From 69785aef76a8d2b8d7aa2daf5383b083753420f4 Mon Sep 17 00:00:00 2001
From: Patti Short <patti.short@microsoft.com>
Date: Thu, 12 Apr 2018 16:58:22 -0700
Subject: [PATCH 01/15] updated metadata

---
 ...-ons-using-administrative-templates-and-group-policy.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index 8650b4702c..d89d5edfa2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -3,19 +3,20 @@ ms.localizationpriority: low
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Enable and disable add-ons using administrative templates and group policy
-author: eross-msft
+ms.author: pashort
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
 title: Enable and disable add-ons using administrative templates and group policy (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
-ms.date: 07/27/2017
+ms.date: 4/12/2018
 ---
 
 
 # Enable and disable add-ons using administrative templates and group policy
 Add-ons let your employees personalize Internet Explorer. You can manage IE add-ons using Group Policy and Group Policy templates.
 
-There are 4 types of add-ons:
+There are four types of add-ons:
 
 -   **Search Providers.** Type a term and see suggestions provided by your search provider.
 

From 3d0271fa5753d4a2cc616bd0e98b5b0fc9cf646a Mon Sep 17 00:00:00 2001
From: Patti Short <patti.short@microsoft.com>
Date: Thu, 12 Apr 2018 17:34:22 -0700
Subject: [PATCH 02/15] github issue #691

---
 ...ministrative-templates-and-group-policy.md | 30 ++++++++++++-------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index d89d5edfa2..6c783eb4ae 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -58,7 +58,7 @@ You can use the Local Group Policy Editor to change how add-ons work in your org
 5.  Close the Local Group Policy Editor when you’re done.
 
 ## Using the CLSID and Administrative Templates to manage group policy objects
-Because every add-on has a Class ID (CLSID), you can use it to enable and disable specific add-ons, using Group Policy and Administrative Templates.
+Every add-on has a Class ID (CLSID) that you use to enable and disable specific add-ons, using Group Policy and Administrative Templates.
 
  **To manage add-ons**
 
@@ -66,22 +66,32 @@ Because every add-on has a Class ID (CLSID), you can use it to enable and disabl
 
     1.  Open IE, click **Tools**, and then click **Manage Add-ons**.
 
-    2.  Pick the add-on you want to change, and then right-click **More Information**.
-
-    3.  Click **Copy** and then close **Manage Add-ons** and IE.
+    2.  Double-click the add-on you want to change. 
 
+    3.  In the More Information dialog, click **Copy** and then click **Close**. 
+    
+    4. Open Notepad and paste the information for the add-on. 
+    
+    5. On the Manage Add-ons windows, click **Close**.
+    
+    6. On the Internet Options dialog, click **Close** and then close IE.
+    
 2.  From the copied information, select and copy just the **Class ID** value.
 
-3.  Open the Group Policy Management Editor and go to `Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`.
+    >[!NOTE]
+    >You want to copy the curly brackets as well as the CLSID: **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
+
+3.  Open the Group Policy Management Editor and go to: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
 <br>**-OR-**<br>
-Open the Local Group Policy Editor and go to `Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`.
+Open the Local Group Policy Editor and go to: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
 
-4.  Open the **Add-on List** Group Policy Object, pick **Enabled**, and then click **Show**.<br>
-**Show Contents** box appears.
+4.  Open the **Add-on List** Group Policy Object, pick **Enabled**, and then click **Show**.<br>The Show Contents box appears.
 
-5.  In **Value Name**, put your copied Class ID.
+5.  On Show Contents, click **Add**. 
 
-6.  In **Value**, put:
+6.  In **Value Name**, paste the Class ID for your add-on, for example, **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
+
+6.  In **Value**, enter one of the following:
 
     -   **0**. The add-on is disabled and your employees can’t change it.
 

