Merge branch 'master' into lsaldanha-4620497-batch15

.openpublishing.redirection.json

@@ -15110,6 +15110,11 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip",
       "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/use-apis",
@@ -16514,6 +16519,11 @@
       "source_path": "windows/hub/windows-10.yml",
       "redirect_url": "https://docs.microsoft.com/windows/windows-10",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives",
+      "redirect_document_id": true
     }
   ]
 }

education/includes/education-content-updates.md

@@ -2,9 +2,10 @@
 
 
 
-## Week of November 30, 2020
+## Week of January 11, 2021
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 12/4/2020 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 1/14/2021 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
+| 1/14/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |

store-for-business/distribute-offline-apps.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Distribute offline apps
 
 
-**Applies to**
+**Applies to:**
 
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 10 Mobile
 
 Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.
 
@@ -29,23 +29,23 @@ Offline licensing is a new licensing option for Windows 10 with Microsoft Store
 
 Offline-licensed apps offer an alternative to online apps, and provide additional deployment options. Some reasons to use offline-licensed apps:
 
--   **You don't have access to Microsoft Store services** - If your employees don't have access to the internet and Microsoft Store services, downloading offline-licensed apps and deploying them with imaging is an alternative to online-licensed apps.
+- **You don't have access to Microsoft Store services** - If your employees don't have access to the Internet and Microsoft Store services, downloading offline-licensed apps and deploying them with imaging is an alternative to online-licensed apps.
 
--   **You use imaging to manage devices in your organization** - Offline-licensed apps can be added to images and deployed with Deployment Image Servicing and Management (DISM), or Windows Imaging and Configuration Designer (ICD).
+- **You use imaging to manage devices in your organization** - Offline-licensed apps can be added to images and deployed with Deployment Image Servicing and Management (DISM), or Windows Imaging and Configuration Designer (ICD).
 
--   **Your employees do not have Azure Active Directory (AD) accounts** - Azure AD accounts are required for employees that install apps assigned to them from Microsoft Store or that claim apps from a private store.
+- **Your employees do not have Azure Active Directory (AD) accounts** - Azure AD accounts are required for employees that install apps assigned to them from Microsoft Store or that claim apps from a private store.
 
 ## Distribution options for offline-licensed apps
 
 You can't distribute offline-licensed apps directly from Microsoft Store. Once you download the items for the offline-licensed app, you have options for distributing the apps:
 
--   **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft Windows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
+- **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft Windows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
 
--   **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages).
+- **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages).
 
--   **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics:
+- **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics:
     - [Manage apps from Microsoft Store for Business with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-    - [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)<br>
+    - [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/windows-store-for-business)<br>
 
 For third-party MDM providers or management servers, check your product documentation.
 
@@ -53,23 +53,22 @@ For third-party MDM providers or management servers, check your product document
 
 There are several items to download or create for offline-licensed apps. The app package and app license are required; app metadata and app frameworks are optional. This section includes more info on each item, and tells you how to download an offline-licensed app.
 
--   **App metadata** - App metadata is optional. The metadata includes app details, links to icons, product id, localized product ids, and other items. Devs who plan to use an app as part of another app or tool, might want the app metadata.
+- **App metadata** - App metadata is optional. The metadata includes app details, links to icons, product id, localized product ids, and other items. Devs who plan to use an app as part of another app or tool, might want the app metadata.
 
--   **App package** - App packages are required for distributing offline apps. There are app packages for different combinations of app platform and device architecture. You'll need to know what device architectures you have in your organization to know if there are app packages to support your devices.
+- **App package** - App packages are required for distributing offline apps. There are app packages for different combinations of app platform and device architecture. You'll need to know what device architectures you have in your organization to know if there are app packages to support your devices.
 
--   **App license** - App licenses are required for distributing offline apps. Use encoded licenses when you distribute offline-licensed apps using a management tool or ICD. Use unencoded licenses when you distribute offline-licensed apps using DISM.
+- **App license** - App licenses are required for distributing offline apps. Use encoded licenses when you distribute offline-licensed apps using a management tool or ICD. Use unencoded licenses when you distribute offline-licensed apps using DISM.
 
--   **App frameworks** - App frameworks are optional. If you already have the required framework, you don't need to download another copy. The Store for Business will select the app framework needed for the app platform and architecture that you selected.
+- **App frameworks** - App frameworks are optional. If you already have the required framework, you don't need to download another copy. The Store for Business will select the app framework needed for the app platform and architecture that you selected.
 
-<a href="" id="download-offline-licensed-app"></a>
-**To download an offline-licensed app**
+<a href="" id="download-offline-licensed-app"></a>**To download an offline-licensed app**
 
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2.  Click **Manage**.
-3.  Click **Settings**.
-4.  Click **Shop**. Search for the **Shopping experience** section, change the License type to **Offline**, and click  **Get the app**, which will add the app to your inventory.
-5.  Click **Manage**. You now have access to download the appx bundle package metadata and license file.
-6.  Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.)
+1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
+2. Click **Manage**.
+3. Click **Settings**.
+4. Click **Shop**. Search for the **Shopping experience** section, change the License type to **Offline**, and click  **Get the app**, which will add the app to your inventory.
+5. Click **Manage**. You now have access to download the appx bundle package metadata and license file.
+6. Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.)
 
     - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional.
     - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required.
@@ -78,16 +77,3 @@ There are several items to download or create for offline-licensed apps. The app
 
 > [!NOTE]
 > You need the framework to support your app package, but if you already have a copy, you don't need to download it again. Frameworks are backward compatible.
-
-
-
-     
-
- 
-
- 
-
-
-
-
-

store-for-business/includes/store-for-business-content-updates.md

@@ -2,20 +2,17 @@
 
 
 
-## Week of November 23, 2020
+## Week of January 25, 2021
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 11/23/2020 | [Microsoft Store for Business and Microsoft Store for Education overview (Windows 10)](/microsoft-store/microsoft-store-for-business-overview) | modified |
-| 11/23/2020 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
+| 1/29/2021 | [Distribute offline apps (Windows 10)](/microsoft-store/distribute-offline-apps) | modified |
 
 
-## Week of October 26, 2020
+## Week of January 11, 2021
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 10/27/2020 | [Add unsigned app to code integrity policy (Windows 10)](/microsoft-store/add-unsigned-app-to-code-integrity-policy) | modified |
-| 10/27/2020 | [Device Guard signing (Windows 10)](/microsoft-store/device-guard-signing-portal) | modified |
-| 10/27/2020 | [Sign code integrity policy with Device Guard signing (Windows 10)](/microsoft-store/sign-code-integrity-policy-with-device-guard-signing) | modified |
+| 1/14/2021 | [Add unsigned app to code integrity policy (Windows 10)](/microsoft-store/add-unsigned-app-to-code-integrity-policy) | modified |

windows/application-management/app-v/appv-connect-to-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to connect to the Management Console (Windows 10)
 description: In this article, learn the procedure for connecting to the App-V Management Console through your web browser.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-connection-group-virtual-environment.md

@@ -1,7 +1,7 @@
 ---
 title: About the connection group virtual environment (Windows 10)
 description: Learn how the connection group virtual environment works and how package priority is determined.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md

@@ -1,7 +1,7 @@
 ---
 title: How to convert a package created in a previous version of App-V (Windows 10)
 description: Use the package converter utility to convert a virtual application package created in a previous version of App-V.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a connection croup with user-published and globally published packages (Windows 10)
 description: How to create a connection croup with user-published and globally published packages.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-connection-group.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a connection group (Windows 10)
 description: Learn how to create a connection group with the App-V Management Console and where to find information about managing connection groups.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a custom configuration file by using the App-V Management Console (Windows 10)
 description: How to create a custom configuration file by using the App-V Management Console.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a package accelerator by using Windows PowerShell (Windows 10)
 description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-package-accelerator.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a package accelerator (Windows 10)
 description: Learn how to create App-V Package Accelerators to automatically generate new virtual application packages.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a virtual application package using an App-V Package Accelerator (Windows 10)
 description: How to create a virtual application package using an App-V Package Accelerator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-and-use-a-project-template.md

@@ -1,7 +1,7 @@
 ---
 title: Create and apply an App-V project template to a sequenced App-V package (Windows 10)
 description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md

@@ -1,7 +1,7 @@
 ---
 title: Creating and managing App-V virtualized applications (Windows 10)
 description: Create and manage App-V virtualized applications to monitor and record the installation process for an application to be run as a virtualized application.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10)
 description: How to customize virtual application extensions for a specific AD group by using the Management Console.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-delete-a-connection-group.md

@@ -1,7 +1,7 @@
 ---
 title: How to delete a connection group (Windows 10)
 description: Learn how to delete an existing App-V connection group in the App-V Management Console and where to find information about managing connection groups.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to delete a package in the Management Console (Windows 10)
 description: Learn how to delete a package in the App-V Management Console and where to find information about operations for App-V.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md

@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
 description: Learn how to use SQL scripts to install the App-V databases and upgrade the App-V databases to a later version.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md

@@ -1,7 +1,7 @@
 ---
 title: How to deploy App-V packages using electronic software distribution (Windows 10)
 description: Learn how use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md

@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Server Using a Script (Windows 10)
 description: 'Learn how to deploy the App-V server by using a script (appv_server_setup.exe) from the command line.'
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploy-the-appv-server.md

@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Server (Windows 10)
 description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying App-V (Windows 10)
 description: App-V supports several different deployment options. Learn how to complete App-V deployment at different stages in your App-V deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
 description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2013 by Using App-V (Windows 10)
 description: Use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2016 by using App-V (Windows 10)
 description: Use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying App-V packages by using electronic software distribution (ESD)
 description: Deploying App-V packages by using electronic software distribution (ESD)
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying the App-V Sequencer and configuring the client (Windows 10)
 description: Learn how to deploy the App-V Sequencer and configure the client by using the ADMX template and Group Policy.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-the-appv-server.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying the App-V Server (Windows 10)
 description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10 by using different deployment configurations described in this article.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deployment-checklist.md

@@ -1,7 +1,7 @@
 ---
 title: App-V Deployment Checklist (Windows 10)
 description: Use the App-V deployment checklist to understand the recommended steps and items to consider when deploying App-V features.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-dynamic-configuration.md

@@ -1,7 +1,7 @@
 ---
 title: About App-V Dynamic Configuration (Windows 10)
 description: Learn how to create or edit an existing Application Virtualization (App-V) dynamic configuration file.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md

@@ -1,7 +1,7 @@
 ---
 title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10)
 description: Learn how to enable only administrators to publish packages by bsing an electronic software delivery (ESD).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10)
 description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md

@@ -1,7 +1,7 @@
 ---
 title: Enable the App-V in-box client (Windows 10)
 description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-evaluating-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Evaluating App-V (Windows 10)
 description: Learn how to evaluate App-V for Windows 10 in a lab environment before deploying into a production environment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-for-windows.md

@@ -1,7 +1,7 @@
 ---
 title: Application Virtualization (App-V) (Windows 10)
 description: See various topics that can help you administer Application Virtualization (App-V) and its components.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-getting-started.md

