a href="https://aka.ms/sdsscripts" target="_blank">O365-EDU-Tools GitHub site</a>.
+2. Click the green **Clone or download** button to download the SDS sample files.
+
+  **Figure 1** - Download the SDS sample files from GitHub
+
+  ![Download the SDS sample files from GitHub](images/sds_github_downloadsample.png)
+
+3. In the **Clone with HTTPS** pop-up window, choose **Download ZIP** and note the location where you're saving the folder.
+4. Go to the folder where you saved the .zip and unzip the files.
+5. Open the **O365-EDU-Tools-master** folder and then open the **CSV Samples** subfolder. Confirm that you can see the following sample CSV files.
+
+  **Figure 2** - Sample CSV files
+
+  ![Use the sample CSV files](images/sds_sample_csv_files_us_uk.png)
+
+  > [!NOTE] 
+  > - The sample CSV files uses sample accounts and passwords. If you are using the sample files for testing, remember the accounts and their corresponding passwords. You may be asked to change the password during your first sign in. 
+  > - If you are modifying the sample CSV files to use in your organization, change the accounts and passwords to match the user accounts and passwords in your organization.
+  > - If you are using CSV files from your existing production environment, see the detailed instructions in step 5 in the next section.
+
+To learn more about the CSV files that are required and the info you need to include in each file, see <a href="https://aka.ms/sdscsvattributes" target="_blank">CSV files for School Data Sync</a>. If you run into any issues, see <a href="https://aka.ms/sdserrors" target="_blank">School Data Sync errors and troubleshooting</a>.
+
+## Use SDS to import student data
+
+1. If you haven't done so already, go to the SDS portal, <a href="http://sds.microsoft.com" target="_blank">https://sds.microsoft.com</a>.
+2. Click **Sign in**. You will see the **Settings** option for **Manage School Data Sync**.
+
+  **Figure 3** - Settings for managing SDS
+
+  ![Settings for managing SDS](images/sds_settings_manage_sds_firstsignin.png)
+
+3. Turn on **School Data Sync**. You will get a notification that it is turned on. Click **OK**.
+
+  New menu options will appear on the left of the SDS portal.
+
+  **Figure 4** - New menu options appear after SDS is turned on
+
+  ![New menu options appear after SDS is turned on](images/sds_sds_on_newmenuitemsappear.png)
+
+4. Click **+ Add Profile** from the sync dashboard or from the menu on the left to start syncing school data.
+
+  This opens up the new profile setup wizard within the main page.
+
+  **Figure 5** - New SDS profile setup wizard
+
+  ![New SDS profile setup wizard](images/sds_add_new_profile_062317.png)
+
+5. For the new profile, in the **How do you want to connect to your school?** screen:
+  1. Enter a name for your profile, such as *Contoso_Elementary_Profile*.
+  2. Select a sync method for your profile. For this walkthrough, select **Upload CSV Files**.
+  3. Select the type of CSV files that you're using. For this walkthrough, select **CSV files: SDS Format**.  
+  4. Click **Start**.
+
+6. In the **Sync options** screen:
+  1. In the **Select new or existing users** section, you can select either **Existing users** or **New users** based on the scenaro that applies to you. For this walkthrough, select **New users**.
+  2. In the **Import data** section:
+    1. Click **Upload Files** to bring up the **Select data files to be uploaded** window.
+    2. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import.
+    3. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**.
+    4. In the **Select data files to be uploaded** window, confirm that all six CSV files (School.csv, Section.csv, Student.csv, StudentEnrollment.csv, Teacher.csv, and TeacherRoster.csv) are listed and then click **Upload**.
+
+      > [!NOTE]
+      > After you click **Upload**, the status in the **Select data files to be uploaded** window will indicate that files are being uploaded and verified.
+
+    5. After all the files are successfully uploaded, click **OK**. 
+
+  3. Select the domain for the schools/sections. This domain will be used for the Section email addresses created during setup. If you have more than one domain, make sure you select the appropriate domain for the sync profile and subsequent sections being created.
+  4. In the **Select school and section properties** section, ensure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties, or deselect any properties, make sure you have the properties and values contained within the CSV files. For the walkthrough, you don't have to change the default.
+  5. In the **Sync option for Section Group Display Name**, check the box if you want to allow teachers to overwrite the section names. Otherwise, SDS will always reset the display name value for sections to the value contained within the CSV files.
+  6. In the **Student enrollment option** section:
+    * If you want to sync your student roster data immediately, leave the box unchecked.
+    * If you prefer to sync student enrollment/rostering data at a later date, check this box and then pick a date by clicking the empty box and selecting the appropriate date in the calendar when you would like to begin syncing your student roster data. Some schools prefer to delay syncing student roster data so they don't expose rosters before the start of the new term, semester, or school year.  
+  7. In the **License Options** section, check the box for **Intune for Education** to allow students and teachers to receive the Intune for Education license. This will also create the SDS dynamic groups and security groups, which will be used within Intune for Education.
+  8. Click **Next**.
+
+    **Figure 6** - Sync options for the new profile
+
+    ![Specify sync options for the new SDS profile](images/sds_profile_sync_options_062317.png)
+
+7. In the **Teacher options** screen:
+  1. Select the domain for the teachers. SDS appends the selected domain suffix to the teacher's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The teacher will log in to Office 365 with the UserPrincipalName once the account is created.
+  2. In the **Select teacher properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
+  3. In the **Teacher licenses** section, choose the SKU to assign licenses for teachers. For example, **STANDARDWOFFPACK_FACULTY**.
+  4. Click **Next**.
+
+    **Figure 7** - Specify options for teacher mapping
+
+    ![Specify options for teacher mapping](images/sds_profile_teacher_options_062317.png)
+
+8. In the **Student options** screen:
+  1. Select the domain for the students. SDS appends the selected domain suffix to the student's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The student will log in to Office 365 with the UserPrincipalName once the account is created.
+  2. In the **Select student properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
+  3. In the **Student licenses** section, choose the SKU to assign licenses for students. For example, **STANDARDWOFFPACK_STUDENT**.
+  4. Click **Next**.
+
+    **Figure 8** - Specify options for student mapping
+
+    ![Specify options for student mapping](images/sds_profile_student_options_062317.png)
+
+9. In the profile **Review** page, review the summary and confirm that the options selected are correct. 
+10. Click **Create profile**. You will see a notification that your profile is being submitted and then you will see a page for your profile. 
+
+  **Figure 9** - SDS profile page
+
+  ![SDS profile page](images/sds_profile_profilepage_settingup_062317.png) 
+
+11. After the profile is created and the status indicates as **Setting up**, refresh the page until you see the status change to **Sync in progress**. Beneath the **Sync in progress** status, you will see which of the 5 sync stages SDS is working on:
+  * Stage 1 - Validating data
+  * Stage 2 - Processing schools and sections
+  * Stage 3 - Processing students and teachers
+  * Stage 4 - Adding students and teachers into sections
+  * Stage 5 - Setting up security groups
+
+  If you don't see a **Sync in progress** status on the sync profile, and receive an error message instead, this indicates that SDS has encountered data issues during the pre-sync validation check and has not started syncing your data. This gives you the opportunity to fix the errors identified by the pre-sync validation checks before continuing. Once you've fixed any errors or if you prefer to continue with the errors and begin syncing your data anyway, click the **Resume sync** button to start the sync process.
+
+  Once you've completed all five sync stages, your profile status will update one final time. 
+    * If you haven't encountered any errors, you will see a green check mark which states **Everything is ok**, and the profile status will change to **Sync complete. Ready for more data.** 
+    * If SDS encountered sync errors, you will see a red status icon that indicates an error, and a profile status of **Sync complete. Profile contains multiple errors**. Download the available error report to identify and fix your sync errors. Once complete, upload new files as needed and re-sync your data until errors are resolved.
+
+  Here are some examples of what the sync status can look like:
+
+  **Figure 10** - New profile: Sync in progress
+
+  ![Sync in progress for the new profile](images/sds_profile_status_syncinprogress_062317.png)
+
+  **Figure 11** - New profile: Sync complete - no errors
+
+  ![New profile sync complete with no errors](images/sds_profile_status_everythingok_062317.png)
+
+  **Figure 12** - New profile: Sync complete - with errors
+
+  ![New profile sync complete with errors](images/sds_profile_status_syncerrors_062317.png)
+
+  Sync times, like file download times, can vary widely depending on when you start the sync, how much data you are syncing, the complexity of your data (such as the number of users, schools, and class enrollments), overall system/network load, and other factors. Two people who start a sync at the same time may not have their syncs complete at the same time.
+
+  You can refresh the page to confirm that your profile synced successfully.
+
+That's it for importing sample school data using SDS.
+
+> [!div class="nextstepaction"]
+> [Enable Microsoft Teams for your school](enable-microsoft-teams.md)
+
+
+## Related topic
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/images/education-ms-teams.svg b/education/images/education-ms-teams.svg
new file mode 100644
index 0000000000..041429e604
--- /dev/null
+++ b/education/images/education-ms-teams.svg
@@ -0,0 +1,258 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #5c2d91;
+      }
+
+      .cls-2, .cls-20 {
+        fill: none;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-2 {
+        stroke: #808285;
+      }
+
+      .cls-3 {
+        fill: #2a6dcf;
+      }
+
+      .cls-4 {
+        fill: #6d6e71;
+      }
+
+      .cls-5 {
+        fill: #414042;
+      }
+
+      .cls-6 {
+        fill: #fff;
+      }
+
+      .cls-7 {
+        fill: #808285;
+      }
+
+      .cls-8 {
+        fill: #bad80a;
+      }
+
+      .cls-9 {
+        fill: #556a8a;
+      }
+
+      .cls-10 {
+        fill: gray;
+      }
+
+      .cls-11 {
+        fill: #2e2e2e;
+      }
+
+      .cls-12 {
+        fill: #1a1a1a;
+      }
+
+      .cls-13 {
+        fill: #221f1f;
+      }
+
+      .cls-14 {
+        fill: #80bceb;
+      }
+
+      .cls-15 {
+        fill: #b62a2a;
+      }
+
+      .cls-16 {
+        fill: #f0d4d4;
+      }
+
+      .cls-17 {
+        fill: #d1d3d4;
+      }
+
+      .cls-18 {
+        fill: #e6e7e8;
+      }
+
+      .cls-19 {
+        fill: #939598;
+      }
+
+      .cls-20 {
+        stroke: #414042;
+      }
+
+      .cls-21 {
+        fill: #f1f2f2;
+      }
+
+      .cls-22 {
+        fill: #2b978a;
+      }
+
+      .cls-23 {
+        fill: #008272;
+      }
+
+      .cls-24 {
+        fill: #558ad8;
+      }
+
+      .cls-25 {
+        fill: #aad2f2;
+      }
+    </style>
+  </defs>
+  <title>education-pro-usb copy</title>
+  <g>
+    <ellipse class="cls-1" cx="66.48" cy="32.04" rx="11.52" ry="12.96"/>
+    <line class="cls-2" x1="81" y1="57" x2="165" y2="57"/>
+    <path class="cls-1" d="M89.7,65.67A3.44,3.44,0,0,1,86.24,69H46.76a3.44,3.44,0,0,1-3.47-3.33c-.38-7.33-1.22-16.17,3.87-21.1a12.82,12.82,0,0,1,6.11-3.2,16.51,16.51,0,0,0,12.89,6.32,13.08,13.08,0,0,0,1.52-.08,16.55,16.55,0,0,0,11.47-6.38C91.5,43.83,90.2,56.06,89.7,65.67Z"/>
+  </g>
+  <polyline class="cls-2" points="102 113 142 113 142 88"/>
+  <line class="cls-2" x1="267.21" y1="64" x2="351.21" y2="64"/>
+  <g>
+    <ellipse class="cls-3" cx="338.69" cy="38.34" rx="12.67" ry="14.26"/>
+    <path class="cls-3" d="M364.24,75.33A3.78,3.78,0,0,1,360.42,79H317a3.78,3.78,0,0,1-3.81-3.67c-.41-8.06-1.34-17.79,4.25-23.21a14.1,14.1,0,0,1,6.72-3.52,18.16,18.16,0,0,0,14.18,7,14.39,14.39,0,0,0,1.67-.09,18.2,18.2,0,0,0,12.61-7C366.21,51.31,364.78,64.77,364.24,75.33Z"/>
+  </g>
+  <g>
+    <path class="cls-4" d="M328.21,61.12V89.88a.63.63,0,0,1-.64.62H304.85a.63.63,0,0,1-.64-.62V61.12a.63.63,0,0,1,.64-.62h22.72A.63.63,0,0,1,328.21,61.12Z"/>
+    <g>
+      <rect class="cls-5" x="302.21" y="63.5" width="2" height="2"/>
+      <rect class="cls-6" x="304.21" y="63.5" width="2" height="2"/>
+    </g>
+    <g>
+      <rect class="cls-5" x="302.21" y="70.5" width="2" height="2"/>
+      <rect class="cls-6" x="304.21" y="70.5" width="2" height="2"/>
+    </g>
+    <g>
+      <rect class="cls-5" x="302.21" y="77.5" width="2" height="2"/>
+      <rect class="cls-6" x="304.21" y="77.5" width="2" height="2"/>
+    </g>
+    <g>
+      <rect class="cls-5" x="302.21" y="84.5" width="2" height="2"/>
+      <rect class="cls-6" x="304.21" y="84.5" width="2" height="2"/>
+    </g>
+    <path class="cls-7" d="M328.21,61.12V76.5l-16-16h15.36A.63.63,0,0,1,328.21,61.12Z"/>
+    <rect class="cls-6" x="309.21" y="64.5" width="14" height="4"/>
+  </g>
+  <g>
+    <ellipse class="cls-8" cx="90.48" cy="89.04" rx="11.52" ry="12.96"/>
+    <path class="cls-8" d="M113.7,122.67a3.44,3.44,0,0,1-3.47,3.33H70.76a3.44,3.44,0,0,1-3.47-3.33c-.38-7.33-1.22-16.17,3.87-21.1a12.82,12.82,0,0,1,6.11-3.2,16.51,16.51,0,0,0,12.89,6.32,13.08,13.08,0,0,0,1.52-.08,16.55,16.55,0,0,0,11.47-6.38C115.5,100.83,114.2,113.06,113.7,122.67Z"/>
+  </g>
+  <g>
+    <rect class="cls-3" x="89.97" y="110.03" width="30" height="8" transform="translate(-49.89 107.62) rotate(-45)"/>
+    <polygon class="cls-9" points="90.12 123.22 88 131 95.78 128.88 90.12 123.22"/>
+    <path class="cls-9" d="M119.11,105.54l1.41-1.41a3,3,0,0,0,0-4.24l-1.41-1.41a3,3,0,0,0-4.24,0l-1.41,1.41Z"/>
+    <rect class="cls-6" x="113.31" y="101.19" width="1" height="8" transform="translate(-41.05 111.29) rotate(-45)"/>
+  </g>
+  <g>
+    <g>
+      <polygon class="cls-10" points="265 126 148 126 155.32 118 258.15 118 265 126"/>
+      <polygon class="cls-11" points="254 124 159 124 162.34 119 250.76 119 254 124"/>
+      <path class="cls-12" d="M260.37,129H153.3c-4.95,0-5-2.91-5-2.91H265S265.58,129,260.37,129Z"/>
+    </g>
+    <polygon class="cls-12" points="216 112 196 112 198 98 214 98 214.14 99 216 112"/>
+    <polygon class="cls-11" points="216 112 206 112 206 99 214.14 99 216 112"/>
+    <rect class="cls-13" x="130" y="16" width="153" height="84" rx="4" ry="4"/>
+    <rect class="cls-14" x="134" y="20" width="145" height="76"/>
+    <path class="cls-11" d="M235.79,116H177.21a2.12,2.12,0,0,1-2.21-2s3.74-3,3.92-3h54.16c2.25,0,4.92,3,4.92,3A2.12,2.12,0,0,1,235.79,116Z"/>
+  </g>
+  <g>
+    <polygon class="cls-5" points="244.11 36 176.62 36 151.67 50 268.17 50 244.11 36"/>
+    <rect class="cls-4" x="152" y="50" width="116" height="34"/>
+    <polygon class="cls-15" points="210.25 31 209.75 31 184 49.69 184 84 236 84 236 49.69 210.25 31"/>
+    <g>
+      <rect class="cls-16" x="227" y="59" width="4" height="4"/>
+      <rect class="cls-16" x="227" y="54" width="4" height="4"/>
+      <rect class="cls-16" x="222" y="59" width="4" height="4"/>
+      <rect class="cls-16" x="222" y="54" width="4" height="4"/>
+      <rect class="cls-16" x="194" y="59" width="4" height="4"/>
+      <rect class="cls-16" x="194" y="54" width="4" height="4"/>
+      <rect class="cls-16" x="189" y="59" width="4" height="4"/>
+      <rect class="cls-16" x="189" y="54" width="4" height="4"/>
+      <rect class="cls-16" x="194" y="72" width="4" height="4"/>
+      <rect class="cls-16" x="194" y="67" width="4" height="4"/>
+      <rect class="cls-16" x="189" y="72" width="4" height="4"/>
+      <rect class="cls-16" x="189" y="67" width="4" height="4"/>
+      <rect class="cls-16" x="227" y="72" width="4" height="4"/>
+      <rect class="cls-16" x="227" y="67" width="4" height="4"/>
+      <rect class="cls-16" x="222" y="72" width="4" height="4"/>
+      <rect class="cls-16" x="222" y="67" width="4" height="4"/>
+      <rect class="cls-16" x="210" y="59" width="4" height="4"/>
+      <rect class="cls-16" x="210" y="54" width="4" height="4"/>
+      <rect class="cls-16" x="205" y="59" width="4" height="4"/>
+      <rect class="cls-16" x="205" y="54" width="4" height="4"/>
+    </g>
+    <rect class="cls-5" x="204" y="70" width="12" height="14"/>
+    <rect class="cls-17" x="205" y="71" width="10" height="13"/>
+    <g>
+      <rect class="cls-18" x="162" y="59" width="3" height="4"/>
+      <rect class="cls-18" x="162" y="54" width="3" height="4"/>
+      <rect class="cls-18" x="158" y="54" width="3" height="4"/>
+      <rect class="cls-18" x="158" y="59" width="3" height="4"/>
+    </g>
+    <g>
+      <rect class="cls-18" x="162" y="72" width="3" height="4"/>
+      <rect class="cls-18" x="162" y="67" width="3" height="4"/>
+      <rect class="cls-18" x="158" y="67" width="3" height="4"/>
+      <rect class="cls-18" x="158" y="72" width="3" height="4"/>
+    </g>
+    <g>
+      <rect class="cls-18" x="175" y="59" width="3" height="4"/>
+      <rect class="cls-18" x="175" y="54" width="3" height="4"/>
+      <rect class="cls-18" x="171" y="59" width="3" height="4"/>
+      <rect class="cls-18" x="171" y="54" width="3" height="4"/>
+    </g>
+    <g>
+      <rect class="cls-18" x="175" y="72" width="3" height="4"/>
+      <rect class="cls-18" x="175" y="67" width="3" height="4"/>
+      <rect class="cls-18" x="171" y="72" width="3" height="4"/>
+      <rect class="cls-18" x="171" y="67" width="3" height="4"/>
+    </g>
+    <g>
+      <rect class="cls-18" x="246" y="59" width="3" height="4"/>
+      <rect class="cls-18" x="246" y="54" width="3" height="4"/>
+      <rect class="cls-18" x="242" y="59" width="3" height="4"/>
+      <rect class="cls-18" x="242" y="54" width="3" height="4"/>
+      <g>
+        <rect class="cls-18" x="259" y="59" width="3" height="4"/>
+        <rect class="cls-18" x="259" y="54" width="3" height="4"/>
+        <rect class="cls-18" x="255" y="59" width="3" height="4"/>
+        <rect class="cls-18" x="255" y="54" width="3" height="4"/>
+      </g>
+    </g>
+    <g>
+      <rect class="cls-18" x="246" y="72" width="3" height="4"/>
+      <rect class="cls-18" x="246" y="67" width="3" height="4"/>
+      <rect class="cls-18" x="242" y="72" width="3" height="4"/>
+      <rect class="cls-18" x="242" y="67" width="3" height="4"/>
+      <g>
+        <rect class="cls-18" x="259" y="72" width="3" height="4"/>
+        <rect class="cls-18" x="259" y="67" width="3" height="4"/>
+        <rect class="cls-18" x="255" y="72" width="3" height="4"/>
+        <rect class="cls-18" x="255" y="67" width="3" height="4"/>
+      </g>
+    </g>
+    <path class="cls-19" d="M214.24,37.76a6,6,0,1,1-8.49,0A6,6,0,0,1,214.24,37.76Z"/>
+    <polyline class="cls-20" points="214.5 43 210 43 210 38"/>
+    <polygon class="cls-21" points="215 71 215 77 209 71 215 71"/>
+    <path class="cls-22" d="M162.67,80.42a3.3,3.3,0,0,1-.8,2.2,5,5,0,0,1-2.14,1.4l-.27.1a9.78,9.78,0,0,1-1.29.3c-1.33.22-6.55,0-8.25,0-3.73,0-6.75-2.12-6.75-4.75a4.46,4.46,0,0,1,2.65-3.77,2.75,2.75,0,0,1-1.15-2.23,1.79,1.79,0,0,1,0-.24,2.67,2.67,0,0,1,.67-1.58,2.72,2.72,0,0,1,2.06-.93,2.9,2.9,0,0,1,.76.1,9,9,0,0,1,.23-1.87,7.58,7.58,0,0,1,.6-1.7,4,4,0,0,1,3.42-2.53c1.81,0,3.35,1.66,4,4,2.11.09,3.79,1.51,3.79,3.24a2.81,2.81,0,0,1-.65,1.77,3.42,3.42,0,0,1,2.15,3,2.79,2.79,0,0,1-.29,1.21A2.94,2.94,0,0,1,162.67,80.42Z"/>
+    <path class="cls-23" d="M159.73,84l-.27.1a9.78,9.78,0,0,1-1.29.3h-8.25c-3.73,0-6.75-2.12-6.75-4.75a4.46,4.46,0,0,1,2.65-3.77,2.75,2.75,0,0,1-1.15-2.23,1.79,1.79,0,0,1,0-.24,2.65,2.65,0,0,1,.49.09,9,9,0,0,1,.18-1.67,2.72,2.72,0,0,1,2.06-.93,2.9,2.9,0,0,1,.76.1,9,9,0,0,1,.23-1.87,7.58,7.58,0,0,1,.6-1.7,2.84,2.84,0,0,1,.42,0c1.81,0,3.75,1,3.75,4,2.79-1,4.5.76,4.5,2.5a3.38,3.38,0,0,1-1.15,2.52c1.65,0,2.65.72,2.65,2a3.14,3.14,0,0,1-.79,2.21,2.94,2.94,0,0,1,1.29,2.29C159.67,83.21,159.74,83.65,159.73,84Z"/>
+  </g>
+  <g>
+    <g>
+      <polygon class="cls-3" points="93 36 93 50 109.5 33.5 93 36"/>
+      <rect class="cls-3" x="87" y="15" width="34" height="27" rx="3" ry="3"/>
+    </g>
+    <path class="cls-24" d="M121,18V31L105,15h13A3,3,0,0,1,121,18Z"/>
+    <rect class="cls-25" x="96" y="24" width="16" height="1"/>
+    <rect class="cls-25" x="96" y="28" width="16" height="1"/>
+    <rect class="cls-25" x="96" y="32" width="9" height="1"/>
+  </g>
+</svg>
diff --git a/education/images/education-partner-aep-2.svg b/education/images/education-partner-aep-2.svg
new file mode 100644
index 0000000000..6bf0c2c3ac
--- /dev/null
+++ b/education/images/education-partner-aep-2.svg
@@ -0,0 +1,84 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #55a5e4;
+        opacity: 0.2;
+      }
+
+      .cls-2 {
+        fill: #fff;
+        stroke: #55a5e4;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-3 {
+        fill: #7750a3;
+      }
+
+      .cls-4 {
+        fill: #4d4e4e;
+      }
+
+      .cls-5 {
+        fill: #0078d7;
+      }
+
+      .cls-6 {
+        fill: #2b8fde;
+      }
+
+      .cls-7 {
+        fill: #0050c5;
+      }
+
+      .cls-8 {
+        fill: #b4a0ff;
+        opacity: 0.5;
+      }
+
+      .cls-9 {
+        fill: #bad80a;
+      }
+
+      .cls-10 {
+        fill: #ddec85;
+      }
+
+      .cls-11 {
+        fill: #80bceb;
+      }
+    </style>
+  </defs>
+  <title>education-partner-aep-2</title>
+  <g>
+    <path class="cls-1" d="M119.51,50.32a35.43,35.43,0,0,1,69.94-1.11,24.11,24.11,0,0,1,38.72,12.26,21.07,21.07,0,1,1,5,41.54H114.58c-12-2.44-21.08-13.6-21.08-26.35A26.34,26.34,0,0,1,119.51,50.32Z"/>
+    <g>
+      <path class="cls-2" d="M124.38,65.52a37.39,37.39,0,0,1,74-1.19,25.21,25.21,0,0,1,16.34-6,25.57,25.57,0,0,1,24.62,19.14,22,22,0,0,1,5.29-.67,22.61,22.61,0,0,1,0,45.21H119.17c-12.72-2.62-22.3-14.59-22.3-28.25A28.06,28.06,0,0,1,124.38,65.52Z"/>
+      <g>
+        <ellipse class="cls-3" cx="163" cy="69.36" rx="14.5" ry="16.5"/>
+        <path class="cls-3" d="M192.13,111.64a4.49,4.49,0,0,1-3.68,4.31,3.81,3.81,0,0,1-.59,0H139.14a4.46,4.46,0,0,1-4.28-4.36c-.46-9.16-1.5-20.22,4.78-26.38a15.69,15.69,0,0,1,7.53-4,20.35,20.35,0,0,0,14.42,7.84,14.71,14.71,0,0,0,1.49.07,16.36,16.36,0,0,0,1.87-.1,20.39,20.39,0,0,0,14.15-8C194.35,84.33,192.74,99.63,192.13,111.64Z"/>
+      </g>
+      <g>
+        <rect class="cls-4" x="142.5" y="49" width="3" height="18.75" rx="1.5" ry="1.5"/>
+        <path class="cls-5" d="M185.87,50l-8.37,3V63c0,4.17-6.83,8-14.62,8s-14.38-3.83-14.38-8V53l-8.63-3,23-8Z"/>
+        <path class="cls-6" d="M177.5,54v9c0,4.17-6.83,8-14.62,8s-14.38-3.83-14.38-8V54l14,7Z"/>
+        <polygon class="cls-7" points="163.5 63 177.5 58.05 177.5 53 163.5 58 148.5 53 148.5 58.05 163.5 63"/>
+        <path class="cls-4" d="M141.5,72V67.5c0-1.65.9-3,2-3h1c1.1,0,2,1.35,2,3V72Z"/>
+      </g>
+      <path class="cls-8" d="M192.13,111.64a4.49,4.49,0,0,1-3.68,4.31L161.59,89.09a14.71,14.71,0,0,0,1.49.07,16.36,16.36,0,0,0,1.87-.1,20.39,20.39,0,0,0,14.15-8C194.35,84.33,192.74,99.63,192.13,111.64Z"/>
+      <circle class="cls-9" cx="253.5" cy="78" r="53" transform="translate(19.09 202.1) rotate(-45)"/>
+      <path class="cls-10" d="M291,40.52a53,53,0,0,1,0,75l-75-75A53,53,0,0,1,291,40.52Z"/>
+      <polygon class="cls-5" points="118.5 81 121.16 87.85 128.5 88.27 122.81 92.92 124.68 100.02 118.5 96.05 112.32 100.02 114.19 92.92 108.5 88.27 115.84 87.85 118.5 81"/>
+      <g>
+        <polygon class="cls-5" points="258.49 70.32 256.48 78.17 247.28 114 241.48 104.19 237.54 106.53 231.68 109.99 242.88 66.31 258.49 70.32"/>
+        <polygon class="cls-6" points="256.48 78.17 247.28 114 241.48 104.19 237.54 106.53 245.54 75.35 256.48 78.17"/>
+        <polygon class="cls-5" points="276.04 106.88 268.44 104.11 265.33 102.98 261.44 113.68 242.92 73.93 242.38 72.8 256.98 66.01 276.04 106.88"/>
+        <polygon class="cls-6" points="268.44 104.11 265.33 102.98 261.44 113.68 242.92 73.93 252.32 69.55 268.44 104.11"/>
+        <polygon class="cls-7" points="252.05 47.01 258.09 43.14 261.38 49.51 268.55 49.18 268.22 56.35 274.6 59.64 270.72 65.69 274.6 71.73 268.22 75.02 268.55 82.19 261.38 81.86 258.09 88.23 252.05 84.36 246.01 88.23 242.71 81.86 235.54 82.19 235.88 75.02 229.5 71.73 233.37 65.69 229.5 59.64 235.88 56.35 235.54 49.18 242.71 49.51 246.01 43.14 252.05 47.01"/>
+        <path class="cls-11" d="M261,65.68a9,9,0,1,1-9-9A8.93,8.93,0,0,1,261,65.68Z"/>
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/education/images/education-partner-directory-3.svg b/education/images/education-partner-directory-3.svg
new file mode 100644
index 0000000000..ba8f644949
--- /dev/null
+++ b/education/images/education-partner-directory-3.svg
@@ -0,0 +1,95 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #55a5e4;
+      }
+
+      .cls-11, .cls-2, .cls-3 {
+        fill: #fff;
+      }
+
+      .cls-2, .cls-5, .cls-9 {
+        stroke: #556a8a;
+        stroke-width: 2px;
+      }
+
+      .cls-2, .cls-5 {
+        stroke-linecap: round;
+        stroke-linejoin: round;
+      }
+
+      .cls-4 {
+        fill: #556a8a;
+      }
+
+      .cls-10, .cls-5, .cls-7, .cls-9 {
+        fill: none;
+      }
+
+      .cls-6 {
+        fill: #e5e5e5;
+      }
+
+      .cls-7 {
+        stroke: #a7a9ac;
+      }
+
+      .cls-7, .cls-9 {
+        stroke-miterlimit: 10;
+      }
+
+      .cls-8 {
+        fill: #d4e2f5;
+      }
+
+      .cls-11 {
+        opacity: 0.1;
+      }
+
+      .cls-12 {
+        fill: #e4edf1;
+        opacity: 0.34;
+      }
+    </style>
+  </defs>
+  <title>education-partner-directory-3</title>
+  <g>
+    <path class="cls-1" d="M117,66.32a35.43,35.43,0,0,1,69.94-1.11,24.11,24.11,0,0,1,38.72,12.26,21.07,21.07,0,1,1,5,41.54H112.08c-12-2.44-21.08-13.6-21.08-26.35A26.34,26.34,0,0,1,117,66.32Z"/>
+    <rect class="cls-2" x="185" y="29" width="124" height="97"/>
+    <path class="cls-3" d="M247,124a13.75,13.75,0,0,0-9-4H196V23h43c7,0,8,10,8,10s1-10,8-10h43v97H256a13.75,13.75,0,0,0-9,4"/>
+    <rect class="cls-4" x="246" y="30" width="2" height="93.32"/>
+    <path class="cls-5" d="M247,124a13.75,13.75,0,0,0-9-4H196V23h43c7,0,8,10,8,10s1-10,8-10h43v97H256a13.75,13.75,0,0,0-9,4"/>
+    <rect class="cls-6" x="197" y="24" width="15" height="95"/>
+    <rect class="cls-6" x="282" y="24" width="15" height="95"/>
+    <g>
+      <line class="cls-7" x1="216" y1="42" x2="240" y2="42"/>
+      <line class="cls-7" x1="216" y1="53" x2="240" y2="53"/>
+      <line class="cls-7" x1="216" y1="64" x2="240" y2="64"/>
+      <line class="cls-7" x1="216" y1="75" x2="240" y2="75"/>
+      <line class="cls-7" x1="216" y1="86" x2="240" y2="86"/>
+      <line class="cls-7" x1="216" y1="97" x2="240" y2="97"/>
+    </g>
+    <g>
+      <circle class="cls-3" cx="192" cy="42" r="32"/>
+      <path class="cls-3" d="M222.5,41.75a2.09,2.09,0,0,1,0,.25A30.24,30.24,0,0,1,162,42a2.09,2.09,0,0,1,0-.25,30.25,30.25,0,0,1,60.5,0Z"/>
+      <path class="cls-8" d="M192.25,72.5A30.82,30.82,0,0,1,161.51,42v-.5H223V42A30.82,30.82,0,0,1,192.25,72.5Z"/>
+      <path class="cls-4" d="M192,12a30,30,0,1,1-30,30,30,30,0,0,1,30-30m0-2a32,32,0,1,0,32,32,32,32,0,0,0-32-32Z"/>
+      <path class="cls-4" d="M192,12c5.71,0,12.08,12.32,12.08,30S197.71,72,192,72s-12.08-12.32-12.08-30S186.29,12,192,12m0-2c-7.78,0-14.08,14.33-14.08,32s6.3,32,14.08,32,14.08-14.33,14.08-32S199.78,10,192,10Z"/>
+      <path class="cls-9" d="M217.88,25c-4.63,1.39-14.57,2.36-26.09,2.36s-21.67-1-26.23-2.4"/>
+      <path class="cls-9" d="M165.55,58.32c4.34-1.41,14.49-2.4,26.33-2.4,11.54,0,21.49.94,26,2.3"/>
+      <line class="cls-9" x1="160.94" y1="42" x2="223.33" y2="42"/>
+      <rect class="cls-10" x="160" y="10" width="64" height="64"/>
+    </g>
+    <g>
+      <line class="cls-7" x1="254" y1="42" x2="278" y2="42"/>
+      <line class="cls-7" x1="254" y1="53" x2="278" y2="53"/>
+      <line class="cls-7" x1="254" y1="64" x2="278" y2="64"/>
+      <line class="cls-7" x1="254" y1="75" x2="278" y2="75"/>
+      <line class="cls-7" x1="254" y1="86" x2="278" y2="86"/>
+      <line class="cls-7" x1="254" y1="97" x2="278" y2="97"/>
+    </g>
+    <path class="cls-11" d="M124.22,73a31.49,31.49,0,0,1,62.17-1,21.43,21.43,0,0,1,34.42,10.89,18.73,18.73,0,1,1,4.45,36.93H119.84c-10.69-2.17-18.74-12.09-18.74-23.43A23.42,23.42,0,0,1,124.22,73Z"/>
+    <path class="cls-12" d="M161.43,74.55a15.53,15.53,0,1,0-5.55,7.23v5.07h4.92v5.67h6.48V99H177V89.56Zm-18.61-7.11a4,4,0,1,1,4-4A4,4,0,0,1,142.82,67.44Z"/>
+  </g>
+</svg>
diff --git a/education/images/education-partner-mepn-1.svg b/education/images/education-partner-mepn-1.svg
new file mode 100644
index 0000000000..b2585e2969
--- /dev/null
+++ b/education/images/education-partner-mepn-1.svg
@@ -0,0 +1,103 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #0078d7;
+        isolation: isolate;
+      }
+
+      .cls-2 {
+        fill: #2dbceb;
+        opacity: 0.41;
+      }
+
+      .cls-3 {
+        fill: #556a8a;
+      }
+
+      .cls-4 {
+        fill: #bad80a;
+      }
+
+      .cls-14, .cls-5 {
+        fill: none;
+      }
+
+      .cls-5 {
+        stroke: #556a8a;
+      }
+
+      .cls-5, .cls-8 {
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-6, .cls-8 {
+        fill: #fff;
+      }
+
+      .cls-7 {
+        fill: #e5e5e5;
+      }
+
+      .cls-8 {
+        stroke: #55a5e4;
+      }
+
+      .cls-9 {
+        fill: #55a5e4;
+        opacity: 0.3;
+      }
+
+      .cls-10 {
+        fill: #2b6dcf;
+      }
+
+      .cls-11 {
+        fill: #558ad8;
+      }
+
+      .cls-12 {
+        fill: #939598;
+      }
+
+      .cls-13 {
+        fill: #4d4d4d;
+      }
+    </style>
+  </defs>
+  <title>education-partner-mepn-1</title>
+  <g>
+    <ellipse class="cls-1" cx="104.5" cy="29.46" rx="10" ry="12.46"/>
+    <path class="cls-1" d="M87.5,101.43V140H98.58c1.54-13.16,3.6-30.57,3.94-32.83.43-2.76,4.7-2.76,5.12,0,.35,2.26,2.74,19.67,4.45,32.83h10.4V99h6l-.33-12.33-.67-25.2,8.42,2.19a4.54,4.54,0,0,0,1.93.25,4.49,4.49,0,0,0,1.48-.38l19-9.45a4.54,4.54,0,1,0-3.75-8.27L138,52.64,122.08,48c-.93-.28-1.91-.57-2.94-.86l0,0c-2.06-.58-4.18-1.16-5.79-1.59l-2.7-.72-6,12.48h-.1l-6-12.48s-5.77,1.3-9.89,2.39L87,47.6A8.84,8.84,0,0,0,81.48,52,11.43,11.43,0,0,0,80.2,56.4c-.61,6.36-.6,20.59-1.12,26.31-.19,2-.2,8.56,2.07,11.48A88.76,88.76,0,0,0,87.5,101.43Z"/>
+    <path class="cls-2" d="M158.36,54.08l-19,9.45a4.49,4.49,0,0,1-1.48.38,4.54,4.54,0,0,1-1.93-.25l-8.42-2.19.67,25.2L128.5,99l-47-47A8.84,8.84,0,0,1,87,47.6l1.63-.44c4.12-1.09,9.89-2.39,9.89-2.39l6,12.48h.1l6-12.48,2.7.72c1.61.43,3.73,1,5.79,1.59l0,0c1,.29,2,.58,2.94.86L138,52.64l16.63-6.83a4.54,4.54,0,1,1,3.75,8.27Z"/>
+  </g>
+  <g>
+    <path class="cls-3" d="M136.66,40.43h3.41l-.09-18h-3.32c-2.2,0-4.65,4.35-4.62,9S134.46,40.45,136.66,40.43Z"/>
+    <path class="cls-4" d="M134.62,31.53c0-5,1.74-9,3.94-9a14,14,0,0,1,1.76,0c1.91.67,2.25,4.46,2.27,8.93s.22,8.36-1.72,9c-.17.05-2,0-2.22,0C136.45,40.5,134.65,36.49,134.62,31.53Z"/>
+    <path class="cls-5" d="M158.39,35.18h-2.7a7.65,7.65,0,1,0,0,15.3h2.7a7.65,7.65,0,1,0,0-15.3Z"/>
+    <path class="cls-6" d="M179.06,31.52v-.08c0-8.74,1-15.81,3-19-3.7,1.91-12.29,4.88-22.83,7.61-5,1.3-19.12,3.36-19.17,3.39-1.53,1.53-1.9,5.59-2,7.37,0,.27,0,.48,0,.63,0,1.13.24,6.24,2,8,0,0,14.21,2.09,19.17,3.39,10.54,2.73,19.13,5.7,22.83,7.61-1.6-2.54-2.56-7.62-2.87-14.07C179.1,34.85,179.06,33.22,179.06,31.52Z"/>
+    <path class="cls-7" d="M182,50.48c-3.7-1.91-12.29-4.88-22.83-7.61-5-1.3-19.12-3.36-19.17-3.39-1.76-1.76-2-8.36-1.65-7.8,0,0,12,1.55,18.65,2.8s22,6,22,6C179,46.1,180.44,47.94,182,50.48Z"/>
+    <path class="cls-5" d="M179.06,31.48v0c0-8,.83-14.61,2.5-18.08.15-.32-.38,0-.21-.3-.47.24.81-.56.19-.28a168.81,168.81,0,0,1-22.33,7.31c-5,1.3-19.12,3.36-19.17,3.39-1.76,1.76-2,6.87-2,8s.24,6.24,2,8c.05,0,14.21,2.09,19.17,3.39,10.54,2.73,17.5,5.11,21.2,7-.25-.39,1,.61.75.09-1.52-3.58-2.1-10.83-2.1-18.47Z"/>
+    <path class="cls-4" d="M190.57,31.5c0,8.33-2.32,15.48-4.24,18.7-.68,1.15-1.45,1.8-2.25,1.8a2.59,2.59,0,0,1-2-1.36c-1.58-2.27-2.81-7.18-3.29-13.28-.15-1.86-.23-3.82-.23-5.86s.08-4,.23-5.9c.49-6.08,1.71-11,3.29-13.23a2.58,2.58,0,0,1,2-1.37c.8,0,1.57.64,2.25,1.81C188.25,16,190.57,23.19,190.57,31.5Z"/>
+    <path class="cls-3" d="M186,31.48a6,6,0,0,1-6,6,6.09,6.09,0,0,1-1.22-.12c-.15-1.86-.23-3.82-.23-5.86s.08-4,.23-5.9a6.08,6.08,0,0,1,1.22-.12A6,6,0,0,1,186,31.48Z"/>
+    <path class="cls-5" d="M190.57,31.5c0,8.33-2.32,15.48-4.24,18.7-.68,1.15-1.45,1.8-2.25,1.8a2.57,2.57,0,0,1-2-1.36c-2.06-3-3.52-10.4-3.52-19.14s1.46-16.17,3.52-19.13a2.59,2.59,0,0,1,2-1.37c.8,0,1.57.65,2.25,1.81C188.25,16,190.57,23.19,190.57,31.5Z"/>
+  </g>
+  <line class="cls-5" x1="194" y1="31" x2="215" y2="31"/>
+  <line class="cls-5" x1="194" y1="27" x2="206.5" y2="14.5"/>
+  <line class="cls-5" x1="206" y1="48" x2="194" y2="36"/>
+  <path class="cls-8" d="M205,119.49a25.36,25.36,0,0,1-.21-49.42c1.86-11.89,12-21,23.91-21A24,24,0,0,1,249.1,60.55,24.2,24.2,0,0,1,259.85,58c10.36,0,33.33-3.63,30.34,8.46,1.56-.33-4,7.57-2.39,7.57a22.89,22.89,0,0,1,9.69,43.64l-.35.15a21.08,21.08,0,0,1-6.77,1.85l-.57.06c-3,.26-7,.31-13.37.31H209.83A20.74,20.74,0,0,1,205,119.49Z"/>
+  <path class="cls-9" d="M174.53,84.54a28.34,28.34,0,0,1,56-.89,19.29,19.29,0,0,1,31,9.8,16.86,16.86,0,1,1,4,33.23H170.59a21.56,21.56,0,0,1-16.87-21.08A21.08,21.08,0,0,1,174.53,84.54Z"/>
+  <g>
+    <path class="cls-10" d="M314.4,68.17A45.49,45.49,0,1,1,301.08,36,45.41,45.41,0,0,1,314.4,68.17Z"/>
+    <path class="cls-11" d="M314.4,68.17a45.41,45.41,0,0,1-12.61,31.47L237.44,35.28a45.51,45.51,0,0,1,77,32.89Z"/>
+    <polygon class="cls-12" points="242.76 42.03 260.86 76.21 295.04 94.31 273.17 62.48 242.76 42.03"/>
+    <rect class="cls-6" x="267.48" y="26.94" width="2.84" height="12.8"/>
+    <rect class="cls-6" x="267.48" y="96.61" width="2.84" height="12.8"/>
+    <rect class="cls-6" x="232.65" y="61.77" width="2.84" height="12.8" transform="translate(165.9 302.24) rotate(-90)"/>
+    <rect class="cls-6" x="302.32" y="61.77" width="2.84" height="12.8" transform="translate(235.57 371.91) rotate(-90)"/>
+    <polygon class="cls-13" points="242.76 42.03 295.04 94.31 276.95 60.13 242.76 42.03"/>
+    <circle class="cls-6" cx="268.9" cy="68.17" r="4.27" transform="translate(30.56 210.11) rotate(-45)"/>
+    <rect class="cls-14" x="223.4" y="22.67" width="91" height="91"/>
+  </g>
+</svg>
diff --git a/education/images/education-partner-yammer.svg b/education/images/education-partner-yammer.svg
new file mode 100644
index 0000000000..c92245652e
--- /dev/null
+++ b/education/images/education-partner-yammer.svg
@@ -0,0 +1,19 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #0072c6;
+      }
+    </style>
+  </defs>
+  <title>education-partner-yammer</title>
+  <g>
+    <path class="cls-1" d="M350,57.16a2.71,2.71,0,0,1-2.7,2.7c-1.49,0-16-1-16-2.54s14.53-2.87,16-2.87A2.7,2.7,0,0,1,350,57.16Zm-6.5-16.23a2.7,2.7,0,0,1-1,3.68c-1.3.73-14.48,6.95-15.21,5.64s11.26-9.63,12.56-10.36A2.7,2.7,0,0,1,343.5,40.94ZM339.82,74.8c-1.3-.73-13.29-9.06-12.56-10.36s13.91,4.91,15.21,5.64a2.7,2.7,0,0,1-2.65,4.71Z"/>
+    <path class="cls-1" d="M182.3,91.73a3.38,3.38,0,0,0,6.73.36V70.9C189,60.46,187.13,54,175.56,54c-6.13,0-9.84,2.93-12.77,7.68C161.5,58.91,158.74,54,150,54c-6.65,0-9.76,3.71-11.57,7.68h-.17c0-1.26,0-2.52-.1-3.77a3.21,3.21,0,0,0-6.34.55c.1,1.86.22,3.9.22,6.15V91.8a3.38,3.38,0,0,0,6.74.34V75.73c0-9.23,1.91-15.54,10.62-15.54,5.52,0,7.76,3.45,7.76,12.34V91.81a3.38,3.38,0,0,0,6.73.33v-20c0-7.25,4.75-11.91,10.44-11.91,7.85,0,7.94,5.44,7.94,11Z"/>
+    <path class="cls-1" d="M245,91.73a3.38,3.38,0,0,0,6.73.36V70.9c0-10.44-1.91-16.91-13.47-16.91-6.13,0-9.84,2.93-12.77,7.68C224.2,58.91,221.44,54,212.73,54c-6.65,0-9.76,3.71-11.58,7.68H201c0-1.26,0-2.52-.1-3.77a3.21,3.21,0,0,0-6.34.55c.1,1.86.22,3.9.22,6.15V91.8a3.38,3.38,0,0,0,6.74.34V75.73c0-9.23,1.91-15.54,10.62-15.54,5.52,0,7.76,3.45,7.76,12.34V91.81a3.38,3.38,0,0,0,6.73.33v-20c0-7.25,4.75-11.91,10.44-11.91,7.85,0,7.94,5.44,7.94,11Z"/>
+    <path class="cls-1" d="M70.05,86.22c-2.07,5.84-4,8.57-8.38,8.57-.43,0-1.9-.09-2-.1a3.07,3.07,0,0,0-1,6,20.2,20.2,0,0,0,3.44.28c8.1,0,10.78-4.67,13.46-11.48L91.38,50.08A3.39,3.39,0,0,0,85,47.88L73.85,77.24h-.17L62,47.66a3.59,3.59,0,0,0-6.66,2.65Z"/>
+    <path class="cls-1" d="M126.07,91.54c-.08-1-.14-2.15-.14-3.12V71.07c0-11.39-5-17.08-16.91-17.08A23.52,23.52,0,0,0,95.5,58.07a3.13,3.13,0,0,0,4,4.79,19.12,19.12,0,0,1,9.69-2.66c6.3,0,10,3,10,8.89V70.3h-2.59c-9.92,0-25.46.77-25.46,14.15,0,7.85,6.82,12,15,12a15.26,15.26,0,0,0,13.29-7.07h.18c0,.91,0,2,.08,3.18a3.22,3.22,0,0,0,6.35-1Zm-6.87-13c-.17,6.56-4.14,12.17-11.91,12.17-5.09,0-8.89-1.9-8.89-7,0-5.44,5.52-7.77,14.07-7.77h6.73Z"/>
+    <path class="cls-1" d="M308.24,58a3.24,3.24,0,0,0-6.37-.12c.1,2,.25,4.27.25,6.75V92.08a3.37,3.37,0,0,0,6.73-.36v-16c0-9.23,3.62-15,11.82-15,.39,0,.93,0,1.33.07a3.4,3.4,0,0,0,.09-6.81h0c-6.9.08-11.8,3.77-13.58,7.69h-.17c0-1.24,0-2.48-.1-3.7"/>
+    <path class="cls-1" d="M296.91,72.48c-.91-11.84-8.4-18.65-19.06-18.65-11.91,0-20.71,8.71-20.71,21.23,0,11.73,7.76,21.23,20.45,21.23,6.06,0,10.93-1.49,15.09-5.29a3.14,3.14,0,0,0-3.94-4.83,15.27,15.27,0,0,1-10.82,4c-8.54,0-13.71-5.19-14-13l29.76,0a3.6,3.6,0,0,0,1.68-.3,2.72,2.72,0,0,0,1.52-2A21.05,21.05,0,0,0,296.91,72.48Zm-32.94-1c1-7.08,5.81-11.79,13.59-11.79s12.56,4.72,13,11.79Z"/>
+  </g>
+</svg>
diff --git a/education/images/education-pro-usb.svg b/education/images/education-pro-usb.svg
new file mode 100644
index 0000000000..37f83e26da
--- /dev/null
+++ b/education/images/education-pro-usb.svg
@@ -0,0 +1,111 @@
+<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #2b6dcf;
+      }
+
+      .cls-2 {
+        fill: #9273b6;
+        fill-rule: evenodd;
+      }
+
+      .cls-3 {
+        fill: #221f1f;
+      }
+
+      .cls-4 {
+        fill: #80bceb;
+      }
+
+      .cls-5 {
+        fill: #939598;
+      }
+
+      .cls-6 {
+        fill: #414042;
+      }
+
+      .cls-7 {
+        fill: #6d6e71;
+      }
+
+      .cls-8 {
+        fill: #bcbec0;
+      }
+
+      .cls-9 {
+        fill: #bad80a;
+      }
+
+      .cls-10 {
+        fill: #aad2f2;
+      }
+
+      .cls-11, .cls-12 {
+        fill: none;
+        stroke-miterlimit: 10;
+        stroke-width: 2px;
+      }
+
+      .cls-11 {
+        stroke: #414042;
+        stroke-linecap: round;
+      }
+
+      .cls-12 {
+        stroke: #808285;
+      }
+
+      .cls-13 {
+        fill: #808285;
+      }
+
+      .cls-14 {
+        fill: #2b8fde;
+      }
+    </style>
+  </defs>
+  <title>education-pro-usb</title>
+  <path class="cls-1" d="M99.47,73.06A1.4,1.4,0,0,0,98,71.65l-5.79-.72A22.51,22.51,0,0,0,91.5,67l4.69-3.19A1.51,1.51,0,0,0,97,61.75l-1.51-3.49a1.3,1.3,0,0,0-1.87-.58L87.85,59,85.93,56l3.22-4.62a1.56,1.56,0,0,0-.05-2.06l-2.94-2.84a1.86,1.86,0,0,0-2.07.05L79.6,49.89c-1-.6-2.29-1.4-3.33-2l1.13-5.81a1.41,1.41,0,0,0-.85-1.64L73,39.07a1.32,1.32,0,0,0-1.86.65l-3,5.23a11.81,11.81,0,0,0-3.73-.76l-.93-5.76A1.42,1.42,0,0,0,62,37l-3.92.29c-.63-.19-1.24.44-1.43,1.06l-.92,6a12.34,12.34,0,0,0-3.7.89l-3.2-5.09A2.09,2.09,0,0,0,47,39.57L43.29,41.3a1.42,1.42,0,0,0-.8,1.66L44,48.51c-1,.64-2,1.69-3.05,2.34l-4.82-3.42a1.26,1.26,0,0,0-1.66.08,1,1,0,0,0-.19.16l-1.69,1.75-.94,1,0,0a1.33,1.33,0,0,0-.15,1.83l3.6,4.68a17.53,17.53,0,0,0-2.21,3.56L27.09,59A1.82,1.82,0,0,0,25.25,60l-1.38,3.54a1.78,1.78,0,0,0,.87,2.05l5,2.79c-.4,1.25-.37,2.49-.77,3.74l-5.76.94A1.81,1.81,0,0,0,22,74.77l.07,3.71a1.8,1.8,0,0,0,1.27,1.64l6,.51a23.64,23.64,0,0,0,.89,4.11l-5.11,3.19a1.32,1.32,0,0,0-.58,1.88l1.51,3.48a1.94,1.94,0,0,0,1.89,1l5.75-1.76c.64,1,1.28,2,1.92,3.06l-3.43,4.82a2,2,0,0,0,.24,1.85l3,2.83a1.55,1.55,0,0,0,1.85.18l4.7-3.61c1,.61,2.29,1.41,3.33,2l-1.12,5.82a1.39,1.39,0,0,0,.86,1.63l3.74,1.58A1.75,1.75,0,0,0,50.6,112l2.79-5c1.25,0,2.5.36,3.73.34l.73,6a1.81,1.81,0,0,0,1.68,1.2l3.93.14a2.52,2.52,0,0,0,1.41-1.47l.73-5.81c1.44-.23,2.67-.67,4.11-.9l3,4.9a1.42,1.42,0,0,0,1.88.58L78,110.47a1.69,1.69,0,0,0,1-1.88L77.5,103a14.87,14.87,0,0,0,3.06-2.33l4.81,3.42a1.39,1.39,0,0,0,2.07,0l1.79-1.86.63-.66.22-.22a1.44,1.44,0,0,0,.43-1.08,1.39,1.39,0,0,0-.48-1l-3.6-4.7A10.18,10.18,0,0,0,88.64,91l5.82,1.55a1.41,1.41,0,0,0,1.63-.86L97.68,88A2.1,2.1,0,0,0,97,86.13l-5.22-3a10.36,10.36,0,0,0,.55-3.53l6-1.15c.61-.22,1.22-.85,1.22-1.27Zm-31.8,7.61a9,9,0,1,1,1.79-6A9,9,0,0,1,67.67,80.67Z"/>
+  <path class="cls-2" d="M130.63,34.53l-3-.43c-.22-.65-.22-1.3-.43-1.95l2.6-1.51a.79.79,0,0,0,.43-1.08l-.87-1.73c0-.43-.43-.65-.87-.65l-3,.87a4.71,4.71,0,0,0-1.08-1.73l1.73-2.6a.66.66,0,0,0,0-.87l-1.52-1.51a.66.66,0,0,0-.87,0l-2.6,1.73c-.43-.43-1.08-.65-1.52-1.08l.65-3c.22-.22,0-.65-.43-.87l-1.73-.65a1,1,0,0,0-1.08.22l-1.52,2.6c-.65-.22-1.3-.22-2.17-.43l-.43-3a.69.69,0,0,0-.65-.65h-2.17a.69.69,0,0,0-.65.65l-.43,3c-.65.22-1.3.22-1.95.43l-1.52-2.6c-.22-.43-.65-.43-1.08-.43l-1.95.87c-.22,0-.43.43-.43.87l.87,3a4.72,4.72,0,0,0-1.73,1.08l-2.6-1.73a.66.66,0,0,0-.87,0L96.2,22.85a.66.66,0,0,0,0,.87l1.73,2.6c-.43.43-.65,1.08-1.08,1.51l-3-.65c-.22-.22-.65,0-.87.43l-.87,1.73c0,.43,0,.87.43,1.08l2.6,1.51c-.22.65-.22,1.51-.43,2.16l-3,.43a.69.69,0,0,0-.65.65v2.16a.57.57,0,0,0,.65.65l3,.43a6.31,6.31,0,0,0,.43,1.95l-2.6,1.51A.79.79,0,0,0,92.08,43l.87,1.95c0,.22.43.43.87.43l3-.87a4.71,4.71,0,0,0,1.08,1.73l-1.73,2.6a1,1,0,0,0,0,1.08l1.52,1.3c.22.22.65.43.87.22l2.6-1.95a3.88,3.88,0,0,0,1.52,1.08l-.65,3c-.22.22,0,.65.43.87l1.73.87c.43,0,.87,0,1.08-.43l1.52-2.6a6.41,6.41,0,0,0,2.17.43l.43,3a.69.69,0,0,0,.65.65h2.17a.69.69,0,0,0,.65-.65l.43-3a6.33,6.33,0,0,0,1.95-.43l1.52,2.6a.79.79,0,0,0,1.08.43l1.95-.87c.22,0,.43-.43.43-.87l-.87-3a4.72,4.72,0,0,0,1.73-1.08l2.6,1.95c.22.22.65,0,.87-.22l1.52-1.3a1,1,0,0,0,0-1.08l-1.73-2.6a9.16,9.16,0,0,0,1.08-1.51l3,.87a1.16,1.16,0,0,0,.87-.65l.87-1.73c0-.43,0-.87-.43-1.08l-2.6-1.51c.22-.65.22-1.3.43-2.16l3-.43a.57.57,0,0,0,.65-.65V35.18a.69.69,0,0,0-.65-.65Zm-7.15,5a1,1,0,0,1-1.52.65l-5-3.24c-.65-.22-.65-.87,0-1.3l5-3.24a1.12,1.12,0,0,1,1.52.65,15.77,15.77,0,0,1,.43,3.24,13.25,13.25,0,0,1-.43,3.24Zm-1.3-9.73a1,1,0,0,1-.65,1.51l-5.85,1.3c-.65.22-1.08-.22-.87-.87l1.3-5.84c.22-.87.87-1.08,1.52-.65a14.3,14.3,0,0,1,2.6,1.95,14.29,14.29,0,0,1,1.95,2.6Zm-14.29-6.06a12.41,12.41,0,0,1,6.5,0,1,1,0,0,1,.65,1.51l-3.25,5.19c-.43.65-1.08.65-1.3,0l-3.25-5.19a1,1,0,0,1,.65-1.51Zm6.5,12.55a3.25,3.25,0,0,1-6.5,0,3.26,3.26,0,0,1,6.5,0ZM104.64,25a1,1,0,0,1,1.52.65l1.3,5.84c.22.65-.22,1.08-1.08,1.08l-5.63-1.51c-.87-.22-1.08-.87-.65-1.51A7.81,7.81,0,0,1,102,27a14.3,14.3,0,0,1,2.6-1.95ZM98.58,39.29A13.25,13.25,0,0,1,98.15,36a15.77,15.77,0,0,1,.43-3.24.93.93,0,0,1,1.52-.43l5.2,3a.83.83,0,0,1,0,1.51l-5.2,3c-.65.43-1.3.22-1.52-.65Zm1.3,3.46a1,1,0,0,1,.65-1.51l5.85-1.51c.65-.22,1.08.22,1.08,1.08l-1.52,5.84a1.12,1.12,0,0,1-1.52.65,14.3,14.3,0,0,1-2.6-1.95c-1.08-1.3-1.95-2.6-1.95-2.6Zm14.29,5.84a13.29,13.29,0,0,1-3.25.43,15.82,15.82,0,0,1-3.25-.43,1.12,1.12,0,0,1-.65-1.51l3.25-5c.43-.65,1.08-.65,1.3,0l3.25,5c.43.65.22,1.3-.65,1.51Zm3.25-1.3c-.65.43-1.3.22-1.52-.65l-1.3-5.84c-.22-.65.22-1.08,1.08-.87l5.85,1.3a1.12,1.12,0,0,1,.65,1.51,14.29,14.29,0,0,1-1.95,2.6,22.45,22.45,0,0,1-2.82,1.95Z"/>
+  <g>
+    <path class="cls-3" d="M380,125H236.81c-4.71,0-5.81-3-5.81-3H385A5.43,5.43,0,0,1,380,125Z"/>
+    <g>
+      <path class="cls-3" d="M367,120H249a3,3,0,0,1-3-3V19a3,3,0,0,1,3-3H367a3,3,0,0,1,3,3v98A3,3,0,0,1,367,120Z"/>
+      <rect class="cls-4" x="250" y="20" width="116" height="96"/>
+    </g>
+    <polygon class="cls-5" points="385 122 370 107 245.94 107 231 122 385 122"/>
+  </g>
+  <polygon class="cls-3" points="323 119 293 119 294 116 322 116 323 119"/>
+  <g>
+    <polygon class="cls-6" points="217.1 60.08 199.2 42.82 180.82 61.2 200.62 81 217.13 64.49 217.1 60.08"/>
+    <g>
+      <path class="cls-7" d="M197.32,79.89,176.11,58.68l19.8-19.8L217.12,60.1Z"/>
+      <rect class="cls-8" x="184.61" y="46.39" width="24" height="26" transform="translate(15.59 156.42) rotate(-45)"/>
+    </g>
+    <rect class="cls-6" x="193.2" y="48.32" width="4" height="8" transform="translate(94.17 -122.7) rotate(45)"/>
+    <rect class="cls-6" x="201.68" y="56.8" width="4" height="8" transform="translate(102.65 -126.22) rotate(45)"/>
+    <path class="cls-6" d="M209,75,180.35,51.37,140.75,91a6,6,0,0,0,0,8.49l19.8,19.8a6,6,0,0,0,8.49,0L209,80Z"/>
+    <path class="cls-7" d="M181,47,140.75,87a6,6,0,0,0,0,8.49l19.8,19.8a6,6,0,0,0,8.49,0L209,75Z"/>
+    <rect class="cls-9" x="144.07" y="96.43" width="28" height="3" transform="translate(115.54 -83.09) rotate(45)"/>
+    <rect class="cls-9" x="149.73" y="90.77" width="28" height="3" transform="translate(113.2 -88.75) rotate(45)"/>
+  </g>
+  <polygon class="cls-10" points="366 20 366 62 324 20 366 20"/>
+  <rect class="cls-3" x="246" y="104" width="124" height="3"/>
+  <g>
+    <line class="cls-11" x1="220" y1="76" x2="275.66" y2="76"/>
+    <polygon class="cls-6" points="270.02 82.95 268.86 81.71 275 76 268.86 70.29 270.02 69.05 277.5 76 270.02 82.95"/>
+  </g>
+  <g>
+    <path class="cls-12" d="M12,101.14c23.68,36.51,76.75,33.09,105.28-2.29"/>
+    <polygon class="cls-13" points="118.93 107.61 117.23 107.69 116.82 99.32 108.5 100.34 108.29 98.66 118.42 97.41 118.93 107.61"/>
+  </g>
+  <g>
+    <rect class="cls-10" x="280" y="36" width="56" height="2"/>
+    <rect class="cls-10" x="280" y="46" width="56" height="2"/>
+    <rect class="cls-10" x="280" y="56" width="56" height="2"/>
+    <rect class="cls-10" x="280" y="66" width="33" height="2"/>
+  </g>
+  <path class="cls-14" d="M99.47,73.06A1.4,1.4,0,0,0,98,71.65l-5.79-.72A22.51,22.51,0,0,0,91.5,67l4.69-3.19A1.51,1.51,0,0,0,97,61.75l-1.51-3.49a1.3,1.3,0,0,0-1.87-.58L87.85,59,85.93,56l3.22-4.62a1.56,1.56,0,0,0-.05-2.06l-2.94-2.84a1.86,1.86,0,0,0-2.07.05L79.6,49.89c-1-.6-2.29-1.4-3.33-2l1.13-5.81a1.41,1.41,0,0,0-.85-1.64L73,39.07a1.32,1.32,0,0,0-1.86.65l-3,5.23a11.81,11.81,0,0,0-3.73-.76l-.93-5.76A1.42,1.42,0,0,0,62,37l-3.92.29c-.63-.19-1.24.44-1.43,1.06l-.92,6a12.34,12.34,0,0,0-3.7.89l-3.2-5.09A2.09,2.09,0,0,0,47,39.57L43.29,41.3a1.42,1.42,0,0,0-.8,1.66L44,48.51c-1,.64-2,1.69-3.05,2.34l-4.82-3.42a1.26,1.26,0,0,0-1.66.08L55.07,68.07a9,9,0,0,1,12.6,12.6h0l21.56,21.56.63-.66.22-.22a1.44,1.44,0,0,0,.43-1.08,1.39,1.39,0,0,0-.48-1l-3.6-4.7A10.18,10.18,0,0,0,88.64,91l5.82,1.55a1.41,1.41,0,0,0,1.63-.86L97.68,88A2.1,2.1,0,0,0,97,86.13l-5.22-3a10.36,10.36,0,0,0,.55-3.53l6-1.15c.61-.22,1.22-.85,1.22-1.27Z"/>
+</svg>
diff --git a/education/index.md b/education/index.md
index f1dbb98cc3..07b21e2952 100644
--- a/education/index.md
+++ b/education/index.md
@@ -215,7 +215,7 @@ ms.author: celested
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-usb.svg" alt="Set up School PCs" />
+                                                        <img src="images/education-pro-usb.svg" alt="Set up School PCs" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -234,7 +234,7 @@ ms.author: celested
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-ms-teams.svg" alt="Meet Microsoft Teams" />
+                                                        <img src="images/education-ms-teams.svg" alt="Meet Microsoft Teams" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -377,7 +377,7 @@ ms.author: celested
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-ms-teams.svg" alt="Meet Microsoft Teams" />
+                                                        <img src="images/education-ms-teams.svg" alt="Meet Microsoft Teams" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -396,7 +396,7 @@ ms.author: celested
                                             <div class="card">
                                                 <div class="cardImageOuter">
                                                     <div class="cardImage bgdAccent1"> 
-                                                        <img src="/media/hubs/education/education-pro-usb.svg" alt="Set up School PCs" />
+                                                        <img src="images/education-pro-usb.svg" alt="Set up School PCs" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
@@ -565,6 +565,91 @@ ms.author: celested
                     </li>
                 </ul>
             </li>
+            <li>
+                <a href="#partner">Partner</a>
+                <ul id="partner">
+                    <li>
+                        <a href="#partner-all"></a>
+                        <ul id="partner-all" class="cardsC">
+                            <li>
+                                <a href="https://www.mepn.com">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1"> 
+                                                        <img src="images/education-partner-mepn-1.svg" alt="Microsoft Education Partner Network" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Microsoft Education Partner Network</h3>
+                                                    <p>Find out the latest news and announcements for Microsoft Education partners.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://www.mepn.com/MEPN/AEPHome.aspx">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1"> 
+                                                        <img src="images/education-partner-aep-2.svg" alt="Authorized Education Partner home page" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Authorized Education Partner (AEP) home page</h3>
+                                                    <p>Access the essentials and find out what it takes to become an AEP.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://www.mepn.com/MEPN/AEPSearch.aspx">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1"> 
+                                                        <img src="images/education-partner-directory-3.svg" alt="Authorized Education Partner directory" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Authorized Education Partner directory</h3>
+                                                    <p>Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                                <a href="https://www.yammer.com/mepn/">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1"> 
+                                                        <img src="images/education-partner-yammer.svg" alt="Education Partner community Yammer group" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Education Partner community Yammer group</h3>
+                                                    <p>Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                        </ul>
+                    </li>
+            </li>
         </ul>
     </div>
 </div>
\ No newline at end of file
diff --git a/education/windows/TOC.md b/education/windows/TOC.md
index a121e92d2e..48b59392b8 100644
--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@@ -12,9 +12,10 @@
 ### [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
 ### [Take a Test app technical reference](take-a-test-app-technical.md)
 ## [Working with Microsoft Store for Education](education-scenarios-store-for-business.md)
-## [Get Minecraft Education Edition](get-minecraft-for-education.md)
+## [Get Minecraft: Education Edition](get-minecraft-for-education.md)
 ### [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md)
 ### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md)
+### [Get Minecraft: Education Edition with Windows 10 device promotion](get-minecraft-device-promotion.md)
 ## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
 ## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
 ## [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](switch-to-pro-education.md)
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 8cce637c8d..1c612e211e 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -8,13 +8,20 @@ ms.sitesec: library
 ms.pagetype: edu
 author: CelesteDG
 ms.author: celested
-ms.date: 06/19/2017
+ms.date: 07/10/2017
 ---
 