From ae3b54284b11f999f4b3362edf763d97804c8439 Mon Sep 17 00:00:00 2001
From: Patti Short <patti.short@microsoft.com>
Date: Thu, 12 Apr 2018 18:00:21 -0700
Subject: [PATCH 03/15] github issue #691

---
 ...ons-using-administrative-templates-and-group-policy.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index 6c783eb4ae..f2c1df3f6d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -85,9 +85,7 @@ Every add-on has a Class ID (CLSID) that you use to enable and disable specific
 <br>**-OR-**<br>
 Open the Local Group Policy Editor and go to: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
 
-4.  Open the **Add-on List** Group Policy Object, pick **Enabled**, and then click **Show**.<br>The Show Contents box appears.
-
-5.  On Show Contents, click **Add**. 
+4.  Open the **Add-on List** Group Policy Object, pick **Enabled**, and then click **Show**.<br>The Show Contents dialog appears.
 
 6.  In **Value Name**, paste the Class ID for your add-on, for example, **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
 
@@ -99,7 +97,9 @@ Open the Local Group Policy Editor and go to: User Configuration\Administrative
 
     -   **2**. The add-on is enabled and your employees can change it.
 
-7.  Click **OK** and close the Group Policy editor.
+7.  Click **OK** twice to close the Group Policy editor.
+
+8.  
 
  
 

From 175558919deed7cf83a423e05bfe9070fb013ee6 Mon Sep 17 00:00:00 2001
From: Kevin Kaminski MVP <Kevin.Kaminski@bighatgroup.com>
Date: Fri, 13 Apr 2018 11:19:46 -0600
Subject: [PATCH 04/15] Broken link to get MDOP templates.

Link to Microsoft download site broken. Is this a more appropriate link?
https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates
---
 ...pgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
index 7bb09bf7a9..52ef3ff163 100644
--- a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
@@ -130,7 +130,7 @@ Use the steps in the following sections to upgrade MBAM for the Stand-alone topo
 
 6.  Install and configure the MBAM 2.5 or 2.5 SP1 databases, reports, web applications, and Configuration Manager integration, in that order. The databases and Configuration Manager objects are upgraded in place.
 
-7.  Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](http://www.microsoft.com/download/details.aspx?id=41183) to download the latest ADMX templates.
+7.  Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates) to download the latest ADMX templates.
 
     After you upgrade the MBAM Server infrastructure, the existing client computers continue to successfully report to the MBAM 2.5 or 2.5 SP1 Server, and recovery data continues to be stored.
 

From 4eaf8f808dd3f79564507c26161c883b7a14c7c1 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Fri, 13 Apr 2018 17:41:54 +0000
Subject: [PATCH 05/15] Merged PR 7138: Fix powershell sample and add
 validation to cellular config

---
 ...-deployment-surface-hub-device-accounts.md |  8 ++---
 ...change-history-for-configure-windows-10.md |  1 +
 windows/configuration/provisioning-apn.md     | 34 +++++++++++++++++++
 3 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index 7ef2ae24a6..aeeeb108e0 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 07/27/2017
+ms.date: 04/13/2018
 ms.localizationpriority: medium
 ---
 
@@ -100,10 +100,8 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
 
 8.  OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
 
-    ```PowerShell
-    Set-CsMeetingRoom HUB01 -DomainController DC-ND-001.contoso.com
-     -LineURItel: +14255550555;ext=50555" Set-CsMeetingRoom -DomainController DC-ND-001.contoso.com
-     -Identity HUB01 -EnterpriseVoiceEnabled $true
+   ```PowerShell
+    Set-CsMeetingRoom  -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI “tel:+14255550555;ext=50555"  -EnterpriseVoiceEnabled $true
     ```
 
     Again, you'll need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index b328c042ce..8ca1f3e376 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -20,6 +20,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
 New or changed topic | Description
 --- | ---
 [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints.
+[Configure cellular settings for tablets and PCs](provisioning-apn.md) | Added instructions for confirming that the settings were applied.
 