@@ -1,7 +1,7 @@
 ---
 title: Getting Started with App-V (Windows 10)
 description: Get started with Microsoft Application Virtualization (App-V) for Windows 10. App-V for Windows 10 delivers Win32 applications to users as virtual applications.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-high-level-architecture.md

@@ -1,7 +1,7 @@
 ---
 title: High-level architecture for App-V (Windows 10)
 description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10)
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md

@@ -1,7 +1,7 @@
 ---
 title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
 description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md

@@ -1,7 +1,7 @@
 ---
 title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10)
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md

@@ -1,7 +1,7 @@
 ---
 title: Install the Publishing Server on a Remote Computer (Windows 10)
 description: Use the procedures in this article to install the Microsoft Application Virtualization (App-V) publishing server on a separate computer.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md

@@ -1,7 +1,7 @@
 ---
 title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
 description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-sequencer.md

@@ -1,7 +1,7 @@
 ---
 title: Install the App-V Sequencer (Windows 10)
 description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md

@@ -1,7 +1,7 @@
 ---
 title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10)
 description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-maintaining-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Maintaining App-V (Windows 10)
 description: After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10)
 description: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10)
 description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-managing-connection-groups.md

@@ -1,7 +1,7 @@
 ---
 title: Managing Connection Groups (Windows 10)
 description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md

@@ -1,7 +1,7 @@
 ---
 title: Migrating to App-V from a Previous Version (Windows 10)
 description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10 from a previous version.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md

@@ -1,7 +1,7 @@
 ---
 title: How to Modify an Existing Virtual Application Package (Windows 10)
 description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
 description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md

@@ -1,7 +1,7 @@
 ---
 title: How to Move the App-V Server to Another Computer (Windows 10)
 description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-operations.md

@@ -1,7 +1,7 @@
 ---
 title: Operations for App-V (Windows 10)
 description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-performance-guidance.md

@@ -1,7 +1,7 @@
 ---
 title: Performance Guidance for Application Virtualization (Windows 10)
 description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-checklist.md

@@ -1,7 +1,7 @@
 ---
 title: App-V Planning Checklist (Windows 10)
 description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Planning to Use Folder Redirection with App-V (Windows 10)
 description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-appv-server-deployment.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for the App-V Server Deployment (Windows 10)
 description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for App-V (Windows 10)
 description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for High Availability with App-V Server
 description: Learn what you need to know so you can plan for high availability with Application Virtualization (App-V) server.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for the App-V Sequencer and Client Deployment (Windows 10)
 description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-using-appv-with-office.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for Deploying App-V with Office (Windows 10)
 description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md

@@ -1,7 +1,7 @@
 ---
 title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10)
 description: Planning to Deploy App-V with an Electronic Software Distribution System
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-to-deploy-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Planning to Deploy App-V (Windows 10)
 description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/client-management/mdm/filesystem-csp.md

@@ -14,16 +14,13 @@ ms.date: 06/26/2017
 
 # FileSystem CSP
 
-
 The FileSystem configuration service provider is used to query, add, modify, and delete files, file directories, and file attributes on the mobile device. It can retrieve information about or manage files in ROM, files in persistent store and files on any removable storage card that is present in the device. It works for files that are hidden from the user as well as those that are visible to the user.
 
-> **Note**  FileSystem CSP is only supported in Windows 10 Mobile.
-> 
-> 
-> 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application.
-
+> [!NOTE]
+> FileSystem CSP is only supported in Windows 10 Mobile.
 
+> [!NOTE]
+> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application.
 
 The following diagram shows the FileSystem configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider.
 
@@ -36,17 +33,17 @@ Recursive queries or deletes are not supported for this element. Add commands wi
 
 The following properties are supported for the root node:
 
--   `Name`: The root node name. The Get command is the only supported command.
+- `Name`: The root node name. The Get command is the only supported command.
 
--   `Type`: The MIME type of the file, which is com.microsoft/windowsmobile/1.1/FileSystemMO. The Get command is the only supported command.
+- `Type`: The MIME type of the file, which is com.microsoft/windowsmobile/1.1/FileSystemMO. The Get command is the only supported command.
 
--   `Format`: The format, which is `node`. The Get command is the only supported command.
+- `Format`: The format, which is `node`. The Get command is the only supported command.
 
--   `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
+- `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
 
--   `Size`: Not supported.
+- `Size`: Not supported.
 
--   `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
+- `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
 
 <a href="" id="file-directory"></a>***file directory***
 Optional. Returns the name of a directory in the device file system. Any *file directory* element can contain directories and files as child elements.
@@ -61,17 +58,17 @@ The Delete command is used to delete all files and subfolders under this *file d
 
 The following properties are supported for file directories:
 
--   `Name`: The file directory name. The Get command is the only supported command.
+- `Name`: The file directory name. The Get command is the only supported command.
 
--   `Type`: The MIME type of the file, which an empty string for directories that are not the root node. The Get command is the only supported command.
+- `Type`: The MIME type of the file, which is an empty string for directories that are not the root node. The Get command is the only supported command.
 
--   `Format`: The format, which is `node`. The Get command is the only supported command.
+- `Format`: The format, which is `node`. The Get command is the only supported command.
 
--   `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
+- `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
 
--   `Size`: Not supported.
+- `Size`: Not supported.
 
--   `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
+- `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file `winnt.h`. This supports the Get command and the Replace command.
 
 <a href="" id="file-name"></a>***file name***
 Optional. Return a file in binary format. If the file is too large for the configuration service to return, it returns error code 413 (Request entity too large) instead.
@@ -86,29 +83,18 @@ The Get command is not supported on a *file name* element, only on the propertie
 
 The following properties are supported for files:
 
--   `Name`: The file name. The Get command is the only supported command.
+- `Name`: The file name. The Get command is the only supported command.
 