 # Change history for Windows 10 for Education
 
 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
 
+## July 2017
+
+| New or changed topic | Description |
+| --- | ---- |
+| [Get Minecraft: Education Edition with Windows 10 device promotion](get-minecraft-for-education.md)  | New information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices.  |
+| [Use the Set up School PCs app ](use-set-up-school-pcs-app.md) | Added the how-to video, which shows how to use the app to create a provisioning package that you can use to set up school PCs. |
+
 ## June 2017
 
 | New or changed topic | Description |
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index 25070b6aa8..05fc30932c 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -6,6 +6,8 @@ ms.prod: W10
 ms.mktglfcycl: plan
 ms.sitesec: library
 localizationpriority: high
+searchScope:
+  - Store
 author: trudyha
 ms.author: trudyha
 ---
diff --git a/education/windows/get-minecraft-device-promotion.md b/education/windows/get-minecraft-device-promotion.md
index 7f9fedb193..3d04278dc0 100644
--- a/education/windows/get-minecraft-device-promotion.md
+++ b/education/windows/get-minecraft-device-promotion.md
@@ -7,6 +7,8 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 localizationpriority: high
 author: trudyha
+searchScope:
+  - Store
 ms.author: trudyha
 ms.date: 06/29/2017
 ---
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index 036d1cf2b7..6879e99b63 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -7,6 +7,8 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 localizationpriority: high
 author: trudyha
+searchScope:
+  - Store
 ms.author: trudyha
 ---
 
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 66feebb077..188a7df1a6 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -7,6 +7,8 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 localizationpriority: high
 author: trudyha
+searchScope:
+  - Store
 ms.author: trudyha
 ---
 
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index fb8d30ef6f..49e449f751 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -7,6 +7,8 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 localizationpriority: high
 author: trudyha
+searchScope:
+  - Store
 ms.author: trudyha
 ---
 
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index bfc4179cfa..87744a18d7 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -9,7 +9,7 @@ ms.pagetype: edu
 localizationpriority: high
 author: CelesteDG
 ms.author: celested
-ms.date: 06/26/2017
+ms.date: 07/10/2017
 ---
 
 # Use the Set up School PCs app 
@@ -19,8 +19,6 @@ ms.date: 06/26/2017
 
 IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up PCs for students. A student PC set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
 
-![Set up School PCs app](images/suspc_getstarted_050817.png)
-
 ## What does this app do?
 
 Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recommended education settings, using a quick USB setup. This app guides you through the creation of a student PC provisioning package and helps you save it to a USB drive. From there, just plug the USB drive into student PCs running Windows 10 Creators Update (version 1703). It automatically:
@@ -41,6 +39,14 @@ Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recomm
 - Uninstalls apps not specific to education, such as Solitaire
 - Prevents students from adding personal Microsoft accounts to the PC
 
+You can watch the video to see how to use the Set up School PCs app, or follow the step-by-step guide. </br>
+
+<center><iframe src="https://www.youtube.com/embed/2ZLup_-PhkA" width="960" height="540" allowFullScreen frameBorder="0"></iframe></center>
+<!--
+<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/2ZLup_-PhkA?ecver=2" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>
+-->
+You can watch the descriptive audio version here: [Microsoft Education: Use the Set up School PCs app (DA)](https://www.youtube.com/watch?v=qqe_T2LkGsI)
+
 ## Tips for success
 
 * **Run the same Windows 10 build on the admin device and the student PCs**
diff --git a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
index d6b256689e..51c1b74957 100644
--- a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
+++ b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
@@ -27,7 +27,7 @@ ADMX files can be installed and tested locally on any computer that runs the Win
 
 **To download the UE-V ADMX templates**
 
-1.  Download the UE-V ADMX template files: <https://go.microsoft.com/fwlink/p/?LinkId=393941>.
+1.  Download the UE-V ADMX template files: <https://www.microsoft.com/en-us/download/details.aspx?id=55531>.
 
 2.  For more information about how to deploy the Group Policy templates, see <https://go.microsoft.com/fwlink/p/?LinkId=393944>.
 
diff --git a/microsoft-365/index.md b/microsoft-365/index.md
new file mode 100644
index 0000000000..867e2c8492
--- /dev/null
+++ b/microsoft-365/index.md
@@ -0,0 +1 @@
+# Placeholder
\ No newline at end of file
diff --git a/store-for-business/TOC.md b/store-for-business/TOC.md
index 514ff6cfea..03cd9ba0ba 100644
--- a/store-for-business/TOC.md
+++ b/store-for-business/TOC.md
@@ -14,12 +14,13 @@
 ### [Assign apps to employees](assign-apps-to-employees.md)
 ### [Distribute apps with a management tool](distribute-apps-with-management-tool.md)
 ### [Distribute offline apps](distribute-offline-apps.md)
-## [Manage apps](manage-apps-windows-store-for-business-overview.md)
+## [Manage apps and devices](manage-apps-windows-store-for-business-overview.md)
 ### [App inventory managemement for Microsoft Store for Business and Education](app-inventory-management-windows-store-for-business.md)
 ### [Manage app orders in Microsoft Store for Business and Education](manage-orders-windows-store-for-business.md)
 ### [Manage access to private store](manage-access-to-private-store.md)
 ### [Manage private store settings](manage-private-store-settings.md)
 ### [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md)
+### [Manage Windows device deployment with Windows AutoPilot Deployment](add-profile-to-devices.md)
 ## [Device Guard signing portal](device-guard-signing-portal.md)
 ### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md)
 ### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md)
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 1fb8b493b6..4bc1451628 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -17,7 +17,10 @@ localizationpriority: high
 
 -   Windows 10
 
-Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://review.docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot?branch=dh-autopilot11975619).
+> [!IMPORTANT]
+> This topic has been updated to reflect the latest functionality, which we are releasing to customers in stages. You may not see all of the options described here until you receive the update.
+
+Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot).
 
 ## What is Windows AutoPilot Deployment Program?
 In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. 
@@ -55,7 +58,7 @@ Columns in the device information file need to use this naming and be in this or
 - Column 2: Windows Product ID 
 - Column 3: Hardware Hash
 
-When you add devices, you need to add them to an *AutoPilot deployment group*. AutoPilot deployment groups allow you to apply an AutoPilot deployment profile to multiple devices. The first time you add devices to a group, you'll need to create an AutoPilot deployment group. 
+When you add devices, you need to add them to an *AutoPilot deployment group*. Use these groups to apply AutoPilot deployment profiles to a group of devices. The first time you add devices to a group, you'll need to create an AutoPilot deployment group. 
 
 > [!NOTE]
 > You can only add devices to a group when you add devices to **Microsoft Store for Business and Education**. If you decide to reorganize devices into different groups, you'll need to delete them from **Devices** in **Microsoft Store**, and add them again. 
@@ -107,13 +110,17 @@ After you've applied an AutoPilot deployment profile to a device, if you decide
 > The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. 
 
 ## AutoPilot device information file error messages
-Here's more info on some of the errors you might see while working with AutoPilot deployment profiles in **Microsoft Store for Business and Education**. 
+Here's info on some of the errors you might see while working with AutoPilot deployment profiles in **Microsoft Store for Business and Education**. 
 
 | Message Id | Message explanation | 
 | ---------- | ------------------- |
 | wadp001    | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. |
 | wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. |
-| wadp003    | Looks like you need more than one csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multiple .csv files. |
+| wadp003    | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multiple .csv files. |
 | wadp004    | Try that again. Something happened on our end. Waiting a bit might help. |
-| wadp005    | Check with your device provider for your csv file. One of the devices on your list has been claimed by another organization. |
-| wadp006    | Try that again. Something happened on our end. Waiting a bit might help. |
\ No newline at end of file
+| wadp005    | Check your .csv file with your device provider. One of the devices on your list has been claimed by another organization. |
+| wadp006    | Try that again. Something happened on our end. Waiting a bit might help. |
+| wadp007    | Check the info for this device in your .csv file. The device is already registered in your organization. |
+| wadp008    | The device does not meet AutoPilot Deployment requirements. |
+| wadp009    | Check with your device provider for an update .csv file. The current file doesn’t work |
+| wadp010    | Try that again. Something happened on our end. Waiting a bit might help. |
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index 9fe69e52a3..accb0bcea0 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -37,6 +37,7 @@
 		"ms.technology": "windows",
 		"ms.topic": "article",
 		"ms.date": "05/09/2017",
+    "searchScope": ["Store"],
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.store-for-business"
diff --git a/store-for-business/education/TOC.md b/store-for-business/education/TOC.md
index 1c2ebc03b3..52f7890448 100644
--- a/store-for-business/education/TOC.md
+++ b/store-for-business/education/TOC.md
@@ -14,6 +14,7 @@
 ## [Get Minecraft: Education Edition](/education/windows/get-minecraft-for-education?toc=/microsoft-store/education/toc.json)
 ### [For teachers: get Minecraft Education Edition](/education/windows/teacher-get-minecraft?toc=/microsoft-store/education/toc.json)
 ### [For IT administrators: get Minecraft Education Edition](/education/windows/school-get-minecraft?toc=/microsoft-store/education/toc.json)
+### [Get Minecraft: Education Edition with Windows 10 device promotion](/education/windows/get-minecraft-for-education?toc=/microsoft-store/education/toc.json)
 ## [Distribute apps to your employees from the Microsoft Store for Business and Education](/microsoft-store/distribute-apps-to-your-employees-windows-store-for-business?toc=/microsoft-store/education/toc.json)
 ### [Distribute apps using your private store](/microsoft-store/distribute-apps-from-your-private-store?toc=/microsoft-store/education/toc.json)
 ### [Assign apps to employees](/microsoft-store/assign-apps-to-employees?toc=/microsoft-store/education/toc.json)
diff --git a/store-for-business/manage-apps-windows-store-for-business-overview.md b/store-for-business/manage-apps-windows-store-for-business-overview.md
index 6757e4eecd..f88cdcd26a 100644
--- a/store-for-business/manage-apps-windows-store-for-business-overview.md
+++ b/store-for-business/manage-apps-windows-store-for-business-overview.md
@@ -1,5 +1,5 @@
 ---
-title: Manage apps in Microsoft Store for Business (Windows 10)
+title: Manage apps and devices in Microsoft Store for Business (Windows 10)
 description: Manage settings and access to apps in Microsoft Store for Business.
 ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
 ms.prod: w10
@@ -26,4 +26,5 @@ Manage settings and access to apps in Microsoft Store for Business and Microsoft
 | [Manage access to private store](manage-access-to-private-store.md) | You can manage access to your private store in Store for Business. |
 | [App inventory managemement for Microsoft Store for Business and Education](app-inventory-management-windows-store-for-business.md) | You can manage all apps that you've acquired on your **Apps & software** page. |
 | [Manage private store settings](manage-private-store-settings.md) | The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all employees in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store. |
-| [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md) | For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Microsoft Store management tool services work with your third-party management tool to manage content. |
\ No newline at end of file
+| [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md) | For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Microsoft Store management tool services work with your third-party management tool to manage content. |
+| [Manage Windows device deployment with Windows AutoPilot Deployment](add-profile-to-devices.md) | In Microsoft Store for Business, you can manage devices for your organization and apply an AutoPilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. |
\ No newline at end of file
diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md
new file mode 100644
index 0000000000..668514a725
--- /dev/null
+++ b/store-for-business/sfb-change-history.md
@@ -0,0 +1,37 @@
+---
+title: Change history for Microsoft Store for Business and Education
+description: Summary of topic changes for Microsoft Store for Business and Microsoft Store for Education. 
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
+ms.author: TrudyHa
+ms.date: 07/12/2107
+localizationpriority: high
+---
+
+# Change history for Microsoft Store for Business and Microsoft Store for Education  
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+## June 2017
+| New or changed topic | Description |
+| -------------------- | ----------- |
+| [Get Minecraft: Education Edition with Windows 10 device promotion](https://docs.microsoft.com/education/windows/get-minecraft-device-promotion) | New. Information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices.  |
+| [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/en-us/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. |
+
+## July 2017
+ 
+| New or changed topic | Description |
+| -------------------- | ----------- |
+| [Manage Windows device deployment with Windows AutoPilot Deployment](add-profile-to-devices.md) | New. Information about Windows AutoPilot Deployment Program and how it is used in Microsoft Store for Business and Education.  |
+ 
+
+
+
+
+
diff --git a/store-for-business/update-windows-store-for-business-account-settings.md b/store-for-business/update-windows-store-for-business-account-settings.md
index f844b5251a..f559f6b1b4 100644
--- a/store-for-business/update-windows-store-for-business-account-settings.md
+++ b/store-for-business/update-windows-store-for-business-account-settings.md
@@ -74,7 +74,7 @@ These countries can provide their VAT number or local equivalent in **Payments &
 |------|----------------|
 | Australia | ABN (optional) |
 | Brazil | CNPJ (required) |
-| India | CST ID, VAT ID (both are optional) |
+| India | GSTIN (optional), PAN ID (required) |
 | New Zealand | GST Registration number (optional) |
 | Taiwan | VAT ID (optional) |
 
diff --git a/store-for-business/windows-store-for-business-overview.md b/store-for-business/windows-store-for-business-overview.md
index 5bc9195325..7dcb8615a4 100644
--- a/store-for-business/windows-store-for-business-overview.md
+++ b/store-for-business/windows-store-for-business-overview.md
@@ -305,7 +305,6 @@ Microsoft Store for Business and Education is currently available in these marke
 
 ### Support for free apps
 Customers in these markets can use Microsoft Store for Business and Education to acquire free apps:
-- India
 - Russia 
 
 ### Support for free apps and Minecraft: Education Edition
@@ -317,6 +316,7 @@ Customers in these markets can use Microsoft Store for Business and Education to
 - Bosnia
 - Brazil
 - Georgia
+- India
 - Kazakhstan
 - Korea
 - Republic of Moldova
diff --git a/windows/access-protection/TOC.md b/windows/access-protection/TOC.md
index d9e141960f..7dbb46c015 100644
--- a/windows/access-protection/TOC.md
+++ b/windows/access-protection/TOC.md
@@ -179,11 +179,4 @@
 ##### [Verify That Network Traffic Is Authenticated](windows-firewall/verify-that-network-traffic-is-authenticated.md)
 