 ## March 2018
 
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index 20fc7040aa..a83a991b31 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -76,5 +76,39 @@ For users who work in different locations, you can configure one APN to connect
 9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md)
 
 
+## Confirm the settings
+
+After you apply the provisioning package, you can confirm that the settings have been applied.
+
+1. On the configured device, open a command prompt as an administrator.
+
+2. Run the following command:
+
+    ```
+    netsh mbn show profiles
+    ```
+
+3. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
+
+    ```
+    netsh mbn show profiles name="name"
+    ```
+
+    This command will list details for that profile, including Access Point Name.
+
+
+Alternatively, you can also use the command:
+
+```
+netsh mbn show interface
+```
+
+From the results of that command, get the name of the cellular/mobile broadband interface and run:
+
+```
+netsh mbn show connection interface="name"
+```
+
+The result of that command will show details for the cellular interface, including Access Point Name.
 
 

From dbba2435349449d0d69aa9488c0cc62e6a1e9411 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Fri, 13 Apr 2018 10:58:30 -0700
Subject: [PATCH 06/15] added that this wsa uintroduced in Vista

---
 ...pport-advanced-audit-policy-configuration.md | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index f2d774c843..0c5a957bec 100644
--- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -15,18 +15,7 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies.
+Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista. 
+There is no difference in security auditing support between 32-bit and 64-bit versions. 
+Windows editions that cannot join a domain, such as Windows 10 Home edition, do not have access to these features. 
 
-Versions of the Windows operating system that cannot join a domain do not have access to these features. There is no difference in security auditing support between 32-bit and 64-bit versions.
-
-## Are there any special considerations?
-
-In addition, the following special considerations apply to the various tasks associated with advanced security auditing enhancements:
-
--   **Creating an audit policy.** To create an advanced security auditing policy, you must use a computer running any supported version of Windows. You can use the Group Policy Management Console (GPMC) on a computer running a supported version of the Windows client operating system after installing the Remote Server Administration Tools.
--   **Applying audit policy settings.** If you are using Group Policy to apply the advanced audit policy settings and global object access settings, client computers must be running any supported version of the Windows server operating system or Windows client operating system. In addition, only computers running any of these supported operating systems can provide "reason for access" reporting data.
--   **Developing an audit policy model.** To plan advanced security audit settings and global object access settings, you must use the GPMC that targets a domain controller running a supported version of the Windows server operating system.
--   **Distributing the audit policy.** After a Group Policy Object (GPO) that includes advanced security auditing settings is developed, it can be distributed by using domain controllers running any Windows Server operating system. 
-However, if you cannot put client computers running a supported version of the Windows client operating system into a separate organizational unit (OU), you should use Windows Management Instrumentation (WMI) filtering to ensure that the advanced security auditing policy settings are applied only to client computers running a supported version of the Windows client operating system.
-
->**Important:**  Using both the basic auditing policy settings under **Local Policies\\Audit Policy** and the advanced auditing policy settings under **Advanced Audit Policy Configuration** can cause unexpected results in audit reporting. Therefore, the two sets of audit policy settings should not be combined. If you use advanced audit policy configuration settings, you should enable the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** policy setting under **Local Policies\\Security Options**. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored.  

From 989f9a56f0a0066efca597a98c1ef51d43f2011e Mon Sep 17 00:00:00 2001
From: Benjamin Howorth <v-behowo@microsoft.com>
Date: Fri, 13 Apr 2018 18:19:40 +0000
Subject: [PATCH 07/15] Merged PR 7142: Updated index.md. Made the images for
 teachers and it admins hot images so they

Updated index.md. Made the images for teachers and it admins hot images so they link to their correct pages.
---
 education/trial-in-a-box/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/education/trial-in-a-box/index.md b/education/trial-in-a-box/index.md
index 62510022e6..486c9358c7 100644
--- a/education/trial-in-a-box/index.md
+++ b/education/trial-in-a-box/index.md
@@ -28,7 +28,7 @@ Welcome to Microsoft Education Trial in a Box. We built this trial to make it ea
 