--   `Type`: The MIME type of the file. This value is always set to the generic MIME type: `application/octet-stream`. The Get command is the only supported command.
+- `Type`: The MIME type of the file. This value is always set to the generic MIME type: `application/octet-stream`. The Get command is the only supported command.
 
--   `Format`: The format, which is b64 encoded for binary data is sent over XML, and bin format for binary data sent over wbxml. The Get command is the only supported command.
+- `Format`: The format, which is b64 encoded for binary data is sent over XML, and bin format for binary data sent over WBXML. The Get command is the only supported command.
 
--   `TStamp`: A standard OMA property that indicates the last time the file was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
+- `TStamp`: A standard OMA property that indicates the last time the file was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
 
--   `Size`: The unencoded file content size in bytes. The Get command is the only supported command.
+- `Size`: The unencoded file content size in bytes. The Get command is the only supported command.
 
--   `msft:SystemAttributes`: A custom property that contains file attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
+- `msft:SystemAttributes`: A custom property that contains file attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
 
 ## Related topics
 
-
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-

windows/client-management/mdm/policy-csp-devicelock.md

@@ -677,7 +677,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app.
+Specifies the maximum amount of time (in seconds) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app.
 
 * On Mobile, the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
 * On HoloLens, this timeout is controlled by the device's system sleep timeout, regardless of the value set by this policy.

windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md

@@ -6,7 +6,7 @@ description: Cortana includes powerful configuration options specifically to opt
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: kwekua
+author: dansimp
 ms.localizationpriority: medium
 ms.author: dansimp
 ---

windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md

@@ -1,5 +1,5 @@
 ---
-title: Customize Windows 10 Start and tasbkar with Group Policy (Windows 10)
+title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
 description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
 ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545
 ms.reviewer: 

windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md

@@ -1,7 +1,7 @@
 ---
 title: Administering UE-V with Windows PowerShell and WMI
 description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/configuration/ue-v/uev-administering-uev.md

@@ -1,7 +1,7 @@
 ---
 title: Administering UE-V
 description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/configuration/ue-v/uev-application-template-schema-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Application Template Schema Reference for UE-V
 description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md

@@ -1,7 +1,7 @@
 ---
 title: Changing the Frequency of UE-V Scheduled Tasks
 description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md

@@ -1,7 +1,7 @@
 ---
 title: Configuring UE-V with Group Policy Objects
 description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/deployment/update/waas-delivery-optimization.md

@@ -62,10 +62,11 @@ For information about setting up Delivery Optimization, including tips for the b
     - DOMaxUploadBandwidth
     
 - Support for new types of downloads:
-    - Office installations and updates
+    - Office installs and updates
     - Xbox game pass games
     - MSIX apps (HTTP downloads only)
-    - Edge browser installations and updates
+    - Edge browser installs and updates
+    - [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) 
 
 ## Requirements
 
@@ -90,7 +91,9 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Win32 apps for Intune | 1709 |
 | Xbox game pass games | 2004 |
 | MSIX apps (HTTP downloads only) | 2004 |
-| Configuration Manager Express Updates | 1709 + Configuration Manager version 1711 |
+| Configuration Manager Express updates | 1709 + Configuration Manager version 1711 |
+| Edge browser installs and updates | 1809 |
+| [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) | 1903 |
 
 > [!NOTE]
 > Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910).

windows/deployment/volume-activation/use-vamt-in-windows-powershell.md

@@ -57,7 +57,7 @@ get-help get-VamtProduct -all
 ```
 
 **Warning**  
-The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=242278).
+The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/vamt).
 
 **To view VAMT PowerShell Help sections**
 

windows/security/identity-protection/TOC.md

@@ -18,7 +18,7 @@
 #### [User Account Control security policy settings](user-account-control\user-account-control-security-policy-settings.md)
 #### [User Account Control Group Policy and registry key settings](user-account-control\user-account-control-group-policy-and-registry-key-settings.md)
 
-## [Windows Hello for Business](hello-for-business/hello-identity-verification.md)
+## [Windows Hello for Business](hello-for-business/index.yml)
 
 ## [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md)
 ### [How Credential Guard works](credential-guard/credential-guard-how-it-works.md)

windows/security/identity-protection/access-control/access-control.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/active-directory-accounts.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/active-directory-security-groups.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/dynamic-access-control.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/local-accounts.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/microsoft-accounts.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/security-identifiers.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/security-principals.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/service-accounts.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/access-control/special-identities.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/change-history-for-access-protection.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/configure-s-mime.md

@@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/credential-guard/additional-mitigations.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/credential-guard/credential-guard-considerations.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/credential-guard/credential-guard-known-issues.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/credential-guard/credential-guard-manage.md

@@ -7,15 +7,15 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: v-tea
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.reviewer: 
 ms.custom: 
-- CI 120967
-- CSSTroubleshooting
+  - CI 120967
+  - CSSTroubleshooting
 ---
 
 # Manage Windows Defender Credential Guard

windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/credential-guard/credential-guard-requirements.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/credential-guard/credential-guard.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md

@@ -1,5 +1,5 @@
 ---
-title: Multifactor Unlock
+title: Multi-factor Unlock
 description: Learn how Windows 10 offers multifactor device unlock by extending Windows Hello with trusted signals. 
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, multi, factor, multifactor, multi-factor
 ms.prod: w10
@@ -16,7 +16,7 @@ localizationpriority: medium
 ms.date: 03/20/2018
 ms.reviewer: 
 ---
-# Multifactor Unlock
+# Multi-factor Unlock
 
 **Applies to:**
 -   Windows 10
@@ -83,15 +83,17 @@ For example, if you include the PIN and fingerprint credential providers in both
 The **Signal rules for device unlock** setting contains the rules the Trusted Signal credential provider uses to satisfy unlocking the device.
 
 ### Rule element
-You represent signal rules in XML.  Each signal rule has an starting and ending **rule** element that contains the **schemaVersion** attribute and value.  The current supported schema version is 1.0.<br>
+You represent signal rules in XML.  Each signal rule has an starting and ending **rule** element that contains the **schemaVersion** attribute and value.  The current supported schema version is 1.0.
+
 **Example**
-```
+```xml
 <rule schemaVersion="1.0">
 </rule>
 ```
 