 ## [Windows Hello for Business](hello-for-business/hello-identity-verification.md)
-### [How Windows Hello for Business works](hello-for-business/hello-how-it-works.md)
-### [Manage Windows Hello for Business in your organization](hello-for-business/hello-manage-in-organization.md)
-### [Why a PIN is better than a password](hello-for-business/hello-why-pin-is-better-than-password.md)
-### [Prepare people to use Windows Hello](hello-for-business/hello-prepare-people-to-use.md)
-### [Windows Hello and password changes](hello-for-business/hello-and-password-changes.md)
-### [Windows Hello errors during PIN creation](hello-for-business/hello-errors-during-pin-creation.md)
-### [Event ID 300 - Windows Hello successfully created](hello-for-business/hello-event-300.md)
-### [Windows Hello biometrics in the enterprise](hello-for-business/hello-biometrics-in-enterprise.md)
+
diff --git a/windows/access-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/access-protection/hello-for-business/hello-cert-trust-adfs.md
new file mode 100644
index 0000000000..9b673f825b
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -0,0 +1,513 @@
+---
+title: Prepare and Deploy Windows Server 2016 Active Directory Federation Services (Windows Hello for Business)
+description: How toPrepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+ms.author: daniha
+ms.date: 07/07/2017
+---
+# Prepare and Deploy Windows Server 2016 Active Directory Federation Services
+
+**Applies to**
+-   Windows 10
+
+> This guide only applies to Windows 10, version 1703 or higher.
+
+Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update.  The on-prem certificate trust deployment uses Active Directory Federation Services roles for key registration, device registration, and as a certificate registration authority.
+
+The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts.
+
+If your environment exceeds either of these factors or needs to provide SAML artifact resolution, token replay detection, or needs Active Directory Federation Services to operate in a federated provider role, then your deployment needs to use a SQL for your configuration database. To deploy the Active Directory Federation Services using SQL as its configuration database, please review the [Deploying a Federation Server Farm](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) checklist.
+
+If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update.  If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment.  If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment.
+
+Ensure you apply the Windows Server 2016 Update to all nodes in the farm after you have successfully completed the upgrade. 
+
+A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with an external networking peripherals, or with using the Network Load Balancing Role included in Windows Server.
+
+Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers.  Ensure the update listed below is applied to each server before continuing.    
+
+##  Update Windows Server 2016
+
+Sign-in the federation server with _local admin_ equivalent credentials.
+1.	Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If you’re not using Windows Update for updates, please advise the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed.
+2.	Ensure the latest server updates to the federation server includes [KB4022723](https://support.microsoft.com/en-us/help/4022723).  
+
+>[!IMPORTANT]
+>The above referenced updates are mandatory for Windows Hello for Business all on-premises deployment and hybrid certificate trust deployments for domain joined computers.
+
+## Enroll for a TLS Server Authentication Certificate
+
+Windows Hello for Business on-prem deployments require a federation server for device registration, key registration, and authentication certificate enrollment.  Typically, a federation service is an edge facing role.  However, the federation services and instance used with the on-prem deployment of Windows Hello for Business does not need Internet connectivity.  
+
+The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority.  The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm:
+* Subject Name: The internal FQDN of the federation server (the name of the computer running AD FS)
+* Subject Alternate Name: Your federation service name, such as *fs.corp.contoso.com* (or an appropriate wildcard entry such as *.corp.contoso.com)
+
+You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**.  The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com.
+
+You can; however, issue one certificate for all hosts in the farm.  If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request.  All names should include the FQDN of each host in the farm and the federation service name.  
+
+It’s recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm. 
+
+Be sure to enroll or import the certificate into the AD FS server’s computer certificate store.  Also, ensure all nodes in the farm have the proper TLS server authentication certificate.
+
+### Internal Server Authentication Certificate Enrollment
+
+Sign-in the federation server with domain admin equivalent credentials.
+1. Start the Local Computer **Certificate Manager** (certlm.msc).
+2. Expand the **Personal** node in the navigation pane.
+3. Right-click **Personal**. Select **All Tasks** and **Request New Certificate**.
+4. Click **Next** on the **Before You Begin** page.
+5. Click **Next** on the **Select Certificate Enrollment Policy** page.
+6. On the **Request Certificates** page, Select the **Internal Web Server** check box.
+7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link   
+    ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link](images/hello-internal-web-server-cert.png)
+8. Under **Subject name**, select **Common Name** from the **Type** list.  Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**.  Under **Alternative name**, select **DNS** from the **Type** list.  Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role.  Click **Add**. Click **OK** when finished.
+9. Click **Enroll**.
+
+A server authentication certificate should appear in the computer’s Personal certificate store.
+
+## Deploy the Active Directory Federation Service Role
+
+The Active Directory Federation Service (AD FS) role provides the following services to support Windows Hello for Business on-premises deployments.
+* Device registration
+* Key registration 
+* Certificate registration authority (certificate trust deployments)
+
+>[!IMPORTANT]
+> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm.  Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. 
+
+Windows Hello for Business depends on proper device registration.  For on-premises deployments, Windows Server 2016 AD FS handles device registration.
+
+Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
+1.	Start **Server Manager**.  Click **Local Server** in the navigation pane.
+2.	Click **Manage** and then click **Add Roles and Features**.
+3.	Click **Next** on the **Before you begin** page.
+4.	On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**.
+5.	On the **Select destination server** page, choose **Select a server from the server pool**.  Select the federation server from the **Server Pool** list.  Click **Next**.
+6.	On the **Select server roles** page, select **Active Directory Federation Services**.  Click **Next**.
+7.	Click **Next** on the **Select features** page.
+8.	Click **Next** on the **Active Directory Federation Service** page.
+9.	Click **Install** to start the role installation.
+
+## Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+* Confirm the AD FS farm uses the correct database configuration.
+* Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load.
+* Confirm **all** AD FS servers in the farm have the latest updates.
+* Confirm all AD FS servers have a valid server authentication certificate    
+    * The subject of the certificate is the common name (FQDN) of the host or a wildcard name.
+    * The alternate name of the certificate contains a wildcard or the FQDN of the federation service
+
+## Device Registration Service Account Prerequisite
+
+The service account used for the device registration server depends on the domain controllers in the environment.  
+
+>[!NOTE]
+>Follow the procedures below based on the domain controllers deployed in your environment.  If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+
+### Windows Server 2012 or later Domain Controllers
+
+Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them.  Group Managed Service Accounts, or GMSA have security advantages over normal user accounts because Windows handles password management.  This means the password is long, complex, and changes periodically.  The best part of GMSA is all this happens automatically.  AD FS supports GMSA and should be configured using them for additional defense in depth security.
+
+GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers.  Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA.  Before you can create a GSMA, you must first create a root key for the service.  You can skip this if your environment already uses GSMA.
+
+#### Create KDS Root Key
+
+Sign-in a domain controller with _Enterprise Admin_ equivalent credentials.
+1. Start an elevated Windows PowerShell console.
+2. Type `Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)`
+
+### Windows Server 2008 or 2008 R2 Domain Controllers
+
+Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts.  Therefore, you must use create a normal user account as a service account where you are responsible for changing the password on a regular basis.
+
+#### Create an AD FS Service Account
+
+Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
+1.	Open **Active Directory Users and Computers**.
+2.	Right-click the **Users** container, Click **New**. Click **User**.
+3.	In the **New Object – User** window, type **adfssvc** in the **Full name** text box.  Type **adfssvc** in the **User logon name** text box.  Click **Next**.
+4.	Enter and confirm a password for the **adfssvc** user. Clear the **User must change password at next logon** checkbox.
+5.	Click **Next** and then click **Finish**.
+
+## Configure the Active Directory Federation Service Role
+
+>[!IMPORTANT]
+>Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+
+### Windows Server 2012 or later Domain Controllers
+
+Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**.  If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008R2-domain-controllers) section.
+
+Sign-in the federation server with _Domain Admin_ equivalent credentials. These procedures assume you are configuring the first federation server in a federation server farm.
+1. Start **Server Manager**.
+2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**.   
+   ![Example of pop-up notification as described above](images/hello-adfs-configure-2012r2.png)
+
+3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**.
+4. Click **Next** on the **Connect to Active Directory Domain Services** page.
+5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list.  The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*.
+6. Select the federation service name from the **Federation Service Name** list.
+7. Type the Federation Service Display Name in the text box.  This is the name users see when signing in.  Click **Next**.
+8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**.  In the **Account Name** box, type **adfssvc**.
+9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**.
+10. On the **Review Options** page, click **Next**.
+11.	On the **Pre-requisite Checks** page, click **Configure**.
+12.	When the process completes, click **Close**.
+
+### Windows Server 2008 or 2008 R2 Domain Controllers
+
+Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**.  If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section.
+
+Sign-in the federation server with _Domain Admin_ equivalent credentials.  These instructions assume you are configuring the first federation server in a federation server farm.
+1. Start **Server Manager**.
+2. Click the notification flag in the upper right corner.  Click **Configure federation services on this server**.   
+    ![Example of pop-up notification as described above](images/hello-adfs-configure-2012r2.png)
+
+3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**.
+4. Click **Next** on the **Connect to Active Directory Domain Services** page.
+5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as fs.corp.mstepdemo.net or fs.mstepdemo.net.
+6. Select the federation service name from the **Federation Service Name** list.
+7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**.
+8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**.   
+    * In the **Select User or Service Account** dialog box, type the name of the previously created AD FS service account (example adfssvc) and click **OK**. Type the password for the AD FS service account and click **Next**.
+9.	On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**.
+10.	On the **Review Options** page, click **Next**.
+11.	On the **Pre-requisite Checks** page, click **Configure**.
+12.	When the process completes, click **Close**.
+13.	Do not restart the AD FS server. You will do this later.
+
+
+### Add the AD FS Service account to the KeyCredential Admin group and the Windows Hello for Business Users group
+
+The KeyCredential Admins global group provides the AD FS service with the permissions needed to perform key registration.  The Windows Hello for Business group provides the AD FS service with the permissions needed to enroll a Windows Hello for Business authentication certificate on behalf of the provisioning user.
+
+Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
+1. Open **Active Directory Users and Computers**.
+2. Click the **Users** container in the navigation pane.
+3. Right-click **KeyCredential Admins** in the details pane and click **Properties**.
+4. Click the **Members** tab and click **Add…**
+5. In the **Enter the object names to select** text box, type **adfssvc**.  Click **OK**.
+6. Click **OK** to return to **Active Directory Users and Computers**.
+7. Right-click **Windows Hello for Business Users** group
+8. Click the **Members** tab and click **Add…**
+9. In the **Enter the object names to select** text box, type **adfssvc**.  Click **OK**.
+10.	Click **OK** to return to **Active Directory Users and Computers**.
+11.	Change to server hosting the AD FS role and restart it.
+
+### Configure Permissions for Key Registration
+
+Key Registration stores the Windows Hello for Business public key in Active Directory.  In on-prem deployments, the Windows Server 2016 AD FS server registers the public key with the on-premises Active Directory.
+
+The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually. 
+
+Sign-in a domain controller or management workstations with _Domain Admin_ equivalent credentials.
+1. Open **Active Directory Users and Computers**.
+2. Right-click your domain name from the navigation pane and click **Properties**.
+3. Click **Security** (if the Security tab is missing, turn on Advanced Features from the View menu).
+4. Click **Advanced**. Click **Add**. Click **Select a principal**.
+5. The **Select User, Computer, Service Account, or Group** dialog box appears. In the **Enter the object name to select** text box, type **KeyCredential Admins**.  Click **OK**.
+6. In the **Applies to** list box, select **Descendant User objects**.
+7. Using the scroll bar, scroll to the bottom of the page and click **Clear all**.
+8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCrendentialLink**.
+9. Click **OK** three times to complete the task. 
+
+## Configure the Device Registration Service
+
+Sign-in the federation server with _Enterprise Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm.
+1. Open the **AD FS management** console.
+2. In the navigation pane, expand **Service**. Click **Device Registration**.
+3. In the details pane, click **Configure Device Registration**.
+4. In the **Configure Device Registration** dialog, click **OK**.
+
+## Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+* Confirm you followed the correct procedures based on the domain controllers used in your deployment   
+    * Windows Server 2012 or Windows Server 2012 R2
+    * Windows Server 2008 or Windows Server 2008 R2
+* Confirm you have the correct service account based on your domain controller version.
+* Confirm you properly installed the AD FS role on your Windows Server 2016 based on the proper sizing of your federation, the number of relying parties, and database needs.
+* Confirm you used a certificate with the correct names as the server authentication certificate
+    * Record the expiration date of the certificate and set a renewal reminder at least six weeks before it expires that includes the:
+        * Certificate serial number
+        * Certificate thumbprint
+        * Common name of the certificate
+        * Subject alternate name of the certificate
+        * Name of the physical host server
+        * The issued date
+        * The expiration date
+        * Issuing CA Vendor (if a third-party certificate) 
+* Confirm you granted the AD FS service allow read and write permissions to the ms-DSKeyCredentialLink Active Directory attribute.
+* Confirm you enabled the Device Registration service.
+
+## Prepare and Deploy AD FS Registration Authority
+
+A registration authority is a trusted authority that validates certificate request.  Once it validates the request, it presents the request to the certificate authority for issuance.  The certificate authority issues the certificate, returns it to the registration authority, which returns the certificate to the requesting user.  The Windows Hello for Business on-prem certificate-based deployment uses the Active Directory Federation Server (AD FS) as the certificate registration authority.
+
+### Configure Registration Authority template
+
+The certificate registration authority enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate. The certificate authority only issues a certificate for that template if the registration authority signs the certificate request.
+
+The registration authority template you configure depends on the AD FS service configuration, which depends on the domain controllers the environment uses for authentication.
+
+>[!IMPORTANT]
+>Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+
+#### Windows 2012 or later domain controllers
+
+Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
+1. Open the **Certificate Authority Management** console.
+2. Right-click **Certificate Templates** and click **Manage**.
+3. In the **Certificate Template Console**, right click on the **Exchange Enrollment Agent (Offline request)** template details pane and click **Duplicate Template**.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.
+6. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.   
+    **Note:** The preceding step is very important.  Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate.  You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
+
+7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.
+8. On the **Security** tab, click **Add**. 
+9. Click **Object Types**.  Select the **Service Accounts** check box and click **OK**. 
+10.	Type **adfssvc** in the **Enter the object names to select** text box and click **OK**.
+11.	Click the **adfssvc** from the **Group or users names** list. In the **Permissions for adfssvc** section, In the **Permissions for adfssvc** section, select the **Allow** check box for the **Enroll** permission. Excluding the **adfssvc** user, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**. 
+12.	Close the console.
+
+#### Windows 2008 or 2008R2 domain controllers
+
+Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
+1. Open the **Certificate Authority** management console.
+2. Right-click **Certificate Templates** and click **Manage**.
+3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent** template in the details pane and click **Duplicate Template**.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.
+6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected.  Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
+7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.
+8. On the **Security** tab, click **Add**. Type **adfssvc** in the **Enter the object names to select text box** and click **OK**.
+9. Click the **adfssvc** from the **Group or users names** list. In the **Permissions for adfssvc** section, select the **Allow** check box for the **Enroll** permission. Excluding the **adfssvc** user, clear the **Allow** check boxes for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**. 
+10.	Close the console.
+
+### Configure the Windows Hello for Business Authentication Certificate template
+
+During Windows Hello for Business provisioning, the Windows 10, version 1703 client requests an authentication certificate from the Active Directory Federation Service, which requests the authentication certificate on behalf of the user.  This task configures the Windows Hello for Business authentication certificate template.  You use the name of the certificate template when configuring.
+
+Sign-in a certificate authority or management workstations with _Domain Admin equivalent_ credentials.
+1. Open the **Certificate Authority** management console.
+2. Right-click **Certificate Templates** and click **Manage**.
+3. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+5. On the **General** tab, type **WHFB Authentication** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.   
+    **Note:** If you use different template names, you’ll need to remember and substitute these names in different portions of the deployment.
+6. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  
+7. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**.
+8. On the **Issuance Requirements** tab, select the T**his number of authorized signatures** check box.  Type **1** in the text box.   
+    * Select **Application policy** from the **Policy type required in signature**.	Select **Certificate Request Agent** from in the **Application policy** list. Select the **Valid existing certificate** option.
+9. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
+10.	On the **Request Handling** tab, select the **Renew with same key** check box.
+11.	On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**.
+12.	Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Enroll** permission. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**. 
+13.	If you previously issued Windows Hello for Business sign-in certificates using Configuration Manger and are switching to an AD FS registration authority, then on the **Superseded Templates** tab, add the previously used **Windows Hello for Business Authentication** template(s), so they will be superseded by this template for the users that have Enroll permission for this template.
+14.	Click on the **Apply** to save changes and close the console.
+
+#### Mark the template as the Windows Hello Sign-in template 
+
+Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equivalent credentials.
+1. Open an elevated command prompt.
+2. Run `certutil –dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
+
+>[!NOTE]
+>If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It’s important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
+
+### Publish Enrollment Agent and Windows Hello For Business Authentication templates to the Certificate Authority
+
+Sign-in a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
+1. Open the **Certificate Authority** management console.
+2. Expand the parent node from the navigation pane.
+3. Click **Certificate Templates** in the navigation pane.
+4. Right-click the **Certificate Templates** node.  Click **New**, and click **Certificate Template to issue**.
+5. In the **Enable Certificates Templates** window, select the **WHFB Enrollment Agent** template you created in the previous steps.  Click **OK** to publish the selected certificate templates to the certificate authority.
+6. Publish the **WHFB Authentication** certificate template using step 5. 
+7. Close the console.
+
+### Configure the Registration Authority
+
+Sign-in the AD FS server with Domain Admin equivalent credentials. 
+
+1.	Open a **Windows PowerShell** prompt.
+2.	Type the following command   
+  
+    ```PowerShell
+    Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplate WHFBEnrollmentAgent -WindowsHelloCertificateTemplate WHFBAuthentication
+    ```
+
+
+The `Set-AdfsCertificateAuthority` cmdlet may show the following warning:
+>WARNING: PS0343: Issuing Windows Hello certificates requires enabling a permitted strong authentication provider, but no usable providers are currently configured.  These authentication providers are not supported for Windows Hello certificates: CertificateAuthentication,MicrosoftPassportAuthentication. Windows Hello certificates will not be issued until a permitted strong authentication provider is configured.
+
+This warning indicates that you have not configured multi-factor authentication in AD FS and until it is configured, the AD FS server will not issue Windows Hello certificates.  Windows 10, version 1703 clients check this configuration during prerequisite checks.  If detected, the prerequisite check will not succeed and the user will not provision Windows Hello for Business on sign-in.
+
+>[!NOTE]
+> If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates.  It’s important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
+
+### Enrollment Agent Certificate Enrollment
+
+Active Directory Federation Server used for Windows Hello for Business certificate enrollment perform their own certificate lifecycle management.  Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts.
+
+Approximately 60 days prior to enrollment agent certificate’s expiration, the AD FS service attempts to renew the certificate until it is successful.  If the certificate fails to renew, and the certificate expires, the AD FS server will request a new enrollment agent certificate.  You can view the AD FS event logs to determine the status of the enrollment agent certificate.
+
+## Additional Federation Servers
+
+Organizations should deploy more than one federation server in their federation farm for high-availability.  You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more.  This largely depends on the number of devices and users using the services provided by the AD FS farm. 
+
+### Server Authentication Certificate
+
+Each server you add to the AD FS farm must have a proper server authentication certificate.  Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate.  As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities.
+
+### Install Additional Servers
+
+Adding federation servers to the existing AD FS farm begins with ensuring the server are fully patched, to include Windows Server 2016 Update needed to support Windows Hello for Business deployments (https://aka.ms/whfbadfs1703). Next, install the Active Directory Federation Service role on the additional servers and then configure the server as an additional server in an existing farm. 
+
+## Load Balance AD FS Federation Servers
+
+Many environments load balance using hardware devices.  Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm.  Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced.
+
+### Install Network Load Balancing Feature on AD FS Servers
+
+Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
+1. Start **Server Manager**.  Click **Local Server** in the navigation pane.
+2. Click **Manage** and then click **Add Roles and Features**.
+3. Click **Next** On the **Before you begin** page.
+4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**.
+5. On the **Select destination server** page, chosoe **Select a server from the server pool**.  Select the federation server from the **Server Pool** list.  Click **Next**.
+6. On the **Select server roles** page, click **Next**.
+7. Select **Network Load Balancing** on the **Select features** page.
+8. Click **Install** to start the feature installation   
+    ![Feature selection screen with NLB selected](images/hello-nlb-feature-install.png)
+
+### Configure Network Load Balancing for AD FS
+
+Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster.  Once you have created the cluster, then you can add new nodes to that cluster.
+
+Sign-in a node of the federation farm with _Admin_ equivalent credentials.
+1. Open **Network Load Balancing Manager** from **Administrative Tools**.   
+    ![NLB Manager user interface](images/hello-nlb-manager.png)
+2. Right-click **Network Load Balancing Clusters**, and then click **New Cluster**.
+3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**.   
+    ![NLB Manager - Connect to new Cluster screen](images/hello-nlb-connect.png)
+4. Select the interface that you want to use with the cluster, and then click **Next**. (The interface hosts the virtual IP address and receives the client traffic to load balance.)
+5. In **Host Parameters**, select a value in **Priority (Unique host identifier)**. This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. Click **Next**.
+6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**.   
+    ![NLB Manager - Add IP to New Cluster screen](images/hello-nlb-add-ip.png)
+7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster.   
+    ![NLB Manager - Cluster IP Configuration screen](images/hello-nlb-cluster-ip-config.png)
+8. In **Cluster operation mode**, click **Unicast** to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. We recommend that you accept the unicast default settings. Click **Next**.
+9. In Port Rules, click Edit to modify the default port rules to use port 443.   
+    ![NLB Manager - Add\Edit Port Rule screen](images/hello-nlb-cluster-port-rule.png)
+
+### Additional AD FS Servers
+
+1. To add more hosts to the cluster, right-click the new cluster, and then click **Add Host to Cluster**.
+2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same.   
+    ![NLB Manager - Cluster with nodes](images/hello-nlb-cluster.png)
+
+## Configure DNS for Device Registration
+
+Sign-in the domain controller or administrative workstation with Domain Admin equivalent credentials.  You’ll need the Federation service name to complete this task.  You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server.
+1. Open the **DNS Management** console.
+2. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**.
+3. In the navigation pane, select the node that has the name of your internal Active Directory domain name.
+4. In the navigation pane, right-click the domain name node and click **New Host (A or AAAA)**.
+5. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Click **Add Host**. 
+6. Close the DNS Management console 
+
+## Configure the Intranet Zone to include the federation service
+
+The Windows Hello provisioning presents web pages from the federation service.  Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication.  Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. 
+
+### Create an Intranet Zone Group Policy
+
+Sign-in the domain controller or administrative workstation with _Domain Admin_ equivalent credentials
+1. Start the **Group Policy Management Console** (gpmc.msc)
+2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+3. Right-click **Group Policy object** and select **New**
+4. Type **Intranet Zone Settings** in the name box and click **OK**.
+5. In the content pane, right-click the **Intranet Zone Settings** Group Policy object and click **Edit**.
+6. In the navigation pane, expand **Policies** under **Computer Configuration**.
+7. Expand **Administrative Templates > Windows Component > Internet Explorer > Internet Control Panel**, and select **Security Page**.
+8. In the content pane, double-click **Site to Zone Assignment List**. Click **Enable**.
+9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**.  Click OK twice, then close the Group Policy Management Editor.
+
+### Deploy the Intranet Zone Group Policy object
+
+1.	Start the **Group Policy Management Console** (gpmc.msc)
+2.	In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO…**
+3.	In the **Select GPO** dialog box, select **Intranet Zone Settings** or the name of the Windows Hello for Business Group Policy object you previously created and click **OK**.
+
+## Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+* Confirm you configured the correct enrollment agent certificate template based on the type of AD FS service account.
+* Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template.
+* Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance. 
+* Confirm you properly configured the Windows Hello for Business authentication certificate template—to include:   
+    * Issuance requirements of an authorized signature from a certificate request agent.
+    * The certificate template was properly marked as a Windows Hello for Business certificate template using certutil.exe
+    * The Windows Hello for Business Users group, or equivalent has the allow enroll and allow auto enroll permissions
+* Confirm all certificate templates were properly published to the appropriate issuing certificate authorities.
+* Confirm the AD FS service account has the allow enroll permission for the Windows Hello Business authentication certificate template.
+* Confirm the AD FS certificate registration authority is properly configured using the `Get-AdfsCertificateAuthority` Windows PowerShell cmdlet.
+* Confirm you restarted the AD FS service.
+* Confirm you properly configured load-balancing (hardware or software).
+* Confirm you created a DNS A Record for the federation service and the IP address used is the load-balanced IP address
+* Confirm you created and deployed the Intranet Zone settings to prevent double authentication to the federation server.
+
+## Validating your work
+
+You need to verify the AD FS service has properly enrolled for an enrollment agent certificate template.  You can verify this is a variety ways, depending on if your service account is a normal user account or if the service account is a group managed service account.
+
+### Event Logs
+
+Use the event logs on the AD FS service to confirm the service account enrolled for an enrollment agent certificate.  First, look for the AD FS event ID 443 that confirms certificate enrollment cycle has finished.  Once confirmed the AD FS certificate enrollment cycle completed review the CertificateLifecycle-User event log.  In this event log, look for event ID 1006, which indicates a new certificate was installed.  Details of the event log should show
+
+* The account name under which the certificate was enrolled.
+* The action, which should read enroll.
+* The thumbprint of the certificate
+* The certificate template used to issue the certificate.
+
+### Normal Service Account
+
+When using a normal service account, use the Microsoft Management Console (mmc.exe) and load the Certificate Manager snap-in for the service account and verify.
+
+### Group Managed Service Account
+
+You cannot use the Certificate Manager to view enrolled certificates for group managed service accounts.  Use the event log information to confirm the AD FS service account enrolled a certificate.  Use certutil.exe to view the details of the certificate now shown in the event log.
+
+Group managed service accounts use user profiles to store user information, which included enrolled certificates.  On the AD FS server, use a command prompt and navigate to `%systemdrive%\users\<adfsGMSA_name>\appdata\roaming\Microsoft\systemcertificates\my\certificates` .
+
+Each file in this folder represents a certificate in the service account’s Personal store (You may need to use DIR /A to view the files in the folder).  Match the thumbprint of the certificate from the event log to one of the files in this folder.  That file is the certificate.  Use the `Certutil -q <certificateThumbprintFileName>` to view the basic information about the certificate.
+
+For detailed information about the certificate, use `Certutil -q -v <certificateThumbprintFileName>` .
+
+
+## Follow the Windows Hello for Business on premises certificate trust deployment guide
+1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
+2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
+3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*)
+4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
+5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/access-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/access-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
new file mode 100644
index 0000000000..6949f44b67
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
@@ -0,0 +1,543 @@
+---
+title: Configure or Deploy Multifactor Authentication Services (Windows Hello for Business)
+description: How to Configure or Deploy Multifactor Authentication Services for Windows Hello for Business
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+ms.author: daniha
+ms.date: 07/07/2017
+---
+# Configure or Deploy Multifactor Authentication Services
+
+**Applies to**
+-   Windows 10
+
+> This guide only applies to Windows 10, version 1703 or higher.
+
+On-premises deployments must use the On-premises Azure MFA Server using the AD FS adapter model  Optionally, you can use a third-party MFA server that provides an AD FS Multifactor authentication adapter.  
+
+>[!TIP]
+>Please make sure you've read [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) before proceeding any further.
+
+## Prerequisites
+
+The Azure MFA Server and User Portal servers have several perquisites and must have connectivity to the Internet.
+
+### Primary MFA Server
+
+The Azure MFA server uses a primary and secondary replication model for its configuration database.  The primary Azure MFA server hosts the writeable partition of the configuration database.  All secondary Azure MFA servers hosts read-only partitions of the configuration database.  All production environment should deploy a minimum of two MFA Servers.  
+
+For this documentation, the primary MFA uses the name **mf*a*** or **mfa.corp.contoso.com**.  All secondary servers use the name **mfa*n*** or **mfa*n*.corp.contoso.com**, where *n* is the number of the deployed MFA server.
+
+The primary MFA server is also responsible for synchronizing from Active Directory.  Therefore, the primary MFA server should be domain joined and fully patched. 
+
+#### Enroll for Server Authentication
+
+The communication between the primary MFA server, secondary MFA servers, User Portal servers, and the client is protected using TLS, which needs a server authentication certificate. 
+
+Sign-in the primary MFA server with _domain admin_ equivalent credentials.
+1.	Start the Local Computer **Certificate Manager** (certlm.msc).
+2.	Expand the **Personal** node in the navigation pane.
+3.	Right-click **Personal**. Select **All Tasks** and **Request New Certificate**.
+4.	Click **Next** on the **Before You Begin** page.
+5.	Click **Next** on the **Select Certificate Enrollment Policy** page.
+6.	On the **Request Certificates** page, Select the **Internal Web Server** check box.
+7.	Click the **More information is required to enroll for this certificate. Click here to configure settings** link.
+8.	Under **Subject name**, select **Common Name** from the **Type** list.  Type the FQDN of the primary MFA server and then click **Add** (mfa.corp.contoso.com).    Click **Add**. Click **OK** when finished.
+9.	Click **Enroll**.
+
+A server authentication certificate should appear in the computer’s Personal certificate store.
+
+#### Install the Web Server Role
+
+The Azure MFA server does not require the Web Server role, however, User Portal and the optional Mobile App server communicate with the MFA server database using the MFA Web Services SDK.  The MFA Web Services SDK uses the Web Server role.
+
+To install the Web Server (IIS) role, please follow [Installing IIS 7 on Windows Server 2008 or Windows Server 2008 R2](https://docs.microsoft.com/iis/install/installing-iis-7/installing-iis-7-and-above-on-windows-server-2008-or-windows-server-2008-r2) or [Installing IIS 8.5 on Windows Server 2012 R2](https://docs.microsoft.com/iis/install/installing-iis-85/installing-iis-85-on-windows-server-2012-r2) depending on the host Operating System you're going to use.
+
+The following services are required:
+* Common Parameters > Default Document.
+* Common Parameters > Directory Browsing.
+* Common Parameters > HTTP Errors.
+* Common Parameters > Static Content.
+* Health and Diagnostics > HTTP Logging.
+* Performance > Static Content Compression.
+* Security > Request Filtering.
+* Security > Basic Authentication.
+* Management Tools > IIS Management Console.
+* Management Tools > IIS 6 Management Compatibility.
+* Application Development > ASP.NET 4.5. 
+
+#### Update the Server
+
+Update the server using Windows Update until the server has no required or optional updates as the Azure MFA Server software may require one or more of these updates for the installation and software to correctly work.  These procedures install additional components that may need to be updated.
+
+#### Configure the IIS Server’s Certificate
+
+The TLS protocol protects all the communication to and from the MFA server. To enable this protection, you must configure the default web site to use the previously enrolled server authentication certificate.
+
+Sign in the primary MFA server with _administrator_ equivalent credentials.
+1.	From **Administrators**, Start the **Internet Information Services (IIS) Manager** console
+2.	In the navigation pane, expand the node with the same name as the local computer.  Expand **Settings** and select **Default Web Site**.
+3.	In the **Actions** pane, click **Bindings**.
+4.	In the **Site Bindings** dialog, Click **Add**.
+5.	In the **Add Site Binding** dialog, select **https** from the **Type** list.  In the **SSL certificate** list, select the certificate with the name that matches the FQDN of the computer.
+6.	Click **OK**.  Click **Close**.  From the **Action** pane, click **Restart**.
+
+#### Configure the Web Service’s Security
+
+The Azure MFA Server service runs in the security context of the Local System. The MFA User Portal gets its user and configuration information from the Azure MFA server using the MFA Web Services.  Access control to the information is gated by membership to the Phonefactor Admins security group.  You need to configure the Web Service’s security to ensure the User Portal and the Mobile App servers can securely communicate to the Azure MFA Server.  Also, all User Portal server administrators must be included in the Phonefactor Admins security group.
+
+Sign in the domain controller with _domain administrator_ equivalent credentials.
+
+##### Create Phonefactor Admin group 
+
+1. Open **Active Directory Users and Computers**
+2. In the navigation pane, expand the node with the organization’s Active Directory domain name.  Right-click the **Users** container, select **New**, and select **Group**.
+3. In the **New Object – Group** dialog box, type **Phonefactor Admins** in Group name. 
+4. Click **OK**.
+
+##### Add accounts to the Phonefactor Admins group
+
+1. Open **Active Directory Users and Computers**.
+2. In the navigation pane, expand the node with the organization’s Active Directory domain name.  Select Users. In the content pane. Right-click the **Phonefactors Admin** security group and select **Properties**.
+3. Click the **Members** tab.
+4. Click **Add**. Click **Object Types..** In the **Object Types** dialog box, select **Computers** and click **OK**. Enter the following user and/or computers accounts in the **Enter the object names to select** box and then click **OK**.   
+    * The computer account for the primary MFA Server
+    * Group or user account that will manage the User Portal server.
+
+
+#### Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+
+* Confirm the hosts of the MFA service has enrolled a server authentication certificate with the proper names.   
+    * Record the expiration date of the certificate and set a renewal reminder at least six weeks before it expires that includes the:   
+        * Certificate serial number
+        * Certificate thumbprint
+        * Common name of the certificate
+        * Subject alternate name of the certificate
+        * Name of the physical host server
+        * The issued date
+        * The expiration date
+        * Issuing CA Vendor (if a third-party certificate)
+
+* Confirm the Web Services Role was installed with the correct configuration (including Basic Authentication, ASP.NET 4.5, etc).
+* Confirm the host has all the available updates from Windows Update.
+* Confirm you bound the server authentication certificate to the IIS web site.
+* Confirm you created the Phonefactor Admins group.
+* Confirm you added the computer account hosting the MFA service to the Phonefactor Admins group and any user account who are responsible for administrating the MFA server or User Portal.
+
+### User Portal Server
+
+The User Portal is an IIS Internet Information Server web site that allows users to enroll in Multi-Factor Authentication and maintain their accounts.  A user may change their phone number, change their PIN, or bypass Multi-Factor Authentication during their next sign on.  Users will log in to the User Portal using their normal username and password and will either complete a Multi-Factor Authentication call or answer security questions to complete their authentication.  If user enrollment is allowed, a user will configure their phone number and PIN the first time they log in to the User Portal.  User Portal Administrators may be set up and granted permission to add new users and update existing users.
+
+The User Portal web site uses the user database that is synchronized across the MFA Servers, which enables a design to support multiple web servers for the User Portal and those servers can support internal and external customers.  While the user portal web site can be installed directly on the MFA server, it is recommended to install the User Portal on a server separate from the MFA Server to protect the MFA user database, as a layered, defense-in-depth security design.
+
+#### Enroll for Server Authentication
+
+Internal and external users use the User Portal to manage their multifactor authentication settings. To protect this communication, you need to enroll all User Portal servers with a server authentication certificate.  You can use an enterprise certificate to protect communication to internal User Portal servers.
+
+For external User Portal servers, it is typical to request a server authentication certificate from a public certificate authority.  Contact a public certificate authority for more information on requesting a certificate for public use.  Follow the procedures below to enroll an enterprise certificate on your User Portal server.
+
+Sign-in the User Portal server with _domain admin_ equivalent credentials.
+1.	Start the Local Computer **Certificate Manager** (certlm.msc).
+2.	Expand the **Personal** node in the navigation pane.
+3.	Right-click **Personal**. Select **All Tasks** and **Request New Certificate**.
+4.	Click **Next** on the **Before You Begin** page.
+5.	Click **Next** on the **Select Certificate Enrollment Policy** page.
+6.	On the **Request Certificates** page, Select the **Internal Web Server** check box.
+7.	Click the **More information is required to enroll for this certificate. Click here to configure settings** link.
+8.	Under **Subject name**, select **Common Name** from the **Type** list.  Type the FQDN of the primary MFA server and then click **Add** (app1.corp.contoso.com).
+9.	Under **Alternative name**, select **DNS** from the **Type** list.  Type the FQDN of the name you will use for your User Portal service (mfaweb.corp.contoso.com).
+10.	Click **Add**. Click **OK** when finished.
+11.	Click **Enroll**.
+
+A server authentication certificate should appear in the computer’s Personal certificate store.
+
+#### Install the Web Server Role
+
+To do this, please follow the instructions mentioned in the previous [Install the Web Server Role](#install-the-web-server-role) section.  However, do **not** install Security > Basic Authentication.  The user portal server does not requiret this. 
+
+#### Update the Server
+
+Update the server using Windows Update until the server has no required or optional updates as the Azure MFA Server software may require one or more of these updates for the installation and software to correctly work.  These procedures install additional components that may need to be updated.
+
+#### Configure the IIS Server’s Certificate
+
+To do this, please follow the instructions mentioned in the previous [Configure the IIS Server’s Certificate](#configure-the-iis-server’s-certificate) section.
+
+#### Create WebServices SDK user account
+
+The User Portal and Mobile App web services need to communicate with the configuration database hosted on the primary MFA server. These services use a user account to communicate to authenticate to the primary MFA server.  You can think of the WebServices SDK account as a service account used by other servers to access the WebServices SDK on the primary MFA server.   
+
+1. Open **Active Directory Users and Computers**.
+2. In the navigation pane, expand the node with the organization’s Active Directory domain name.  Right-click the **Users** container, select **New**, and select **User**.
+3. In the **New Object – User** dialog box, type **PFWSDK_<computerName>** in the **First name** and **User logon name** boxes, where *<computer>* is the name of the primary MFA server running the Web Services SDK.  Click **Next**.
+4. Type a strong password and confirm it in the respective boxes.  Clear **User must change password at next logon**. Click **Next**.  Click **Finish** to create the user account.
+
+#### Add the MFA SDK user account to the Phonefactor Admins group
+
+Adding the WebServices SDK user account to the Phonefactor Admins group provides the user account with the proper authorization needed to access the configuration data on the primary MFA server using the WebServices SDK.
+
+1. Open **Active Directory Users and Computers**.
+2. In the navigation pane, expand the node with the organization’s Active Directory domain name.  Select **Users**. In the content pane. Right-click the **Phonefactors Admin** security group and select Properties.
+3. Click the Members tab.
+4. Click **Add**. Click **Object Types..** Type the PFWSDK_<computerName> user name in the **Enter the object names to select** box and then click **OK**.   
+    * The computer account for the primary MFA Server
+    * The Webservices SDK user account
+    *  Group or user account that will manage the User Portal server.
+
+
+#### Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+
+* Confirm the hosts of the user portal are properly configure for load balancing and high-availability.
+* Confirm the hosts of the user portal have enrolled a server authentication certificate with the proper names.   
+    * Record the expiration date of the certificate and set a renewal reminder at least six weeks before it expires that includes the:   
+        * Certificate serial number
+        * Certificate thumbprint
+        * Common name of the certificate
+        * Subject alternate name of the certificate
+        * Name of the physical host server
+        * The issued date
+        * The expiration date
+        * Issuing CA Vendor (if a third-party certificate)
+
+* Confirm the Web Server Role was properly configured on all servers.
+* Confirm all the hosts have the latest updates from Windows Update.
+* Confirm you created the web service SDK domain account and the account is a member of the Phonefactor Admins group. 
+
+## Installing Primary Azure MFA Server
+
+When you install Azure Multi-Factor Authentication Server, you have the following options: 
+1. Install Azure Multi-Factor Authentication Server locally on the same server as AD FS
+2. Install the Azure Multi-Factor Authentication adapter locally on the AD FS server, and then install Multi-Factor Authentication Server on a different computer (preferred deployment for production environments)
+
+See [Configure Azure Multi-Factor Authentication Server to work with AD FS in Windows Server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-adfs-w2k12) to view detailed installation and configuration options.
+
+Sign-in the federation server with _Domain Admin_ equivalent credentials and follow [To install and configure the Azure Multi-Factor Authentication server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#to-install-and-configure-the-azure-multi-factor-authentication-server) for an express setup with the configuration wizard. You can re-run the authentication wizard by selecting it from the Tools menu on the server.
+
+>[!IMPORTANT]
+>Only follow the above mention article to install Azure MFA Server. Once it is intstalled, continue configuration using this article.
+
+### Configuring Company Settings
+
+You need to configure the MFA server with the default settings it applies to each user account when it is imported or synchronized from Active Directory.
+
+Sign-in the primary MFA server with MFA _administrator_ equivalent credentials.
+1. Start the **Multi-Factor Server** application
+2. Click **Company Settings**.
+3. On the **General** Tab, select **Fail Authentication** from the **When internet is not accessible** list.
+4. In **User defaults**, select **Phone Call** or **Text Message**   
+    **Note:** You can use mobile app; however, the configuration is beyond the scope of this document. Read [Getting started the MFA Server Mobile App Web Service](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server-webservice) to configure and use mobile app multi-factor authentication or the Install User Portal topic in the Multi-Factor Server help.
+5. Select **Enable Global Services** if you want to allow Multi-Factor Authentications to be made to telephone numbers in rate zones that have an associated charge.
+6. Clear the **User can change phone** check box to prevent users from changing their phone during the Multi-Factor Authentication call or in the User Portal.  A consistent configuration is for users to change their phone numbers in Active Directory and let those changes synchronize to the multi-factor server using the Synchronization features in Directory Integration.
+7. Select **Fail Authentication** from the **When user is disabled** list.  Users should provision their account through the user portal.
+8. Select the appropriate language from the **Phone call language**, **Text message language**, **Mobile app language**, and **OATH token language** lists.
+9. Under default PIN rules, Select the User can change PIN checkbox to enable users to change their PIN during multi-factor authentication and through the user portal.
+10. Configure the minimum length for the PIN.
+11.	Select the **Prevent weak PINs** check box to reject weak PINs. A weak PIN is any PIN that could be easily guessed by a hacker: 3 sequential digits, 3 repeating digits, or any 4 digit subset of user phone number are not allowed. If you clear this box, then there are no restrictions on PIN format. For example: User tries to reset PIN to 1235 and is rejected because it's a weak PIN. User will be prompted to enter a valid PIN.
+12.	Select the **Expiration days** check box if you want to expire PINs.  If enabled, provide a numeric value representing the number of days the PIN is valid.
+13.	Select the **PIN history** check box if you want to remember previously used PINs for the user. PIN History stores old PINs for each user. Users are not allowed to reset their PIN to any value stored in their PIN History. When cleared, no PIN History is stored. The default value is 5 and range is 1 to 10. 
+
+![Azure MFA Server Company settings configured](images/hello-mfa-company-settings.png)
+
+### Configuring Email Settings and Content
+
+If you are deploying in a lab or proof-of-concept, then you have the option of skipping this step.  In a production environment, ideally, you’ll want to setup the Azure Multifactor Authentication Server and its user portal web interface prior to sending the email.  The email gives your users time to visit the user portal and configure the multi-factor settings. 
+
+Now that you have imported or synchronized with your Azure Multi-Factor Authentication server, it is advised that you send your users an email that informs them that they have been enrolled in multi-factor authentication.
+
+With the Azure Multi-Factor Authentication Server there are various ways to configure your users for using multi-factor authentication. For instance, if you know the users’ phone numbers or were able to import the phone numbers into the Azure Multi-Factor Authentication Server from their company’s directory, the email will let users know that they have been configured to use Azure Multi-Factor Authentication, provide some instructions on using Azure Multi-Factor Authentication and inform the user of the phone number they will receive their authentications on.  
+
+The content of the email will vary depending on the method of authentication that has been set for the user (e.g. phone call, SMS, mobile app). For example, if the user is required to use a PIN when they authenticate, the email will tell them what their initial PIN has been set to. Users are usually required to change their PIN during their first authentication. 
+
+If users’ phone numbers have not been configured or imported into the Azure Multi-Factor Authentication Server, or users are pre-configured to use the mobile app for authentication, you can send them an email that lets them know that they have been configured to use Azure Multi-Factor Authentication and it will direct them to complete their account enrollment through the Azure Multi-Factor Authentication User Portal. A hyperlink will be included that the user clicks on to access the User Portal. When the user clicks on the hyperlink, their web browser will open and take them to their company’s Azure Multi-Factor Authentication User Portal.
+
+#### Settings
+
+By clicking the email icon on the left you can setup the settings for sending these emails. This is where you can enter the SMTP information of your mail server and it allows you to send a blanket wide email by adding a check to the Send mails to users check box.
+
+#### Content
+
+On the Email Content tab, you will see all of the various email templates that are available to choose from. So, depending on how you have configured your users to use multi-factor authentication, you can choose the template that best suits you.
+
+##### Edit the Content Settings
+
+The Azure MFA server does not send emails, even when configured to do so, until you configured the sender information for each email template listed in the Content tab.
+
+Sign-in the primary MFA server with MFA _administrator_ equivalent credentials.
+1. Open the **Multi-Factor Authentication Server** console.
+2. Click **Email** from the list of icons and click the **Email Content** tab.
+3. Select an email template from the list of templates.  Click **Edit**.
+4. In the **Edit Email** dialog, in the **From** text box, type the email address of the person or group that should appear to have sent the email.   
+    ![Edit email dialog within content settings](images/hello-mfa-content-edit-email.png)
+
+5. Optionally, customize other options in the email template.
+6. When finished editing the template, Click **Apply**.
+7. Click **Next** to move to the next email in the list.  Repeat steps 4 and 6 to edit the changes.
+8. Click **Close** when you are done editing the email templates.
+
+### Configuring Directory Integration Settings and Synchronization
+
+Synchronization keeps the Multi-Factor Authentication user database synchronized with the users in Active Directory or another LDAP Lightweight Directory Access Protocol directory.  The process is similar to Importing Users from Active Directory, but periodically polls for Active Directory user and security group changes to process.  It also provides for disabling or removing users removed from a container or security group and removing users deleted from Active Directory.
+
+It is important to use a different group memberships for synchronizing users from Active Directory and for enabling Windows Hello for Business.  Keeping the group memberships separated enables you to synchronize users and configure MFA options without immediately deploying Windows Hello for Business to that user.  This deployment approach provides the maximum flexibility, which gives users the ability to configure their settings before they provision Windows Hello for Business.  To start provisioning, simply add the group used for synchronization to the Windows Hello for Business Users group (or equivalent if you use custom names).
+
+#### MultiFactorAuthAdSync Service
+
+The MultiFactorAuthAdSync service is a Windows service that performs the periodic polling of Active Directory.  It is installed in a Stopped state and is started by the MultiFactorAuth service when configured to run.  If you have a multi-server Multi-Factor Authentication configuration, the MultiFactorAuthAdSync may only be run on a single server.
+
+The MultiFactorAuthAdSync service uses the DirSync LDAP server extension provided by Microsoft to efficiently poll for changes.  This DirSync control caller must have the "directory get changes" right and DS-Replication-Get-Changes extended control access right.  By default, these rights are assigned to the Administrator and LocalSystem accounts on domain controllers.  The MultiFactorAuthAdSync service is configured to run as LocalSystem by default.  Therefore, it is simplest to run the service on a domain controller.  The service can run as an account with lesser permissions if you configure it to always perform a full synchronization.  This is less efficient, but requires less account privileges.