 </br>
 
-| ![Get started for Educators](images/teacher_rotated_resized.png) | ![Get started for IT Admins](images/itadmin_rotated_resized.png) |
+| [![Get started for Educators](images/teacher_rotated_resized.png)](educator-tib-get-started.md) | [![Get started for IT Admins](images/itadmin_rotated_resized.png)](itadmin-tib-get-started.md) |
 | :---: | :---: | 
 | <span style="font-size: 1.5em">**Educator**</span></br>Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. </br>[Get started](educator-tib-get-started.md) | <span style="font-size: 1.5em">**IT Admin**</span></br>Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. </br> [Get started](itadmin-tib-get-started.md) |
 

From 2b02899b0d0bddbc4a934c4a4e0132e36b7caf5f Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Fri, 13 Apr 2018 20:37:20 +0000
Subject: [PATCH 08/15] Merged PR 7148: fix language

---
 ...premises-deployment-surface-hub-device-accounts.md |  1 +
 .../change-history-for-configure-windows-10.md        |  2 +-
 .../guidelines-for-assigned-access-app.md             | 11 ++++++-----
 windows/configuration/provisioning-apn.md             |  2 +-
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index aeeeb108e0..7c6a90015d 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -105,6 +105,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
     ```
 
     Again, you'll need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
+    
 
  
 
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 8ca1f3e376..457c50223b 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: jdeckerms
-ms.date: 04/04/2018
+ms.date: 04/13/2018
 ---
 
 # Change history for Configure Windows 10
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 2a03f2bf72..751dcc8f7b 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -65,16 +65,17 @@ If you use a web browser as your assigned access app, consider the following tip
 
 ## Secure your information
 
-Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting this type of apps if they provide unnecessary data access.
+Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
 
 ## App configuration
 
-Some apps may require additional configurations before they can be used appropriately in assigned access . For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access. 
-Check the guidelines published by your selected app and do the setup accordingly. 
+Some apps may require additional configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access. 
+
+Check the guidelines published by your selected app and set up accordingly. 
 
 ## Develop your kiosk app
 
-Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above lock  . The kiosk app is actually running as an above lock screen app. 
+Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app. 
 
 Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/library/windows/hardware/mt633799%28v=vs.85%29.aspx). 
 
@@ -82,7 +83,7 @@ Follow the [best practices guidance for developing a kiosk app for assigned acce
 
 The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you have selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
 
- ## Learn more
+## Learn more
 
 [Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
 
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index a83a991b31..96078d1791 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
 ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/13/2018
 ---
 
 # Configure cellular settings for tablets and PCs

From 141e89e3c4eeabb8b00fb5a5976e33f6730d3c20 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Fri, 13 Apr 2018 14:33:20 -0700
Subject: [PATCH 09/15] revised table

---
 .../applocker/requirements-to-use-applocker.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
index 96c05fcdee..53e38b4d8e 100644
--- a/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
+++ b/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
@@ -35,7 +35,7 @@ The following table show the on which operating systems AppLocker features are s
 
 | Version | Can be configured | Can be enforced | Available rules | Notes |
 | - | - | - | - | - |
-| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
+| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10 that supports Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
 | Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | 
 | Windows 8.1 Pro| Yes| No| N/A||
 | Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | 

From 2166017c63553a54767b2bdbd3fec4c071e5672f Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Fri, 13 Apr 2018 14:36:38 -0700
Subject: [PATCH 10/15] revised table

---
 .../applocker/requirements-to-use-applocker.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
index 53e38b4d8e..846cc26a49 100644
--- a/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
+++ b/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
@@ -35,7 +35,7 @@ The following table show the on which operating systems AppLocker features are s
 
 | Version | Can be configured | Can be enforced | Available rules | Notes |
 | - | - | - | - | - |
-| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10 that supports Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
+| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
 | Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | 
 | Windows 8.1 Pro| Yes| No| N/A||
 | Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | 

From da13ed141dfb0f6a3b587f9dd9a6c8fcd0890d67 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Fri, 13 Apr 2018 15:22:59 -0700
Subject: [PATCH 11/15] removed section

---
 ...rd-enable-virtualization-based-security.md | 37 ++-----------------
 1 file changed, 4 insertions(+), 33 deletions(-)

diff --git a/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md b/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
index ab3baf28eb..400d1f0540 100644
--- a/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
+++ b/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
@@ -22,30 +22,9 @@ Virtualization-based protection of code integrity (herein referred to as Hypervi
 
 Use the following procedure to enable virtualization-based protection of code integrity:
 
-1.  **Decide whether to use the procedures in this topic, or to use the Windows Defender Device Guard readiness tool**. To enable HVCI, you can use [the Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or follow the procedures in this topic.
+1.  Decide whether to use the procedures in this topic, or to use [the Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337). 
 