 ### Signal element
-Each rule element has a **signal** element.  All signal elements have a **type** element and value.  Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values.<br>
+Each rule element has a **signal** element.  All signal elements have a **type** element and value.  Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values.
+
 
 |Attribute|Value|
 |---------|-----|
@@ -109,8 +111,8 @@ You define the bluetooth signal with additional attributes in the signal element
 |rssiMin|"*number*"|no|
 |rssiMaxDelta|"*number*"|no|
 
-Example:
-```
+**Example**
+```xml
 <rule schemaVersion="1.0">
     <signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
 </rule>
@@ -142,63 +144,76 @@ RSSI measurements are relative and lower as the bluetooth signals between the tw
 You define IP configuration signals using one or more ipConfiguration elements.  Each element has a string value.  IpConfiguration elements do not have attributes or nested elements.
 
 ##### IPv4Prefix
-The IPv4 network prefix represented in Internet standard dotted-decimal notation. A network prefix that uses the Classless Inter-Domain Routing (CIDR) notation is required as part of the network string. A network port must not be present in the network string.  A **signal** element may only contain one **ipv4Prefix** element.<br>
+The IPv4 network prefix represented in Internet standard dotted-decimal notation. A network prefix that uses the Classless Inter-Domain Routing (CIDR) notation is required as part of the network string. A network port must not be present in the network string.  A **signal** element may only contain one **ipv4Prefix** element.
+
 **Example**
-```
+```xml
 <ipv4Prefix>192.168.100.0/24</ipv4Prefix>
 ```
+
 The assigned IPv4 addresses in the range of 192.168.100.1 to 192.168.100.254 match this signal configuration.
 
 ##### IPv4Gateway
-The IPv4 network gateway represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4Gateway** element.<br>
+The IPv4 network gateway represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4Gateway** element.
+
 **Example**
-```
+```xml
 <ipv4Gateway>192.168.100.10</ipv4Gateway>
 ```
+
 ##### IPv4DhcpServer
-The IPv4 DHCP server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4DhcpServer** element.<br>
+The IPv4 DHCP server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4DhcpServer** element.
+
 **Example**
-```
+```xml
 <ipv4DhcpServer>192.168.100.10</ipv4DhcpServer>
 ```
+
 ##### IPv4DnsServer
-The IPv4 DNS server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.The **signal** element may contain one or more **ipv4DnsServer** elements.<br>
+The IPv4 DNS server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.The **signal** element may contain one or more **ipv4DnsServer** elements.
+
 **Example:**
-```
+```xml
 <ipv4DnsServer>192.168.100.10</ipv4DnsServer>
 ```
 
 ##### IPv6Prefix
-The IPv6 network prefix represented in IPv6 network using Internet standard hexadecimal encoding. A network prefix in CIDR notation is required as part of the network string. A network port or scope ID must not be present in the network string.  A **signal** element may only contain one **ipv6Prefix** element.<br>
+The IPv6 network prefix represented in IPv6 network using Internet standard hexadecimal encoding. A network prefix in CIDR notation is required as part of the network string. A network port or scope ID must not be present in the network string.  A **signal** element may only contain one **ipv6Prefix** element.
+
 **Example** 
-```
+```xml
 <ipv6Prefix>21DA:D3::/48</ipv6Prefix>
 ```
 
 ##### IPv6Gateway
-The IPv6 network gateway represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6Gateway** element.<br>
+The IPv6 network gateway represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6Gateway** element.
+
 **Example** 
-```
+```xml
 <ipv6Gateway>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6Gateway>
 ```
 
 ##### IPv6DhcpServer
-The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6DhcpServer** element.<br>
+The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6DhcpServer** element.
+
 **Example**
-```
+```xml
 <ipv6DhcpServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DhcpServer
 ```
 
 ##### IPv6DnsServer
-The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string. The **signal** element may contain one or more **ipv6DnsServer** elements.<br>
+The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string. The **signal** element may contain one or more **ipv6DnsServer** elements.
+
 **Example**
-```
+```xml
 <ipv6DnsServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DnsServer>
 ```
+
 ##### dnsSuffix
-The fully qualified domain name of your organization's internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix.  The **signal** element may contain one or more **dnsSuffix** elements.<br>
+The fully qualified domain name of your organization's internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix.  The **signal** element may contain one or more **dnsSuffix** elements.
+
 **Example**
-```
+```xml
 <dnsSuffix>corp.contoso.com</dnsSuffix>
 ```
 
@@ -210,15 +225,17 @@ The fully qualified domain name of your organization's internal DNS suffix where
 You define Wi-Fi signals using one or more wifi elements.  Each element has a string value.  Wifi elements do not have attributes or nested elements.
 
 #### SSID
-Contains the service set identifier (SSID) of a wireless network.  The SSID is the name of the wireless network.  The SSID element is required.<br>
-```
+Contains the service set identifier (SSID) of a wireless network.  The SSID is the name of the wireless network.  The SSID element is required.
+
+```xml
 <ssid>corpnetwifi</ssid>
 ```
 