+
+#### Settings
+
+Configuring the directory synchronization between Active Directory and the Azure MFA server is easy. 
+
+Sign in the primary MFA server with _MFA administrator_ equivalent credentials. 
+1. Open the **Multi-Factor Authentication Server** console.
+2. From the **Multi-Factor Authentication Server** window, click the **Directory Integration** icon.
+3. Click the **Synchronization** tab.
+4. Select **Use Active Directory**.
+5. Select **Include trusted domains** to have the Multi-Factor Authentication Server attempt to connect to domains trusted by the current domain, another domain in the forest, or domains involved in a forest trust.  When not importing or synchronizing users from any of the trusted domains, clear the checkbox to improve performance.
+
+#### Synchronization
+
+The MFA server uses synchronization items to synchronize users from Active Directory to the MFA server database.  Synchronization items enables you to synchronize a collection of users based security groups or Active Directory containers.
+
+You can configure synchronization items based on different criteria and filters.  For the purpose of configuring Windows Hello for Business, you need to create a synchronization item based membership of the Windows Hello for Business user group.  This ensures the same users who receive Windows Hello for Business policy settings are the same users synchronized to the MFA server (and are the same users with permission to enroll in the certificate).  This significantly simplifies deployment and troubleshooting.
+
+See [Directory integration between Azure MFA Server and Active Directory](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server-dirint) for more details.
+
+##### To add a synchronization item
+
+Sign in the primary MFA server with _MFA administrator_ equivalent credentials.
+1. Open the **Multi-Factor Authentication Server** console.
+2. From the **Multi-Factor Authentication Server** window, click the **Directory Integration** icon.
+3. Select the **Synchronization** tab.
+4. On the **Synchronization** tab, click **Add**.   
+    ![Azure MFA Server - add synchronization item screen](images/hello-mfa-sync-item.png)
+
+5. In the **Add Synchronization Item** dialog, select **Security Groups** from the **View** list.
+6. Select the group you are using for replication from the list of groups
+7. Select **Selected Security Groups – Recursive** or, select **Security Group** from the **Import** list if you do not plan to nest groups.
+8. Select **Add new users and Update existing users**.
+9. Select **Disable/Remove users no longer a member** and select **Disable** from the list.
+10.	Select the attributes appropriate for your environment for **Import phone** and **Backup**.
+11.	Select **Enabled** and select **Only New Users with Phone Number** from the list.
+12.	Select **Send email** and select **New and Updated Users**.
+
+##### Configure synchronization item defaults
+
+1. When creating a new or editing a synchronization item from the Multi-Factor Authentication Server, select the **Method Defaults** tab.
+2. Select the default second factor authentication method.  For example, if the second factor of authentication is a text message, select **Text message**. Select if the direction of text message authentication and if the authentication should use a one-time password or one-time password and PIN (Ensure users are configured to create a PIN if the default second factor of communication requires a PIN).
+
+##### Configure synchronization language defaults
+
+1. When creating a new or editing a synchronization item from the Multi-Factor Authentication Server, select the **Language Defaults** tab.
+2. Select the appropriate default language for these groups of users synchronized by these synchronization item.
+3. If creating a new synchronization item, click **Add** to save the item.  If editing an existing synchronization item, click **Apply** and then click **Close**.
+
+>[!TIP]
+>For more information on these settings and the behaviors they control, see [Directory integration between Azure MFA Server and Active Directory](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server-dirint).
+
+### Installing the MFA Web Services SDK
+
+The Web Service SDK section allows the administrator to install the Multi-Factor Authentication Web Service SDK. The Web Service SDK is an IIS (Internet Information Server) web service that provides an interface for integrating the full features of the Multi-Factor Authentication Server into most any application.  The Web Service SDK uses the Multi-Factor Authentication Server as the data store.
+
+Remember the Web Services SDK is only need on the primary Multi-Factor to easily enable other servers access to the configuration information.  The prerequisites section guided you through installing and configuring the items needed for the Web Services SDK, however the installer will validate the prerequisites and make suggest any corrective action needed.
+
+Please follow the instructions under [Install the web service SDK](https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server-webservice#install-the-web-service-sdk) to intall the MFA Web Services SDK.
+
+## Install Secondary MFA Servers
+
+Additional MFA servers provided redundancy of the MFA configuration. The MFA server models uses one primary MFA server with multiple secondary servers.  Servers within the same group establish communication with the primary server for that group. The primary server replicates to each of the secondary servers. You can use groups to partition the data stored on different servers, for example you can create a group for each domain, forest, or organizational unit.
+
+Follow the same procedures for installing the primary MFA server software for each additional server. Remember that each server must be activated.
+
+Sign in the secondary MFA server with _domain administrator_ equivalent credentials.
+1.	Once the Multi-Factor Authentication Server console starts, you must configure the current server’s replication group membership.  You have the option to join an existing group or create a new group.  When joining an existing group, the server becomes a secondary server in the existing replication group.  When creating a new group, the server becomes the primary server of that replication group.  Click **OK**.   
+    **Note:** Group membership cannot be changed after activation. If a server was joined to the wrong group, it must be activated again to join a different group.  Please contact support for assistance with deactivating and reactivating a server.
+2.	The console asks you if you want to enable replication by running the **Multi-Server Configuration Wizard**. Click **Yes**.
+3.	In the **Multi-Server Configuration Wizard**, leave **Active Directory** selected and clear **Certificates**. Click **Next**.
+4.	On the **Active Directory** page, the wizard determines what configuration is needed to enable replication.  Typically, the wizard recommends adding the computer account for the current server to the **PhoneFactor Admin** group.  Click **Next** to add the computer account to the group.
+5.	On the **Multi-Server Configuration Complete** page, click **Finish** to reboot the computer to update its group membership.
+
+### Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+* Confirm you downloaded the latest Azure MFA Server from the Azure Portal.
+* Confirm the server has Internet connectivity.
+* Confirm you installed and activated the Azure MFA Server.
+* Confirm your Azure MFA Server configuration meets your organization’s needs (Company Settings, Email Settings, etc).
+* Confirm you created Directory Synchronization items based on your deployment to synchronize users from Active Directory to the Azure MFA server.     
+    * For example, you have security groups representing each collection of users that represent a phase of your deployment and a corresponding synchronization item for each of those groups.
+
+* Confirm the Azure MFA server properly communicates with the Azure MFA cloud service by testing multifactor authentication with a newly synchronized user account.
+* Confirm you installed the Web Service SDK on the primary MFA server.
+* Confirm your MFA servers have adequate redundancy, should you need to promote a secondary server to the primary server. 
+
+
+## Installing the User Portal Server
+
+You previously configured the User Portal settings on the primary MFA server.  The User Portal web application communicates to the primary MFA server using the Web Services SDK to retrieve these settings.  This configuration is ideal to ensure you can scale up the User Portal application to meet the needs of your internal users.  
+
+### Copying the User Portal Installation file
+
+Sign in the primary MFA server with _local administrator_ equivalent credentials.
+1. Open Windows Explorer.
+2. Browse to the C:\Progam Files\MultiFactor Authentication Server folder.
+3. Copy the **MultiFactorAuthenticationUserPortalSetup64.msi** file to a folder on the User Portal server.
+
+### Configure Virtual Directory name
+
+Sign in the User Portal server with _local administrator_ equivalent credentials.
+1. Open Windows Explorer and browse to the folder to which you saved the installation file from the previous step.
+2. Run the **MultiFactorAuthenticationUserPortalSetup64.msi**. The installation package asks if you want to download **Visual Studio C++ Redistributable for Visual Studio 2015**.  Click **Yes**. When prompted, select **Save As**. The downloaded file is missing its file extension.  **Save the file with a .exe extension and install the runtime**.
+3. Run the installation package again. The installer package asks about the C++ runtime again; however, this is for the X64 version (the previous prompt was for x86). Click **Yes** to download the installation package and select **Save As** so you can save the downloaded file with a .exe extension. **Install** the run time.
+4. Run the User Portal installation package. On the **Select Installation Address** page, use the default settings for **Site** and **Application Pool** settings. You can modify the Virtual directory to use a name that is more fitting for the environment, such as **mfa** (This virtual directory must match the virtual directory specified in the User Portal settings). Click **Next**.
+5. Click **Close**.
+
+### Edit MFA User Portal config file
+
+Sign in the User Portal server with _local administrator_ equivalent credentials.
+1.	Open Windows Explorer and browse to C:\inetpub\wwwroot\MultiFactorAuth (or appropriate directory based on the virtual directory name) and edit the **web.config** file.
+2.	Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
+3.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
+4.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
+5.	Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from **“http://localhost:4898/PfWsSdk.asmx”** to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. https://computer1.domain.local/MultiFactorAuthWebServiceSdk/PfWsSdk.asmx). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **web.config** file after changes have been made.
+
+### Create a DNS entry for the User Portal web site
+
+Sign-in the domain controller or administrative workstation with _Domain Admin_ equivalent credentials.
+1.	Open the **DNS Management** console.
+2.	In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**.
+3.	In the navigation pane, select the node that has the name of your internal Active Directory domain name.
+4.	In the navigation pane, right-click the domain name node and click **New Host (A or AAAA)**.
+5.	In the **name** box, type the host name of the User Portal, such as *mfaweb* (this name must match the name of the certificate used to secure communication to the User Portal). In the IP address box, type the load balanced **IP address** of the User Portal. Click **Add Host**. 
+6.	Close the **DNS Management** console.
+
+### Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+* Confirm the user portal application is properly installed on all user portal hosts
+* Confirm the USE_WEB_SERVICE_SDK named value has a value equal to true.
+* Confirm the WEB_SERVICE_SDK_AUTHENTICATION_USERNAME named value has the username of the web service SDK domain account previously created and that the user name is represented as DOMAIN\USERNAME
+* Confirm the WEB_SERVICES_SDK_AUTHENTICATION_PASSWORD named value has the correct password for the web service SDK domain account.
+* Confirm the pfup_pfwssdk_PfWsSdk named value has value that matches the URL of for the SDK service installed on the primary MFA server.
+* Confirm you saved the changes to the web.config file.
+
+### Validating your work
+
+Windows Hello for Business is a distributed system, which on the surface appears complex and difficult.  The key to a successful Windows Hello for Business deployment is to validate phases of work prior to moving to the next phase.
+
+Using a web browser, navigate to the URL provided in the *pf_up_pfwssdk_PfWsSdk* named value in the web.config file of any one of the user portal servers.  The URL should be protected by a server authentication certificate and should prompt you for authentication.  Authenticate to the web site using the username and password provided in the web.config file.  Successful authentication and page view confirms the Web SDK configured on the primary MFA server is correctly configured and ready to work with the user portal.
+
+### Configuring the User Portal
+
+The User Portal section allows the administrator to install and configure the Multi-Factor Authentication User Portal. The User Portal is an IIS Internet Information Server web site that allows users to enroll in Multi-Factor Authentication and maintain their accounts.  A user may change their phone number, change their PIN, or bypass Multi-Factor Authentication during their next sign on.  Users will log in to the User Portal using their normal username and password and will either complete a Multi-Factor Authentication call or answer security questions to complete their authentication.  If user enrollment is allowed, a user will configure their phone number and PIN the first time they log in to the User Portal.
+User Portal Administrators may be set up and granted permission to add new users and update existing users.
+
+#### Settings
+
+Sign in the primary MFA server with _MFA administrator_ equivalent credentials.
+1. Open the Multi-Factor Authentication Server console.
+2. From the Multi-Factor Authentication Server window, click the User Portal icon.   
+    ![Azure MFA Server - User Portal settings](images/hello-mfa-user-portal-settings.png)
+
+3. On the Settings tab, type the URL your users use to access the User Portal.  The URL should begin with https, such as `https://mfaportal.corp.contoso.com/mfa`. 
+The Multi-Factor Authentication Server uses this information when sending emails to users.
+4. Select Allow users to log in and Allow user enrollment check boxes.
+5. Select Allow users to select method.  Select Phone call and select Text message (you can select Mobile app later once you have deployed the Mobile app web service).  Select Automatically trigger user’s default method.
+6. Select Allow users to select language.
+7. Select Use security questions for fallback and select 4 from the Questions to answer list.
+
+>[!TIP]
+>For more information on these settings and the behaviors they control, see [Deploy the user portal for the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-portal).
+
+#### Administrators
+
+The User Portal Settings tab allows the administrator to install and configure the User Portal.
+1. Open the Multi-Factor Authentication Server console.
+2. From the Multi-Factor Authentication Server window, click the User Portal icon.
+3. On the Administrators tab, Click Add
+4. In the Add Administrator dialog, Click Select User… to pick a user to install and manage the User Portal.  Use the default permissions. 
+5. Click Add.
+
+>[!TIP]
+>For more information on these settings and the behaviors they control, read the **Multi-Factor Authentication Server Help content**.
+
+#### Security Questions
+
+[Security questions](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-portal#security-questions) for the User Portal may be customized to meet your requirements.  The questions defined here will be offered as options for each of the four security questions a user is prompted to configure during their first log on to User Portal.  The order of the questions is important since the first four items in the list will be used as defaults for the four security questions.
+
+#### Trusted IPs
+
+The [Trusted IPs](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-portal#trusted-ips) tab allows you to skip Multi-Factor Authentication for User Portal log ins originating from specific IPs. For example, if users use the User Portal from the office and from home, you may decide you don't want their phones ringing for Multi-Factor Authentication while at the office. For this, you would specify the office subnet as a trusted IP entry.
+
+## Configure the AD FS Server to use the MFA for multifactor authentication
+
+You need to configure the AD FS server to use the MFA server.  You do this by Installing the MFA Adapter on the primary AD FS Server.
+
+### Install the MFA AD FS Adapter
+
+Follow [Install a standalone instance of the AD FS adapter by using the Web Service SDK](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-adfs-w2k12#install-a-standalone-instance-of-the-ad-fs-adapter-by-using-the-web-service-sdk). You should follow this instructions on all AD FS servers. You can find the files needed on the MFA server.
+
+### Edit the MFA AD FS Adapter config file on all ADFS Servers
+
+Sign in the primary AD FS server with _local administrator_ equivalent credentials.
+1.	Open Windows Explorer and browse to **C:\inetpub\wwwroot\MultiFactorAuth** (or appropriate directory based on the virtual directory name) and edit the **MultiFactorAuthenticationAdfsAdapter.config** file.
+2.	Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
+3.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
+4.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
+5.	Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from “http://localhost:4898/PfWsSdk.asmx” to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. https://computer1.domain.local/MultiFactorAuthWebServiceSdk/PfWsSdk.asmx). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **MultiFactorAuthenticationAdfsAdapter.config** file after changes have been made.
+
+### Edit the AD FS Adapter Windows PowerShell cmdlet
+
+Sign in the primary AD FS server with _local administrator_ equivalent credentials.
+
+Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath <path>` to the end of the `Register-AdfsAuthenticationProvider` command where **<path>** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file.
+
+### Run the AD FS Adapter PowerShell cmdlet
+
+Sign in the primary AD FS server with local administrator equivalent credentials.
+
+Run **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script in PowerShell to register the adapter.  The adapter is registered as **WindowsAzureMultiFactorAuthentication**.  
+
+>[!NOTE]
+>You must restart the AD FS service for the registration to take effect.
+
+### Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+* Confirm the user portal application is properly installed on all user portal hosts
+* Confirm the USE_WEB_SERVICE_SDK named value has a value equal to true.
+* Confirm the WEB_SERVICE_SDK_AUTHENTICATION_USERNAME named value has the username of the web service SDK domain account previously created and that the user name is represented as DOMAIN\USERNAME
+* Confirm the WEB_SERVICES_SDK_AUTHENTICATION_PASSWORD named value has the correct password for the web service SDK domain account.
+* Confirm the pfup_pfwssdk_PfWsSdk named value has value that matches the URL of for the SDK service installed on the primary MFA server.
+* Confirm you saved the changes to the web.config file.
+* Confirm you restarted the AD FS Service after completing the configuration.
+
+## Test AD FS with the Multifactor Authentication connector
+
+Now, you should test your Azure Multi-Factor Authentication server configuration before proceeding any further in the deployment.  The AD FS and Azure Multi-Factor Authentication server configurations are complete.
+
+1.	In the **Multi-Factor Authentication** server, on the left, click **Users**.
+2.	In the list of users, select a user that is enabled and has a valid phone number to which you have access.
+3.	Click **Test**.
+4.	In the **Test User** dialog, provide the user’s password to authenticate the user to Active Directory.
+
+The Multi-Factor Authentication server communicates with the Azure MFA cloud service to perform a second factor authentication for the user.  The Azure MFA cloud service contacts the phone number provided and asks for the user to perform the second factor authentication configured for the user.  Successfully providing the second factor should result in the Multi-factor authentication server showing a success dialog. 
+
+
+## Follow the Windows Hello for Business on premises certificate trust deployment guide
+1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
+2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
+3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
+4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
+5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/access-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/access-protection/hello-for-business/hello-cert-trust-policy-settings.md
new file mode 100644
index 0000000000..9f6d582108
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -0,0 +1,155 @@
+---
+title: Configure Windows Hello for Business Policy settings (Windows Hello for Business)
+description: Configure Windows Hello for Business Policy settings for Windows Hello for Business
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+ms.author: daniha
+ms.date: 07/07/2017
+---
+# Configure Windows Hello for Business Policy settings
+
+**Applies to**
+-   Windows 10
+
+> This guide only applies to Windows 10, version 1703 or higher.
+
+You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520).
+Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703.
+
+Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
+
+On-premises certificate-based deployments of Windows Hello for Business needs three Group Policy settings:
+* Enable Windows Hello for Business
+* Use certificate for on-premises authentication
+* Enable automatic enrollment of certificates
+
+## Enable Windows Hello for Business Group Policy
+
+The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business.  A user will only attempt enrollment if this policy setting is configured to enabled.  
+
+You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment.  Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence.
+
+## Use certificate for on-premises authentication
+
+The Use certificate for on-premises authentication Group Policy setting determines if the on-premises deployment uses the key-trust or certificate trust on-premises authentication model.  You must configure this Group Policy setting to configure Windows to enroll for a Windows Hello for Business authentication certificate. If you do not configure this policy setting, Windows considers the deployment to use key-trust on-premises authentication, which requires a sufficient number of Windows Server 2016 domain controllers to handle the Windows Hello for Business key-trust authentication requests.
+
+You can configure this Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users requesting a Windows Hello for Business authentication certificate.  Deploying this policy setting to a user results in only that user requesting a Windows Hello for Business authentication certificate. Additionally, you can deploy the policy setting to a group of users so only those users request a Windows Hello for Business authentication certificate. If both user and computer policy settings are deployed, the user policy setting has precedence.
+
+## Enable automatic enrollment of certificates
+
+Windows Hello for Business provisioning performs the initial enrollment of the Windows Hello for Business authentication certificate. This certificate expires based on the duration configured in the Windows Hello for Business authentication certificate template. The Windows 10, version 1703 certificate auto enrollment was updated to renew these certificates before they expire, which significantly reduces user authentication failures from expired user certificates. 
+
+The process requires no user interaction provided the user signs-in using Windows Hello for Business.  The certificate is renewed in the background before it expires.
+
+## Create the Windows Hello for Business Group Policy object
+
+The Group Policy object contains the policy settings needed to trigger Windows Hello for Business provisioning and to ensure Windows Hello for Business authentication certificates are automatically renewed.
+1. Start the **Group Policy Management Console** (gpmc.msc)
+2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+3. Right-click **Group Policy object** and select **New**.
+4. Type *Enable Windows Hello for Business* in the name box and click **OK**.
+5. In the content pane, right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
+6. In the navigation pane, expand **Policies** under **User Configuration**.
+7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.
+8. In the content pane, double-click **Use Windows Hello for Business**. Click **Enable** and click **OK**.
+9. Double-click **Use certificate for on-premises authentication**. Click **Enable** and click **OK**.  Close the **Group Policy Management Editor**.
+
+## Configure Automatic Certificate Enrollment
+
+1. Start the **Group Policy Management Console** (gpmc.msc).
+2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+3. Right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
+4. In the navigation pane, expand **Policies** under **User Configuration**.
+5. Expand **Windows Settings > Security Settings**, and click **Public Key Policies**.
+6. In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**.
+7. Select **Enabled** from the **Configuration Model** list.
+8. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box.
+9. Select the **Update certificates that use certificate templates** check box.
+10.	Click **OK**. Close the **Group Policy Management Editor**.
+
+## Configure Security in the Windows Hello for Business Group Policy object
+
+The best way to deploy the Windows Hello for Business Group Policy object is to use security group filtering. The enables you to easily manage the users that should receive Windows Hello for Business by simply adding them to a group. This enables you to deploy Windows Hello for Business in phases.
+1. Start the **Group Policy Management Console** (gpmc.msc)
+2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+3. Double-click the **Enable Windows Hello for Business** Group Policy object.
+4. In the **Security Filtering** section of the content pane, click **Add**.  Type *Windows Hello for Business Users* or the name of the security group you previously created and click **OK**.
+5. Click the **Delegation** tab. Select **Authenticated Users** and click **Advanced**.
+6. In the **Group or User names** list, select **Authenticated Users**.  In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Click **OK**.
+
+## Deploy the Windows Hello for Business Group Policy object
+
+The application of the Windows Hello for Business Group Policy object uses security group filtering.  This enables you to link the Group Policy object at the domain, ensuring the Group Policy object is within scope to all users. However, the security group filtering ensures only the users included in the *Windows Hello for Business Users* global group receive and apply the Group Policy object, which results in the provisioning of Windows Hello for Business.
+1. Start the **Group Policy Management Console** (gpmc.msc)
+2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO…**
+3. In the **Select GPO** dialog box, select **Enable Windows Hello for Business** or the name of the Windows Hello for Business Group Policy object you previously created and click **OK**.
+
+Just to reassure, linking the **Windows Hello for Business** Group Policy object to the domain ensures the Group Policy object is in scope for all domain users. However, not all users will have the policy settings applied to them. Only users who are members of the Windows Hello for Business group receive the policy settings. All others users ignore the Group Policy object. 
+
+## Other Related Group Policy settings
+
+### Windows Hello for Business
+
+There are other Windows Hello for Business policy settings you can configure to manage your Windows Hello for Business deployment.  These policy settings are computer-based policy setting; so they are applicable to any user that sign-in from a computer with these policy settings. 
+
+### Use a hardware security device
+
+The default configuration for Windows Hello for Business is to prefer hardware protected credentials; however, not all computers are able to create hardware protected credentials.  When Windows Hello for Business enrollment encounters a computer that cannot create a hardware protected credential, it will create a software-based credential.
+
+You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials.  Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business.
+
+Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiven during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
+
+### Use biometrics
+
+Windows Hello for Business provides a great user experience when combined with the use of biometrics.  Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security.  
+
+The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers.  The policy setting disabled all biometrics. Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint.
+
+### PIN Complexity
+
+PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
+
+Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
+* Require digits
+* Require lowercase letters
+* Maximum PIN length
+* Minimum PIN length
+* Expiration
+* History
+* Require special characters
+* Require uppercase letters
+
+In the Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under Administrative Templates\System\PIN Complexity under both the Computer and User Configuration nodes of the Group Policy editor.
+
+## Review
+
+Before you continue with the deployment, validate your deployment progress by reviewing the following items:
+* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
+* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
+* Confirm you configure the Use Certificate enrollment for on-prem authentication policy setting.
+* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
+* Confirm you configured the proper security settings for the Group Policy object   
+    * Removed the allow permission for Apply Group Policy for Domain Users (Domain Users must always have the read permissions)
+    * Add the Windows Hello for Business Users group to the Group Policy object and gave the group the allow permission for Apply Group Policy
+
+* Linked the Group Policy object to the correct locations within Active Directory
+* Deploy any additional Windows Hello for Business Group Policy setting is a policy separate from the one that enables it for users
+
+
+## Add users to the Windows Hello for Business Users group
+
+Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the WHFB Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the Windows Hello for Business Users group.   Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business.
+
+
+## Follow the Windows Hello for Business on premises certificate trust deployment guide
+1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
+2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
+3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
+4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
+5. Configure Windows Hello for Business Policy settings (*You are here*)
\ No newline at end of file
diff --git a/windows/access-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/access-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
new file mode 100644
index 0000000000..6be146c5fd
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -0,0 +1,79 @@
+---
+title: Validate Active Directory prerequisites (Windows Hello for Business)
+description: How to Validate Active Directory prerequisites for Windows Hello for Business
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+ms.author: daniha
+ms.date: 07/07/2017
+---
+# Validate Active Directory prerequisites
+
+**Applies to**
+-   Windows 10
+
+> This guide only applies to Windows 10, version 1703 or higher.
+
+The key registration process for the On-prem deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema.  The key-trust model receives the schema extension when the first Windows Server 2016 domain controller is added to the forest.  The certificate trust model requires manually updating the current schema to the Windows Server 2016 schema. If you already have a Windows Server 2016 domain controller in your forest, you can skip the next step.
+
+Manually updating Active Directory uses the command-line utility **adprep.exe** located at **\<drive>:\support\adprep** on the Windows Server 2016 DVD or ISO.  Before running adprep.exe, you must identify the domain controller hosting the schema master role.
+
+## Discovering schema role
+
+To locate the schema master role holder, open and command prompt and type:
+
+```Netdom query fsmo | findstr -i “schema”```
+
+![Netdom example output](images\hello-cmd-netdom.png)
+
+The command should return the name of the domain controller where you need to adprep.exe.  Update the schema locally on the domain controller hosting the Schema master role.
+
+## Updating the Schema
+
+Windows Hello for Business uses asymmetric keys as user credentials (rather than passwords).  During enrollment, the public key is registered in an attribute on the user object in Active Directory.  The schema update adds this new attribute to Active Directory.  
+
+Sign-in to the domain controller hosting the schema master operational role using Enterprise Admin equivalent credentials.
+
+1.	Open an elevated command prompt.
+2.	Type ```cd /d x:\support\adprep``` where *x* is the drive letter of the DVD or mounted ISO.
+3.	To update the schema, type ```adprep /forestprep```.
+4.	Read the Adprep Warning.  Type the letter **C** and press **Enter** to update the schema.
+5.	Close the Command Prompt and sign-out.
+
+## Create the KeyCredential Admins Security Global Group
+
+The Windows Server 2016 Active Directory Federation Services (AD FS) role registers the public key on the user object during provisioning.  You assign write and read permission to this group to the Active Directory attribute to ensure the AD FS service can add and remove keys are part of its normal workflow.
+
+Sign-in a domain controller or management workstation with Domain Admin equivalent credentials.
+
+1.	Open **Active Directory Users and Computers**.
+2.	Click **View** and click **Advance Features**.
+3.	Expand the domain node from the navigation pane.
+4.	Right-click the **Users** container. Click **New**. Click **Group**.
+5.	Type **KeyCredential Admins** in the **Group Name** text box.
+6.	Click **OK**.
+
+## Create the Windows Hello for Business Users Security Global Group
+
+The Windows Hello for Business Users group is used to make it easy to deploy Windows Hello for Business in phases.  You assign Group Policy and Certificate template permissions to this group to simplify the deployment by simply adding the users to the group.  This provides them the proper permissions to provision Windows Hello for Business and to enroll in the Windows Hello for Business authentication certificate.
+
+Sign-in a domain controller or management workstation with Domain Admin equivalent credentials.
+
+1.	Open **Active Directory Users and Computers**.
+2.	Click **View** and click **Advanced Features**.
+3.	Expand the domain node from the navigation pane.
+4.	Right-click the **Users** container. Click **New**. Click **Group**.
+5.	Type **Windows Hello for Business Users** in the **Group Name** text box.
+6.	Click **OK**.
+
+
+## Follow the Windows Hello for Business on premises certificate trust deployment guide
+1. Validate Active Directory prerequisites (*You are here*)
+2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
+3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
+4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
+5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/access-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/access-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
new file mode 100644
index 0000000000..cfee0ee064
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -0,0 +1,49 @@
+---
+title: Validate and Deploy Multifactor Authentication Services (MFA) (Windows Hello for Business)
+description: How to Validate and Deploy Multifactor Authentication Services for Windows Hello for Business
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+ms.author: daniha
+ms.date: 07/07/2017
+---
+# Validate and Deploy Multifactor Authentication Services (MFA)
+
+**Applies to**
+-   Windows 10
+
+> This guide only applies to Windows 10, version 1703 or higher.
+
+Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential.  Windows Hello for Business deployments use Azure Multi-Factor Authentication (Azure MFA) services for the secondary authentication.  On-Premises deployments use Azure MFA server, an on-premises implementation that do not require synchronizing Active Directory credentials to Azure Active Directory.
+
+Azure Multi-Factor Authentication is an easy to use, scalable, and reliable solution that provides a second method of authentication so your users are always protected.
+* **Easy to Use** - Azure Multi-Factor Authentication is simple to set up and use. The extra protection that comes with Azure Multi-Factor Authentication allows users to manage their own devices. Best of all, in many instances it can be set up with just a few simple clicks.
+* **Scalable** - Azure Multi-Factor Authentication uses the power of the cloud and integrates with your on-premises AD and custom apps. This protection is even extended to your high-volume, mission-critical scenarios.
+* **Always Protected** - Azure Multi-Factor Authentication provides strong authentication using the highest industry standards.
+* **Reliable** - We guarantee 99.9% availability of Azure Multi-Factor Authentication. The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.
+
+## On-Premises Azure MFA Server
+
+On-premises deployments, both key and certificate trust, use the Azure MFA server where the credentials are not synchronized to Azure Active Directory.
+
+### Infrastructure
+
+A lab or proof-of-concept environment does not need high-availability or scalability.  However, a production environment needs both of these.  Ensure your environment considers and incorporates these factors, as necessary. All production environments should have a minimum of two MFA servers—one primary and one secondary server. The environment should have a minimum of two User Portal Servers that are load balanced using hardware or Windows Network Load Balancing.
+
+Please follow [Download the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#download-the-azure-multi-factor-authentication-server) to download Azure MFA server. 
+
+>[!IMPORTANT]
+>Make sure to validate the requirements for Azure MFA server, as outlined in [Install and Configure the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#install-and-configure-the-azure-multi-factor-authentication-server) before proceeding. Do not use instllation instructions provided in the article.
+
+Once you have validated all the requirements, please proceed to [Configure or Deploy Multifactor Authentication Services](hello-cert-trust-deploy-mfa.md).
+
+## Follow the Windows Hello for Business on premises certificate trust deployment guide
+1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
+2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
+3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
+4. Validate and Deploy Multifactor Authentication Services (MFA) (*You are here*)
+5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/access-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/access-protection/hello-for-business/hello-cert-trust-validate-pki.md
new file mode 100644
index 0000000000..ea92c7c3bd
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -0,0 +1,197 @@
+---
+title: Validate Public Key Infrastructure (Windows Hello for Business)
+description: How to Validate Public Key Infrastructure for Windows Hello for Business
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+ms.author: daniha
+ms.date: 07/07/2017
+---
+# Validate and Configure Public Key Infrastructure
+
+**Applies to**
+-   Windows 10
+
+> This guide only applies to Windows 10, version 1703 or higher.
+
+Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model.  All trust models depend on the domain controllers having a certificate.  The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.  The certificate trust model extends certificate issuance to client computers.  During Windows Hello for Business provisioning, the user receives a sign-in certificate.
+
+## Deploy an enterprise certificate authority
+
+This guide assumes most enterprise have an existing public key infrastructure.  Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later.
+
+### Lab-based public key infrastructure
+
+The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment.
+
+Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed.
+
+>[!NOTE]
+>Never install a certificate authority on a domain controller in a production environment.
+
+1. Open an elevated Windows PowerShell prompt.
+2. Use the following command to install the Active Directory Certificate Services role.   
+    ```PowerShell
+    Add-WindowsFeature Adcs-Cert-Authority -IncludeManageTools
+    ```
+
+3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration.   
+    ```PowerShell
+    Install-AdcsCertificateAuthority
+    ```   
+    
+## Configure a Production Public Key Infrastructure
+
+If you do have an existing public key infrastructure, please review [Certification Authority Guidance](https://technet.microsoft.com/library/hh831574.aspx) from Microsoft TechNet to properly design your infrastructure.   Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348.aspx) for instructions on how to configure your public key infrastructure using the information from your design session.
+
+### Configure Domain Controller Certificates
+
+Clients need to trust domain controllers and the best way to do this is to ensure each domain controller has a Kerberos Authentication certificate.  Installing a certificate on the domain controller enables the Key Distribution Center (KDC) to prove its identity to other members of the domain.  This provides clients a root of trust external to the domain—namely the enterprise certificate authority.
+
+Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory.  However, certificates based on the Domain Controller and Domain Controller Authentication certificate templates do not include the KDC Authentication object identifier (OID), which was later added to the Kerberos RFC.  Therefore, domain controllers need to request a certificate based on the Kerberos Authentication certificate template.
+
+By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template.  However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs.  To ensure domain controllers request the proper certificate with the best available cryptography, use the Kerberos Authentication certificate template a baseline to create an updated domain controller certificate template.
+
+Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
+1.	Open the **Certificate Authority** management console.
+2.	Right-click **Certificate Templates** and click **Manage**.
+3.	In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
+4.	On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+5.	On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise’s needs.   
+    **Note**If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
+6.	On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected.  Select **None** from the **Subject name format** list.  Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.
+7.	On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
+8.	Close the console.
+
+### Superseding the existing Domain Controller certificate
+
+Many domain controllers may have an existing domain controller certificate.  The Active Directory Certificate Services provides a default certificate template from domain controllers—the domain controller certificate template.  Later releases provided a new certificate template—the domain controller authentication certificate template.  These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the KDC Authentication extension.  
+
+The Kerberos Authentication certificate template is the most current certificate template designated for domain controllers and should be the one you deploy to all your domain controllers (2008 or later).   The autoenrollment feature in Windows enables you to effortlessly replace these domain controller certificates.  You can use the following configuration to replace older domain controller certificates with a new certificate using the Kerberos Authentication certificate template. 
+
+Sign-in a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
+1.	Open the **Certificate Authority** management console.
+2.	Right-click **Certificate Templates** and click **Manage**.
+3.	In the **Certificate Template Console**, right-click the **Domain Controller Authentication (Kerberos)** (or the name of the certificate template you created in the previous section) template in the details pane and click **Properties**.
+4.	Click the **Superseded Templates** tab. Click **Add**.
+5.	From the **Add Superseded Template** dialog, select the **Domain Controller** certificate template and click **OK**.  Click **Add**.
+6.	From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **OK**.
+7.	From the **Add Superseded Template dialog**, select the **Kerberos Authentication** certificate template and click **OK**. 
+8.	Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab.
+9.	Click **OK** and close the **Certificate Templates** console.
+
+The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list.  However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
+
+### Configure an Internal Web Server Certificate template
+
+Windows 10 clients use the https protocol when communicating with Active Directory Federation Services.  To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm.  On-premises deployments can use a server authentication certificate issued by their enterprise PKI.  You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. 
+
+Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
+1.	Open the **Certificate Authority** management console.
+2.	Right-click **Certificate Templates** and click **Manage**.
+3.	In the **Certificate Template Console**, right-click the **Web Server** template in the details pane and click **Duplicate Template**.
+4.	On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+5.	On the **General** tab, type **Internal Web Server** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.   
+    **Note:** If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
+6.	On the **Request Handling** tab, select **Allow private key to be exported**.
+7.	On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
+8.	On the **Security** tab, Click **Add**. Type **Domain Computers** in the **Enter the object names to select** box.  Click **OK**. Select the **Allow** check box next to the **Enroll** permission.
+9.	On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
+10.	Close the console.
+
+### Unpublish Superseded Certificate Templates
+
+The certificate authority only issues certificates based on published certificate templates.  For defense in depth security, it is a good practice to unpublish certificate templates that the certificate authority is not configured to issue.  This includes the pre-published certificate template from the role installation and any superseded certificate templates.
+
+The newly created domain controller authentication certificate template supersedes previous domain controller certificate templates.  Therefore, you need to unpublish these certificate templates from all issuing certificate authorities.
+
+Sign-in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials.
+1.	Open the **Certificate Authority** management console.
+2.	Expand the parent node from the navigation pane.
+3.	Click **Certificate Templates** in the navigation pane.
+4.	Right-click the **Domain Controller** certificate template in the content pane and select **Delete**.  Click **Yes** on the **Disable certificate templates** window.
+5.	Repeat step 4 for the **Domain Controller Authentication** and **Kerberos Authentication** certificate templates.
+
+### Publish Certificate Templates to the Certificate Authority
+
+The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
+
+Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
+1.	Open the **Certificate Authority** management console.
+2.	Expand the parent node from the navigation pane.
+3.	Click **Certificate Templates** in the navigation pane.
+4.	Right-click the **Certificate Templates** node.  Click **New**, and click **Certificate Template** to issue.
+5.	In the **Enable Certificates Templates** window, select the **Domain Controller Authentication (Kerberos)**, and **Internal Web Server** templates you created in the previous steps.  Click **OK** to publish the selected certificate templates to the certificate authority.
+6.	If you published the Domain Controller Authentication (Kerberos) certificate template, then you should unpublish the certificate templates you included in the superseded templates list.   
+    * To unpublish a certificate template, right-click the certificate template you want to unpublish in the details pane of the Certificate Authority console and select **Delete**. Click **Yes** to confirm the operation.   
+
+7.	Close the console.
+
+### Configure Domain Controllers for Automatic Certificate Enrollment
+
+Domain controllers automatically request a certificate from the domain controller certificate template.  However, the domain controller is unaware of newer certificate templates or superseded configurations on certificate templates.  To continue automatic enrollment and renewal of domain controller certificates that understand newer certificate template and superseded certificate template configurations, create and configure a Group Policy object for automatic certificate enrollment and link the Group Policy object to the Domain Controllers OU.
+
+1.	Start the **Group Policy Management Console** (gpmc.msc)
+2.	Expand the domain and select the **Group Policy Object** node in the navigation pane.
+3.	Right-click **Group Policy object** and select **New**
+4.	Type *Domain Controller Auto Certificate Enrollment* in the name box and click **OK**.
+5.	Right-click the **Domain Controller Auto Certificate Enrollment** Group Policy object and click **Edit**.
+6.	In the navigation pane, expand **Policies** under **Computer Configuration**.
+7.	Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**.
+8.	In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**.
+9.	Select **Enabled** from the **Configuration Model** list.
+10.	Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box.
+11.	Select the **Update certificates that use certificate templates** check box.
+12.	Click **OK**. Close the **Group Policy Management Editor**.
+
+### Deploy the Domain Controller Auto Certificate Enrollment Group Policy Object
+
+Sign-in a domain controller or management workstations with _Domain Admin_ equivalent credentials.
+1.	Start the **Group Policy Management Console** (gpmc.msc)
+2.	In the navigation pane, expand the domain and expand the node that has your Active Directory domain name.  Right-click the **Domain Controllers** organizational unit and click **Link an existing GPO…**
+3.	In the **Select GPO** dialog box, select **Domain Controller Auto Certificate Enrollment** or the name of the domain controller certificate enrollment Group Policy object you previously created and click **OK**.
+
+### Validating your work
+
+Windows Hello for Business is a distributed system, which on the surface appears complex and difficult.  The key to a successful Windows Hello for Business deployment is to validate phases of work prior to moving to the next phase.
+
+You want to confirm your domain controllers enroll the correct certificates and not any unnecessary (superseded) certificate templates.  You need to check each domain controller that autoenrollment for the computer occurred.
+
+#### Use the Event Logs
+
+Windows Server 2012 and later include Certificate Lifecycle events to determine the lifecycles of certificates for both users and computers.  Using the Event Viewer, navigate to the CertificateServices-Lifecycles-System event log under Application and Services/Microsoft/Windows.
+
+Look for an event indicating a new certificate enrollment (autoenrollment).  The details of the event include the certificate template on which the certificate was issued.  The name of the certificate template used to issue the certificate should match the certificate template name included in the event.  The certificate thumbprint and EKUs for the certificate are also included in the event.  The EKU needed for proper Windows Hello for Business authentication is Kerberos Authentication, in addition to other EKUs provide by the certificate template. 
+
+Certificates superseded by your new domain controller certificate generate an archive event in the CertificateServices-Lifecycles-System event.  The archive event contains the certificate template name and thumbprint of the certificate that was superseded by the new certificate.
+
+
+#### Certificate Manager
+
+You can use the Certificate Manager console to validate the domain controller has the properly enrolled certificate based on the correct certificate template with the proper EKUs.  Use **certlm.msc** to view certificate in the local computers certificate stores.  Expand the **Personal** store and view the certificates enrolled for the computer.  Archived certificates do not appear in Certificate Manager.
+
+#### Certutil.exe
+
+You can use **certutil.exe** to view enrolled certificates in the local computer. Certutil shows enrolled and archived certificates for the local computer.  From an elevated command prompt, run `certutil -q -store my` to view locally enrolled certificates.
+
+To view detailed information about each certificate in the store, use `certutil -q -v -store my` to validate automatic certificate enrollment enrolled the proper certificates. 
+
+#### Troubleshooting
+
+Windows triggers automatic certificate enrollment for the computer during boot, and when Group Policy updates.  You can refresh Group Policy from an elevated command prompt using `gpupdate /force`.
+
+Alternatively, you can forcefully trigger automatic certificate enrollment using `certreq -autoenroll -q` from an elevated command prompt.
+
+Use the event logs to monitor certificate enrollment and archive.  Review the configuration, such as publishing certificate templates to issuing certificate authority and the allow auto enrollment permissions.
+
+
+## Follow the Windows Hello for Business on premises certificate trust deployment guide
+1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
+2. Validate and Configure Public Key Infrastructure (*You are here*)
+3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
+4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
+5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/access-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/access-protection/hello-for-business/hello-deployment-cert-trust.md
new file mode 100644
index 0000000000..3c35dfff7f
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -0,0 +1,40 @@
+---
+title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment
+description: A guide to an On Premises, Certificate trust Windows Hello for Business deployment 
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+ms.author: daniha
+ms.date: 07/07/2017
+---
+# On Premises Certificate Trust Deployment
+
+**Applies to**
+-   Windows 10
+
+> This guide only applies to Windows 10, version 1703 or higher.
+
+Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair.  The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.  
+
+Below, you can find all the infromation you will need to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:
+1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
+2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
+3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
+4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
+5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/access-protection/hello-for-business/hello-deployment-guide.md b/windows/access-protection/hello-for-business/hello-deployment-guide.md
new file mode 100644
index 0000000000..e58f3a1e6f
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-deployment-guide.md
@@ -0,0 +1,55 @@
+---
+title: Windows Hello for Business Deployment Guide
+description: A guide to Windows Hello for Business deployment 
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+ms.author: daniha
+ms.date: 07/07/2017
+---
+# Windows Hello for Business Deployment Guide
+
+**Applies to**
+-   Windows 10
+-   Windows 10 Mobile
+
+> This guide only applies to Windows 10, version 1703 or higher.
+
+Windows Hello for Business is the springboard to a world without passwords. It replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair.
+
+This deployment guide is to guide you through deploying Windows Hello for Business, based on the planning decisions made using the Planning a Windows Hello for Business Deployment Guide. It provides you with the information needed to successfully deploy Windows Hello for Business in an existing environment.
+
+## Assumptions
+
+This guide assumes a baseline infrastructure exists that meets the requirements for your deployment.  For either hybrid or on-premises deployments, it is expected that you have: 
+* A well-connected, working network
+* Internet access
+   * Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
+* Proper name resolution, both internal and external names
+* Active Directory and an adequate number of domain controllers per site to support authentication
+* Active Directory Certificate Services 2012 or later
+* One or more workstation computers running Windows 10, version 1703
+
+If you are installing a role for the first time, ensure the appropriate server operating system is installed, updated with the latest patches, and joined to the domain.  This document provides guidance to install and configure the specific roles on that server.  
+
+Do not begin your deployment until the hosting servers and infrastructure (not roles) identified in your prerequisite worksheet are configured and properly working.
+
+## Deployment and trust models
+
+Windows Hello for Business has two deployment models: Hybrid and On-premises. Each deployment model has two trust models: Key trust or certificate trust.
+
+Hybrid deployments are for enterprises that use Azure Active Directory.  On-premises deployments are for enterprises who exclusively use on-premises Active Directory. Remember that the environments that use Azure Active Directory must use the hybrid deployment model for all domains in that forest.
+
+The trust model determines how you want users to authentication to the on-premises Active Directory. Remember hybrid environments use Azure Active Directory and on-premises Active Directory. The key-trust model is for enterprises who do not want to issue end-entity certificates to their users and they have an adequate number of 2016 domain controllers in each site to support the authentication. The certificate-trust model is for enterprise that do want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. The certificate trust model is also enterprise who are not ready to deploy Windows Server 2016 domain controllers.
+
+Following are the various deployment guides included in this topic:
+* [On Premises Certificate Trust Deployment](hello-deployment-cert-trust.md)
+
+## Provisioning
+
+The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop.  Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
+
diff --git a/windows/access-protection/hello-for-business/hello-identity-verification.md b/windows/access-protection/hello-for-business/hello-identity-verification.md
index eaac2063b5..89c2110b38 100644
--- a/windows/access-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/access-protection/hello-for-business/hello-identity-verification.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Hello for Business (Windows 10)
-description: IWindows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. 
+description: Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. 
 ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
@@ -10,17 +10,12 @@ ms.pagetype: security, mobile
 author: DaniHalfin
 localizationpriority: high
 ms.author: daniha
+ms.date: 07/07/2017
 ---
 # Windows Hello for Business
 