-2.  **Verify that hardware and firmware requirements are met**. Verify that your client computers have the hardware and firmware to run HVCI. For a list of requirements, see [Hardware, firmware, and software requirements for Windows Defender Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard).
-
-3.  **Enable the necessary Windows features**. You can use the [hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or see [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-protection-of-code-integrity).
-
-4.  **Enable additional features as desired**. You can use the [hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or see [Enable virtualization-based protection of code integrity](#enable-virtualization-based-protection-of-code-integrity). 
-
-## Windows feature requirements for virtualization-based protection of code integrity
-
-Make sure these operating system features are enabled before you can enable HVCI:
-
-- Beginning with Windows 10, version 1607 or Windows Server 2016:<br> 
-Hyper-V Hypervisor, which is enabled automatically. No further action is needed.
-
-- With an earlier version of Windows 10:<br> 
-Hyper-V Hypervisor and Isolated User Mode (shown in Figure 1).
- 
-![Turn Windows features on or off](images/dg-fig1-enableos.png)
-
-**Figure 1. Enable operating system features for HVCI, Windows 10, version 1511**
-
-> [!NOTE]
-> You can configure these features by using Group Policy or Dism.exe, or manually by using Windows PowerShell or the Windows Features dialog box.
+2.  Verify that [hardware and firmware requirements](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard) are met. 
 
 ## Enable virtualization-based protection of code integrity
 
@@ -57,16 +36,12 @@ If you don't want to use the [hardware readiness tool](https://www.microsoft.com
 
     ![Group Policy Management, create a GPO](images/dg-fig2-createou.png)
 
-    Figure 2. Create a new OU-linked GPO
-
 2.  Give the new GPO a name, then right-click the new GPO, and click **Edit**.
 
 4.  Within the selected GPO, navigate to Computer Configuration\\Policies\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**.
 
     ![Edit the group policy for Virtualization Based Security](images/dg-fig3-enablevbs.png)
 
-    Figure 3. Enable virtualization-based security (VBS)
-
 5.  Select the **Enabled** button. For **Select Platform Security Level**:
 
     - **Secure Boot** provides as much protection as a computer’s hardware can support. If the computer does not have input/output memory management units (IOMMUs), enable **Secure Boot**.
@@ -78,9 +53,7 @@ If you don't want to use the [hardware readiness tool](https://www.microsoft.com
 
     - With earlier versions of Windows 10:<br>Select the **Enable Virtualization Based Protection of Code Integrity** check box.
 
-    ![Group Policy, Turn On Virtualization Based Security](images/dg-fig7-enablevbsofkmci.png)
-
-    Figure 5. Configure HVCI, Lock setting (in Windows 10, version 1607)
+      ![Group Policy, Turn On Virtualization Based Security](images/dg-fig7-enablevbsofkmci.png)
 
 7.  Close the Group Policy Management Editor, and then restart the Windows 10 test computer. The settings will take effect upon restart.
 
@@ -281,12 +254,10 @@ This field indicates whether VBS is enabled and running.
 
 This field lists the computer name. All valid values for computer name.
 
-Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 6.
+Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section.
 