 #### BSSID
-Contains the basic service set identifier (BSSID) of a wireless access point.  the BSSID is the mac address of the wireless access point.  The BSSID element is optional.<br>
+Contains the basic service set identifier (BSSID) of a wireless access point.  the BSSID is the mac address of the wireless access point.  The BSSID element is optional.
+
 **Example**
-```
+```xml
 <bssid>12-ab-34-ff-e5-46</bssid>
 ```
 
@@ -235,19 +252,22 @@ Contains the type of security the client uses when connecting to the wireless ne
 |WPA2-Enterprise| The wireless network is protected using Wi-Fi Protected Access 2-Enterprise.|
 
 **Example**
-```
+```xml
 <security>WPA2-Enterprise</security> 
 ```
 #### TrustedRootCA
-Contains the thumbprint of the trusted root certificate of the wireless network. This may be any valid trusted root certificate. The value is represented as hexadecimal string where each byte in the string is separated by a single space.  This element is optional.<br>
+Contains the thumbprint of the trusted root certificate of the wireless network. This may be any valid trusted root certificate. The value is represented as hexadecimal string where each byte in the string is separated by a single space.  This element is optional.
+
 **Example**
-```
+```xml
 <trustedRootCA>a2 91 34 aa 22 3a a2 3a 4a 78 a2 aa 75 a2 34 2a 3a 11 4a aa</trustedRootCA>
 ```
+
 #### Sig_quality
-Contains numeric value ranging from 0 to 100 to represent the wireless network's signal strength needed to be considered a trusted signal.<br>
+Contains numeric value ranging from 0 to 100 to represent the wireless network's signal strength needed to be considered a trusted signal.
+
 **Example**
-```
+```xml
 <sig_quality>80</sig_quality>
 ```
  
@@ -257,7 +277,8 @@ These examples are wrapped for readability.  Once properly formatted, the entire
 
 #### Example 1
 This example configures an IPConfig signal type using Ipv4Prefix, Ipv4DnsServer, and DnsSuffix elements.
-```
+
+```xml
 <rule schemaVersion="1.0"> 
     <signal type="ipConfig"> 
         <ipv4Prefix>10.10.10.0/24</ipv4Prefix>
@@ -271,10 +292,11 @@ This example configures an IPConfig signal type using Ipv4Prefix, Ipv4DnsServer,
 
 #### Example 2
 This example configures an IpConfig signal type using a dnsSuffix element and a bluetooth signal for phones.  This configuration is wrapped for reading.  Once properly formatted, the entire XML contents must be a single line.  This example implies that either the ipconfig **or** the Bluetooth rule must evaluate to true, for the resulting signal evaluation to be true.
+
 >[!NOTE]
 >Separate each rule element using a comma.
 
-```
+```xml
 <rule schemaVersion="1.0"> 
 	<signal type="ipConfig"> 
 	    <dnsSuffix>corp.contoso.com</dnsSuffix> 
@@ -284,9 +306,11 @@ This example configures an IpConfig signal type using a dnsSuffix element and a
 	<signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
 </rule>
 ```
+
 #### Example 3
 This example configures the same as example 2 using compounding And elements.  This example implies that the ipconfig **and** the Bluetooth rule must evaluate to true, for the resulting signal evaluation to be true.
-```
+
+```xml
 <rule schemaVersion="1.0">
 <and>
   <signal type="ipConfig">
@@ -296,9 +320,11 @@ This example configures the same as example 2 using compounding And elements.  T
 </and>
 </rule>
 ```
+
 #### Example 4 
 This example configures Wi-Fi as a trusted signal (Windows 10, version 1803)
-```
+
+```xml
 <rule schemaVersion="1.0"> 
   <signal type="wifi"> 
     <ssid>contoso</ssid> 
@@ -332,22 +358,34 @@ The Group Policy object contains the policy settings needed to trigger Windows H
 > * You cannot use the same unlock factor to satisfy both categories. Therefore, if you include any credential provider in both categories, it means it can satisfy either category, but not both.
 > * The multifactor unlock feature is also supported via the Passport for Work CSP. See [Passport For Work CSP](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp) for more information.
 
-1. Start the **Group Policy Management Console** (gpmc.msc)
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click **Group Policy object** and select **New**.
-4. Type *Multifactor Unlock* in the name box and click **OK**.
-5. In the content pane, right-click the **Multifactor Unlock** Group Policy object and click **Edit**.
-6. In the navigation pane, expand **Policies** under **Computer Configuration**.
-7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.<br>
-   ![Group Policy Editor](images/multifactorUnlock/gpme.png)
-8. In the content pane, double-click **Configure device unlock factors**. Click **Enable**.  The **Options** section populates the policy setting with default values.<br>
-   ![Multifactor Policy Setting](images/multifactorUnlock/gp-setting.png)
-9. Configure first and second unlock factors using the information in the [Configure Unlock Factors](#configuring-unlock-factors) section.
-10. If using trusted signals, configure the trusted signals used by the unlock factor using the information in the [Configure Signal Rules for the Trusted Signal Credential Provider](#configure-signal-rules-for-the-trusted-signal-credential-provider) section.
-11. Click **Ok** to close the **Group Policy Management Editor**. Use the **Group Policy Management Console** to deploy the newly created Group Policy object to your organization's computers.
+1. Start the **Group Policy Management Console** (gpmc.msc).
 