-**Applies to**
--   Windows 10
--   Windows 10 Mobile
-
-In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
-
->[!NOTE]
-> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
+In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.</br>
+Windows Hello for Business lets user authenticate to an Active Directory or Azure Active Directory account.
 
 Windows Hello addresses the following problems with passwords:
 -   Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
@@ -28,98 +23,78 @@ Windows Hello addresses the following problems with passwords:
 -   Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
 -   Users can inadvertently expose their passwords due to [phishing attacks](https://go.microsoft.com/fwlink/p/?LinkId=615674).
 
-Windows Hello lets users authenticate to:
--   a Microsoft account.
--   an Active Directory account.
--   a Microsoft Azure Active Directory (Azure AD) account.
--   Identity Provider Services or Relying Party Services that support [Fast ID Online (FIDO) v2.0](https://go.microsoft.com/fwlink/p/?LinkId=533889) authentication (in progress)
+>[!div class="mx-tdBreakAll"]
+>| | | |
+>| :---: | :---: | :---: |
+>| [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |
 
-After an initial two-step verification of the user during enrollment, Windows Hello is set up on the user's device and Windows asks the user to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Windows Hello to authenticate users.
+## Prerequisites 
 
-As an administrator in an enterprise or educational organization, you can create policies to manage Windows Hello for Business use on Windows 10-based devices that connect to your organization.
+### Cloud Only Deployment
+* Windows 10, version 1511 or later
+* Microsoft Azure Account
+* Azure Active Directory
+* Azure Multifactor authentication
+* Modern Management (Intune or supported third-party MDM), *optional*
+* Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory
 
-## Biometric sign-in
- 
- Windows Hello provides reliable, fully integrated biometric authentication based on facial recognition or fingerprint matching. Windows Hello uses a combination of special infrared (IR) cameras and software to increase accuracy and guard against spoofing. Major hardware vendors are shipping devices that have integrated Windows Hello-compatible cameras. Fingerprint reader hardware can be used or added to devices that don’t currently have it. On devices that support Windows Hello, an easy biometric gesture unlocks users’ credentials.
- 
-- **Facial recognition**. This type of biometric recognition uses special cameras that see in IR light, which allows them to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major laptop manufacturers are incorporating it into their devices, as well. 
-- **Fingerprint recognition**. This type of biometric recognition uses a capacitive fingerprint sensor to scan your fingerprint. Fingerprint readers have been available for Windows computers for years, but the current generation of sensors is significantly more reliable and less error-prone. Most existing fingerprint readers (whether external or integrated into laptops or USB keyboards) work with Windows 10. 
+### Hybrid Deployments
+The table shows the minimum requirements for each deployment.
 
-Windows stores biometric data that is used to implement Windows Hello securely on the local device only. The biometric data doesn’t roam and is never sent to external devices or servers. Because Windows Hello only stores biometric identification data on the device, there’s no single collection point an attacker can compromise to steal biometric data. 
+| Key trust</br>Group Policy managed | Certificate trust</br>Mixed managed | Key trust</br>Modern managed | Certificate trust</br>Modern managed | 
+| --- | --- | --- | --- |
+| Windows 10, version 1511 or later| Windows 10, version 1703 or later (domain joined)</br>Windows 10, version 1511 or later (cloud joined) | Windows 10, version 1511 or later | Windows 10, version 1511 or later |
+| Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema |
+| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level| Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level |
+| Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | 
+| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
+| N/A | Windows Server 2016 AD FS with KB4022723 update (domain joined), and</br>Windows Server 2012 or later Network Device Enrollment Service (cloud joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
+| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter |
+| Azure Account | Azure Account | Azure Account | Azure Account |
+| Azure Active Directory | Azure Active Directory | Azure Active Directory | Azure Active Directory |
+| Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect | 
+| Azure AD Premium, optional | Azure AD Premium, needed for device writeback | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment |
 
+### On-premises Deployments 
+The table shows the minimum requirements for each deployment.
 
-## The difference between Windows Hello and Windows Hello for Business
+| Key trust </br> Group Policy managed | Certificate trust </br> Group Policy managed|
+| --- | --- | 
+| Windows 10, version 1703 or later | Windows 10, version 1703 or later |
+| Windows Server 2016 Schema | Windows Server 2016 Schema|
+| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
+| Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
+| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
+| N/A | Windows Server 2016 AD FS with [KB4022723 update](https://support.microsoft.com/en-us/help/4022723) |
+| AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter |
+| Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing |
 
-- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, however it is not backed by asymmetric (public/private key) or certificate-based authentication. 
+## Frequently Asked Questions
 
-- Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication.
+### Do I need Windows Server 2016 domain controllers?
+There are many deployment options from which to choose. Some of those options require an adequate number of Windows Server 2016 domain controllers in the site where you have deployed Windows Hello for Business. There are other deployment options that use existing Windows Server 2008 R2 or later domain controllers. Choose the deployment option that best suits your environment
 
-- Currently Active Directory accounts using Windows Hello are not backed by key-based or certificate-based authentication.  Support for key-based or certificate-based authentication is on the roadmap for a future release.
+### Is Windows Hello for Business multifactor authentication?
+Windows Hello for Business is two-factor authentication based the observed authentication factors of: something you have, something you know, and something part of you.  Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. Using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
 
-## Benefits of Windows Hello
+### Can I use PIN and biometrics to unlock my device?
+No. Windows Hello for Business provides two-factor authentication. However, we are investigating the ability to unlock the device with multiple factors.
 
-Reports of identity theft and large-scale hacking are frequent headlines. Nobody wants to be notified that their user name and password have been exposed.
+### What is the difference between Windows Hello and Windows Hello for Business
+Windows Hello represents the biometric framework provided in Windows 10.  Windows Hello enables users to use biometrics to sign into their devices by securely storing their username and password and releasing it for authentication when the user successfully identifies themselves using biometrics.  Windows Hello for Business uses asymmetric keys protected by the device's security module that requires a user gesture (PIN or biometrics) to authenticate.
 
-You may wonder [how a PIN can help protect a device better than a password](hello-why-pin-is-better-than-password.md). Passwords are shared secrets; they are entered on a device and transmitted over the network to the server. An intercepted account name and password can be used by anyone. Because they're stored on the server, a server breach can reveal those stored credentials.
+### I have extended Active Directory to Azure Active Directory.  Can I use the on-prem deployment model?
+No. If your organization is federated or using online services, such as Office 365 or OneDrive, then you must use a hybrid deployment model.  On-premises deployments are exclusive to organization who need more time before moving to the cloud and exclusively use Active Directory.
 
-In Windows 10, Windows Hello replaces passwords. When the identity provider supports keys, the Windows Hello provisioning process creates a cryptographic key pair bound to the Trusted Platform Module (TPM), if a device has a TPM, or in software. Access to these keys and obtaining a signature to validate user possession of the private key is enabled only by the PIN or biometric gesture. The two-step verification that takes place during Windows Hello enrollment creates a trusted relationship between the identity provider and the user when the public portion of the public/private key pair is sent to an identity provider and associated with a user account. When a user enters the gesture on the device, the identity provider knows from the combination of Hello keys and gesture that this is a verified identity and provides an authentication token that allows Windows 10 to access resources and services. 
+### Does Windows Hello for Business work with third party federation servers?
+Windows Hello for Business can work with any third-party federation servers that support the protocols used during provisioning experience.  Interested third-parties can inquiry at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration)
 
->[!NOTE]
->Windows Hello as a convenience sign-in uses regular user name and password authentication, without the user entering the password.
+| Protocol | Description |
+| :---: | :--- |
+| [[MS-KPP]: Key Provisioning Protocol](https://msdn.microsoft.com/en-us/library/mt739755.aspx) | Specifies the Key Provisioning Protocol, which defines a mechanism for a client to register a set of cryptographic keys on a user and device pair. |
+| [[MS-OAPX]: OAuth 2.0 Protocol Extensions](https://msdn.microsoft.com/en-us/library/dn392779.aspx)| Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and login hints. |  
+| [[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients](https://msdn.microsoft.com/en-us/library/mt590278.aspx) | Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to RFC6749 (The OAuth 2.0 Authorization Framework) that allow a broker client to obtain access tokens on behalf of calling clients. |
+| [[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions](https://msdn.microsoft.com/en-us/library/mt766592.aspx) | Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define additional claims to carry information about the end user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define additional provider metadata that enable the discovery of the issuer of access tokens and give additional information about provider capabilities. |
 
-![How authentication works in Windows Hello](images/authflow.png)
-
-Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device.
-
-Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.
-
-
- 
-## How Windows Hello for Business works: key points
-
--   Windows Hello credentials are based on certificate or asymmetrical key pair. Windows Hello credentials can be bound to the device, and the token that is obtained using the credential is also bound to the device.
--   Identity provider (such as Active Directory, Azure AD, or a Microsoft account) validates user identity and maps the Windows Hello public key to a user account during the registration step.
--   Keys can be generated in hardware (TPM 1.2 or 2.0 for enterprises, and TPM 2.0 for consumers) or software, based on the policy.
--   Authentication is the two-factor authentication with the combination of a key or certificate tied to a device and something that the person knows (a PIN) or something that the person is (Windows Hello). The Windows Hello gesture does not roam between devices and is not shared with the server; it is stored locally on a device.
--   Private key never leaves a device when using TPM. The authenticating server has a public key that is mapped to the user account during the registration process.
--   PIN entry and biometric gesture both trigger Windows 10 to use the private key to cryptographically sign data that is sent to the identity provider.  The identity provider verifies the user's identity and authenticates the user.
--   Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. All keys are separated by identity providers' domains to help ensure user privacy.
--   Certificate private keys can be protected by the Windows Hello container and the Windows Hello gesture.
-
-For details, see [How Windows Hello for Business works](hello-how-it-works.md).
-
-## Comparing key-based and certificate-based authentication
-
-Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust.
-
-
-
-## Learn more
-
-[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/830/Implementing-Windows-Hello-for-Business-at-Microsoft)
-
-[Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
-
-[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](https://go.microsoft.com/fwlink/p/?LinkId=708533)
-
-[Windows Hello face authentication](https://go.microsoft.com/fwlink/p/?LinkId=626024)
-
-[Biometrics hardware guidelines](https://go.microsoft.com/fwlink/p/?LinkId=626995)
-
-[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](https://go.microsoft.com/fwlink/p/?LinkId=533890)
-
-[Windows 10: The End Game for Passwords and Credential Theft?](https://go.microsoft.com/fwlink/p/?LinkId=533891)
-
-[Authenticating identities without passwords through Windows Hello for Business](https://go.microsoft.com/fwlink/p/?LinkId=616778)
-
-## Related topics
-
-- [How Windows Hello for Business works](hello-how-it-works.md)
-- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
-- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
-- [Windows Hello and password changes](hello-and-password-changes.md)
-- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
-- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
- 
+### Does Windows Hello for Business work with Mac and Linux clients?
+Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms.  However, Microsoft is open to third parties who are interested in moving these platforms away from passwords.  Interested third parties can inqury at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration)
diff --git a/windows/access-protection/hello-for-business/hello-overview.md b/windows/access-protection/hello-for-business/hello-overview.md
new file mode 100644
index 0000000000..1684f8f6cf
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-overview.md
@@ -0,0 +1,123 @@
+---
+title: Windows Hello for Business (Windows 10)
+description: An overview of Winodws Hello for Business 
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+---
+# Windows Hello for Business Overview
+
+**Applies to**
+-   Windows 10
+-   Windows 10 Mobile
+
+In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
+
+>[!NOTE]
+> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
+
+Windows Hello addresses the following problems with passwords:
+-   Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
+-   Server breaches can expose symmetric network credentials (passwords).
+-   Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
+-   Users can inadvertently expose their passwords due to [phishing attacks](https://go.microsoft.com/fwlink/p/?LinkId=615674).
+
+Windows Hello lets users authenticate to:
+-   a Microsoft account.
+-   an Active Directory account.
+-   a Microsoft Azure Active Directory (Azure AD) account.
+-   Identity Provider Services or Relying Party Services that support [Fast ID Online (FIDO) v2.0](https://go.microsoft.com/fwlink/p/?LinkId=533889) authentication (in progress)
+
+After an initial two-step verification of the user during enrollment, Windows Hello is set up on the user's device and Windows asks the user to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Windows Hello to authenticate users.
+
+As an administrator in an enterprise or educational organization, you can create policies to manage Windows Hello for Business use on Windows 10-based devices that connect to your organization.
+
+## Biometric sign-in
+ 
+ Windows Hello provides reliable, fully integrated biometric authentication based on facial recognition or fingerprint matching. Windows Hello uses a combination of special infrared (IR) cameras and software to increase accuracy and guard against spoofing. Major hardware vendors are shipping devices that have integrated Windows Hello-compatible cameras. Fingerprint reader hardware can be used or added to devices that don’t currently have it. On devices that support Windows Hello, an easy biometric gesture unlocks users’ credentials.
+ 
+- **Facial recognition**. This type of biometric recognition uses special cameras that see in IR light, which allows them to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major laptop manufacturers are incorporating it into their devices, as well. 
+- **Fingerprint recognition**. This type of biometric recognition uses a capacitive fingerprint sensor to scan your fingerprint. Fingerprint readers have been available for Windows computers for years, but the current generation of sensors is significantly more reliable and less error-prone. Most existing fingerprint readers (whether external or integrated into laptops or USB keyboards) work with Windows 10. 
+
+Windows stores biometric data that is used to implement Windows Hello securely on the local device only. The biometric data doesn’t roam and is never sent to external devices or servers. Because Windows Hello only stores biometric identification data on the device, there’s no single collection point an attacker can compromise to steal biometric data. 
+
+
+## The difference between Windows Hello and Windows Hello for Business
+
+- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, however it is not backed by asymmetric (public/private key) or certificate-based authentication. 
+
+- Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication.
+
+- Currently Active Directory accounts using Windows Hello are not backed by key-based or certificate-based authentication.  Support for key-based or certificate-based authentication is on the roadmap for a future release.
+
+## Benefits of Windows Hello
+
+Reports of identity theft and large-scale hacking are frequent headlines. Nobody wants to be notified that their user name and password have been exposed.
+
+You may wonder [how a PIN can help protect a device better than a password](hello-why-pin-is-better-than-password.md). Passwords are shared secrets; they are entered on a device and transmitted over the network to the server. An intercepted account name and password can be used by anyone. Because they're stored on the server, a server breach can reveal those stored credentials.
+
+In Windows 10, Windows Hello replaces passwords. When the identity provider supports keys, the Windows Hello provisioning process creates a cryptographic key pair bound to the Trusted Platform Module (TPM), if a device has a TPM, or in software. Access to these keys and obtaining a signature to validate user possession of the private key is enabled only by the PIN or biometric gesture. The two-step verification that takes place during Windows Hello enrollment creates a trusted relationship between the identity provider and the user when the public portion of the public/private key pair is sent to an identity provider and associated with a user account. When a user enters the gesture on the device, the identity provider knows from the combination of Hello keys and gesture that this is a verified identity and provides an authentication token that allows Windows 10 to access resources and services. 
+
+>[!NOTE]
+>Windows Hello as a convenience sign-in uses regular user name and password authentication, without the user entering the password.
+
+![How authentication works in Windows Hello](images/authflow.png)
+
+Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device.
+
+Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.
+
+
+ 
+## How Windows Hello for Business works: key points
+
+-   Windows Hello credentials are based on certificate or asymmetrical key pair. Windows Hello credentials can be bound to the device, and the token that is obtained using the credential is also bound to the device.
+-   Identity provider (such as Active Directory, Azure AD, or a Microsoft account) validates user identity and maps the Windows Hello public key to a user account during the registration step.
+-   Keys can be generated in hardware (TPM 1.2 or 2.0 for enterprises, and TPM 2.0 for consumers) or software, based on the policy.
+-   Authentication is the two-factor authentication with the combination of a key or certificate tied to a device and something that the person knows (a PIN) or something that the person is (Windows Hello). The Windows Hello gesture does not roam between devices and is not shared with the server; it is stored locally on a device.
+-   Private key never leaves a device when using TPM. The authenticating server has a public key that is mapped to the user account during the registration process.
+-   PIN entry and biometric gesture both trigger Windows 10 to use the private key to cryptographically sign data that is sent to the identity provider.  The identity provider verifies the user's identity and authenticates the user.
+-   Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. All keys are separated by identity providers' domains to help ensure user privacy.
+-   Certificate private keys can be protected by the Windows Hello container and the Windows Hello gesture.
+
+For details, see [How Windows Hello for Business works](hello-how-it-works.md).
+
+## Comparing key-based and certificate-based authentication
+
+Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust.
+
+
+
+## Learn more
+
+[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/830/Implementing-Windows-Hello-for-Business-at-Microsoft)
+
+[Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
+
+[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](https://go.microsoft.com/fwlink/p/?LinkId=708533)
+
+[Windows Hello face authentication](https://go.microsoft.com/fwlink/p/?LinkId=626024)
+
+[Biometrics hardware guidelines](https://go.microsoft.com/fwlink/p/?LinkId=626995)
+
+[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](https://go.microsoft.com/fwlink/p/?LinkId=533890)
+
+[Windows 10: The End Game for Passwords and Credential Theft?](https://go.microsoft.com/fwlink/p/?LinkId=533891)
+
+[Authenticating identities without passwords through Windows Hello for Business](https://go.microsoft.com/fwlink/p/?LinkId=616778)
+
+## Related topics
+
+- [How Windows Hello for Business works](hello-how-it-works.md)
+- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
+- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
+- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
+- [Windows Hello and password changes](hello-and-password-changes.md)
+- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
+- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
+- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
+ 
diff --git a/windows/access-protection/hello-for-business/hello-planning-guide.md b/windows/access-protection/hello-for-business/hello-planning-guide.md
new file mode 100644
index 0000000000..3ae2518616
--- /dev/null
+++ b/windows/access-protection/hello-for-business/hello-planning-guide.md
@@ -0,0 +1,319 @@
+---
+title: Planning a Windows Hello for Business Deployment
+description: A guide to planning a Windows Hello for Business deployment 
+keywords: identity, PIN, biometric, Hello, passport
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security, mobile
+author: DaniHalfin
+localizationpriority: high
+---
+# Planning a Windows Hello for Business Deployment
+
+**Applies to**
+-   Windows 10
+-   Windows 10 Mobile
+
+> This guide only applies to Windows 10, version 1511 or higher.
+
+Congratulations! You are taking the first step forward in helping move your organizations away from password to a two-factor, convenience authentication for Windows — Windows Hello for Business. This planning guide helps you understand the different topologies, architectures, and components that encompass a Windows Hello for Business infrastructure.
+  
+This guide explains the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of the infrastructure. Armed with your planning worksheet, you’ll use that information to select the correct deployment guide for your needs.
+
+## Using this guide
+
+There are many options from which you can choose when deploying Windows Hello for Business. Providing multiple options ensures nearly every organization can deploy Windows Hello for Business. Providing many options makes the deployment appear complex, however, most organization will realize they’ve already implemented most of the infrastructure on which the Windows Hello for Business deployment depends. It is important to understand that Windows Hello for Business is a distributed system and does take proper planning across multiple teams within an organization.
+
+This guide removes the appearance of complexity by helping you make decisions on each aspect of your Windows Hello for Business deployment and the options you’ll need to consider. Using this guide also identifies the information needed to help you make decisions about the deployment that best suits your environment. Download the [Windows Hello for Business planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514) from the Microsoft Download Center to help track your progress and make your planning easier.
+
+### How to Proceed
+
+Read this document and record your decisions on the worksheet. When finished, your worksheet has all the necessary information for your Windows Hello for Business deployment.
+
+There are six major categories you need to consider for a Windows Hello for Business deployment.  Those categories are:
+*	Deployment Options
+*   Client
+*   Management
+*   Active Directory
+*   Public Key Infrastructure
+*   Cloud
+
+### Baseline Prerequisites
+
+Windows Hello for Business has a few baseline prerequisites with which you can begin.  These baseline prerequisites are provided in the worksheet. 
+
+### Deployment Options
+
+The goal of Windows Hello for Business is to enable deployments for all organizations of any size or scenario. To provide this type of granular deployment, Windows Hello for Business offers a diverse choice of deployment options.
+
+#### Deployment models
+
+There are three deployment models from which you can choose: cloud only, hybrid, and on-premises.
+
+##### Cloud only
+The cloud only deployment model is for organizations who only have cloud identities and do not access on-premises resources.  These organizations typically join their devices to the cloud and exclusively use resources in the cloud such as SharePoint, OneDrive, and others.  Also, because these users do not use on-premises resources, they do not need certificates for things like VPN because everything they need is hosted in Azure.
+
+##### Hybrid
+The hybrid deployment model is for organizations that: 
+* Are federated with Azure Active Directory
+* Have identities synchronized to Azure Active Directory using Azure Active Directory Connect
+* Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources
+
+##### On-premises
+The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory.
+
+
+It’s fundamentally important to understand which deployment model to use for a successful deployment.  Some of aspects of the deployment may already be decided for you based on your current infrastructure.
+
+#### Trust types
+
+A deployments trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory.  There are two trusts types, key trust and certificate trust.
+  
+The key trust type does not require issuing authentication certificates to end users.  Users authenticate using a hardware-bound key created during an in-box provisioning experience, which requires an adequate distribution of Windows Server 2016 domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment.
+
+The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the in-box provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers.  Users can authentication using their certificate to any Windows Server 2008 R2 or later domain controller.
+
+#### Device registration
+
+All devices included in the Windows Hello for Business deployment must go through device registration.  Device registration enables devices to authenticate to identity providers.  For cloud only and hybrid deployment, the identity provider is Azure Active Directory.  For on-premises deployments, the identity provider is the on-premises server running the Windows Server 2016 Active Directory Federation Services (AD FS) role.
+
+#### Key registration
+
+The in-box Windows Hello for Business provisioning experience creates a hardware bound asymmetric key pair as their user’s credentials. The private key is protected by the device’s security modules; however, the credential is a user key (not a device key).  The provisioning experience registers the user’s public key with the identity provider.  For cloud only and hybrid deployments, the identity provider is Azure Active Directory.  For on-premises deployments, the identity provider is the on-premises server running Windows Server 2016 Active Directory Federation Services (AD FS) role.
+
+#### Multifactor authentication
+
+The goal of Windows Hello for Business is to move organizations away from passwords by providing them a strong credential that providers easy two-factor authentication.  The inbox provisioning experience accepts the user’s weak credentials (username and password) as the first factor authentication; however, the user must provide a second factor of authentication before Windows provisions a strong credential.  
+
+Cloud only and hybrid deployments provide many choices for multifactor authentication.  On-premises deployments must use a multifactor authentication that provides an AD FS multifactor adapter to be used in conjunction with the on-premises Windows Server 2016 AD FS server role. Organizations can use from the on-premises Azure Multifactor Authentication server, or choose from several third parties (Read [Microsoft and third-party additional authentication methods](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods) for more information).
+>[!NOTE]
+> Azure Multi-Factor Authentication is available through a:
+>* Microsoft Enterprise Agreement
+>* Open Volume License Program
+>* Cloud Solution Providers program
+>* Bundled with
+>    * Azure Active Directory Premium
+>    * Enterprise Mobility Suite
+>    * Enterprise Cloud Suite
+>* A per-user and per-authentication consumption-based model that is billed monthly against Azure monetary commitment (Read [Multi-Factor Authentication Pricing](https://azure.microsoft.com/pricing/details/multi-factor-authentication/) for more information)
+
+#### Directory synchronization
+
+Hybrid and on-premises deployments use directory synchronization, however, each for a different purpose.  Hybrid deployments use Azure Active Directory Connect to synchronization Active Directory identities or credentials between itself and Azure Active Directory. This helps enable single sign-on to Azure Active Directory and its federated components.
+
+### Management
+
+Windows Hello for Business provides organizations with a rich set of granular policy setting with which they can use to manage their devices and users.  There are three ways in which you can manage Windows Hello for Business: Group Policy, Modern Management, and Mixed.
+
+#### Group Policy
+
+Group Policy is the easiest and most popular way to manage Windows Hello for Business on domain joined devices.  Simply create a Group Policy object with the settings you desire. Link the Group Policy object high in your Active Directory and use security group filtering to target specific sets of computers or users.  Or, link the GPO directly to the organizational units.  
+
+#### Modern management
+
+Modern management is an emerging device management paradigm that leverages the cloud for managing domain joined and non-domain joined devices.   Organizations can unify their device management into one platform and apply policy settings using a single platform
+
+### Client
+
+Windows Hello for Business is an exclusive Windows 10 feature.  As part of the Windows as a Service strategy, Microsoft has improved the deployment, management, and user experience with each new release of Windows 10 and introduced support for new scenarios.
+
+Most deployment scenarios require a minimum of Windows 10, version 1511, also known as the November Update.  The client requirement may change based on different components in your existing infrastructure, or other infrastructure choices made later in planning your deployment.  Those components and choices may require a minimum client running Windows 10, version 1703, also known as the Creators Update.
+
+
+### Active Directory
+
+Hybrid and on-premises deployments include Active Directory as part of their infrastructure.  Most of the Active Directory requirements, such as schema, and domain and forest functional levels are predetermined.  However, your trust type choice for authentication determines the version of domain controller needed for the deployment.
+
+### Public Key Infrastructure
+
+The Windows Hello for Business deployment depends on an enterprise public key infrastructure a trust anchor for authentication. Domain controllers for hybrid and on-prem deployments need a certificate in order for Windows 10 devices to trust the domain controller is a legitimate. Deployments using the certificate trust type need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  Hybrid deployments may need to issue VPN certificates to users to enable connectivity on-premises resources.
+
+### Cloud
+
+Some deployment combinations require an Azure account and some require Azure Active Directory for user identities.  These cloud requirements can may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiate the components that are needed from the those that are optional.
+
+## Planning a Deployment
+
+Planning your Windows Hello for Business deployment begins with choosing a deployment type.  Like all distributed systems, Windows Hello for Business depends on multiple components within your organization’s infrastructure.
+
+Use the remainder of this guide to help with planning your deployment.  As you make decisions, write the results of those decisions in your planning worksheet.  When finished, you’ll have all the information needed to complete the planning process and the appropriate deployment guide that best helps you with your deployment.
+
+### Deployment Model
+
+Choose the deployment model based on the resources your users access.  Use the following guidance to make your decision.
+
+If your organization does not have on-premises resources, write **Cloud Only** in box **1a** on your planning worksheet.
+
+If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users access cloud and on-premises resources, write **Hyrbid** in box **1a** on your planning worksheet.
+
+If your organization does not have cloud resources, write **On-Premises** in box **1a** on your planning worksheet.
+>[!NOTE]
+>If you’re unsure if your organization is federated, run the following Active Directory Windows PowerShell command from and elevated Windows PowerShell prompt and evaluate the results.  
+>```Get-AdObject “CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com -Properties keywords```
+>* If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS.  Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**.  If the object truly does not exists, then you environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type.
+>* If the command returns a value, compare that value with the values below.  The value indicates the deployment model you should implement
+>    * If the value begins with **azureADName:**  – write **Hybrid** in box **1a**on your planning worksheet.
+ >   * If the value begins with **enterpriseDrsName:** – write **On-Premises** in box **1a** on your planning worksheet.
+
+### Trust type
+
+Choose a trust type that is best suited for your organizations.  Remember, the trust type determines two things. Whether you issue authentication certificates to your users and if your deployment needs Windows Server 2016 domain controllers.
+
+If your organization wants to use the key trust type, write **key trust** in box **1b** on your planning worksheet. Write **Windows Server 2016** in box **4d**. Write **N/A** in box **5b**.
+
+If your organization wants to use the certificate trust type, write **certificate trust** in box **1b** on your planning worksheet.  Write **Windows Server 2008 R2 or later** in box **4d**.  In box **5c**, write **smart card logon** under the **Template Name** column and write **users** under the **Issued To** column on your planning worksheet.
+
+### Device Registration
+
+A successful Windows Hello for Business requires all devices to register with the identity provider.  The identity provider depends on the deployment model.
+
+If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, write **Azure** in box **1c** on your planning worksheet.
+
+If box **1a** on your planning worksheet reads **on-premises**, write **AF FS** in box **1c** on your planning worksheet.
+
+### Key Registration
+
+All users provisioning Windows Hello for Business have their public key registered with the identity provider.  The identity provider depends on the deployment model.
+
+If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, write **Azure** in box **1d** on your planning worksheet.
+
+If box **1a** on your planning worksheet reads **on-premises**, write **AF FS** in box **1d** on your planning worksheet.
+
+### Directory Synchronization
+
+Windows Hello for Business is strong user authentication, which usually means there is an identity (a user or username) and a credential (typically a key pair).  Some operations require writing or reading user data to or from the directory. For example, reading the user’s phone number to perform multifactor authentication during provisioning or writing the user’s public key.
+
+If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **1e**.  User information is written directly to Azure Active Directory and there is not another directory with which the information must be synchronized.
+
+If box **1a** on your planning worksheet reads **hybrid**, then write **Azure AD Connect** in box **1e** on your planning worksheet.
+
+If box **1a** on your planning worksheet reads **on-premises**, then write **Azure MFA Server**.  This deployment exclusive uses Active Directory for user information with the exception of the multifactor authentication.  The on-premises Azure MFA server synchronizes a subset of the user information, such as phone number, to provide multifactor authentication while the user’s credential remain on the on-premises network.
+
+### Multifactor Authentication
+
+The goal of Windows Hello for Business is to move user authentication away from passwords to a strong, key-based user authentication.  Passwords are weak credentials and cannot be trusted by themselves as an attacker with a stolen password could be attempting to enroll in Windows Hello for Business.  To keep the transition from a weak to a strong credential secure, Windows Hello for Business relies on multifactor authentication during provisioning to have some assurances that the user identity provisioning a Windows Hello for Business credential is the proper identity.
+
+If box **1a** on your planning worksheet reads **cloud only**, then your only option is to use the Azure MFA cloud service.  Write **Azure MFA** in box **1f** on your planning worksheet.
+
+If box **1a** on your planning worksheet reads **hybrid**, then you have a few options, some of which depend on your directory synchronization configuration. The options from which you may choose include:
+* Directly use Azure MFA cloud service
+* Use AD FS w/Azure MFA cloud service adapter
+* Use AD FS w/Azure MFA Server adapter
+* Use AD FS w/3rd Party MFA Adapter
+
+You can directly use the Azure MFA cloud service for the second factor of authentication. Users contacting the service must authenticate to Azure prior to using the service.
+  
+If your Azure AD Connect is configured to synchronize identities (usernames only), then your users are redirected to your local on-premises federation server for authentication and then redirected back to the Azure MFA cloud service.  Otherwise, your Azure AD Connect is configured to synchronize credentials (username and passwords), which enables your users to authenticate to Azure Active and use the Azure MFA cloud service.  If you choose to use the Azure MFA cloud service directly, write **Azure MFA** in box **1f** on your planning worksheet.
+
+You can configure your on-premises Windows Server 2016 AD FS role to use the Azure MFA service adapter. In this configuration, users are redirected to the on premises AD FS server (synchronizing identities only). The AD FS server uses the MFA adapter to communicate to the Azure MFA service to perform the second factor of authentication.  If you choose to use AD FS with the Azure MFA cloud service adapter, write **AD FS with Azure MFA cloud adapter** in box **1f** on your planning worksheet.
+
+Alternatively, you can use AD FS with an on-premises Azure MFA server adapter. Rather than AD FS communicating directly with the Azure MFA cloud service, it communicates with an on-premises AD FS server that synchronizes user information with the on-premises Active Directory.  The Azure MFA server communicates with Azure MFA cloud services to perform the second factor of authentication.  If you choose to use AD FS with the Azure MFA server adapter, write **AD FS with Azure MFA server adapter** in box **1f** on your planning worksheet.
+
+The last option is for you to use AD FS with a third-party adapter to as the second factor of authentication.  If you choose to use AD FS with a third-party MFA adapter, write **AD FS with third party** in box **1f** on your planning worksheet.
+
+If box **1a** on your planning worksheet reads **on-premises**, then you have two second factor authentication options.  You must use Windows Server 2016 AD FS with your choice of the on-premises Azure MFA server or with a third-party MFA adapter. 
+
+If you choose to use AD FS with the Azure MFA server adapter, write **AD FS with Azure MFA server adapter** in box **1f** on your planning worksheet. If you choose to use AD FS with a third-party MFA adapter, write **AD FS with third party** in box **1f** on your planning worksheet.
+
+### Management 
+
+Windows Hello for Business provides organizations with many policy settings and granular control on how these settings may be applied to both computers and users.  The type of policy management you can use depends on your selected deployment and trust models.
+
+If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **2a** on your planning worksheet.  You have the option to manage non-domain joined devices.  If you choose to manage Azure Active Directory joined devices, write **modern management** in box **2b** on your planning worksheet.  Otherwise, write** N/A** in box **2b**.
+
+>[!NOTE]
+> Azure Active Directory joined devices without modern management automatically enroll in Windows Hello for Business using the default policy settings.  Use modern management to adjust policy settings to match the business needs of your organization.
+
+If box **1a** on your planning worksheet reads **on-prem**, write **GP** in box **2a** on your planning worksheet. Write **N/A** in box **2b** on your worksheet.
+
+Managing hybrid deployments includes two categories of devices to consider for your Windows Hello for Business deployment—domain joined and non-domain joined.  All devices are registered, however, not all devices are domain joined.  You have the option of using Group Policy for domain joined devices and modern management for non-domain joined devices. Or, you can use modern management for both domain and non-domain joined devices.  
+
+If you use Group Policy to manage your domain joined devices, write **GP** in box **2a** on your planning worksheet, Write **modern management** in box **2b** if you decide to manage non-domain joined devices; otherwise, write **N/A**.  
+
+If you use modern management for both domain and non-domain joined devices, write **modern management** in box **2a** and **2b** on your planning worksheet.
+
+### Client
+
+Windows Hello for Business is a feature exclusive to Windows 10.   Some deployments and features are available using earlier versions of Windows 10.  Others need the latest versions.
+
+If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **3a** on your planning worksheet.  Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
+>[!NOTE] 
+>Azure Active Directory joined devices without modern management automatically enroll in Windows Hello for Business using the default policy settings.  Use modern management to adjust policy settings to match the business needs of your organization.
+
+Write **1511 or later** in box **3a** on your planning worksheet if any of the following are true. 
+* Box **2a** on your planning worksheet read **modern management**. 
+    * Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
+* Box **1a** on your planning worksheet reads **hybrid**, box **1b** reads **key trust**, and box **2a** reads **GP**.
+    *Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
+
+Write **1703 or later** in box **3a** on your planning worksheet if any of the following are true.
+* Box **1a** on your planning worksheet reads **on-premises**.  
+  Write **N/A** in box **3b** on your planning worksheet.
+* Box **1a** on your planning worksheet reads **hybrid**, box **1b** reads **certificate trust**, and box **2a** reads **GP**.
+    * Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
+
+### Active Directory
+
+The Active Directory portion of the planning guide should be complete.  Most of conditions are baseline prerequisites except for your domain controllers.  The domain controllers used in your deployment are decided by the chosen trust type. 
+
+Review the trust type portion of this section if box **4d** on your planning worksheet remains empty.
+
+### Public Key Infrastructure
+
+Public key infrastructure prerequisites already exist on your planning worksheet.  These conditions are the minimum requirements for any hybrid our on-premises deployment.  Additional conditions may be needed based on your trust type.
+
+If box **1a** on your planning worksheet reads **cloud only**, ignore the public key infrastructure section of your planning worksheet.  Cloud only deployments do not use a public key infrastructure.
+
+If box **1b** on your planning worksheet reads **key trust**, write **N/A** in box **5b** on your planning worksheet.
+
+The registration authority only relates to certificate trust deployments and the management used for domain and non-domain joined devices.
+
+If box **3a** reads **GP** and box **3b** reads **modern management**, write **AD FS RA and NDES** in box **5b** on your planning worksheet.  In box **5c**, write the following certificate templates names and issuances:
+
+| Certificate Template Name | Issued To |
+| --- | --- |
+| Exchange Enrollment Agent | AD FS RA | 
+| Web Server | AD FS RA | 
+| Exchange Enrollment Agent | NDES |
+| Web Server | NDES |
+| CEP Encryption | NDES |
+
+If box **3a** reads **GP** and box **3b** reads **N/A**, write **AD FA RA** in box **5b** and write the following certificate template names and issuances in box **5c** on your planning worksheet.
+
+| Certificate Template Name | Issued To |
+| --- | --- |
+| Exchange Enrollment Agent | AD FS RA | 
+| Web Server | AD FS RA | 
+
+If box **3a** or **3b** reads modern management, write **NDES** in box **5b** and write the following certificate template names and issuances in box 5c on your planning worksheet.
+
+| Certificate Template Name | Issued To |
+| --- | --- |
+| Exchange Enrollment Agent | NDES |
+| Web Server | NDES |
+| CEP Encryption | NDES |
+
+### Cloud
+
+Nearly all deployments of Windows Hello for Business require an Azure account.
+
+If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, write **Yes** in boxes **6a** and **6b** on your planning worksheet.
+
+If box **1a** on your planning worksheet reads **on-premises**, and box **1f** reads **AD FS with third party**, write **No** in box **6a** on your planning worksheet. Otherwise, write **Yes** in box **1f** as you need an Azure account for per-consumption MFA billing. Write **No** in box **6b** on your planning worksheet—on-premises deployments do not use the cloud directory.
+
+Windows Hello for Business does not require an Azure AD premium subscription.  However, some dependencies do.
+
+If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet.
+
+If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet.  You can deploy Windows Hello for Business using the free Azure Active Directory account (additional costs needed for multifactor authentication).
+
+If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet.  Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device writeback—an Azure AD Premium feature.
+
+Modern managed devices do not require an Azure AD premium subscription.  By forgoing the subscription, your users must manually enroll devices in the modern management software, such as Intune or a supported third-party MDM.
+
+If boxes **2a** or **2b** read **modern management** and you want devices to automatically enroll in your modern management software, write **Yes** in box **6c** on your planning worksheet.  Otherwise, write **No** in box **6c**.
+
+## Congratulations, You’re Done
+
+Your Windows Hello for Business planning worksheet should be complete.  This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used.  The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment.  With this worksheet, you’ll be able to identify key elements of your Windows Hello for Business deployment.
\ No newline at end of file
diff --git a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index a224eeab82..959f2a6830 100644
--- a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -33,7 +33,7 @@ A password is transmitted to the server -- it can be intercepted in transmission
 When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key and uses the key to sign the request that is sent to the authenticating server.
 
 >[!NOTE]
->For details on how Hello uses asymetric key pairs for authentication, see [Windows Hello for Business](hello-identity-verification.md#benefits-of-windows-hello).
+>For details on how Hello uses asymetric key pairs for authentication, see [Windows Hello for Business](hello-overview.md#benefits-of-windows-hello).
  