 ![Windows Defender Device Guard properties in the System Summary](images/dg-fig11-dgproperties.png)
 
-Figure 6. Windows Defender Device Guard properties in the System Summary
-
 ## Related topics
 
 - [Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)

From a8c040c02dd816a5ff5c3df3df986403419ba5f6 Mon Sep 17 00:00:00 2001
From: Patti Short <patti.short@microsoft.com>
Date: Sat, 14 Apr 2018 09:20:59 -0700
Subject: [PATCH 12/15] added a comment about the gpupdate /force command

---
 ...ministrative-templates-and-group-policy.md | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index f2c1df3f6d..a607034785 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -85,7 +85,7 @@ Every add-on has a Class ID (CLSID) that you use to enable and disable specific
 <br>**-OR-**<br>
 Open the Local Group Policy Editor and go to: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
 
-4.  Open the **Add-on List** Group Policy Object, pick **Enabled**, and then click **Show**.<br>The Show Contents dialog appears.
+4.  Open the **Add-on List** Group Policy Object, select **Enabled**, and then click **Show**.<br>The Show Contents dialog appears.
 
 6.  In **Value Name**, paste the Class ID for your add-on, for example, **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
 
@@ -97,13 +97,12 @@ Open the Local Group Policy Editor and go to: User Configuration\Administrative
 
     -   **2**. The add-on is enabled and your employees can change it.
 
+7.  Close the Show Contents dialog.
+
+7.  In the Group Policy editor, go to: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer.
+
+8.  Double-click **Automatically activate/enable newly installed add-ons** and select **Enabled**.<br><br>Enabling turns off the message prompting you to Enable or Don't enable the add-on.
+
 7.  Click **OK** twice to close the Group Policy editor.
-
-8.  
-
- 
-
- 
-
-
-
+ 
+<!-- do they need to run the gpudate /force command? -->
\ No newline at end of file

From 4cab2a3fae45064dfa2d0cfb384ff38eefa187aa Mon Sep 17 00:00:00 2001
From: Patti Short <patti.short@microsoft.com>
Date: Sun, 15 Apr 2018 19:16:41 -0700
Subject: [PATCH 13/15] remove unnecessary inline comment

---
 browsers/edge/emie-to-improve-compatibility.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index cffe549908..a660a05235 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -19,8 +19,6 @@ If you have specific web sites and apps that you know have compatibility problem
 
 Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
 
-<!-- Will RS5 have the need for the following note? -->
-[@Reviewer: will RS5 have the need for the following note?]
 >[!NOTE]
 >If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
 

From f4c331d41795401de51966f8bfe81eaa7d1174ef Mon Sep 17 00:00:00 2001
From: Patti Short <patti.short@microsoft.com>
Date: Sun, 15 Apr 2018 19:18:10 -0700
Subject: [PATCH 14/15] remove unnecessary inline comment

---
 browsers/edge/emie-to-improve-compatibility.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index a660a05235..fc8a612b80 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -1,14 +1,15 @@
 ---
 description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11.
 ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4
-author: eross-msft
+author: shortpatti
+ms.author: pashort
 ms.prod: edge
 ms.mktglfcycl: support
 ms.sitesec: library
 ms.pagetype: appcompat
 title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
 ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/15/2018
 ---
 
 # Use Enterprise Mode to improve compatibility

From 388e4f4a97c07caf8e56e24f59f584aae2e94962 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Mon, 16 Apr 2018 15:34:42 +0000
Subject: [PATCH 15/15] Merged PR 7168: clarify kiosk not supported on Home

---
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 windows/configuration/setup-kiosk-digital-signage.md           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 94ac63a7a7..ef5ecb4d6b 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -18,7 +18,7 @@ ms.author: jdecker
 
 **Applies to**
 
--   Windows 10
+-   Windows 10 Pro, Enterprise, and Education
 
 A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. 
 
diff --git a/windows/configuration/setup-kiosk-digital-signage.md b/windows/configuration/setup-kiosk-digital-signage.md
index c9b84f0646..f8b3502b6d 100644
--- a/windows/configuration/setup-kiosk-digital-signage.md
+++ b/windows/configuration/setup-kiosk-digital-signage.md
@@ -16,7 +16,7 @@ ms.date: 03/30/2018
 
 **Applies to**
 
--   Windows 10
+-   Windows 10 Pro, Enterprise, and Education