-    ## Troubleshooting
-    Multi-factor unlock writes events to event log under **Application and Services Logs\Microsoft\Windows\HelloForBusiness** with the category name **Device Unlock**.
+2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+
+3. Right-click **Group Policy object** and select **New**.
+
+4. Type *Multifactor Unlock* in the name box and click **OK**.
+
+5. In the content pane, right-click the **Multifactor Unlock** Group Policy object and click **Edit**.
+
+6. In the navigation pane, expand **Policies** under **Computer Configuration**.
+
+7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.
+
+   ![Group Policy Editor](images/multifactorUnlock/gpme.png)
+   
+8. In the content pane, double-click **Configure device unlock factors**. Click **Enable**.  The **Options** section populates the policy setting with default values.
+
+   ![Multifactor Policy Setting](images/multifactorUnlock/gp-setting.png)
+   
+9. Configure first and second unlock factors using the information in [Configure Unlock Factors](#configuring-unlock-factors).
+
+10. If using trusted signals, configure the trusted signals used by the unlock factor using the information in [Configure Signal Rules for the Trusted Signal Credential Provider](#configure-signal-rules-for-the-trusted-signal-credential-provider).
+
+11. Click **OK** to close the **Group Policy Management Editor**. Use the **Group Policy Management Console** to deploy the newly created Group Policy object to your organization's computers.
+
+## Troubleshooting
+Multi-factor unlock writes events to event log under **Application and Services Logs\Microsoft\Windows\HelloForBusiness** with the category name **Device Unlock**.
 
 ### Events
 

windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md

@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 01/14/2021
 ms.reviewer: 
 ---
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services
@@ -50,9 +50,8 @@ Prepare the Active Directory Federation Services deployment by installing and up
 > (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
 > ```
 > 6. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'`.
-> 7. Restart the ADFS service.
-> 8. On the client: Restart the client. User should be prompted to provision WHFB.
-> 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot.
+> 7. Restart the AD FS service.
+> 8. On the client: Restart the client. User should be prompted to provision Windows Hello for Business.
 
 ## Update Windows Server 2016
 
@@ -218,7 +217,6 @@ Sign-in the federation server with _domain administrator_ equivalent credentials
 12. When the process completes, click **Close**.
 13. Do not restart the AD FS server. You will do this later.
 
-
 ### Add the AD FS Service account to the KeyCredential Admin group and the Windows Hello for Business Users group
 
 > [!NOTE]
@@ -227,6 +225,7 @@ Sign-in the federation server with _domain administrator_ equivalent credentials
 The **KeyCredential Administrators** global group provides the AD FS service with the permissions needed to perform key registration.  The Windows Hello for Business group provides the AD FS service with the permissions needed to enroll a Windows Hello for Business authentication certificate on behalf of the provisioning user.
 
 Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
+
 1. Open **Active Directory Users and Computers**.
 2. Click the **Users** container in the navigation pane.
 3. Right-click **KeyCredential Admins** in the details pane and click **Properties**.
@@ -246,6 +245,7 @@ Key Registration stores the Windows Hello for Business public key in Active Dire
 The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually.
 
 Sign-in a domain controller or management workstations with _Domain Admin_ equivalent credentials.
+
 1. Open **Active Directory Users and Computers**.
 2. Right-click your domain name from the navigation pane and click **Properties**.
 3. Click **Security** (if the Security tab is missing, turn on Advanced Features from the View menu).
@@ -259,6 +259,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
 ## Configure the Device Registration Service
 
 Sign-in the federation server with _Enterprise Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm.
+
 1. Open the **AD FS management** console.
 2. In the navigation pane, expand **Service**. Click **Device Registration**.
 3. In the details pane, click **Configure Device Registration**.
@@ -299,6 +300,7 @@ The registration authority template you configure depends on the AD FS service c
 >Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
 
 #### Windows 2012 or later domain controllers
+
 Sign-in a certificate authority or management workstations with _domain administrator_ equivalent credentials.
 
 1. Open the **Certificate Authority Management** console.
@@ -321,6 +323,7 @@ Sign-in a certificate authority or management workstations with _domain administ
 #### Windows 2008 or 2008R2 domain controllers
 
 Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
+
 1. Open the **Certificate Authority** management console.
 2. Right-click **Certificate Templates** and click **Manage**.
 3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent** template in the details pane and click **Duplicate Template**.
@@ -337,6 +340,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 During Windows Hello for Business provisioning, the Windows 10, version 1703 client requests an authentication certificate from the Active Directory Federation Service, which requests the authentication certificate on behalf of the user.  This task configures the Windows Hello for Business authentication certificate template.  You use the name of the certificate template when configuring.
 
 Sign-in a certificate authority or management workstations with _domain administrator equivalent_ credentials.
+
 1. Open the **Certificate Authority** management console.
 2. Right-click **Certificate Templates** and click **Manage**.
 3. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
@@ -358,6 +362,7 @@ Sign-in a certificate authority or management workstations with _domain administ
 #### Mark the template as the Windows Hello Sign-in template 
 
 Sign-in to an **AD FS Windows Server 2016** computer with _enterprise administrator_ equivalent credentials.
+
 1. Open an elevated command prompt.
 2. Run `certutil –dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`.
 
@@ -367,6 +372,7 @@ Sign-in to an **AD FS Windows Server 2016** computer with _enterprise administra
 ### Publish Enrollment Agent and Windows Hello For Business Authentication templates to the Certificate Authority
 
 Sign-in a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
+
 1. Open the **Certificate Authority** management console.
 2. Expand the parent node from the navigation pane.
 3. Click **Certificate Templates** in the navigation pane.
@@ -395,6 +401,7 @@ Active Directory Federation Server used for Windows Hello for Business certifica
 Approximately 60 days prior to enrollment agent certificate’s expiration, the AD FS service attempts to renew the certificate until it is successful.  If the certificate fails to renew, and the certificate expires, the AD FS server will request a new enrollment agent certificate.  You can view the AD FS event logs to determine the status of the enrollment agent certificate.
 