 ## PIN is backed by hardware
 
diff --git a/windows/access-protection/hello-for-business/images/hello-adfs-configure-2012r2.png b/windows/access-protection/hello-for-business/images/hello-adfs-configure-2012r2.png
new file mode 100644
index 0000000000..374d8f1297
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-adfs-configure-2012r2.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-cmd-netdom.png b/windows/access-protection/hello-for-business/images/hello-cmd-netdom.png
new file mode 100644
index 0000000000..7f0be5249d
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-cmd-netdom.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-internal-web-server-cert.png b/windows/access-protection/hello-for-business/images/hello-internal-web-server-cert.png
new file mode 100644
index 0000000000..cc78ba41cf
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-internal-web-server-cert.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-mfa-company-settings.png b/windows/access-protection/hello-for-business/images/hello-mfa-company-settings.png
new file mode 100644
index 0000000000..72c94fb321
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-mfa-company-settings.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-mfa-content-edit-email.png b/windows/access-protection/hello-for-business/images/hello-mfa-content-edit-email.png
new file mode 100644
index 0000000000..64f85b1f54
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-mfa-content-edit-email.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-mfa-sync-item.png b/windows/access-protection/hello-for-business/images/hello-mfa-sync-item.png
new file mode 100644
index 0000000000..6894047f98
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-mfa-sync-item.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-mfa-user-portal-settings.png b/windows/access-protection/hello-for-business/images/hello-mfa-user-portal-settings.png
new file mode 100644
index 0000000000..3167588d7b
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-mfa-user-portal-settings.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-nlb-add-ip.png b/windows/access-protection/hello-for-business/images/hello-nlb-add-ip.png
new file mode 100644
index 0000000000..49b06a8cc2
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-nlb-add-ip.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-nlb-cluster-ip-config.png b/windows/access-protection/hello-for-business/images/hello-nlb-cluster-ip-config.png
new file mode 100644
index 0000000000..e74cc5f586
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-nlb-cluster-ip-config.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-nlb-cluster-port-rule.png b/windows/access-protection/hello-for-business/images/hello-nlb-cluster-port-rule.png
new file mode 100644
index 0000000000..c8d406f45f
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-nlb-cluster-port-rule.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-nlb-cluster.png b/windows/access-protection/hello-for-business/images/hello-nlb-cluster.png
new file mode 100644
index 0000000000..3c4e29b213
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-nlb-cluster.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-nlb-connect.png b/windows/access-protection/hello-for-business/images/hello-nlb-connect.png
new file mode 100644
index 0000000000..c5aac0791e
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-nlb-connect.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-nlb-feature-install.png b/windows/access-protection/hello-for-business/images/hello-nlb-feature-install.png
new file mode 100644
index 0000000000..3ab085a804
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-nlb-feature-install.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello-nlb-manager.png b/windows/access-protection/hello-for-business/images/hello-nlb-manager.png
new file mode 100644
index 0000000000..61af244a4c
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello-nlb-manager.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello_filter.png b/windows/access-protection/hello-for-business/images/hello_filter.png
new file mode 100644
index 0000000000..611bbfad70
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello_filter.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello_gear.png b/windows/access-protection/hello-for-business/images/hello_gear.png
new file mode 100644
index 0000000000..b74cf682ac
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello_gear.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello_lock.png b/windows/access-protection/hello-for-business/images/hello_lock.png
new file mode 100644
index 0000000000..5643cecec0
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello_lock.png differ
diff --git a/windows/access-protection/hello-for-business/images/hello_users.png b/windows/access-protection/hello-for-business/images/hello_users.png
new file mode 100644
index 0000000000..c6750396dd
Binary files /dev/null and b/windows/access-protection/hello-for-business/images/hello_users.png differ
diff --git a/windows/access-protection/hello-for-business/toc.md b/windows/access-protection/hello-for-business/toc.md
new file mode 100644
index 0000000000..d6542a7d8f
--- /dev/null
+++ b/windows/access-protection/hello-for-business/toc.md
@@ -0,0 +1,23 @@
+# [Windows Hello for Business](hello-identity-verification.md)
+
+## [Winodws Hello for Business Overview](hello-overview.md)
+## [How Windows Hello for Business works](hello-how-it-works.md)
+## [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
+## [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
+## [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
+## [Windows Hello and password changes](hello-and-password-changes.md)
+## [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
+## [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
+## [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
+
+## [Planning a Windows Hello for Business Deployment](hello-planning-guide.md)
+
+## [Windows Hello for Business Deployment Guide](hello-deployment-guide.md)
+
+### [On Premises Certificate Trust Deployment](hello-deployment-cert-trust.md)
+#### [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
+#### [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
+#### [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
+#### [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
+##### [Configure or Deploy Multifactor Authentication Services](hello-cert-trust-deploy-mfa.md)
+#### [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 8c297f234b..f623ae9b78 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -228,6 +228,7 @@
 #### [TimeLanguageSettings](policy-csp-timelanguagesettings.md)
 #### [Update](policy-csp-update.md)
 #### [Wifi](policy-csp-wifi.md)
+#### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)
 #### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
 #### [WindowsLogon](policy-csp-windowslogon.md)
 #### [WirelessDisplay](policy-csp-wirelessdisplay.md)
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 24db3c3c45..1c96dd8f84 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/05/2017
+ms.date: 07/06/2017
 ---
 
 # BitLocker CSP
@@ -106,12 +106,11 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for removable data drives.</p>
 
 <p style="margin-left: 20px"> The possible values for 'xx' are:</p>
-<ul>
-<li>3 = AES-CBC 128</li>
-<li>4 = AES-CBC 256</li>
-<li>6 = XTS-AES 128</li>
-<li>7 = XTS-AES 256</li>
-</ul>
+
+- 3 = AES-CBC 128
+- 4 = AES-CBC 256
+- 6 = XTS-AES 128
+- 7 = XTS-AES 256
 
 > [!Note]  
 > When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.  
@@ -251,14 +250,13 @@ The following diagram shows the BitLocker configuration service provider in tree
 <enabled/><data id="PrebootRecoveryInfoDropDown_Name" value="xx"/><data id="RecoveryMessage_Input" value="yy"/><data id="RecoveryUrl_Input" value="zz"/>
 ```
 <p style="margin-left: 20px">The possible values for 'xx' are:</p>
-<ul>
-<li>0 = Empty</li>
-<li>1 = Use default recovery message and URL.</li>
-<li>2 = Custom recovery message is set.</li>
-<li>3 = Custom recovery URL is set.</li>
-<li>'yy' = string of max length 900.</li>
-<li>'zz' = string of max length 500.</li>
-</ul>
+
+-  0 = Empty
+-  1 = Use default recovery message and URL.
+-  2 = Custom recovery message is set.
+-  3 = Custom recovery URL is set.
+-  'yy' = string of max length 900.
+-  'zz' = string of max length 500.
 
 > [!Note]  
 > When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
index 7d94f470b7..222f582e36 100644
--- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md
+++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/12/2017
 ---
 
 # EnterpriseAssignedAccess CSP
@@ -26,7 +26,7 @@ The following diagram shows the EnterpriseAssignedAccess configuration service p
 
 The following list shows the characteristics and parameters.
 
-<a href="" id="-vendor-msft-enterpriseassignedaccess-"></a>**.Vendor/MSFT/EnterpriseAssignedAccess/**  
+<a href="" id="-vendor-msft-enterpriseassignedaccess-"></a>**./Vendor/MSFT/EnterpriseAssignedAccess/**  
 The root node for the EnterpriseAssignedAccess configuration service provider. Supported operations are Add, Delete, Get and Replace.
 
 <a href="" id="assignedaccess-"></a>**AssignedAccess/**  
@@ -39,10 +39,10 @@ Supported operations are Add, Delete, Get and Replace.
 
 The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.
 
-> **Important**  
-When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as &lt; instead of &lt; because it is embedded in an XML. The examples provided in the topic are formatted for readability.
+> [!Important]    
+> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \&lt; instead of &lt; because it is embedded in an XML. The examples provided in the topic are formatted for readability.
 
-When using the AssignedAccessXml in a provisioning package using the Windows Imaging and Configuration Designer (ICD) tool, do not use escaped characters.
+When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.
 
 Entry | Description
 ----------- | ------------
@@ -136,10 +136,7 @@ An application that belongs in the folder would add an optional attribute **Pare
 
 Entry | Description
 ----------- | ------------
-Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file.
-
-> [!Important]  
-> Do not specify a group entry without a page entry because it will cause an undefined behavior.
+Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file. For Windows 10, version 1703, see the instructions below for the new way to specify the settings pages.
 
 <ul>
 <li>System (main menu) - SettingsPageGroupPCSystem
@@ -245,12 +242,32 @@ Settings | Starting in Windows 10, version 1511, you can specify the following
 </ul></li>
 </ul>
 
+Entry | Description
+----------- | ------------
+Settings | Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI.
+
+For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](https://docs.microsoft.com/en-us/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page.
+
+Here is an example for Windows 10, version 1703.
+
+``` syntax
+<Settings>
+  <System name="ms-settings:display"/>
+  <System name="ms-settings:appsforwebsites"/>
+  <System name="ms-settings:about"/>
+  <System name="ms-settings:camera"/>
+  <System name="ms-settings:nfctransactions"/>
+  <System name="ms-settings:mousetouchpad"/>
+  <System name="ms-settings:usb"/>
+</Settings>
+```
+
 **Quick action settings**  
 
 Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
 
 > [!Note]  
-> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. This statement does not apply to Windows 10, version 1703.
+> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
 
 <ul>
 <li><p>SystemSettings_System_Display_QuickAction_Brightness</p>
@@ -287,6 +304,25 @@ Starting in Windows 10, version 1511, you can specify the following quick acti
 <p>Dependencies - none</p></li>
 </ul>
 
+Starting in Windows 10, version 1703, Quick action settings no longer require any dependencis from related group or page. Here is the list:
+- QuickActions_Launcher_AllSettings
+- QuickActions_Launcher_DeviceDiscovery
+- SystemSettings_BatterySaver_LandingPage_OverrideControl
+- SystemSettings_Device_BluetoothQuickAction
+- SystemSettings_Flashlight_Toggle
+- SystemSettings_Launcher_QuickNote
+- SystemSettings_Network_VPN_QuickAction
+- SystemSettings_Privacy_LocationEnabledUserPhone
+- SystemSettings_QuickAction_AirplaneMode
+- SystemSettings_QuickAction_Camera
+- SystemSettings_QuickAction_CellularData
+- SystemSettings_QuickAction_InternetSharing
+- SystemSettings_QuickAction_QuietHours
+- SystemSettings_QuickAction_WiFi
+- SystemSettings_System_Display_Internal_Rotation
+- SystemSettings_System_Display_QuickAction_Brightness
+
+
 In this example, all settings pages and quick action settings are allowed. An empty \<Settings> node indicates that none of the settings are blocked.  
 
 ``` syntax
@@ -294,7 +330,7 @@ In this example, all settings pages and quick action settings are allowed. An em
 </Settings>
 ```
 
-In this example, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.  
+In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.  
 
 ``` syntax
 <Settings> 
@@ -310,6 +346,19 @@ In this example, all System setting pages are enabled. Note that the System page
   <System name="SettingsPagePCSystemInfo" /> 
  </Settings>
 ```
+Here is an example for Windows 10, version 1703.
+
+``` syntax
+<Settings>
+  <System name="ms-settings:display"/>
+  <System name="ms-settings:appsforwebsites"/>
+  <System name="ms-settings:about"/>
+  <System name="ms-settings:camera"/>
+  <System name="ms-settings:nfctransactions"/>
+  <System name="ms-settings:mousetouchpad"/>
+  <System name="ms-settings:usb"/>
+</Settings>
+```
 
 Entry | Description
 ----------- | ------------
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index f793b9b7af..89037bff06 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/11/2017
 ---
 
 # EnterpriseDesktopAppManagement CSP
@@ -48,6 +48,26 @@ Installation date of the application. Value type is string. Supported operation
 <a href="" id="msi-productid-downloadinstall"></a>**MSI/*ProductID*/DownloadInstall**  
 Executes the download and installation of the application. Value type is string. Supported operations are Execute and Get.
 
+In Windows 10, version 1703 service release, a new tag \<DownloadFromAad\> was added to the \<Enforcement\> section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. 
+
+Here is an example:
+
+```syntax
+             <Enforcement>
+
+                <CommandLine>/quiet</CommandLine>
+
+                <TimeOut>5</TimeOut>
+
+                <RetryCount>3</RetryCount>
+
+                <RetryInterval>5</RetryInterval>
+
+                <DownloadFromAad>1</DownloadFromAad>
+
+              </Enforcement>
+```
+
 <a href="" id="msi-productid-status"></a>**MSI/*ProductID*/Status**  
 Status of the application. Value type is string. Supported operation is Get.
 
diff --git a/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png b/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png
index 6bf38313ac..a5b77e0b42 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png and b/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 6ae7b4c759..fd602713a7 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/28/2017
+ms.date: 07/12/2017
 ---
 
 # What's new in MDM enrollment and management
@@ -27,6 +27,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 -   [What's new in Windows 10, version 1511](#whatsnew)
 -   [What's new in Windows 10, version 1607](#whatsnew1607)
 -   [What's new in Windows 10, version 1703](#whatsnew10)
+-   [What's new in Windows 10, version 1709](#whatsnew1709)
 -   [Breaking changes and known issues](#breaking-changes-and-known-issues)
     -   [Get command inside an atomic command is not supported](#getcommand)
     -   [Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#notification)
@@ -913,6 +914,85 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </tbody>
 </table> 
 
+## <a href="" id="whatsnew1709"></a>What's new in Windows 10, version 1709
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Item</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="even">
+<td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>
+<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
+<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[CM_ProxyEntries CSP](cm-proxyentries-csp.md) and [CMPolicy CSP](cmpolicy-csp.md)</td>
+<td style="vertical-align:top">In Windows 10, version 1709, support for desktop SKUs were added to these CSPs. The table of SKU information in the [Configuration service provider reference](configuration-service-provider-reference.md) was updated.</td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
+<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
+<td style="vertical-align:top"><p>Added DeviceTunnel profile in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p> 
+<ul>
+<li>CredentialProviders/EnableWindowsAutoPilotResetCredentials</li>
+<li>DeviceGuard/EnableVirtualizationBasedSecurity</li>
+<li>DeviceGuard/RequirePlatformSecurityFeatures</li>
+<li>DeviceGuard/LsaCfgFlags</li>
+<li>Power/DisplayOffTimeoutOnBattery</li>
+<li>Power/DisplayOffTimeoutPluggedIn</li>
+<li>Power/HibernateTimeoutOnBattery</li>
+<li>Power/HibernateTimeoutPluggedIn</li>
+<li>Power/StandbyTimeoutOnBattery</li>
+<li>Power/StandbyTimeoutPluggedIn</li>
+<li>Defender/AttackSurfaceReductionOnlyExclusions</li>
+<li>Defender/AttackSurfaceReductionRules</li>
+<li>Defender/CloudBlockLevel </li>
+<li>Defender/CloudExtendedTimeout</li>
+<li>Defender/EnableGuardMyFolders</li>
+<li>Defender/EnableNetworkProtection</li>
+<li>Defender/GuardedFoldersAllowedApplications</li>
+<li>Defender/GuardedFoldersList</li>
+<li>Update/ScheduledInstallEveryWeek</li>
+<li>Update/ScheduledInstallFirstWeek</li>
+<li>Update/ScheduledInstallFourthWeek</li>
+<li>Update/ScheduledInstallSecondWeek</li>
+<li>Update/ScheduledInstallThirdWeek</li>
+<li>WindowsDefenderSecurityCenter/CompanyName</li>
+<li>WindowsDefenderSecurityCenter/DisableAppBrowserUI</li>
+<li>WindowsDefenderSecurityCenter/DisableEnhancedNotifications</li>
+<li>WindowsDefenderSecurityCenter/DisableFamilyUI</li>
+<li>WindowsDefenderSecurityCenter/DisableHealthUI</li>
+<li>WindowsDefenderSecurityCenter/DisableNetworkUI</li>
+<li>WindowsDefenderSecurityCenter/DisableNotifications</li>
+<li>WindowsDefenderSecurityCenter/DisableVirusUI</li>
+<li>WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride</li>
+<li>WindowsDefenderSecurityCenter/Email</li>
+<li>WindowsDefenderSecurityCenter/EnableCustomizedToasts</li>
+<li>WindowsDefenderSecurityCenter/EnableInAppCustomization</li>
+<li>WindowsDefenderSecurityCenter/Phone</li>
+<li>WindowsDefenderSecurityCenter/URL</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
 
 ## Breaking changes and known issues
 
@@ -1179,6 +1259,71 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### July 2017
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
+<td style="vertical-align:top"><p>Added DeviceTunnel profile in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
+<td style="vertical-align:top">Added the following statements:.
+<ul>
+<li>When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.</li>
+<li>When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.</li>
+</ul>
+</td></tr>
+<tr class="even">
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top">
+<p>Added the following new policies for Windows 10, version 1709:</p>
+<ul>
+<li>WindowsDefenderSecurityCenter/CompanyName</li>
+<li>WindowsDefenderSecurityCenter/DisableAppBrowserUI</li>
+<li>WindowsDefenderSecurityCenter/DisableEnhancedNotifications</li>
+<li>WindowsDefenderSecurityCenter/DisableFamilyUI</li>
+<li>WindowsDefenderSecurityCenter/DisableHealthUI</li>
+<li>WindowsDefenderSecurityCenter/DisableNetworkUI</li>
+<li>WindowsDefenderSecurityCenter/DisableNotifications</li>
+<li>WindowsDefenderSecurityCenter/DisableVirusUI</li>
+<li>WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride</li>
+<li>WindowsDefenderSecurityCenter/Email</li>
+<li>WindowsDefenderSecurityCenter/EnableCustomizedToasts</li>
+<li>WindowsDefenderSecurityCenter/EnableInAppCustomization</li>
+<li>WindowsDefenderSecurityCenter/Phone</li>
+<li>WindowsDefenderSecurityCenter/URL</li>
+</ul>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md)</td>
+<td style="vertical-align:top">Added the following statement to [MSI/ProductID/DownloadInstall](enterprisedesktopappmanagement-csp.md#msi-productid-downloadinstall):
+<ul>
+<li>In Windows 10, version 1703 service release, a new tag "DownloadFromAad" was added to the "Enforcement" section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken.</li>
+</ul>
+</td></tr>
+<tr class="even">
+<td style="vertical-align:top">[EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)</td>
+<td style="vertical-align:top">Added the following information about the settings pages in AssigneAccessXML:
+<ul>
+<li>Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI. For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](https://docs.microsoft.com/en-us/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page.</li>
+<li>In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
+
 ### June 2017
 
 <table>
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index baf0b42bec..9f6c24805f 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/28/2017
+ms.date: 07/07/2017
 ---
 
 # Policy CSP
@@ -2716,6 +2716,54 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### WindowsDefenderSecurityCenter policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname" id="windowsdefendersecuritycenter-companyname">WindowsDefenderSecurityCenter/CompanyName</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui" id="windowsdefendersecuritycenter-disableappbrowserui">WindowsDefenderSecurityCenter/DisableAppBrowserUI</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications" id="windowsdefendersecuritycenter-disableenhancednotifications">WindowsDefenderSecurityCenter/DisableEnhancedNotifications</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablefamilyui" id="windowsdefendersecuritycenter-disablefamilyui">WindowsDefenderSecurityCenter/DisableFamilyUI</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablehealthui" id="windowsdefendersecuritycenter-disablehealthui">WindowsDefenderSecurityCenter/DisableHealthUI</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenetworkui" id="windowsdefendersecuritycenter-disablenetworkui">WindowsDefenderSecurityCenter/DisableNetworkUI</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications" id="windowsdefendersecuritycenter-disablenotifications">WindowsDefenderSecurityCenter/DisableNotifications</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui" id="windowsdefendersecuritycenter-disablevirusui">WindowsDefenderSecurityCenter/DisableVirusUI</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disallowexploitprotectionoverride" id="windowsdefendersecuritycenter-disallowexploitprotectionoverride">WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-email" id="windowsdefendersecuritycenter-email">WindowsDefenderSecurityCenter/Email</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enablecustomizedtoasts" id="windowsdefendersecuritycenter-enablecustomizedtoasts">WindowsDefenderSecurityCenter/EnableCustomizedToasts</a>
+  </dd>
+    <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enableinappcustomization" id="windowsdefendersecuritycenter-enableinappcustomization">WindowsDefenderSecurityCenter/EnableInAppCustomization</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone" id="windowsdefendersecuritycenter-phone">WindowsDefenderSecurityCenter/Phone</a>
+  </dd>
+    <dd>
+    <a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url" id="windowsdefendersecuritycenter-url">WindowsDefenderSecurityCenter/URL</a>
+  </dd>
+</dl>
+
+
 ### WindowsInkWorkspace policies
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
new file mode 100644
index 0000000000..7f6d64ab86
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -0,0 +1,517 @@
+---
+title: Policy CSP - WindowsDefenderSecurityCenter
+description: Policy CSP - WindowsDefenderSecurityCenter
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 07/06/2017
+---
+
+# Policy CSP - WindowsDefenderSecurityCenter
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## WindowsDefenderSecurityCenter policies  
+
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-companyname"></a>**WindowsDefenderSecurityCenter/CompanyName**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options.
+
+<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace and Delete.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-disableappbrowserui"></a>**WindowsDefenderSecurityCenter/DisableAppBrowserUI**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-disableenhancednotifications"></a>**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
+
+> [!Note]  
+> If Suppress notification is enabled then users will not see critical or non-critical messages.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) Windows Defender Security Center will display critical and non-critical notifications to users..
+- 1 - (Enable) Windows Defender Security Center only display notifications which are considered critical on clients.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-disablefamilyui"></a>**WindowsDefenderSecurityCenter/DisableFamilyUI**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the family options area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the family options area in Windows Defender Security Center.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-disablehealthui"></a>**WindowsDefenderSecurityCenter/DisableHealthUI**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-disablenetworkui"></a>**WindowsDefenderSecurityCenter/DisableNetworkUI**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-disablenotifications"></a>**WindowsDefenderSecurityCenter/DisableNotifications**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of Windows Defender Security Center notifications.
+- 1 - (Enable) The users cannot see the display of Windows Defender Security Center notifications.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-disablevirusui"></a>**WindowsDefenderSecurityCenter/DisableVirusUI**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-disallowexploitprotectionoverride"></a>**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace and Delete.Valid values:
+
+- 0 - (Disable) Local users are allowed to make changes in the exploit protection settings area.
+- 1 - (Enable) Local users cannot make changes in the exploit protection settings area.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-email"></a>**WindowsDefenderSecurityCenter/Email**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+
+<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace and Delete. 
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-enablecustomizedtoasts"></a>**WindowsDefenderSecurityCenter/EnableCustomizedToasts**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace, and Delete. Valid values:
+
+- 0 - (Disable) Notifications contain a default notification text.
+- 1 - (Enable) Notifications contain the company name and contact options.
+ 
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-enableinappcustomization"></a>**WindowsDefenderSecurityCenter/EnableInAppCustomization**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709.Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
+
+<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace, and Delete. Valid values:
+
+- 0 - (Disable) Do not display the company name and contact options in the card fly out notification.
+- 1 - (Enable) Display the company name and contact options in the card fly out notification.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-phone"></a>**WindowsDefenderSecurityCenter/Phone**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+
+<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsdefendersecuritycenter-url"></a>**WindowsDefenderSecurityCenter/URL**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options.
+
+<p style="margin-left: 20px">Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. 
+
+<!--EndDescription-->
+<!--EndPolicy-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index c982bb06b0..05e8da9fa3 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/07/2017
 ---
 
 # VPNv2 CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device.
 
@@ -45,8 +47,6 @@ Supported operations include Get, Add, and Delete.
 
 > **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
 
- 
-
 <a href="" id="vpnv2-profilename-apptriggerlist"></a>**VPNv2/***ProfileName***/AppTriggerList**  
 Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
 
@@ -91,6 +91,11 @@ The subnet prefix size part of the destination prefix for the route entry. This,
 
 Value type is int. Supported operations include Get, Add, Replace, and Delete.
 
+<a href="" id="vpnv2-profilename-routelist-routerowid-metric"></a>**VPNv2/***ProfileName***/RouteList/***routeRowId***/Metric**  
+Added in Windows 10, version 1607. The route's metric.
+
+Value type is int. Supported operations include Get, Add, Replace, and Delete.
+
 <a href="" id="vpnv2-profilename-routelist-routerowid-exclusionroute"></a>**VPNv2/***ProfileName***/RouteList/***routeRowId***/ExclusionRoute**  
 Added in Windows 10, version 1607. A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. Valid values:
 
@@ -261,7 +266,7 @@ Valid values:
 
 Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 
-<a href="" id="vpnv2-profilename-lockdown"></a>**VPNv2/***ProfileName***/LockDown**  
+<a href="" id="vpnv2-profilename-lockdown"></a>**VPNv2/***ProfileName***/LockDown**  (./Device only profile)  
 Lockdown profile.
 
 Valid values:
@@ -280,6 +285,24 @@ A Lockdown profile must be deleted before you can add, remove, or connect other
 
 Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 
+<a href="" id="vpnv2-profilename-devicetunnel"></a>**VPNv2/***ProfileName***/DeviceTunnel**  (./Device only profile)  
+Device tunnel profile.
+
+Valid values:
+
+-   False (default) - this is not a device tunnel profile.
+-   True - this is a device tunnel profile.
+
+When the DeviceTunnel profile is turned on, it does the following things:
+
+-   First, it automatically becomes an "always on" profile.
+-   Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
+-   Third, no other device tunnel profile maybe be present on the same machine.
+
+A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
+
+Value type is bool. Supported operations include Get, Add, Replace, and Delete.
+
 <a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/***ProfileName***/DnsSuffix**  
 Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
 
@@ -493,6 +516,8 @@ The following list contains the valid values:
 -   AES128
 -   AES192
 -   AES256
+-   AES\_GCM_128
+-   AES\_GCM_256
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -542,6 +567,11 @@ Added in Windows 10, version 1607. The preshared key used for an L2TP connectio
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
+<a href="" id="vpnv2-profilename-nativeprofile-disableclassbaseddefaultroute"></a>**VPNv2/***ProfileName***/NativeProfile/DisableClassBasedDefaultRoute**  
+Added in Windows 10, version 1607. Specifies the class based default routes. For example, if the interface IP begins with 10, it assumes a class a IP and pushes the route to 10.0.0.0/8
+
+Value type is bool. Supported operations include Get, Add, Replace, and Delete.
+
 ## Examples
 
 
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index f85acf61e2..1312ba1a63 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/07/2017
 ---
 
 # VPNv2 DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **VPNv2** configuration service provider.
 
@@ -20,7 +22,7 @@ You can download the DDF files from the links below:
 - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
 - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, version 1709.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -33,7 +35,7 @@ The XML below is the current version for this CSP.
     <VerDTD>1.2</VerDTD>
     <Node>
         <NodeName>VPNv2</NodeName>
-        <Path>./Vendor/MSFT</Path>
+        <Path>./Device/Vendor/MSFT</Path>
         <DFProperties>
             <AccessType>
                 <Get />
@@ -48,7 +50,7 @@ The XML below is the current version for this CSP.
                 <Permanent />
             </Scope>
             <DFType>
-				<MIME>com.microsoft/1.2/MDM/VPNv2</MIME>
+                <MIME>com.microsoft/1.3/MDM/VPNv2</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -310,7 +312,7 @@ The XML below is the current version for this CSP.
                                 <Delete />
                                 <Replace />
                             </AccessType>
-                            <Description>                          
+                            <Description>
                               False = This Route will direct traffic over the VPN
                               True = This Route will direct traffic over the physical interface
                               By default, this value is false.
@@ -953,6 +955,43 @@ The XML below is the current version for this CSP.
                     </DFType>
                 </DFProperties>
             </Node>
+            <Node>
+                <NodeName>DeviceTunnel</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Add />
+                        <Delete />
+                        <Get />
+                        <Replace />
+                    </AccessType>
+                    <Description>
+                        False = This is not a Device Tunnel profile and it is the default value.
+                        True = This is a Device Tunnel profile.
+
+                        If turned on a device tunnel profile does four things.
+                        First, it automatically becomes an always on profile.
+                        Second, it does not require the presence or logging in
+                        of any user to the machine in order for it to connect.
+                        Third, no other Device Tunnel profile maybe be present on the
+                        Same machine.
+
+                        A device tunnel profile must be deleted before another device tunnel
+                        profile can be added, removed, or connected.
+                    </Description>
+                    <DFFormat>
+                        <bool />
+                    </DFFormat>
+                    <Occurrence>
+                        <ZeroOrOne />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <MIME>text/plain</MIME>
+                    </DFType>
+                </DFProperties>
+            </Node>
             <Node>
                 <NodeName>DnsSuffix</NodeName>
                 <DFProperties>
@@ -1996,6 +2035,8 @@ The XML below is the current version for this CSP.
                       -- AES128
                       -- AES192
                       -- AES256
+                      -- AES_GCM_128
+                      -- AES_GCM_256
                     </Description>
                     <DFFormat>
                       <chr />
@@ -2180,7 +2221,7 @@ The XML below is the current version for this CSP.
                 <Permanent />
             </Scope>
             <DFType>
-                <DDFName></DDFName>
+                <MIME>com.microsoft/1.3/MDM/VPNv2</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -4087,6 +4128,8 @@ The XML below is the current version for this CSP.
                       -- AES128
                       -- AES192
                       -- AES256
+                      -- AES_GCM_128
+                      -- AES_GCM_256
                     </Description>
                     <DFFormat>
                       <chr />
@@ -4255,14 +4298,4 @@ The XML below is the current version for this CSP.
         </Node>
     </Node>
 </MgmtTree>
-```
-
- 
-
- 
-
-
-
-
-
-
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index b4b671369b..665ae99cae 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -12,6 +12,9 @@ ms.date: 06/19/2017
 
 # WindowsAdvancedThreatProtection CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
 
 The following diagram shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 00afc29c8a..196883556d 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -12,6 +12,9 @@ ms.date: 06/19/2017
 
 # WindowsAdvancedThreatProtection DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **WindowsAdvancedThreatProtection** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 You can download the DDF files from the links below:
diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
index 871ff7e560..41e39dc306 100644
--- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
+++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
@@ -7,40 +7,31 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
-author: brianlic-msft
-ms.author: brianlic
+author: eross-msft
+ms.author: lizross
 ---
 
 
 # Windows 10, version 1703 basic level Windows diagnostic events and fields
 
-
  **Applies to**
 
-- Windows 10, version 1703
+- Windows 10, version 1703 and later
 
+The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information. The Basic level also helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
 
-The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
-
-The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
-
-Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
-
-You can learn more about Windows functional and diagnostic data through these articles:
-
+Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 - [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
 
-
-
+>[!Note]
+>Updated July 2017 to document new and modified events. We’ve added new fields to several Appraiser events to prepare for upgrades to the next release of Windows and we’ve added a brand-new event, Census.Speech, to collect basic details about speech settings and configuration.
 
 ## Common data extensions
 
 ### Common Data Extensions.App
 
- 
-
 The following fields are available:
 
 - **expId**  Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
@@ -51,8 +42,6 @@ The following fields are available:
 
 ### Common Data Extensions.CS
 
- 
-
 The following fields are available:
 
 - **sig**  A common schema signature that identifies new and modified event schemas.
@@ -60,8 +49,6 @@ The following fields are available:
 
 ### Common Data Extensions.CUET
 
- 
-
 The following fields are available:
 
 - **stId**  Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
@@ -258,8 +245,23 @@ This event lists the types of objects and how many of each exist on the client d
 
 The following fields are available:
 
+- **DatasourceApplicationFile_RS3**	The total DecisionApplicationFile objects targeting the next release of Windows on this device. on this device.
+- **DatasourceDevicePnp_RS3**	The total DatasourceDevicePnp objects targeting the next release of Windows on this device.
+- **DatasourceDriverPackage_RS3**	The total DatasourceDriverPackage objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoBlock_RS3**  The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPassive_RS3**	The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS3**	The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DatasourceSystemBios_RS3**	The total DatasourceSystemBios objects targeting the next release of Windows on this device.
+- **DecisionApplicationFile_RS3**	The total DecisionApplicationFile objects targeting the next release of Windows on this device.
+- **DecisionDevicePnp_RS3**	The total DecisionDevicePnp objects targeting the next release of Windows on this device.
+- **DecisionDriverPackage_RS3**	The total DecisionDriverPackage objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoBlock_RS3**	The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPassive_RS3**	The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPostUpgrade_RS3**	The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMediaCenter_RS3**	The total DecisionMediaCenter objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS3**	The total DecisionSystemBios objects targeting the next release of Windows on this device.
 - **PCFP**  An ID for the system that is calculated by hashing hardware identifiers.
-- **InventoryApplicationFile**  The total InventoryApplicationFile objects that are present on this device.
+- **InventoryApplicationFile** The total InventoryApplicationFile objects that are present on this device.
 - **InventoryMediaCenter**  The total InventoryMediaCenter objects that are present on this device.
 - **InventoryLanguagePack**  The total InventoryLanguagePack objects that are present on this device.
 - **InventoryUplevelDriverPackage**  The total InventoryUplevelDriverPackage objects that are present on this device.
@@ -274,6 +276,7 @@ The following fields are available:
 - **SystemWim**  The total SystemWim objects that are present on this device
 - **SystemTouch**  The total SystemTouch objects that are present on this device.
 - **SystemWindowsActivationStatus**  The total SystemWindowsActivationStatus objects that are present on this device.
+- **Wmdrm_RS3**	The total Wmdrm objects targeting the next release of Windows on this device.
 
 
 ### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureIdHashSha256
@@ -282,6 +285,21 @@ This event lists the types of objects and the hashed values of all the identifie
 
 The following fields are available:
 
+- **DatasourceApplicationFile_RS3**	The total DatasourceApplicationFile objects targeting the next release of Windows on this device.
+- **DatasourceDevicePnp_RS3**	The total DatasourceDevicePnp objects targeting the next release of Windows on this device.
+- **DatasourceDriverPackage_RS3**	The total DatasourceDriverPackage objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoBlock_RS3**	The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPassive_RS3**	The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS3**	The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DatasourceSystemBios_RS3**	The total DatasourceSystemBios objects targeting the next release of Windows on this device.
+- **DecisionApplicationFile_RS3**	The total DecisionApplicationFile objects targeting the next release of Windows on this device.
+- **DecisionDevicePnp_RS3**	The total DecisionDevicePnp objects targeting the next release of Windows on this device.
+- **DecisionDriverPackage_RS3**	The total DecisionDriverPackage objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoBlock_RS3**	The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPassive_RS3**	The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPostUpgrade_RS3**	The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMediaCenter_RS3**	The total DecisionMediaCenter objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS3**	The total DecisionSystemBios objects targeting the next release of Windows on this device.
 - **PCFP**  An ID for the system that is calculated by hashing hardware identifiers.
 - **InventoryApplicationFile**  The SHA256 hash of InventoryApplicationFile objects that are present on this device.
 - **InventoryMediaCenter**  The SHA256 hash of InventoryMediaCenter objects that are present on this device.
@@ -298,6 +316,7 @@ The following fields are available:
 - **SystemWim**  The SHA256 hash of SystemWim objects that are present on this device.
 - **SystemTouch**  The SHA256 hash of SystemTouch objects that are present on this device.
 - **SystemWindowsActivationStatus**  The SHA256 hash of SystemWindowsActivationStatus objects that are present on this device.
+- **Wmdrm_RS3**	The total Wmdrm objects targeting the next release of Windows on this device.
 
 
 ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
@@ -1617,15 +1636,15 @@ This event is used to gather basic speech settings on the device.
 
 The following fields are available:
 
-- **SpeechServicesEnabled**  Windows setting that represents whether a user is opted-in for speech services on the device.
-- **KWSEnabled**  Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
-- **SpeakerIdEnabled**  Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
-- **AboveLockEnabled**  Cortana setting that represents if Cortana can be invoked when the device is locked.
-- **GPAllowInputPersonalization**  Indicates if a Group Policy setting has enabled speech functionalities.
-- **HolographicSpeechInputDisabled**  Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
-- **HolographicSpeechInputDisabledRemote**  Indicates if a remote policy has disabled speech functionalities for the HMD devices.
-- **MDMAllowInputPersonalization**  Indicates if an MDM policy has enabled speech functionalities.
-- **RemotelyManaged**  Indicates if the device is being controlled by a remote admininistrator (MDM or Group Policy) in the context of speech functionalities.
+- **AboveLockEnabled**	Cortana setting that represents if Cortana can be invoked when the device is locked.
+- **GPAllowInputPersonalization**	Indicates if a Group Policy setting has enabled speech functionalities.
+- **HolographicSpeechInputDisabled**	Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
+- **HolographicSpeechInputDisabledRemote**	Indicates if a remote policy has disabled speech functionalities for the HMD devices.
+- **KWSEnabled**	Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
+- **MDMAllowInputPersonalization**	Indicates if an MDM policy has enabled speech functionalities.
+- **RemotelyManaged**	Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
+- **SpeakerIdEnabled**	Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
+- **SpeechServicesEnabled**	Windows setting that represents whether a user is opted-in for speech services on the device.
 
 
 ### Census.Storage
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 789b57b03a..d479183398 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -14,6 +14,11 @@ author: jdeckerms
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## July 2017
+| New or changed topic | Description |
+| --- | --- |
+|[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)|Updated several Appraiser events and added Census.Speech.
+
 ## June 2017
 
 | New or changed topic | Description |
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 26766b5852..27a5ebe9be 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -9,7 +9,6 @@
 ### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
 ### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
 
-
 ### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
 #### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
 #### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
@@ -70,9 +69,6 @@
 
 #### [Change history for Plan for Windows 10 deployment](planning/change-history-for-plan-for-windows-10-deployment.md)
 
-
-
-
 ### [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
 #### [Get started with the Microsoft Deployment Toolkit (MDT)](deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md)
 ##### [Key features in MDT](deploy-windows-mdt/key-features-in-mdt.md)
@@ -94,8 +90,6 @@
 ##### [Use web services in MDT](deploy-windows-mdt/use-web-services-in-mdt.md)
 ##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md)
 
-
-
 ### [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
 #### [Integrate Configuration Manager with MDT](deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
 #### [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
@@ -111,11 +105,9 @@
 #### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
 #### [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
 
+### [Windows 10 deployment tools](windows-10-deployment-tools.md)
 
-
-
-### [Windows 10 deployment tools](windows-10-deployment-tools-reference.md)
-
+#### [Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md)
 #### [Convert MBR partition to GPT](mbr-to-gpt.md)
 #### [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
 #### [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
@@ -241,8 +233,4 @@
 #### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
 ### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
 
-
-
-
 ## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md)
-
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
new file mode 100644
index 0000000000..ca1d3c293d
--- /dev/null
+++ b/windows/deployment/add-store-apps-to-image.md
@@ -0,0 +1,83 @@
+---
+title: Add Microsoft Store for Business applications to a Windows 10 image
+description: This topic describes how to add Microsoft Store for Business applications to a Windows 10 image.
+keywords: upgrade, update, windows, windows 10, deploy, store, image, wim
+ms.prod: w10
+ms.mktglfcycl: deploy
+localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: DaniHalfin
+ms.author: daniha
+ms.date: 07/07/2017
+---
+
+# Add Microsoft Store for Business applications to a Windows 10 image
+
+**Applies to**
+
+-   Windows 10
+
+This topic describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. This will enable you to deploy Windows 10 with pre-installed Microsoft Store for Business apps.
+
+>[!IMPORTANT]
+>In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment.
+
+## Prerequisites
+
+* [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md) for the tools required to mount and edit Windows images.
+
+* Download an offline signed app package and license of the application you would like to add through [Microsoft Store for Business](/store-for-business/distribute-offline-apps#download-an-offline-licensed-app).
+
+* A Windows Image. For instructions on image creation, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) or [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+>[!NOTE]
+> If you'd like to add an internal LOB Microsoft Store application, please follow the instructions on **[Sideload LOB apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)**.
+
+## Adding a Store application to your image
+
+On a machine where your image file is accessible:
+1. Open Windows PowerShell with administrator privileges.
+2. Mount the image. At the Windows PowerShell prompt, type:
+`Mount-WindowsImage -ImagePath c:\images\myimage.wim -Index 1 -Path C:\test`
+3. Use the Add-AppxProvisionedPackage cmdlet in Windows PowerShell to preinstall the app. Use the /PackagePath option to specify the location of the Store package and /LicensePath to specify the location of the license .xml file. In Windows PowerShell, type:
+`Add-AppxProvisionedPackage -Path C:\test -PackagePath C:\downloads\appxpackage -LicensePath C:\downloads\appxpackage\license.xml`
+
+>[!NOTE]
+>Paths and file names are examples. Use your paths and file names where appropriate.
+>
+>Do not dismount the image, as you will return to it later.
+
+## Editing the Start Layout
+
+In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment.
+
+On a test machine:
+1. **Install the Microsoft Store for Business application you previously added** to your image.
+2. **Pin these apps to the Start screen**, by typing the name of the app, right-clicking and selecting **Pin to Start**.
+3. Open Windows PowerShell with administrator privileges.
+4. Use `Export-StartLayout -path <path><file name>.xml` where *<path><file name>* is the path and name of the xml file your will later import into your Windows Image.
+5. Copy the XML file you created to a location accessible by the machine you previously used to add Store applications to your image.
+
+Now, on the machine where your image file is accessible:
+1. Import the Start layout. At the Windows PowerShell prompt, type: 
+`Import-StartLayout -LayoutPath "<path><file name>.xml" -MountPath "C:\test\"`
+2. Save changes and dismount the image. At the Windows PowerShell prompt, type:
+`Dismount-WindowsImage -Path c:\test -Save`
+
+>[!NOTE]
+>Paths and file names are examples. Use your paths and file names where appropriate.
+>
+>For more information on Start customization see [Windows 10 Start Layout Customization](https://blogs.technet.microsoft.com/deploymentguys/2016/03/07/windows-10-start-layout-customization/)
+
+
+## Related topics
+* [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout)
+* [Export-StartLayout](https://technet.microsoft.com/itpro/powershell/windows/startlayout/export-startlayout)
+* [Import-StartLayout](https://technet.microsoft.com/itpro/powershell/windows/startlayout/import-startlayout)
+* [Sideload LOB apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)
+* [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
+* [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
+* [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md)
+
+
diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md
index 7353568c47..c9b44a991f 100644
--- a/windows/deployment/change-history-for-deploy-windows-10.md
+++ b/windows/deployment/change-history-for-deploy-windows-10.md
@@ -12,6 +12,11 @@ ms.date: 06/28/2017
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10).
 
+## July 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| The table of contents for deployment topics was reorganized.
+
 ## June 2017
 | New or changed topic | Description |
 |----------------------|-------------|
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 0b33aa08b4..15b695c9ad 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -26,24 +26,24 @@ You can use Group Policy settings, mobile device management (MDM) or Registry (n
 
 In Group Policy, within **Configure Automatic Updates**, you can configure a forced restart after a specified instllation time. 
 
-To set the time, you need to go to **Configure Automatic Updates**, select option **4 - Auto download and schedule the instal**, and then enter a time in the **Scheduled install time** dropdown. Alternatively, you can specify that installtion will occur during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
+To set the time, you need to go to **Configure Automatic Updates**, select option **4 - Auto download and schedule the install**, and then enter a time in the **Scheduled install time** dropdown. Alternatively, you can specify that installation will occur during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
 
 **Always automatically restart at the scheduled time** forces a restart after the specified installation time and lets you configure a timer to warn a signed-in user that a restart is going to occur.
 
 While not recommended, the same result can be achieved through Registry. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4**, set the install time with **ScheduledInstallTime**, enable **AlwaysAutoRebootAtScheduledTime** and specify the delay in minutes through **AlwaysAutoRebootAtScheduledTimeMinutes**. Similar to Group Policy, **AlwaysAutoRebootAtScheduledTimeMinutes** sets the timer to warn a signed-in user that a restart is going to occur.
 
-For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
 
 ## Delay automatic reboot
 
-When **Configure Automatic Updates** is enabled in Group Policy, you can enable one of the following additional policies to delay an automatic reboot after update installtion:
+When **Configure Automatic Updates** is enabled in Group Policy, you can enable one of the following additional policies to delay an automatic reboot after update installation:
 
 - **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours.
 - **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**. 
 
 You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it will override this setting.
 
-For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
 
 ## Configure active hours
 
@@ -57,7 +57,7 @@ Administrators can use multiple ways to set active hours for managed devices:
 
 - You can use Group Policy, as described in the procedure that follows.
 - You can use MDM, as described in [Configuring active hours with MDM](#configuring-active-hours-with-mdm).
-- While not recommended, you can also configure active hours, as descrbied in [Configuring active hours through Registry](#configuring-active-hours-through-registry).
+- While not recommended, you can also configure active hours, as described in [Configuring active hours through Registry](#configuring-active-hours-through-registry).
 
 ### Configuring active hours with Group Policy
 
@@ -77,7 +77,7 @@ Any settings configured through Registry may conflict with any existing configur
 You should set a combination of the following registry values, in order to configure active hours.
 Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate** use **SetActiveHours** to enable or disable active hours and **ActiveHoursStart**,**ActiveHoursEnd** to specify the range of active hours.
 
-For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
 
 >[!NOTE]
 >To configure active hours manually on a single device, go to **Settings** > **Update & security** > **Windows Update** and select **Change active hours**.
@@ -94,7 +94,7 @@ To configure active hours max range through MDM, use [**Update/ActiveHoursMaxRan
 
 ## Limit restart delays
 
-After an update is installed, Windows 10 attemtps automatic restart outside of active hours. If the restart does not succeed after 7 days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from 7 days to a number of days between 2 and 14.
+After an update is installed, Windows 10 attempts automatic restart outside of active hours. If the restart does not succeed after 7 days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from 7 days to a number of days between 2 and 14.
 
 ## Control restart notifications
 
@@ -123,7 +123,7 @@ To do so through MDM, use [**Update/SetAutoRestartNotificationDisable**](https:/
 
 ### Scheduled auto-restart warnings
 
-Since users are not able to postpone a scheduled restart once the deadline has been reached, you can configure a warning reminder prior to the scheduled a restart. You can also configure a configure a warning prior to the restart, to notify users once the restart is imminent and allow them to save their work.
+Since users are not able to postpone a scheduled restart once the deadline has been reached, you can configure a warning reminder prior to the scheduled restart. You can also configure a warning prior to the restart, to notify users once the restart is imminent and allow them to save their work.
 
 To configure both through Group Policy, find **Configure auto-restart warning notifications schedule for updates** under **Computer Configuration\Administrative Templates\Windows Components\Windows Update**. The warning reminder can be configured by **Reminder (hours)** and the warning prior to an imminent auto-restart can be configured by **Warning (mins)**.
 
@@ -185,7 +185,7 @@ The following tables list registry values that correspond to the Group Policy se
 There are 3 different registry combinations for controlling restart behavior:
 
 - To set active hours, **SetActiveHours** should be **1**, while **ActiveHoursStart** and **ActiveHoursEnd** should define the time range.
-- To schedule a specific instllation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
+- To schedule a specific installation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
 - To delay rebooting if a user is logged on, **AUOptions** should be **4**, while **NoAutoRebootWithLoggedOnUsers** is set to **1**. 
 
 ## Related topics
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 3fb9bda5d9..c42d403a33 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -21,8 +21,8 @@ With Windows 10, you can quickly upgrade from one edition of Windows 10 to ano
 The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607. 
 
 X = unsupported <BR>
-✔ (green) = supported; reboot required<BR>
-✔ (blue) = supported; no reboot required. 
+&#x2714; (green) = supported; reboot required<BR>
+&#x2714; (blue) = supported; no reboot required
 
 
 |Method |Home > Pro |Home > Education |Pro > Education |Pro > Enterprise |Ent > Education |Mobile > Mobile Enterprise |
diff --git a/windows/deployment/windows-10-auto-pilot.md b/windows/deployment/windows-10-auto-pilot.md
index 7413ecc71c..adf60da2d7 100644
--- a/windows/deployment/windows-10-auto-pilot.md
+++ b/windows/deployment/windows-10-auto-pilot.md
@@ -1,6 +1,6 @@
 ---
 title: Overview of Windows AutoPilot
-description: This topic goes over Auto-Pilot and how it helps setup OOBE Windows 10 devices.
+description: This topic goes over Windows AutoPilot and how it helps setup OOBE Windows 10 devices.
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -19,21 +19,21 @@ ms.date: 06/30/2017
 -   Windows 10
 
 Windows AutoPilot is a collection of technologies used to setup and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
-This solution enables the IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
+This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
 
 ## Benefits of Windows AutoPilot
 
-Traditionally, IT Pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
+Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
 
 From the users' perspective, it only takes a few simple operations to make their device ready to use. 
 
-From the IT Pros' perspective, the only interaction required from the end-user, is to connect to a network and to verify their credentials. Everything past that is automated.
+From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
 
 Windows AutoPilot allows you to:
-* Automatically join devices to Azure Active Directory
-* Auto-enroll devices into MDM services, such as Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
+* Automatically join devices to Azure Active Directory (Azure AD)
+* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
 * Restrict the Administrator account creation
-* Create and auto-assign devices to configuration groups based on the devices' profile
+* Create and auto-assign devices to configuration groups based on a device's profile
 * Customize OOBE content specific to the organization
 
 ### Prerequisites
@@ -41,7 +41,7 @@ Windows AutoPilot allows you to:
 * [Devices must be registered to the organization](#registering-devices-to-your-organization)
 * Devices have to be pre-installed with Windows 10, version 1703 or later
 * Devices must have access to the internet
-* [Azure AD premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
+* [Azure AD Premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
 * Microsoft Intune or other MDM services to manage your devices
 
 ## Windows AutoPilot Scenarios
@@ -55,9 +55,9 @@ The Cloud-Driven scenario enables you to pre-register devices through the Window
 The end user unboxes and turns on a new device. What follows are a few simple configuration steps:
 * Select a language and keyboard layout
 * Connect to the network
-* Provide email address (the email of the user's Azure Active Directory account) and password
+* Provide email address (the email address of the user's Azure AD account) and password
 
-Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure Active Directory, enrolled in Microsoft Intune (or any other MDM service).
+Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
 
 MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
 
@@ -68,19 +68,15 @@ MDM enrollment ensures policies are applied, apps are installed and setting are
 
 In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf. 
 
-If you would like to capture that information by yourself, the following PowerShell script will generate a text file with the device's hardware ID.
+If you would like to capture that information by yourself, you can use the [Get-WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo), which will generate a .csv file with the device's hardware ID.
 
-```PowerShell
-$wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'"
-$wmi.DeviceHardwareData | Out-File "$($env:COMPUTERNAME).txt"
-```
 >[!NOTE]
->This PowerShell script requires elevated permissions. The output format might not fit the upload method. Check out the Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) for additional guidance.
+>This PowerShell script requires elevated permissions.
 
 By uploading this information to the Microsoft Store for Business or Partner Center admin portal, you'll be able to assign devices to your organization.
 Additional options and customization is available through these portals to pre-configure the devices.
 
-Options available for Windows 10, Version 1703:
+Options available for Windows 10, version 1703:
 * Skipping Work or Home usage selection (*Automatic*)
 * Skipping OEM registration, OneDrive and Cortana (*Automatic*)
 * Skipping privacy settings
@@ -88,19 +84,19 @@ Options available for Windows 10, Version 1703:
 
 We are working to add additional options to further personalize and streamline the setup experience in future releases.
 
-To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
+To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
 
 ### IT-Driven
 
-If you are planning to use to configure these devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with WCD, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
+If you are planning to use to configure these devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
 
 ### Teacher-Driven
 
-If you're an IT Pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
+If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
 
 ## Ensuring your device can be auto-enrolled to MDM
 
-In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Intune, please follow [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
+In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Intune, please see [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
 
 >[!NOTE]
->MDM Auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
\ No newline at end of file
+>MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md
index 2a08717439..d6f852cae5 100644
--- a/windows/deployment/windows-10-deployment-tools-reference.md
+++ b/windows/deployment/windows-10-deployment-tools-reference.md
@@ -10,50 +10,14 @@ author: greg-lindsay
 
 # Windows 10 deployment tools
 
-
 Learn about the tools available to deploy Windows 10.
 
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Windows 10 deployment tools reference](windows-deployment-scenarios-and-tools.md)</p></td>
-<td align="left"><p>To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)</p></td>
-<td align="left"><p>The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md)</p></td>
-<td align="left"><p>The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md)</p></td>
-<td align="left"><p>The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
-
-
+|Topic |Description |
+|------|------------|
+|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
+|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
+|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
+|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
+|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
+|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. |
+|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md
new file mode 100644
index 0000000000..d6f852cae5
--- /dev/null
+++ b/windows/deployment/windows-10-deployment-tools.md
@@ -0,0 +1,23 @@
+---
+title: Windows 10 deployment tools (Windows 10)
+description: Learn about the tools available to deploy Windows 10.
+ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: greg-lindsay
+---
+
+# Windows 10 deployment tools
+
+Learn about the tools available to deploy Windows 10.
+
+|Topic |Description |
+|------|------------|
+|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
+|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
+|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
+|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
+|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
+|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. |
+|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index d1fe29aa6f..8290d3383d 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 author: mtniehaus
 ---
 
-# Windows 10 deployment tools reference
+# Windows 10 deployment scenarios and tools
 
 
 To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment.
diff --git a/windows/device-security/applocker/delete-an-applocker-rule.md b/windows/device-security/applocker/delete-an-applocker-rule.md
index 3d4888fb73..4f50ad433f 100644
--- a/windows/device-security/applocker/delete-an-applocker-rule.md
+++ b/windows/device-security/applocker/delete-an-applocker-rule.md
@@ -32,3 +32,23 @@ AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins
 >**Note:**  When using Group Policy, for the rule deletion to take effect on computers within the domain, the GPO must be distributed or refreshed.
 
 When this procedure is performed on the local device, the AppLocker policy takes effect immediately.
+
+**To clear AppLocker policies on a single system or remote systems**
+Use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter, using an .XML file that contains the following contents:
+
+    <AppLockerPolicy Version="1">
+      <RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
+      <RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
+      <RuleCollection Type="Script" EnforcementMode="NotConfigured" />
+      <RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
+    </AppLockerPolicy>
+
+To use the Set-AppLockerPolicy cmdlet, first import the Applocker modules:
+    
+    PS C:\Users\Administrator> import-module AppLocker
+
+We will create a file (for example, clear.xml), place it in the same directory where we are executing our cmdlet, and add the preceding XML contents. Then run the following command:
+    
+    C:\Users\Administrator> Set-AppLockerPolicy -XMLPolicy .\clear.xml
+
+This will remove all AppLocker Policies on a machine and could be potentially scripted to use on multiple machines using remote execution tools with accounts with proper access.
diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md
index 9714c77347..fd9171827c 100644
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@@ -82,9 +82,15 @@
 
 ##	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
 ### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
-### [Windows Defender Antivirus on Windows Server](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
-### [Windows Defender Antivirus and Advanced Threat Protection: Better together](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+
+### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
+
+### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+
+
 ### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
+
+
 ### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
 #### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
 ##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
@@ -95,6 +101,8 @@
 ##### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
 ##### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
 ##### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+
+
 ### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
 #### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
 ##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
@@ -109,6 +117,8 @@
 ##### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md)
 ##### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md)
 ##### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md)
+
+
 ### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
 #### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
 ##### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
@@ -120,19 +130,26 @@
 #### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
 #### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
 #### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
+
+
 ### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
+
+
+
 ### [Reference topics for management and configuration tools](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
 #### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
 #### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
 #### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
 #### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
 #### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
+
 ## [Windows Defender SmartScreen](windows-defender-smartscreen\windows-defender-smartscreen-overview.md)
 ### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen\windows-defender-smartscreen-available-settings.md)
 ### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen\windows-defender-smartscreen-set-individual-device.md)
+
 ## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md)
 ### [Create a Windows Information Protection (WIP) policy](windows-information-protection\overview-create-wip-policy.md)
-#### [Create a Windows Information Protection (WIP) using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
+#### [Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
 ##### [Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune.md)
 ##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)
 #### [Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)
@@ -150,10 +167,17 @@
 #### [Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](windows-information-protection\app-behavior-with-wip.md)
 #### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](windows-information-protection\recommended-network-definitions-for-wip.md)
 #### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md)
+
 ## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
+
 ## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
+
 ## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
-## [Secure the windows 10 boot process](secure-the-windows-10-boot-process.md)
+
+## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)
+
 ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
+
 ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-## [Change history for Threat Protection](change-history-for-threat-protection.md)
\ No newline at end of file
+
+## [Change history for Threat Protection](change-history-for-threat-protection.md)
diff --git a/windows/threat-protection/change-history-for-threat-protection.md b/windows/threat-protection/change-history-for-threat-protection.md
index ee84b688ce..f89c5ecee5 100644
--- a/windows/threat-protection/change-history-for-threat-protection.md
+++ b/windows/threat-protection/change-history-for-threat-protection.md
@@ -14,18 +14,18 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
 ## June 2017
 |New or changed topic |Description |
 |---------------------|------------|
-| [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) | New | 
+|[How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) | New | 
 |[Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
-[Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
-[Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
+|[Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
+|[Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
 |[List of enlightened Microsoft apps for use with Windows Information Protection (WIP)](windows-information-protection\enlightened-microsoft-apps-and-wip.md)|Updated to include newly enlightened and supported apps.|
-[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Updated from existing applicable and relevant Windows 8.1 content |
+|[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Updated from existing applicable and relevant Windows 8.1 content |
 
 
 ## March 2017
 |New or changed topic |Description |
 |---------------------|------------|
-||[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New |
+|[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New |
 |[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. |
 |[Limitations while using Windows Information Protection (WIP)](windows-information-protection\limitations-with-wip.md) |Added additional limitations for Windows 10, version 1703.|
 |[Windows Defender SmartScreen overview](windows-defender-smartscreen\windows-defender-smartscreen-overview.md)|New |
diff --git a/windows/threat-protection/index.md b/windows/threat-protection/index.md
index 77a4201aad..885e4d9279 100644
--- a/windows/threat-protection/index.md
+++ b/windows/threat-protection/index.md
@@ -14,11 +14,14 @@ Learn more about how to help protect against threats in Windows 10 and Windows
 
 | Section | Description |
 |-|-|
-| [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) | Learn more about mitigating threats in Windows 10. |
-| [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies. |
-| [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)| Provides information about Windows Defender Advanced Threat Protection (Windows Defender ATP), an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
-| [Windows Defender Antivirus](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)| Provides information about Windows Defender, a built-in antimalware solution that helps provide security and antimalware management for desktops, portable computers, and servers. Includes a list of system requirements and new features.|
-|[Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Learn more about how to help protect against potential corporate data leakage. |
-| [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) | Learn more about Windows Defender SmartScreen. |
-| [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) | Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
-| [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) | To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the %windir%/Fonts directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process. |
+|[Windows Defender Security Center](windows-defender-security-center/windows-defender-security-center.md)|Learn about the easy-to-use app that brings together common Windows security features.|
+|[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)|Provides info about Windows Defender Advanced Threat Protection (Windows Defender ATP), an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
+|[Windows Defender Antivirus in Windows 10](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)|Provides info about Windows Defender, a built-in antimalware solution that helps provide security and antimalware management for desktops, portable computers, and servers. Includes a list of system requirements and new features.|
+|[Windows Defender Smart​Screen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) |Learn more about Windows Defender SmartScreen.|
+|[Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
+|[Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) |Learn more about mitigating threats in Windows 10.|
+|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies.|
+|[How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) |Learn about how hardware-based containers can isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.|
+|[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) |Learn about the Windows 10 security features that help to protect your PC from malware, including rootkits and other applications.|
+|[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) |Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
+|[Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) |Provides info about how to help protect your company from attacks which may originate from untrusted or attacker controlled font files. |
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
index db1498b7bd..eaaccf94c2 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
@@ -10,14 +10,17 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
-# Configure and validate file, folder, and process-opened file exclusions in Windows Defender AV scans
+# Configure and validate exclusions for Windows Defender AV scans (client)
 
 
 **Applies to:**
 
 - Windows 10
+- Windows Server 2016
 
 **Audience**
 
@@ -39,6 +42,8 @@ The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defen
 
 Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization.
 
+Windows Server 2016 also features automatic exclusions that are defined by the server roles you enable. See the [Windows Defender AV exclusions on Windows Server 2016](configure-server-exclusions-windows-defender-antivirus.md) topic for more information and a list of the automatic exclusions.
+
 >[!WARNING]
 >Defining exclusions lowers the protection offered by Windows Defender AV. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.
 
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
index 3d78deccde..193a5043bf 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
 # Configure and validate exclusions based on file extension and folder location
@@ -18,6 +20,7 @@ author: iaanw
 **Applies to:**
 
 - Windows 10
+- Windows Server 2016
 
 **Audience**
 
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
index 50dbbe12a6..7e45146ca4 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
 # Configure exclusions for files opened by processes
@@ -17,6 +19,7 @@ author: iaanw
 **Applies to:**
 
 - Windows 10
+- Windows Server 2016
 
 **Audience**
 
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
index c293dd3358..6302c7bd01 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
@@ -10,9 +10,11 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
-# Configure exclusions in Windows Defender AV on Windows Server 2016
+# Configure exclusions in Windows Defender AV on Windows Server
 
 
 **Applies to:**
@@ -30,14 +32,28 @@ author: iaanw
 - PowerShell
 - Windows Management Instrumentation (WMI)
 
-If you are using Windows Defender Antivirus to protect Windows Server 2016 machines, you are [automatically enrolled in certain exclusions](https://technet.microsoft.com/en-us/windows-server-docs/security/windows-defender/automatic-exclusions-for-windows-defender), as defined by your specified Windows Server Role.
+If you are using Windows Defender Antivirus to protect Windows Server 2016 machines, you are automatically enrolled in certain exclusions, as defined by your specified Windows Server Role. A list of these exclusions is provided at [the end of this topic](#list-of-automatic-exclusions).
 
 These exclusions will not appear in the standard exclusion lists shown in the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions).
 
-You can still add or remove custom exclusions (in addition to the Server Role-defined auto exclusions) as described in the other exclusion-related topics:
+You can still add or remove custom exclusions (in addition to the Server Role-defined automatic exclusions) as described in the other exclusion-related topics:
 - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
 
+Custom exclusions take precedence over the automatic exclusions.
+
+> [!TIP]
+> Custom and duplicate exclusions do not conflict with automatic exclusions.
+
+Windows Defender AV uses the Deployment Image Servicing and Management (DSIM) tools to determine which roles are installed on your computer.
+
+
+## Opt out of automatic exclusions
+
+In Windows Server 2016 the predefined exclusions delivered by definition updates only exclude the default paths for a role or feature. If you installed a role or feature in a custom path, or you want to manually control the set of exclusions, you need to opt-out of the automatic exclusions delivered in definition updates.
+
+> [!WARNING]
+> Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 roles.
 
 You can disable the auto-exclusions lists with Group Policy, PowerShell cmdlets, and WMI.
 
@@ -58,7 +74,7 @@ You can disable the auto-exclusions lists with Group Policy, PowerShell cmdlets,
 Use the following cmdlets:
 
 ```PowerShell
-Set-MpPreference -DisableAutoExclusions
+Set-MpPreference -DisableAutoExclusions $true
 ```
 
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
@@ -75,9 +91,312 @@ See the following for more information and allowed parameters:
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
 
 
+
+
+
+## List of automatic exclusions
+The following sections contain the exclusions that are delivered with automatic exclusions file paths and file types.
+
+### Default exclusions for all roles
+This section lists the default exclusions for all Windows Server 2016 roles.
+
+-   Windows "temp.edb" files:
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\tmp.edb
+
+    -   *%ProgramData%*\Microsoft\Search\Data\Applications\Windows\\*\\\*.log
+
+-   Windows Update files or Automatic Update files:
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\Datastore.edb
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\edb.chk
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\edb\*.log
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\Edb\*.jrs
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\Res\*.log
+
+-   Windows Security files:
+
+    -   *%windir%*\Security\database\\*.chk
+
+    -   *%windir%*\Security\database\\*.edb
+
+    -   *%windir%*\Security\database\\*.jrs
+
+    -   *%windir%*\Security\database\\*.log
+
+    -   *%windir%*\Security\database\\*.sdb
+
+-   Group Policy files:
+
+    -   *%allusersprofile%*\NTUser.pol
+
+    -   *%SystemRoot%*\System32\GroupPolicy\Machine\registry.pol
+
+    -   *%SystemRoot%*\System32\GroupPolicy\User\registry.pol
+
+-   WINS files:
+
+    -   *%systemroot%*\System32\Wins\\*\\\*.chk
+
+    -   *%systemroot%*\System32\Wins\\*\\\*.log
+
+    -   *%systemroot%*\System32\Wins\\*\\\*.mdb
+
+    -   *%systemroot%*\System32\LogFiles\
+
+    -   *%systemroot%*\SysWow64\LogFiles\
+
+-   File Replication Service (FRS) exclusions:
+
+    -   Files in the File Replication Service (FRS) working folder. The FRS working folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory`
+
+        -   *%windir%*\Ntfrs\jet\sys\\*\edb.chk
+
+        -   *%windir%*\Ntfrs\jet\\*\Ntfrs.jdb
+
+        -   *%windir%*\Ntfrs\jet\log\\*\\\*.log
+
+    -   FRS Database log files. The FRS Database log file folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory`
+
+        -   *%windir%*\Ntfrs\\*\Edb\*.log
+
+    -   The FRS staging folder. The staging folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage`
+
+        -   *%systemroot%*\Sysvol\\*\Nntfrs_cmp\*\
+
+    -   The FRS preinstall folder. This folder is specified by the folder `Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory`
+
+        -   *%systemroot%*\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\\*\Ntfrs\*\
+
+    -   The Distributed File System Replication (DFSR) database and working folders. These folders are specified by the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File`
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\$db_normal$
+
+        -   *%systemdrive%*\System Volume Information\DFSR\FileIDTable_*
+
+        -   *%systemdrive%*\System Volume Information\DFSR\SimilarityTable_*
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\*.XML
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\$db_dirty$
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\$db_clean$
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\$db_lostl$
+
+        -   *%systemdrive%*\System Volume Information\DFSR\Dfsr.db
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\*.frx
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\*.log
+
+        -   *%systemdrive%*\System Volume Information\DFSR\Fsr*.jrs
+
+        -   *%systemdrive%*\System Volume Information\DFSR\Tmp.edb
+
+-   Process exclusions
+
+    -   *%systemroot%*\System32\dfsr.exe
+
+    -   *%systemroot%*\System32\dfsrs.exe
+
+-   Hyper-V exclusions:
+
+    -   This section lists the file type exclusions, folder exclusions, and process exclusions that are delivered automatically when you install the Hyper-V role
+
+        -   File type exclusions:
+
+            -   *.vhd
+
+            -   *.vhdx
+
+            -   *.avhd
+
+            -   *.avhdx
+
+            -   *.vsv
+
+            -   *.iso
+
+            -   *.rct
+
+            -   *.vmcx
+
+            -   *.vmrs
+
+        -   Folder exclusions:
+
+            -   *%ProgramData%*\Microsoft\Windows\Hyper-V
+
+            -   *%ProgramFiles%*\Hyper-V
+
+            -   *%SystemDrive%*\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
+
+            -   *%Public%*\Documents\Hyper-V\Virtual Hard Disks
+
+        -   Process exclusions:
+
+            -   *%systemroot%*\System32\Vmms.exe
+
+            -   *%systemroot%*\System32\Vmwp.exe
+
+-   SYSVOL files:
+
+    -   *%systemroot%*\Sysvol\Domain\\*.adm
+
+    -   *%systemroot%*\Sysvol\Domain\\*.admx
+
+    -   *%systemroot%*\Sysvol\Domain\\*.adml
+
+    -   *%systemroot%*\Sysvol\Domain\Registry.pol
+
+    -   *%systemroot%*\Sysvol\Domain\\*.aas
+
+    -   *%systemroot%*\Sysvol\Domain\\*.inf
+
+    -   *%systemroot%*\Sysvol\Domain\\*.Scripts.ini
+
+    -   *%systemroot%*\Sysvol\Domain\\*.ins
+
+    -   *%systemroot%*\Sysvol\Domain\Oscfilter.ini
+
+### Active Directory exclusions
+This section lists the exclusions that are delivered automatically when you install Active Directory Domain Services.
+
+-   NTDS database files. The database files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File`
+
+    -   %windir%\Ntds\ntds.dit
+
+    -   %windir%\Ntds\ntds.pat
+
+-   The AD DS transaction log files. The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files`
+
+    -   %windir%\Ntds\EDB*.log
+
+    -   %windir%\Ntds\Res*.log
+
+    -   %windir%\Ntds\Edb*.jrs
+
+    -   %windir%\Ntds\Ntds*.pat
+
+    -   %windir%\Ntds\EDB*.log
+
+    -   %windir%\Ntds\TEMP.edb
+
+-   The NTDS working folder. This folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory`
+
+    -   %windir%\Ntds\Temp.edb
+
+    -   %windir%\Ntds\Edb.chk
+
+-   Process exclusions for AD DS and AD DS-related support files:
+
+    -   %systemroot%\System32\ntfrs.exe
+
+    -   %systemroot%\System32\lsass.exe
+
+### DHCP Server exclusions
+This section lists the exclusions that are delivered automatically when you install the DHCP Server role. The DHCP Server file locations are specified by the *DatabasePath*, *DhcpLogFilePath*, and *BackupDatabasePath* parameters in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters`
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.mdb
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.pat
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.log
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.chk
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.edb
+
+### DNS Server exclusions
+This section lists the file and folder exclusions and the process exclusions that are delivered automatically when you install the DNS Server role.
+
+-   File and folder exclusions for the DNS Server role:
+
+    -   *%systemroot%*\System32\Dns\\*\\\*.log
+
+    -   *%systemroot%*\System32\Dns\\*\\\*.dns
+
+    -   *%systemroot%*\System32\Dns\\*\\\*.scc
+
+    -   *%systemroot%*\System32\Dns\\*\BOOT
+
+-   Process exclusions for the DNS Server role:
+
+    -   *%systemroot%*\System32\dns.exe
+
+    
+
+### File and Storage Services exclusions
+This section lists the file and folder exclusions that are delivered automatically when you install the File and Storage Services role. The exclusions listed below do not include exclusions for the Clustering role.
+
+-   *%SystemDrive%*\ClusterStorage
+
+-   *%clusterserviceaccount%*\Local Settings\Temp
+
+-   *%SystemDrive%*\mscs
+
+### Print Server exclusions
+This section lists the file type exclusions, folder exclusions, and the process exclusions that are delivered automatically when you install the Print Server role.
+
+-   File type exclusions:
+
+    -   *.shd
+
+    -   *.spl
+
+-   Folder exclusions. This folder is specified in the registry key `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\DefaultSpoolDirectory`
+
+    -   *%system32%*\spool\printers\\*
+
+-   Process exclusions:
+
+    -   spoolsv.exe
+
+### Web Server exclusions
+This section lists the folder exclusions and the process exclusions that are delivered automatically when you install the Web Server role.
+
+-   Folder exclusions:
+
+    -   *%SystemRoot%*\IIS Temporary Compressed Files
+
+    -   *%SystemDrive%*\inetpub\temp\IIS Temporary Compressed Files
+
+    -   *%SystemDrive%*\inetpub\temp\ASP Compiled Templates
+
+    -   *%systemDrive%*\inetpub\logs
+
+    -   *%systemDrive%*\inetpub\wwwroot
+
+-   Process exclusions:
+
+    -   *%SystemRoot%*\system32\inetsrv\w3wp.exe
+
+    -   *%SystemRoot%*\SysWOW64\inetsrv\w3wp.exe
+
+    -   *%SystemDrive%*\PHP5433\php-cgi.exe
+
+### Windows Server Update Services exclusions
+This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key `HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup`
+
+-   *%systemroot%*\WSUS\WSUSContent
+
+-   *%systemroot%*\WSUS\UpdateServicesDBFiles
+
+-   *%systemroot%*\SoftwareDistribution\Datastore
+
+-   *%systemroot%*\SoftwareDistribution\Download
+
+
+
+
 ## Related topics
 
-- [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md)
+- [Configure and validate exclusions for Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
 - [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
index 4e7c275117..ed872bc01d 100644
--- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
 # Review event logs and error codes to troubleshoot issues with Windows Defender AV
@@ -17,6 +19,7 @@ author: iaanw
 
 **Applies to**
 -   Windows 10
+-   Windows Server 2016
 
 **Audience**
 
@@ -27,55 +30,58 @@ If you encounter a problem with Windows Defender Antivirus, you can search the t
 
 The tables list:
 
-- [Windows Defender AV client event IDs](#windows-defender-av-ids)
+- [Windows Defender AV event IDs](#windows-defender-av-ids) (these apply to both Windows 10 and Windows Server 2016)
 - [Windows Defender AV client error codes](#error-codes)
 - [Internal Windows Defender AV client error codes (used by Microsoft during development and testing)](#internal-error-codes)
 
 
 <a id="windows-defender-av-ids"></a>
-## Windows Defender AV client event IDs
+## Windows Defender AV event IDs
 
 Windows Defender AV records event IDs in the Windows event log.
 
 You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender client event IDs](troubleshoot-windows-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints.
 
-The table in this section lists the main Windows Defender Antivirus client event IDs and, where possible, provides suggested solutions to fix or resolve the error. 
+The table in this section lists the main Windows Defender AV event IDs and, where possible, provides suggested solutions to fix or resolve the error. 
 
-**To view a Windows Defender client event**
+**To view a Windows Defender AV event**
 
 1.  Open **Event Viewer**.
-2.  In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender**.
+2.  In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender Antivirus**.
 3.  Double-click on **Operational**.
 4.  In the details pane, view the list of individual events to find your event.
 5.  Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs.
 
 
 
-<table>
+
+<style type='text/css'> table.oridealign td,th { vertical-align: top; text-align: left; } </style>
+ <table class="oridealign"> 
+<tr>
+<th colspan="2" >Event ID: 1000</th>
+</tr>
 <tr>
-<th rowspan="3">Event ID: 1000</th>
 <td>
-<p>Symbolic name:</p>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_STARTED</b></p>
+<td>
+<b>MALWAREPROTECTION_SCAN_STARTED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan started.
-</b></p>
+<td >
+<b>An antimalware scan started.
+</b>
 </td>
 </tr>
 <tr>
-<td>
-<p>Description:</p>
+<td >
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -93,32 +99,31 @@ The table in this section lists the main Windows Defender Antivirus client event
 <dt>Scan Resources: &lt;Resources (such as files/directories/BHO) that were scanned.&gt;</dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1001</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1001</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_COMPLETED</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_COMPLETED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan finished.</b></p>
+<td >
+<b>An antimalware scan finished.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -136,34 +141,33 @@ The table in this section lists the main Windows Defender Antivirus client event
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 <dt>Scan Time: &lt;The duration of a scan.&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1002</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1002</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_CANCELLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_CANCELLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan was stopped before it finished.
-</b></p>
+<td >
+<b>An antimalware scan was stopped before it finished.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -181,34 +185,33 @@ The table in this section lists the main Windows Defender Antivirus client event
 <dt>User: &lt;Domain&gt;\&lt;User&gt;</dt>
 <dt>Scan Time: &lt;The duration of a scan.&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1003</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1003</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_PAUSED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_PAUSED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan was paused.
-</b></p>
+<td >
+<b>An antimalware scan was paused.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -225,34 +228,33 @@ The table in this section lists the main Windows Defender Antivirus client event
 </dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1004</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1004</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_RESUMED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_RESUMED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan was resumed.
-</b></p>
+<td >
+<b>An antimalware scan was resumed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -269,34 +271,33 @@ The table in this section lists the main Windows Defender Antivirus client event
 </dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1005</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1005</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan failed. 
-</b></p>
+<td >
+<b>An antimalware scan failed. 
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -317,52 +318,49 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error.
-</p>
-<p>To troubleshoot this event:
+<td >
+The Windows Defender client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error.
+To troubleshoot this event:
 <ol>
 <li>Run the scan again.</li>
 <li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1006</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1006</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_DETECTED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_DETECTED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine found malware or other potentially unwanted software.
-</b></p>
+<td >
+<b>The antimalware engine found malware or other potentially unwanted software.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>For more information please see the following:</p>
+<td >
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -408,35 +406,34 @@ UAC</dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1007</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1007</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_ACTION_TAKEN
-</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_ACTION_TAKEN
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
-</b></p>
+<td >
+<b>The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:</p>
+<td >
+Windows Defender has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:
 <dl>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 <dt>Name: &lt;Threat name&gt;</dt>
@@ -463,33 +460,32 @@ UAC</dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1008</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1008</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_ACTION_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_ACTION_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.</b></p>
+<td >
+<b>The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:</p>
+<td >
+Windows Defender has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:
 <dl>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 <dt>Name: &lt;Threat name&gt;</dt>
@@ -521,35 +517,34 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1009</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1009</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_QUARANTINE_RESTORE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_QUARANTINE_RESTORE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform restored an item from quarantine.
-</b></p>
+<td >
+<b>The antimalware platform restored an item from quarantine.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has restored an item from quarantine. For more information please see the following:</p>
+<td >
+Windows Defender has restored an item from quarantine. For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -566,35 +561,34 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1010</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1010</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_QUARANTINE_RESTORE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_QUARANTINE_RESTORE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform could not restore an item from quarantine.
-</b></p>
+<td >
+<b>The antimalware platform could not restore an item from quarantine.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to restore an item from quarantine. For more information please see the following:</p>
+<td >
+Windows Defender has encountered an error trying to restore an item from quarantine. For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -615,35 +609,34 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1011</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1011</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_QUARANTINE_DELETE</b></p>
+<td >
+<b>MALWAREPROTECTION_QUARANTINE_DELETE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform deleted an item from quarantine.
-</b></p>
+<td >
+<b>The antimalware platform deleted an item from quarantine.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has deleted an item from quarantine.  
-For more information please see the following:</p>
+<td >
+Windows Defender has deleted an item from quarantine.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -660,35 +653,34 @@ For more information please see the following:</p>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1012</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1012</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_QUARANTINE_DELETE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_QUARANTINE_DELETE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform could not delete an item from quarantine.</b></p>
+<td >
+<b>The antimalware platform could not delete an item from quarantine.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to delete an item from quarantine.  
-For more information please see the following:</p>
+<td >
+Windows Defender has encountered an error trying to delete an item from quarantine.
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -709,66 +701,64 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1013</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1013</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_HISTORY_DELETE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_HISTORY_DELETE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform deleted history of malware and other potentially unwanted software.</b></p>
+<td >
+<b>The antimalware platform deleted history of malware and other potentially unwanted software.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has removed history of malware and other potentially unwanted software.</p>
+<td >
+Windows Defender has removed history of malware and other potentially unwanted software.
 <dl>
 <dt>Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.</dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1014</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1014</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_HISTORY_DELETE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_HISTORY_DELETE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p>The antimalware platform could not delete history of malware and other potentially unwanted software.</p>
+<td >
+The antimalware platform could not delete history of malware and other potentially unwanted software.
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to remove history of malware and other potentially unwanted software.</p>
+<td >
+Windows Defender has encountered an error trying to remove history of malware and other potentially unwanted software.
 <dl>
 <dt>Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.</dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
@@ -777,35 +767,34 @@ Result code associated with threat status. Standard HRESULT values. </dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1015</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1015</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_BEHAVIOR_DETECTED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_BEHAVIOR_DETECTED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform detected suspicious behavior.</b></p>
+<td >
+<b>The antimalware platform detected suspicious behavior.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has detected a suspicious behavior.  
-For more information please see the following:</p>
+<td >
+Windows Defender has detected a suspicious behavior.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -856,35 +845,34 @@ UAC</dt>
 <dt>Target File Name: &lt;File name&gt;
 Name of the file.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1116</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1116</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_STATE_MALWARE_DETECTED</b></p>
+<td >
+<b>MALWAREPROTECTION_STATE_MALWARE_DETECTED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform detected malware or other potentially unwanted software.
-</b></p>
+<td >
+<b>The antimalware platform detected malware or other potentially unwanted software.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has detected malware or other potentially unwanted software.  
-For more information please see the following:</p>
+<td >
+Windows Defender has detected malware or other potentially unwanted software.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -930,44 +918,43 @@ UAC</dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is required. Windows Defender can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender interface, click <b>Clean Computer</b>.</p>
+<td >
+No action is required. Windows Defender can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender interface, click <b>Clean Computer</b>.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1117</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1117</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN
-</b></p>
+<td >
+<b>MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
-</b></p>
+<td >
+<b>The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has taken action to protect this machine from malware or other potentially unwanted software.  
-For more information please see the following:</p>
+<td >
+Windows Defender has taken action to protect this machine from malware or other potentially unwanted software.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -1027,8 +1014,8 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
-<p>NOTE:
-<p>Whenever Windows Defender, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:<ul>
+NOTE:
+Whenever Windows Defender, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:<ul>
 <li>Default Internet Explorer or Microsoft Edge setting</li>
 <li>User Access Control settings</li>
 <li>Chrome settings</li>
@@ -1044,59 +1031,58 @@ The above context applies to the following client and server versions:
 </tr>
 <tr>
 <td>
-<p>Client Operating System </p>
+Client Operating System 
 </td>
 <td>
-<p>Windows Vista (Service Pack 1, or Service Pack 2), Windows 7 and later</p>
+Windows Vista (Service Pack 1, or Service Pack 2), Windows 7 and later
 </td>
 </tr>
 <tr>
 <td>
-<p>Server Operating System</p>
+Server Operating System
 </td>
 <td>
-<p>Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016</p>
+Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016
 </td>
 </tr>
 </table>
-</p>
 </dl>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. Windows Defender removed or quarantined a threat. </p>
+<td >
+No action is necessary. Windows Defender removed or quarantined a threat. 
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1118</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1118</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_STATE_MALWARE_ACTION_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_STATE_MALWARE_ACTION_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.
-</b></p>
+<td >
+<b>The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered a non-critical error when taking action on malware or other potentially unwanted software.  
-For more information please see the following:</p>
+<td >
+Windows Defender has encountered a non-critical error when taking action on malware or other potentially unwanted software.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -1157,43 +1143,42 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. Windows Defender failed to complete a task related to the malware remediation. This is not a critical failure.</p>
+<td >
+No action is necessary. Windows Defender failed to complete a task related to the malware remediation. This is not a critical failure.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1119</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1119</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_STATE_MALWARE_ACTION_CRITICALLY_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_STATE_MALWARE_ACTION_CRITICALLY_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform encountered a critical error when trying to take action on malware or other potentially unwanted software. There are more details in the event message.</b></p>
+<td >
+<b>The antimalware platform encountered a critical error when trying to take action on malware or other potentially unwanted software. There are more details in the event message.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.  
-For more information please see the following:</p>
+<td >
+Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -1254,15 +1239,14 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant <b>User action</b> steps below.</p>
+<td >
+The Windows Defender client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant <b>User action</b> steps below.
 <table>
 <tr>
 <th>Action</th>
@@ -1270,153 +1254,150 @@ Description of the error. </dt>
 </tr>
 <tr>
 <td>
-<p><b>Remove</b></p>
+<b>Remove</b>
 </td>
 <td>
-<p>Update the definitions then verify that the removal was successful.</p>
+Update the definitions then verify that the removal was successful.
 </td>
 </tr>
 <tr>
 <td>
-<p><b>Clean</b></p>
+<b>Clean</b>
 </td>
 <td>
-<p>Update the definitions then verify that the remediation was successful.</p>
+Update the definitions then verify that the remediation was successful.
 </td>
 </tr>
 <tr>
 <td>
-<p><b>Quarantine</b></p>
+<b>Quarantine</b>
 </td>
 <td>
-<p>Update the definitions and verify that the user has permission to access the necessary resources.</p>
+Update the definitions and verify that the user has permission to access the necessary resources.
 </td>
 </tr>
 <tr>
 <td>
-<p><b>Allow</b></p>
+<b>Allow</b>
 </td>
 <td>
-<p>Verify that the user has permission to access the necessary resources.</p>
+Verify that the user has permission to access the necessary resources.
 </td>
 </tr>
 </table>
-<p> </p>
-<p>If this event persists:<ol>
+ 
+If this event persists:<ol>
 <li>Run the scan again.</li>
 <li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1120</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1120</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_THREAT_HASH</b></p>
+<td >
+<b>MALWAREPROTECTION_THREAT_HASH</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Windows Defender has deduced the hashes for a threat resource.</b></p>
+<td >
+<b>Windows Defender has deduced the hashes for a threat resource.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender client is up and running in a healthy state.</p>
+<td >
+Windows Defender client is up and running in a healthy state.
 <dl>
 <dt>Current Platform Version: &lt;Current platform version&gt;</dt>
 <dt>Threat Resource Path: &lt;Path&gt;</dt>
 <dt>Hashes: &lt;Hashes&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td></td>
-<td colspan="2">
+<td >
 <div class="alert"><b>Note</b>  This event will only be logged if the following policy is set: <b>ThreatFileHashLogging 	unsigned</b>.</div>
 <div> </div>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1150</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1150</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SERVICE_HEALTHY</b></p>
+<td >
+<b>MALWAREPROTECTION_SERVICE_HEALTHY</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>If your antimalware platform reports status to a monitoring platform, this event indicates that the antimalware platform is running and in a healthy state.
-</b></p>
+<td >
+<b>If your antimalware platform reports status to a monitoring platform, this event indicates that the antimalware platform is running and in a healthy state.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender client is up and running in a healthy state.</p>
+<td >
+Windows Defender client is up and running in a healthy state.
 <dl>
 <dt>Platform Version: &lt;Current platform version&gt;</dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.</p>
+<td >
+No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2000</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2000</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_UPDATED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_UPDATED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware definitions updated successfully.
-</b></p>
+<td >
+<b>The antimalware definitions updated successfully.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender signature version has been updated.</p>
+<td >
+Windows Defender signature version has been updated.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Previous Signature Version: &lt;Previous signature version&gt;</dt>
@@ -1432,42 +1413,41 @@ Description of the error. </dt>
 <dt>Current Engine Version: &lt;Current engine version&gt;</dt>
 <dt>Previous Engine Version: &lt;Previous engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. The Windows Defender client is in a healthy state. This event is reported when signatures are successfully updated.</p>
+<td >
+No action is necessary. The Windows Defender client is in a healthy state. This event is reported when signatures are successfully updated.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2001</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2001</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_UPDATE_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_UPDATE_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware definition update failed. 
-</b></p>
+<td >
+<b>The antimalware definition update failed. 
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to update signatures.</p>
+<td >
+Windows Defender has encountered an error trying to update signatures.
 <dl>
 <dt>New Signature Version: &lt;New version number&gt;</dt>
 <dt>Previous Signature Version: &lt;Previous signature version&gt;</dt>
@@ -1504,99 +1484,89 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>This error occurs when there is a problem updating definitions.</p>
-<p>To troubleshoot this event:
+<td >
+This error occurs when there is a problem updating definitions.
+To troubleshoot this event:
 <ol>
-<li>Update the definitions. Either:<ol>
-<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
-</li>
-<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
-</li>
-</ol>
-</li>
+<li>[Update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint.</li>
 <li>Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2002</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2002</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ENGINE_UPDATED</b></p>
+<td >
+<b>MALWAREPROTECTION_ENGINE_UPDATED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine updated successfully.
-</b></p>
+<td >
+<b>The antimalware engine updated successfully.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender engine version has been updated.</p>
+<td >
+Windows Defender engine version has been updated.
 <dl>
 <dt>Current Engine Version: &lt;Current engine version&gt;</dt>
 <dt>Previous Engine Version: &lt;Previous engine version&gt;</dt>
 <dt>Engine Type: &lt;Engine type&gt;, either antimalware engine or Network Inspection System engine.</dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the antimalware engine is successfully updated.</p>
+<td >
+No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the antimalware engine is successfully updated.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2003</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2003</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ENGINE_UPDATE_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_ENGINE_UPDATE_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine update failed.
-</b></p>
+<td >
+<b>The antimalware engine update failed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to update the engine.</p>
+<td >
+Windows Defender has encountered an error trying to update the engine.
 <dl>
 <dt>New Engine Version:</dt>
 <dt>Previous Engine Version: &lt;Previous engine version&gt;</dt>
@@ -1607,55 +1577,46 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update.</p>
-<p>To troubleshoot this event:
+<td >
+The Windows Defender client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update.
+To troubleshoot this event:
 <ol>
-<li>Update the definitions. Either:<ol>
-<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
-</li>
-<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
-</li>
-</ol>
-</li>
+<li>[Update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2004</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2004</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_REVERSION</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_REVERSION</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>There was a problem loading antimalware definitions. The antimalware engine will attempt to load the last-known good set of definitions.</b></p>
+<td >
+<b>There was a problem loading antimalware definitions. The antimalware engine will attempt to load the last-known good set of definitions.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.</p>
+<td >
+Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
 <dl>
 <dt>Signatures Attempted:</dt>
 <dt>Error Code: &lt;Error code&gt;
@@ -1665,83 +1626,80 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender will attempt to revert back to a known-good set of definitions.</p>
-<p>To troubleshoot this event:
+<td >
+The Windows Defender client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender will attempt to revert back to a known-good set of definitions.
+To troubleshoot this event:
 <ol>
 <li>Restart the computer and try again.</li>
 <li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.
 </li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2005</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2005</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ENGINE_UPDATE_PLATFORMOUTOFDATE</b></p>
+<td >
+<b>MALWAREPROTECTION_ENGINE_UPDATE_PLATFORMOUTOFDATE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine failed to load because the antimalware platform is out of date. The antimalware platform will load the last-known good antimalware engine and attempt to update.</b></p>
+<td >
+<b>The antimalware engine failed to load because the antimalware platform is out of date. The antimalware platform will load the last-known good antimalware engine and attempt to update.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender could not load antimalware engine because current platform version is not supported. Windows Defender will revert back to the last known-good engine and a platform update will be attempted.</p>
+<td >
+Windows Defender could not load antimalware engine because current platform version is not supported. Windows Defender will revert back to the last known-good engine and a platform update will be attempted.
 <dl>
 <dt>Current Platform Version: &lt;Current platform version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2006</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2006</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_PLATFORM_UPDATE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_PLATFORM_UPDATE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The platform update failed.
-</b></p>
+<td >
+<b>The platform update failed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to update the platform.</p>
+<td >
+Windows Defender has encountered an error trying to update the platform.
 <dl>
 <dt>Current Platform Version: &lt;Current platform version&gt;</dt>
 <dt>Error Code: &lt;Error code&gt;
@@ -1749,65 +1707,63 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2007</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2007</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_PLATFORM_ALMOSTOUTOFDATE</b></p>
+<td >
+<b>MALWAREPROTECTION_PLATFORM_ALMOSTOUTOFDATE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The platform will soon be out of date. Download the latest platform to maintain up-to-date protection.</b></p>
+<td >
+<b>The platform will soon be out of date. Download the latest platform to maintain up-to-date protection.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender platform to maintain the best level of protection available.</p>
+<td >
+Windows Defender will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender platform to maintain the best level of protection available.
 <dl>
 <dt>Current Platform Version: &lt;Current platform version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2010</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2010</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine used the Dynamic Signature Service to get additional definitions.
-</b></p>
+<td >
+<b>The antimalware engine used the Dynamic Signature Service to get additional definitions.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender used <i>Dynamic Signature Service</i> to retrieve additional signatures to help protect your machine.</p>
+<td >
+Windows Defender used <i>Dynamic Signature Service</i> to retrieve additional signatures to help protect your machine.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Signature Type: &lt;Signature type&gt;, for example: <ul>
@@ -1838,35 +1794,34 @@ Description of the error. </dt>
 </dt>
 <dt>Persistence Limit: Persistence limit of the fastpath signature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2011</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2011</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The Dynamic Signature Service deleted the out-of-date dynamic definitions.
-</b></p>
+<td >
+<b>The Dynamic Signature Service deleted the out-of-date dynamic definitions.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender used <i>Dynamic Signature Service</i> to discard obsolete signatures.</p>
+<td >
+Windows Defender used <i>Dynamic Signature Service</i> to discard obsolete signatures.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Signature Type: &lt;Signature type&gt;, for example: <ul>
@@ -1898,43 +1853,42 @@ Description of the error. </dt>
 </dt>
 <dt>Persistence Limit: Persistence limit of the fastpath signature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.</p>
+<td >
+No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2012</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2012</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine encountered an error when trying to use the Dynamic Signature Service.
-</b></p>
+<td >
+<b>The antimalware engine encountered an error when trying to use the Dynamic Signature Service.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to use <i>Dynamic Signature Service</i>.</p>
+<td >
+Windows Defender has encountered an error trying to use <i>Dynamic Signature Service</i>.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Signature Type: &lt;Signature type&gt;, for example: <ul>
@@ -1969,109 +1923,106 @@ Description of the error. </dt>
 </dt>
 <dt>Persistence Limit: Persistence limit of the fastpath signature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>Check your Internet connectivity settings.</p>
+<td >
+Check your Internet connectivity settings.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2013</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2013</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED_ALL
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED_ALL
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The Dynamic Signature Service deleted all dynamic definitions.
-</b></p>
+<td >
+<b>The Dynamic Signature Service deleted all dynamic definitions.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender discarded all <i>Dynamic Signature Service</i> signatures.</p>
+<td >
+Windows Defender discarded all <i>Dynamic Signature Service</i> signatures.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2020</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2020</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOADED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOADED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine downloaded a clean file.
-</b></p>
+<td >
+<b>The antimalware engine downloaded a clean file.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender downloaded a clean file.</p>
+<td >
+Windows Defender downloaded a clean file.
 <dl>
 <dt>Filename: &lt;File name&gt;
 Name of the file.</dt>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Current Engine Version: &lt;Current engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2021</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2021</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOAD_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOAD_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine failed to download a clean file.
-</b></p>
+<td >
+<b>The antimalware engine failed to download a clean file.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to download a clean file.</p>
+<td >
+Windows Defender has encountered an error trying to download a clean file.
 <dl>
 <dt>Filename: &lt;File name&gt;
 Name of the file.</dt>
@@ -2082,185 +2033,185 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>Check your Internet connectivity settings.
-</p>
-<p>The Windows Defender client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue. 
-</p>
+<td >
+Check your Internet connectivity settings.
+The Windows Defender client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2030</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2030</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_OFFLINE_SCAN_INSTALLED</b></p>
+<td >
+<b>MALWAREPROTECTION_OFFLINE_SCAN_INSTALLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine was downloaded and is configured to run offline on the next system restart.</b></p>
+<td >
+<b>The antimalware engine was downloaded and is configured to run offline on the next system restart.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender downloaded and configured Windows Defender Offline to run on the next reboot.</p>
+<td >
+Windows Defender downloaded and configured Windows Defender Offline to run on the next reboot.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2031</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2031</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_OFFLINE_SCAN_INSTALL_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_OFFLINE_SCAN_INSTALL_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine was unable to download and configure an offline scan.</b></p>
+<td >
+<b>The antimalware engine was unable to download and configure an offline scan.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to download and configure Windows Defender Offline.</p>
+<td >
+Windows Defender has encountered an error trying to download and configure Windows Defender Offline.
 <dl>
 <dt>Error Code: &lt;Error code&gt;
 Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2040</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2040</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_OS_EXPIRING
-</b></p>
+<td >
+<b>MALWAREPROTECTION_OS_EXPIRING
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Antimalware support for this operating system version will soon end.