 ### Service Connection Point (SCP) in Active Directory for ADFS Device Registration Service
+
 > [!NOTE]
 > Normally this script is not needed, as enabling Device Registration via the ADFS Management console already creates the objects. You can validate the SCP using the script below. For detailed information about the Device Registration Service, see [Configuring Device Registration](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614658(v=ws.11)?redirectedfrom=MSDN).
 
@@ -440,6 +447,7 @@ Many environments load balance using hardware devices.  Environments without har
 ### Install Network Load Balancing Feature on AD FS Servers
 
 Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
+
 1. Start **Server Manager**.  Click **Local Server** in the navigation pane.
 2. Click **Manage** and then click **Add Roles and Features**.
 3. Click **Next** On the **Before you begin** page.
@@ -455,6 +463,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
 Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster.  Once you have created the cluster, then you can add new nodes to that cluster.
 
 Sign-in a node of the federation farm with _Admin_ equivalent credentials.
+
 1. Open **Network Load Balancing Manager** from **Administrative Tools**.
     ![NLB Manager user interface](images/hello-nlb-manager.png)
 2. Right-click **Network Load Balancing Clusters**, and then click **New Cluster**.
@@ -479,6 +488,7 @@ Sign-in a node of the federation farm with _Admin_ equivalent credentials.
 ## Configure DNS for Device Registration
 
 Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials.  You’ll need the Federation service name to complete this task.  You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server.
+
 1. Open the **DNS Management** console.
 2. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**.
 3. In the navigation pane, select the node that has the name of your internal Active Directory domain name.
@@ -493,6 +503,7 @@ The Windows Hello provisioning presents web pages from the federation service.
 ### Create an Intranet Zone Group Policy
 
 Sign-in the domain controller or administrative workstation with _Domain Admin_ equivalent credentials:
+
 1. Start the **Group Policy Management Console** (gpmc.msc).
 2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
 3. Right-click **Group Policy object** and select **New**.
@@ -559,8 +570,8 @@ Each file in this folder represents a certificate in the service account’s Per
 
 For detailed information about the certificate, use `Certutil -q -v <certificateThumbprintFileName>` .
 
-
 ## Follow the Windows Hello for Business on premises certificate trust deployment guide
+
 1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
 2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
 3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*)

windows/security/identity-protection/hello-for-business/hello-deployment-guide.md

@@ -1,5 +1,5 @@
 ---
-title: Windows Hello for Business Deployment Guide
+title: Windows Hello for Business Deployment Overview
 description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment. 
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
@@ -13,28 +13,35 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/29/2018
+ms.date: 01/21/2021
 ms.reviewer: 
 ---
-# Windows Hello for Business Deployment Guide
+# Windows Hello for Business Deployment Overview
 
 **Applies to**
--   Windows 10, version 1703 or later
+
+- Windows 10, version 1703 or later
 
 Windows Hello for Business is the springboard to a world without passwords. It replaces username and password sign-in to Windows with strong user authentication based on an asymmetric key pair.
 
-This deployment guide is to guide you through deploying Windows Hello for Business, based on the planning decisions made using the Planning a Windows Hello for Business Deployment Guide. It provides you with the information needed to successfully deploy Windows Hello for Business in an existing environment.
+This deployment overview is to guide you through deploying Windows Hello for Business. Your first step should be to use the Passwordless Wizard in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/modernonboarding/passwordlesssetup) or the [Planning a Windows Hello for Business Deployment](hello-planning-guide.md) guide to determine the right deployment model for your organization.
+
+Once you've chosen a deployment model, the deployment guide for the that model will provide you with the information needed to successfully deploy Windows Hello for Business in your environment.
+
+> [!NOTE]
+> Read the [Windows Hello for Business Deployment Prerequisite Overview](hello-identity-verification.md) for a summary of the prerequisites for each different Windows Hello for Business deployment model.
 
 ## Assumptions
 
 This guide assumes that baseline infrastructure exists which meets the requirements for your deployment. For either hybrid or on-premises deployments, it is expected that you have:
-* A well-connected, working network
-* Internet access
-* Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
-* Proper name resolution, both internal and external names
-* Active Directory and an adequate number of domain controllers per site to support authentication
-* Active Directory Certificate Services 2012 or later
-* One or more workstation computers running Windows 10, version 1703
+
+- A well-connected, working network
+- Internet access
+- Multi-factor Authentication Server to support MFA during Windows Hello for Business provisioning
+- Proper name resolution, both internal and external names
+- Active Directory and an adequate number of domain controllers per site to support authentication
+- Active Directory Certificate Services 2012 or later
+- One or more workstation computers running Windows 10, version 1703
 
 If you are installing a server role for the first time, ensure the appropriate server operating system is installed, updated with the latest patches, and joined to the domain. This document provides guidance to install and configure the specific roles on that server.  
 
@@ -47,14 +54,16 @@ Windows Hello for Business has three deployment models: Cloud, hybrid, and on-pr
 Hybrid deployments are for enterprises that use Azure Active Directory. On-premises deployments are for enterprises who exclusively use on-premises Active Directory. Remember that the environments that use Azure Active Directory must use the hybrid deployment model for all domains in that forest.
 
 The trust model determines how you want users to authenticate to the on-premises Active Directory:
-* The key-trust model is for enterprises who do not want to issue end-entity certificates to their users and have an adequate number of 2016 domain controllers in each site to support authentication. 
-* The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. 
-* The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
+
+- The key-trust model is for enterprises who do not want to issue end-entity certificates to their users and have an adequate number of 2016 domain controllers in each site to support authentication.
+- The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today.
+- The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
 
 > [!NOTE]
 > RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 Following are the various deployment guides and models included in this topic:
+
 - [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md)
 - [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md)
 - [Azure AD Join Single Sign-on Deployment Guides](hello-hybrid-aadj-sso.md)