-</b></p>
+<td >
+<b>Antimalware support for this operating system version will soon end.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>The support for your operating system will expire shortly. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.</p>
+<td >
+The support for your operating system will expire shortly. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2041</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2041</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_OS_EOL
-</b></p>
+<td >
+<b>MALWAREPROTECTION_OS_EOL
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Antimalware support for this operating system has ended. You must upgrade the operating system for continued support.
-</b></p>
+<td >
+<b>Antimalware support for this operating system has ended. You must upgrade the operating system for continued support.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>The support for your operating system has expired. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.</p>
+<td >
+The support for your operating system has expired. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2042</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2042</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_PROTECTION_EOL
-</b></p>
+<td >
+<b>MALWAREPROTECTION_PROTECTION_EOL
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine no longer supports this operating system, and is no longer protecting your system from malware.
-</b></p>
+<td >
+<b>The antimalware engine no longer supports this operating system, and is no longer protecting your system from malware.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>The support for your operating system has expired. Windows Defender is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.</p>
+<td >
+The support for your operating system has expired. Windows Defender is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 3002</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 3002</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_FEATURE_FAILURE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_FEATURE_FAILURE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Real-time protection encountered an error and failed.</b></p>
+<td >
+<b>Real-time protection encountered an error and failed.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender Real-Time Protection feature has encountered an error and failed.</p>
+<td >
+Windows Defender Real-Time Protection feature has encountered an error and failed.
 <dl>
 <dt>Feature: &lt;Feature&gt;, for example:
 <ul>
@@ -2276,47 +2227,43 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 Description of the error. </dt>
 <dt>Reason: The reason Windows Defender real-time protection has restarted a feature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>You should restart the system then run a full scan because it's possible the system was not protected for some time.
-</p>
-<p>The Windows Defender client's real-time protection feature encountered an error because one of the services failed to start. 
-</p>
-<p>If it is followed by a 3007 event ID, the failure was temporary and the antimalware client recovered from the failure. 
-</p>
+<td >
+You should restart the system then run a full scan because it's possible the system was not protected for some time.
+The Windows Defender client's real-time protection feature encountered an error because one of the services failed to start. 
+If it is followed by a 3007 event ID, the failure was temporary and the antimalware client recovered from the failure. 
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 3007</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 3007</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_FEATURE_RECOVERED</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_FEATURE_RECOVERED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Real-time protection recovered from a failure. We recommend running a full system scan when you see this error.
-</b></p>
+<td >
+<b>Real-time protection recovered from a failure. We recommend running a full system scan when you see this error.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.</p>
+<td >
+Windows Defender Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.
 <dl>
 <dt>Feature: &lt;Feature&gt;, for example:
 <ul>
@@ -2328,96 +2275,97 @@ Description of the error. </dt>
 </dt>
 <dt>Reason: The reason Windows Defender real-time protection has restarted a feature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The real-time protection feature has restarted. If this event happens again, contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>. </p>
+<td >
+The real-time protection feature has restarted. If this event happens again, contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5000</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5000</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_ENABLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_ENABLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Real-time protection is enabled.
-</b></p>
+<td >
+<b>Real-time protection is enabled.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was enabled.</p>
+<td >
+Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was enabled.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5001</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5001</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_DISABLED</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_DISABLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Real-time protection is disabled.
-</b></p>
+<td >
+<b>Real-time protection is disabled.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was disabled. </p>
+<td >
+Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was disabled. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5004</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5004</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_FEATURE_CONFIGURED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_FEATURE_CONFIGURED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The real-time protection configuration changed.
-</b></p>
+<td >
+<b>The real-time protection configuration changed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender Real-time Protection feature configuration has changed.</p>
+<td >
+Windows Defender Real-time Protection feature configuration has changed.
 <dl>
 <dt>Feature: &lt;Feature&gt;, for example:
 <ul>
@@ -2429,67 +2377,65 @@ Description of the error. </dt>
 </dt>
 <dt>Configuration: </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5007</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5007</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_CONFIG_CHANGED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_CONFIG_CHANGED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform configuration changed.</b></p>
+<td >
+<b>The antimalware platform configuration changed.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.</p>
+<td >
+Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
 <dl>
 <dt>Old value: &lt;Old value number&gt;
 Old Windows Defender configuration value.</dt>
 <dt>New value: &lt;New value number&gt;
 New Windows Defender configuration value.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="5">Event ID: 5008</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5008</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ENGINE_FAILURE</b></p>
+<td >
+<b>MALWAREPROTECTION_ENGINE_FAILURE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine encountered an error and failed.</b></p>
+<td >
+<b>The antimalware engine encountered an error and failed.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender  engine has been terminated due to an unexpected error.</p>
+<td >
+Windows Defender  engine has been terminated due to an unexpected error.
 <dl>
 <dt>Failure Type: &lt;Failure type&gt;, for example:
 Crash
@@ -2497,15 +2443,14 @@ or Hang</dt>
 <dt>Exception Code: &lt;Error code&gt;</dt>
 <dt>Resource: &lt;Resource&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>To troubleshoot this event:<ol>
+<td >
+To troubleshoot this event:<ol>
 <li>Try to restart the service.<ul>
 <li>For antimalware, antivirus and spyware, at an elevated command prompt, type <b>net stop msmpsvc</b>, and then type <b>net start msmpsvc</b> to restart the antimalware engine.</li>
 <li>For the <i>Network Inspection System</i>, at an elevated command prompt, type <b>net start nissrv</b>, and then type <b>net start nissrv</b> to restart the <i>Network Inspection System</i> engine by using the NiSSRV.exe file.
@@ -2514,189 +2459,190 @@ or Hang</dt>
 </li>
 <li>If it fails in the same way, look up the error code by accessing the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support Site</a>  and entering the error number in the <b>Search</b> box, and contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.</li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client engine stopped due to an unexpected error.</p>
-<p>To troubleshoot this event:
+<td >
+The Windows Defender client engine stopped due to an unexpected error.
+To troubleshoot this event:
 <ol>
 <li>Run the scan again.</li>
 <li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5009</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5009</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ANTISPYWARE_ENABLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_ANTISPYWARE_ENABLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Scanning for malware and other potentially unwanted software is enabled.
-</b></p>
+<td >
+<b>Scanning for malware and other potentially unwanted software is enabled.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender scanning for malware and other potentially unwanted software has been enabled.</p>
+<td >
+Windows Defender scanning for malware and other potentially unwanted software has been enabled.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5010</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5010</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ANTISPYWARE_DISABLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_ANTISPYWARE_DISABLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Scanning for malware and other potentially unwanted software is disabled.</b></p>
+<td >
+<b>Scanning for malware and other potentially unwanted software is disabled.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender scanning for malware and other potentially unwanted software is disabled.</p>
+<td >
+Windows Defender scanning for malware and other potentially unwanted software is disabled.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5011</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5011</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ANTIVIRUS_ENABLED</b></p>
+<td >
+<b>MALWAREPROTECTION_ANTIVIRUS_ENABLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Scanning for viruses is enabled.</b></p>
+<td >
+<b>Scanning for viruses is enabled.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender scanning for viruses has been enabled. </p>
+<td >
+Windows Defender scanning for viruses has been enabled. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5012</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5012</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ANTIVIRUS_DISABLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_ANTIVIRUS_DISABLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Scanning for viruses is disabled.
-</b></p>
+<td >
+<b>Scanning for viruses is disabled.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender scanning for viruses is disabled. </p>
+<td >
+Windows Defender scanning for viruses is disabled. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5100</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5100</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_EXPIRATION_WARNING_STATE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_EXPIRATION_WARNING_STATE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform will expire soon.
-</b></p>
+<td >
+<b>The antimalware platform will expire soon.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender  has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.</p>
+<td >
+Windows Defender  has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.
 <dl>
 <dt>Expiration Reason: The reason Windows Defender will expire.</dt>
 <dt>Expiration Date: The date Windows Defender will expire.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5101</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5101</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_DISABLED_EXPIRED_STATE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_DISABLED_EXPIRED_STATE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform is expired.
-</b></p>
+<td >
+<b>The antimalware platform is expired.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description::</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender  grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.</p>
+<td >
+Windows Defender  grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 <dl>
 <dt>Expiration Reason:</dt>
 <dt>Expiration Date: </dt>
@@ -2705,7 +2651,6 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 </table>
@@ -2719,58 +2664,52 @@ This section provides the following information about Windows Defender Antivirus
 -   Advice on what to do now
 
 Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes.
-<table>
+
+
+ <table class="oridealign"> 
 <tr>
-<th colspan="4">External error codes</th>
+<th colspan="2">Error code: 0x80508007</th>
 </tr>
 <tr>
-<th>Error code</th>
-<th>Message displayed</th>
-<th>Possible reason for error</th>
-<th>What to do now</th>
+<td>Message</td>
+<td>
+<b>ERR_MP_NO_MEMORY </b>
+</td>
 </tr>
 <tr>
 <td>
-<p>0x80508007 
-</p>
+Possible reason
 </td>
 <td>
-<p><b>ERR_MP_NO_MEMORY 
-</b></p>
+This error indicates that you might have run out of memory. 
 </td>
+</tr>
+<tr>
+<td>Resolution</td>
 <td>
-<p>This error indicates that you might have run out of memory. 
-</p>
-</td>
-<td>
-<p>
 <ol>
 <li>Check the available memory on your device.</li>
 <li>Close any unused applications that are running to free up memory on your device.</li>
 <li>Restart the device and run the scan again. 
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x8050800C</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_BAD_INPUT_DATA</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x8050800C</p>
+This error indicates that there might be a problem with your security product.
 </td>
-<td>
-<p><b>ERR_MP_BAD_INPUT_DATA</b></p>
-</td>
-<td>
-<p>This error indicates that there might be a problem with your security product.</p>
-</td>
-<td rowspan="4">
-<p>
+</tr><tr><td>Resolution</td><td>
 <ol>
 <li>Update the definitions. Either:<ol>
-<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
+<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/>Or,
 </li>
 <li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.
 </li>
 </ol>
 </li>
@@ -2778,195 +2717,149 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi
 </li>
 <li>Restart the device and try again.</li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508020</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_BAD_CONFIGURATION 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508020</p>
-</td>
-<td>
-<p><b>ERR_MP_BAD_CONFIGURATION 
-</b></p>
-</td>
-<td>
-<p>This error indicates that there might be an engine configuration error; commonly, this is related to input 
+This error indicates that there might be an engine configuration error; commonly, this is related to input 
 data that does not allow the engine to function properly. 
-</p>
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x805080211 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_QUARANTINE_FAILED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x805080211 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_QUARANTINE_FAILED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that Windows Defender failed to quarantine a threat. 
-</p>
+This error indicates that Windows Defender failed to quarantine a threat. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508022 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_REBOOT_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508022 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_REBOOT_REQUIRED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that a reboot is required to complete threat removal. 
-</p>
+This error indicates that a reboot is required to complete threat removal. 
 </td>
 </tr>
 <tr>
-<td rowspan="2">
-<p>0x80508023 
-</p>
+<th colspan="2">
+0x80508023 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_THREAT_NOT_FOUND 
+</b>
+</td></tr><tr><td>Possible reason</td>
+<td>
+This error indicates that the threat might no longer be present on the media, or malware might be stopping you from scanning your device. 
+</tr><tr><td>Resolution
 </td>
 <td>
-<p><b>ERR_MP_THREAT_NOT_FOUND 
-</b></p>
-</td>
-<td>
-<p>This error indicates that the threat might no longer be present on the media, or malware might be stopping you from scanning your device. 
-</p>
-</td>
-<td>
-<p>Run the <a href="https://www.microsoft.com/security/scanner/default.aspx">Microsoft Safety Scanner</a> then update your security software and try again. 
-</p>
+Run the <a href="https://www.microsoft.com/security/scanner/default.aspx">Microsoft Safety Scanner</a> then update your security software and try again. 
 </td>
 </tr>
 <tr>
-<td rowspan="2">
-<p><b>ERR_MP_FULL_SCAN_REQUIRED 
-</b></p>
-</td>
-<td rowspan="2">
-<p>This error indicates that a full system scan might be required. 
-</p>
-</td>
-<td rowspan="2">
-<p>Run a full system scan. 
-</p>
+<th colspan="2">Error code: 0x80508024 </th></tr>
+<tr>
+<td>Message</td>
+<td><b>ERR_MP_FULL_SCAN_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
+<td>
+This error indicates that a full system scan might be required. 
+</td></tr>
+<tr>
+<td>Resolution</td><td>
+Run a full system scan. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508025 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_MANUAL_STEPS_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508024 
-</p>
+This error indicates that manual steps are required to complete threat removal. 
+</td></tr><tr><td>Resolution</td><td>
+Follow the manual remediation steps outlined in the <a href="https://www.microsoft.com/security/portal/threat/Threats.aspx">Microsoft Malware Protection Encyclopedia</a>. You can find a threat-specific link in the event history.  
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508026 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_REMOVE_NOT_SUPPORTED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508025 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_MANUAL_STEPS_REQUIRED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that manual steps are required to complete threat removal. 
-</p>
-</td>
-<td>
-<p>Follow the manual remediation steps outlined in the <a href="https://www.microsoft.com/security/portal/threat/Threats.aspx">Microsoft Malware Protection Encyclopedia</a>. You can find a threat-specific link in the event history.  
-</p>
+This error indicates that removal inside the container type might not be not supported. 
+</td></tr><tr><td>Resolution</td><td>
+Windows Defender is not able to remediate threats detected inside the archive. Consider manually removing the detected resources. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508027 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_REMOVE_LOW_MEDIUM_DISABLED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508026 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_REMOVE_NOT_SUPPORTED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that removal inside the container type might not be not supported. 
-</p>
-</td>
-<td>
-<p>Windows Defender is not able to remediate threats detected inside the archive. Consider manually removing the detected resources. 
-</p>
+This error indicates that removal of low and medium threats might be disabled. 
+</td></tr><tr><td>Resolution</td><td>
+Check the detected threats and resolve them as required. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508029 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERROR_MP_RESCAN_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508027 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_REMOVE_LOW_MEDIUM_DISABLED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that removal of low and medium threats might be disabled. 
-</p>
-</td>
-<td>
-<p>Check the detected threats and resolve them as required. 
-</p>
+This error indicates a rescan of the threat is required. 
+</td></tr><tr><td>Resolution</td><td>
+Run a full system scan. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508030 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERROR_MP_CALLISTO_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508029 
-</p>
-</td>
-<td>
-<p><b>ERROR_MP_RESCAN_REQUIRED 
-</b></p>
-</td>
-<td>
-<p>This error indicates a rescan of the threat is required. 
-</p>
-</td>
-<td>
-<p>Run a full system scan. 
-</p>
+This error indicates that an offline scan is required. 
+</td></tr><tr><td>Resolution</td><td>
+Run Windows Defender Offline. You can read about how to do this in the <a href="http://windows.microsoft.com/windows/what-is-windows-defender-offline">Windows Defender Offline 
+article</a>.
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508031 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERROR_MP_PLATFORM_OUTDATED  
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508030 
-</p>
-</td>
-<td>
-<p><b>ERROR_MP_CALLISTO_REQUIRED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that an offline scan is required. 
-</p>
-</td>
-<td>
-<p>Run Windows Defender Offline. You can read about how to do this in the <a href="http://windows.microsoft.com/windows/what-is-windows-defender-offline">Windows Defender Offline 
-article</a>.</p>
-</td>
-</tr>
-<tr>
-<td>
-<p>0x80508031 
-</p>
-</td>
-<td>
-<p><b>ERROR_MP_PLATFORM_OUTDATED  
-</b></p>
-</td>
-<td>
-<p>This error indicates that Windows Defender does not support the current version of the platform and requires a new version of the platform. 
-</p>
-</td>
-<td>
-<p>You can only use Windows Defender in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use <a href="https://www.microsoft.com/server-cloud/system-center/endpoint-protection-2012.aspx">System Center Endpoint Protection</a>.  
-</p>
+This error indicates that Windows Defender does not support the current version of the platform and requires a new version of the platform. 
+</td></tr><tr><td>Resolution</td><td>
+You can only use Windows Defender in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use <a href="https://www.microsoft.com/server-cloud/system-center/endpoint-protection-2012.aspx">System Center Endpoint Protection</a>.  
 </td>
 </tr>
 </table>
@@ -2974,349 +2867,330 @@ article</a>.</p>
 <a id="internal-error-codes"></a>
 The following error codes are used during internal testing of Windows Defender AV.
 
-<table>
+If you see these errors, you can try to [update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint.
+
+
+<table class="oridealign"> 
 <tr>
-<th colspan="4">Internal error codes</th>
+<th colspan="3">Internal error codes</th>
 </tr>
 <tr>
-<th>Error code</th>
+<th><b>Error code</b></th>
 <th>Message displayed</th>
-<th>Possible reason for error</th>
-<th>What to do now</th>
+<th>Possible reason for error and resolution</th>
 </tr>
 <tr>
 <td>
-<p>0x80501004</p>
+0x80501004
 </td>
 <td>
-<p><b>ERROR_MP_NO_INTERNET_CONN 
-</b></p>
+<b>ERROR_MP_NO_INTERNET_CONN 
+</b>
 </td>
 <td>
-<p>Check your Internet connection, then run the scan again.</p>
-</td>
-<td>
-<p>Check your Internet connection, then run the scan again.</p>
+Check your Internet connection, then run the scan again.
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501000</p>
+0x80501000
 </td>
 <td>
-<p><b>ERROR_MP_UI_CONSOLIDATION_BAS</b>E</p>
+<b>ERROR_MP_UI_CONSOLIDATION_BAS</b>E
 </td>
 <td rowspan="34">
-<p>This is an internal error. The cause is not clearly defined.</p>
+This is an internal error. The cause is not clearly defined.
 </td>
 <td rowspan="36">
-<p>
-<ol>
-<li>Update the definitions. Either:<ol>
-<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
-</li>
-<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
-</li>
-</ol>
-</li>
-<li>Run a full scan.
-</li>
-<li>Restart the device and try again.</li>
-</ol>
-</p>
+
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501001</p>
+0x80501001
 </td>
 <td>
-<p><b>ERROR_MP_ACTIONS_FAILED</b></p>
+<b>ERROR_MP_ACTIONS_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501002</p>
+0x80501002
 </td>
 <td>
-<p><b>ERROR_MP_NOENGINE</b></p>
+<b>ERROR_MP_NOENGINE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501003</p>
+0x80501003
 </td>
 <td>
-<p><b>ERROR_MP_ACTIVE_THREATS</b></p>
+<b>ERROR_MP_ACTIVE_THREATS</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x805011011</p>
+0x805011011
 </td>
 <td>
-<p><b>MP_ERROR_CODE_LUA_CANCELLED </b></p>
+<b>MP_ERROR_CODE_LUA_CANCELLED </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501101</p>
+0x80501101
 </td>
 <td>
-<p><b>ERROR_LUA_CANCELLATION </b></p>
+<b>ERROR_LUA_CANCELLATION </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501102</p>
+0x80501102
 </td>
 <td>
-<p><b>MP_ERROR_CODE_ALREADY_SHUTDOWN</b></p>
+<b>MP_ERROR_CODE_ALREADY_SHUTDOWN</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501103</p>
+0x80501103
 </td>
 <td>
-<p><b>MP_ERROR_CODE_RDEVICE_S_ASYNC_CALL_PENDING </b></p>
+<b>MP_ERROR_CODE_RDEVICE_S_ASYNC_CALL_PENDING </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501104</p>
+0x80501104
 </td>
 <td>
-<p><b>MP_ERROR_CODE_CANCELLED</b></p>
+<b>MP_ERROR_CODE_CANCELLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501105</p>
+0x80501105
 </td>
 <td>
-<p><b>MP_ERROR_CODE_NO_TARGETOS</b></p>
+<b>MP_ERROR_CODE_NO_TARGETOS</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501106</p>
+0x80501106
 </td>
 <td>
-<p><b>MP_ERROR_CODE_BAD_REGEXP</b></p>
+<b>MP_ERROR_CODE_BAD_REGEXP</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501107</p>
+0x80501107
 </td>
 <td>
-<p><b>MP_ERROR_TEST_INDUCED_ERROR</b></p>
+<b>MP_ERROR_TEST_INDUCED_ERROR</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501108</p>
+0x80501108
 </td>
 <td>
-<p><b>MP_ERROR_SIG_BACKUP_DISABLED</b></p>
+<b>MP_ERROR_SIG_BACKUP_DISABLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508001</p>
+0x80508001
 </td>
 <td>
-<p><b>ERR_MP_BAD_INIT_MODULES</b></p>
+<b>ERR_MP_BAD_INIT_MODULES</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508002</p>
+0x80508002
 </td>
 <td>
-<p><b>ERR_MP_BAD_DATABASE</b></p>
+<b>ERR_MP_BAD_DATABASE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508004</p>
+0x80508004
 </td>
 <td>
-<p><b>ERR_MP_BAD_UFS </b></p>
+<b>ERR_MP_BAD_UFS </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800C</p>
+0x8050800C
 </td>
 <td>
-<p><b>ERR_MP_BAD_INPUT_DATA</b></p>
+<b>ERR_MP_BAD_INPUT_DATA</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800D</p>
+0x8050800D
 </td>
 <td>
-<p><b>ERR_MP_BAD_GLOBAL_STORAGE</b></p>
+<b>ERR_MP_BAD_GLOBAL_STORAGE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800E</p>
+0x8050800E
 </td>
 <td>
-<p><b>ERR_MP_OBSOLETE</b></p>
+<b>ERR_MP_OBSOLETE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800F</p>
+0x8050800F
 </td>
 <td>
-<p><b>ERR_MP_NOT_SUPPORTED</b></p>
+<b>ERR_MP_NOT_SUPPORTED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800F
+0x8050800F
 0x80508010
-</p>
 </td>
 <td>
-<p><b>ERR_MP_NO_MORE_ITEMS </b></p>
+<b>ERR_MP_NO_MORE_ITEMS </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508011</p>
+0x80508011
 </td>
 <td>
-<p><b>ERR_MP_DUPLICATE_SCANID</b></p>
+<b>ERR_MP_DUPLICATE_SCANID</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508012</p>
+0x80508012
 </td>
 <td>
-<p><b>ERR_MP_BAD_SCANID</b></p>
+<b>ERR_MP_BAD_SCANID</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508013</p>
+0x80508013
 </td>
 <td>
-<p><b>ERR_MP_BAD_USERDB_VERSION</b></p>
+<b>ERR_MP_BAD_USERDB_VERSION</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508014</p>
+0x80508014
 </td>
 <td>
-<p><b>ERR_MP_RESTORE_FAILED</b></p>
+<b>ERR_MP_RESTORE_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508016</p>
+0x80508016
 </td>
 <td>
-<p><b>ERR_MP_BAD_ACTION</b></p>
+<b>ERR_MP_BAD_ACTION</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508019</p>
+0x80508019
 </td>
 <td>
-<p><b>ERR_MP_NOT_FOUND</b></p>
+<b>ERR_MP_NOT_FOUND</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80509001</p>
+0x80509001
 </td>
 <td>
-<p><b>ERR_RELO_BAD_EHANDLE</b></p>
+<b>ERR_RELO_BAD_EHANDLE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80509003</p>
+0x80509003
 </td>
 <td>
-<p><b>ERR_RELO_KERNEL_NOT_LOADED</b></p>
+<b>ERR_RELO_KERNEL_NOT_LOADED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A001</p>
+0x8050A001
 </td>
 <td>
-<p><b>ERR_MP_BADDB_OPEN</b></p>
+<b>ERR_MP_BADDB_OPEN</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A002</p>
+0x8050A002
 </td>
 <td>
-<p><b>ERR_MP_BADDB_HEADER</b></p>
+<b>ERR_MP_BADDB_HEADER</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A003</p>
+0x8050A003
 </td>
 <td>
-<p><b>ERR_MP_BADDB_OLDENGINE</b></p>
+<b>ERR_MP_BADDB_OLDENGINE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A004</p>
+0x8050A004
 </td>
 <td>
-<p><b>ERR_MP_BADDB_CONTENT </b></p>
+<b>ERR_MP_BADDB_CONTENT </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A005</p>
+0x8050A005
 </td>
 <td>
-<p><b>ERR_MP_BADDB_NOTSIGNED</b></p>
+<b>ERR_MP_BADDB_NOTSIGNED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050801</p>
+0x8050801
 </td>
 <td>
-<p><b>ERR_MP_REMOVE_FAILED</b></p>
+<b>ERR_MP_REMOVE_FAILED</b>
 </td>
 <td>
-<p>This is an internal error. It might be triggered when malware removal is not successful. 
-</p>
+This is an internal error. It might be triggered when malware removal is not successful. 
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508018 
-</p>
+0x80508018 
 </td>
 <td>
-<p><b>ERR_MP_SCAN_ABORTED 
-</b></p>
+<b>ERR_MP_SCAN_ABORTED 
+</b>
 </td>
 <td>
-<p>This is an internal error. It might have triggered when a scan fails to complete. 
-</p>
+This is an internal error. It might have triggered when a scan fails to complete. 
 </td>
 </tr>
 </table>
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 6bef064955..7eba149ae9 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -10,6 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
 
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index d331e9d39e..942587b25b 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Defender Antivirus
-description: Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10.
+description: Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10 and Windows Server 2016
 keywords: windows defender antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -12,16 +12,17 @@ localizationpriority: medium
 author: iaanw
 ---
 
-# Windows Defender Antivirus in Windows 10
+# Windows Defender Antivirus in Windows 10 and Windows Server 2016
 
 **Applies to**
 -   Windows 10
+-   Windows Server 2016
 
 Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers.
 
 This library of documentation is aimed for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.
 
-For more important information about running Windows Defender AV on a server platform, see [Windows Defender Overview for Windows Server](https://technet.microsoft.com/library/dn765478.aspx).
+For more important information about running Windows Defender on a server platform, see [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md).
 
 Windows Defender AV can be managed with:
 - System Center Configuration Manager (as System Center Endpoint Protection, or SCEP) 
@@ -57,14 +58,14 @@ See the [In this library](#in-this-library) list at the end of this topic for li
 <a id="sysreq"></a>
 ## Minimum system requirements
 
-Windows Defender has the same hardware requirements as Windows 10. For more information, see:
+Windows Defender AV has the same hardware requirements as Windows 10. For more information, see:
 -   [Minimum hardware requirements](https://msdn.microsoft.com/library/windows/hardware/dn915086.aspx)
 -   [Hardware component guidelines](https://msdn.microsoft.com/library/windows/hardware/dn915049.aspx)
 
 
 Some features require a certain version of Windows 10 - the minimum version required is specified at the top of each topic.
 
-Functionality, configuration, and management is largely the same when using Windows Defender Antivirus on Windows Server 2016, however [there are some differences](windows-defender-antivirus-on-windows-server-2016.md).
+Functionality, configuration, and management is largely the same when using Windows Defender AV on Windows Server 2016, however [there are some differences](windows-defender-antivirus-on-windows-server-2016.md).
 
 
 
@@ -73,10 +74,13 @@ Functionality, configuration, and management is largely the same when using Wind
 
 Topic | Description
 :---|:---
-[Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) | Evaluate the protection capabilities of Windows Defender Antivirus with a specialized evaluation guide and PowerShell script
-[Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) | While traditional client deployment is not required for Windows Defender AV, you will need to enable the service. You can also manage how protection and product updates are applies, and receive reports from Configuration Manager, Intune, and with some security information and event monitoring (SIEM) tools
-[Configure Windows Defender features](configure-windows-defender-antivirus-features.md) | Windows Defender AV has a large set of configurable features and options. You can configure options such as cloud-delivered protection, always-on monitoring and scanning, and how end-users can interact or override global policy settings
+[Windows Defender AV in the Windows Defender Security Center app](windows-defender-security-center-antivirus.md) | The Windows Defender Security Center combines the settings and notifications from the previous Windows Defender AV app and Windows Settings in one easy-to-manage place
+[Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) | Windows Defender AV can be used on Windows Server 2016, and features the same configuration and management capabilities as the Windows 10 version - with some added features for automatic exclusions
+[Windows Defender AV compatibility](windows-defender-antivirus-compatibility.md) | Windows Defender AV operates in different modes depending on whether it detects other AV products or if you are using Windows Defender Advanced Threat Protection
+[Evaluate Windows Defender AV protection](evaluate-windows-defender-antivirus.md) | Evaluate the protection capabilities of Windows Defender Antivirus with a specialized evaluation guide and PowerShell script
+[Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md) | While traditional client deployment is not required for Windows Defender AV, you will need to enable the service. You can also manage how protection and product updates are applies, and receive reports from Configuration Manager, Intune, and with some security information and event monitoring (SIEM) tools
+[Configure Windows Defender AV features](configure-windows-defender-antivirus-features.md) | Windows Defender AV has a large set of configurable features and options. You can configure options such as cloud-delivered protection, always-on monitoring and scanning, and how end-users can interact or override global policy settings
 [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) | You can set up scheduled scans, run on-demand scans, and configure how remediation works when threats are detected
-[Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-antivirus.md)|Review event IDs and error codes in Windows Defender Antivirus to determine causes of problems and troubleshoot issues
+[Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md)|Review event IDs and error codes in Windows Defender Antivirus to determine causes of problems and troubleshoot issues
 [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)|The management and configuration tools that you can use with Windows Defender AV are listed and described here
 
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
index b3305b6b1c..29fbb9377a 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Defender Antivirus on Windows Server 2016
-description: Compare the differences when Windows Defender AV is on a Windows Server SKU versus a Windows 10 endpoint
+description: Enable and configure Windows Defender AV on Windows Server 2016 
 keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -13,7 +13,7 @@ author: iaanw
 ---
 
 
-# Windows Defender Antivirus on Windows Server
+# Windows Defender Antivirus on Windows Server 2016
 
 
 **Applies to:**
@@ -36,15 +36,124 @@ author: iaanw
 
 Windows Defender Antivirus is available on Windows Server 2016. In some instances it is referred to as Endpoint Protection - however, the protection engine is the same.
 
-See the [Windows Defender Overview for Windows Server](https://technet.microsoft.com/windows-server-docs/security/windows-defender/windows-defender-overview-windows-server) for more information on enabling the client interface and configuring roles and specific server features.
-
 While the functionality, configuration, and management is largely the same for Windows Defender AV either on Windows 10 or Windows Server 2016, there are a few key differences:
 
 - In Windows Server 2016, [automatic exclusions](configure-server-exclusions-windows-defender-antivirus.md) are applied based on your defined Server Role.
 - In Windows Server 2016, Windows Defender AV will not disable itself if you are running another antivirus product.
 
+This topic includes the following instructions for setting up and running Windows Defender AV on a server platform:
+
+-   [Enable the interface](#BKMK_UsingDef)
+
+-   [Verify Windows Defender AV is running](#BKMK_DefRun)
+
+-   [Update antimalware definitions](#BKMK_UpdateDef)
+
+-   [Submit Samples](#BKMK_DefSamples)
+
+-   [Configure automatic exclusions](#BKMK_DefExclusions)
+
+<a name="BKMK_UsingDef"></a>
+## Enable the interface
+By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs. 
+
+You can enable or disable the interface by using the **Add Roles and Features Wizard** or PowerShellCmdlets, as described in the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic.
+
+The following PowerShell cmdlet will enable the interface: 
+
+```PowerShell
+Install-WindowsFeature -Name Windows-Defender-GUI
+```
+
+The following cmdlet will disable the interface:
+
+```PS
+Uninstall-WindowsFeature -Name Windows-Server-Antimalware
+```
+
+> [!TIP]
+> Event messages for the antimalware engine included with Windows Defender AV can be found in [Windows Defender AV Events](troubleshoot-windows-defender-antivirus.md).
+
+
+<a name="BKMK_DefRun"></a>
+## Verify Windows Defender is running
+To verify that Windows Defender AV is running on the server, run the following command from a command prompt: 
+
+```DOS
+sc query Windefend
+```
+
+The `sc query` command returns information about the Windows Defender service. If Windows Defender is running, the `STATE` value displays `RUNNING`.
+
+<a name="BKMK_UpdateDef"></a>
+## Update antimalware definitions
+In order to get updated antimalware definitions, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Windows Defender AV definitions are approved for the computers you manage.
+
+By default, Windows Update does not download and install updates automatically on Windows Server 2016. You can change this configuration by using one of the following methods:
+
+-   **Windows Update** in Control Panel.
+
+    -   **Install updates automatically** results in all updates being automatically installed, including Windows Defender definition updates.
+
+    -   **Download updates but let me choose whether to install them** allows Windows Defender to download and install definition updates automatically, but other updates are not automatically installed.
+
+-   **Group Policy**. You can set up and manage Windows Update by using the settings available in Group Policy, in the following path: **Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates**
+
+-   The **AUOptions** registry key. The following two values allow Windows Update to automatically download and install definition updates.
+
+    -   **4** Install updates automatically. This value results in all updates being automatically installed, including Windows Defender definition updates.
+
+    -   **3** Download updates but let me choose whether to install them.  This value allows Windows Defender to download and install definition updates automatically, but other updates are not automatically installed.
+
+To ensure that protection from malware is maintained, we recommend that you enable the following services:
+
+-   Windows Defender Network Inspection service
+
+-   Windows Error Reporting service
+
+-   Windows Update service
+
+The following table lists the services for Windows Defender and the dependent services.
+
+|Service Name|File Location|Description|
+|--------|---------|--------|
+|Windows Defender Service (Windefend)|C:\Program Files\Windows Defender\MsMpEng.exe|This is the main Windows Defender Antivirus service that needs to be running at all times.|
+|Windows Defender Network Inspection Service (Wdnissvc)|C:\Program Files\Windows Defender\NisSrv.exe|This service is invoked when Windows Defender Antivirus encounters a trigger to load it.|
+|Windows Error Reporting Service (Wersvc)|C:\WINDOWS\System32\svchost.exe -k WerSvcGroup|This service sends error reports back to Microsoft.|
+|Windows Firewall (MpsSvc)|C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork|We recommend leaving the Windows Firewall service enabled.|
+|Windows Update (Wuauserv)|C:\WINDOWS\system32\svchost.exe -k netsvcs|Windows Update is needed to get definition updates and antimalware engine updates|
+
+
+
+<a name="BKMK_DefSamples"></a>
+## Submit Samples
+Sample submission allows Microsoft to collect samples of potentially malicious software. To help provide continued and up-to-date protection, Microsoft researchers use these samples to analyze suspicious activities and produce updated antimalware definitions.
+
+We collect program executable files, such as .exe files and .dll files. We do not collect files that contain personal data, like Microsoft Word documents and PDF files.
+
+### Enable automatic sample submission
+
+-   To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the **SubmitSamplesConsent** value data according to one of the following settings:
+
+    -   **0** Always prompt. The Windows Defender service prompts you to confirm submission of all required files. This is the default setting for Windows Defender, but is not recommended for Windows Server 2016 installations without a GUI.
+
+    -   **1** Send safe samples automatically. The Windows Defender service sends all files marked as "safe" and prompts for the remainder of the files.
+
+    -   **2** Never send. The Windows Defender service does not prompt and does not send any files.
+
+    -   **3** Send all samples automatically. The Windows Defender service sends all files without a prompt for confirmation.
+
+<a name="BKMK_DefExclusions"></a>
+## Configure automatic exclusions
+To help ensure security and performance, certain exclusions are automatically added based on the roles and features you install when using Windows Defender AV on Server 2016.
+
+See the [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) topic for more information. 
+
+
 
 ## Related topics
 
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
-- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
\ No newline at end of file
+- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) 
+
+
diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md
index cbdd0a70de..17cfdf7f54 100644
--- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md
+++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md
@@ -1,5 +1,5 @@
 ---
-title: Create a Windows Information Protection (WIP) with enrollment policy using the classic console for Microsoft Intune (Windows 10)
+title: Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune (Windows 10)
 description: Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
 ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721
 ms.prod: w10
@@ -10,7 +10,7 @@ author: eross-msft
 localizationpriority: high
 ---
 
-# Create a Windows Information Protection (WIP) using the classic console for Microsoft Intune
+# Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune
 
 **Applies to:**
 
diff --git a/windows/whats-new/contribute-to-a-topic.md b/windows/whats-new/contribute-to-a-topic.md
index c963eb975e..460964a3ed 100644
--- a/windows/whats-new/contribute-to-a-topic.md
+++ b/windows/whats-new/contribute-to-a-topic.md
@@ -31,7 +31,7 @@ If you've previously contributed to topics in the Microsoft repositories, congra
     ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png)
 
 5.	Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
-    - **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide)
+    - **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring)
     
     - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/)