Merge pull request #621 from MicrosoftDocs/master

7/1 PM Publish

.openpublishing.redirection.json

@@ -6497,7 +6497,7 @@
 },
 {
 "source_path": "windows/manage/app-inventory-managemement-windows-store-for-business.md",
-"redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business",
+"redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business#manage-apps-in-your-inventory",
 "redirect_document_id": true
 },
 {

devices/surface-hub/TOC.md

@@ -43,6 +43,7 @@
 ## Support
 ### [Recover and reset Surface Hub 2S](surface-hub-2s-recover-reset.md)
 ### [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
+### [How to pack and ship your Surface Hub 2S for service](surface-hub-2s-pack-components.md)
 ### [Change history](surface-hub-2s-change-history.md)
 
 # Surface Hub

devices/surface-hub/surface-hub-2s-pack-components.md

@@ -0,0 +1,90 @@
+---
+title: "How to pack and ship your Surface Hub 2S for service"
+description: "Instructions for packing Surface Hub 2S components, replacing the Compute cartridge, and replacing the camera"
+keywords: pack, replace components, camera, compute cartridge
+ms.prod: surface-hub
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+audience: Admin
+ms.topic: article
+ms.date: 07/1/2019
+ms.localizationpriority: Normal
+---
+
+# How to pack and ship your Surface Hub 2S for service
+
+If you replace your Surface Hub 2S, one of its components, or a related accessory, use the instructions in this article when you pack the device for shipment. 
+
+>[!IMPORTANT]  
+>When packing your device for shipment, make sure that you use the packaging in which your replacement device arrived.  
+
+This article contains the following procedures:
+
+- [How to pack your Surface Hub 2S 55”](#how-to-pack-your-surface-hub-2s-55)  
+- [How to replace and pack your Surface Hub 2S Compute Cartridge](#how-to-replace-and-pack-your-surface-hub-2s-compute-cartridge)  
+- [How to replace your Surface Hub 2S Camera](#how-to-replace-your-surface-hub-2s-camera)  
+
+## How to pack your Surface Hub 2S 55”
+
+Use the following steps to pack your Surface Hub 2S 55" for shipment.
+
+![The Surface Hub unit and mobile stand.](images/surface-hub-2s-repack-1.png)
+
+![Remove the pen and the camera. Do not pack them with the unit.](images/surface-hub-2s-repack-2.png)
+
+![Remove the drive and the power cable. Do not pack them with the unit.](images/surface-hub-2s-repack-3.png)
+
+![Do not pack the Setup guide with the unit.](images/surface-hub-2s-repack-4.png)
+
+![Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge.](images/surface-hub-2s-repack-5.png)
+
+![Slide the Compute Cartridge out of the unit.](images/surface-hub-2s-repack-6.png)
+
+![You will need the Compute Cartridge and a screwdriver.](images/surface-hub-2s-repack-7.png)
+
+![Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD).](images/surface-hub-2s-repack-8.png)
+
+![Replace the cover and slide the Compute Cartridge back into the unit.](images/surface-hub-2s-repack-9.png)
+
+![Re-fasten the locking screw and slide the cover into place.](images/surface-hub-2s-repack-10.png)
+
+![Remove any base or mounting hardware. Using two people, place the unit in the base of the shipping container.](images/surface-hub-2s-repack-11.png)
+
+![Replace the cover of the shipping container, and insert the four clips.](images/surface-hub-2s-repack-12.png)
+
+![Close the four clips.](images/surface-hub-2s-repack-13.png)
+
+## How to replace and pack your Surface Hub 2S Compute Cartridge
+
+Use the following steps to remove the Surface Hub 2S Compute Cartridge, pack it for shipment, and install the new Compute Cartridge.
+
+![Image of the compute cartridge.](images/surface-hub-2s-replace-cartridge-1.png)
+
+![Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge.](images/surface-hub-2s-replace-cartridge-2.png)
+
+![Slide the Compute Cartridge out of the unit.](images/surface-hub-2s-replace-cartridge-3.png)
+
+![You will need the Compute Cartridge and a screwdriver.](images/surface-hub-2s-replace-cartridge-4.png)
+
+![Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD). When finished, replace the cover.](images/surface-hub-2s-repack-8.png)
+
+![You will need the packaging fixtures that were used to package your replacement Compute Cartridge.](images/surface-hub-2s-replace-cartridge-6.png)
+
+![Place the old Compute Cartridge in the packaging fixtures.](images/surface-hub-2s-replace-cartridge-7.png)
+
+![Place the old Compute Cartridge and its packaging into the box that was used for the replacement Compute Cartridge. Reseal the box.](images/surface-hub-2s-replace-cartridge-8.png)
+
+![Image of the replacement Compute Cartridge.](images/surface-hub-2s-replace-cartridge-1.png)
+
+![Slide the replacement Compute Cartridge into the unit.](images/surface-hub-2s-replace-cartridge-9.png)
+
+![Fasten the locking screw and slide the cover into place.](images/surface-hub-2s-replace-cartridge-10.png)
+
+## How to replace your Surface Hub 2S Camera
+
+Use the following steps to remove the Surface Hub 2S camera and install the new camera.
+
+![You will need the new camera and the two-millimeter allen wrench](images/surface-hub-2s-replace-camera-1.png)
+
+![Unplug the old camera from the unit. If needed, use the allen wrench to adjust the new camera. Plug the new camera into the unit.](images/surface-hub-2s-replace-camera-2.png)

education/windows/deploy-windows-10-in-a-school-district.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.localizationpriority: medium
 author: levinec
 ms.author: ellevin
-ms.date: 10/30/2017
 ms.reviewer: 
 manager: dansimp
 ---
@@ -962,7 +961,7 @@ Now that you have created your Microsoft Store for Business portal, you’re rea
 
 You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users to install the apps.
 
-For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](../../store-for-business/app-inventory-management-microsoft-store-for-business.md).
+For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/app-inventory-management-microsoft-store-for-business).
 
 #### Summary
 

education/windows/deploy-windows-10-in-a-school.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.localizationpriority: medium
 author: levinec
 ms.author: ellevin
-ms.date: 05/21/2019
 ms.reviewer: 
 manager: dansimp
 ---
@@ -587,7 +586,7 @@ Now that you have created your Microsoft Store for Business portal, you’re rea
 
 You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users.
 
-For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](../../store-for-business/app-inventory-management-microsoft-store-for-business.md).
+For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/app-inventory-management-microsoft-store-for-business). 
 
 ### Summary
 

windows/deployment/update/windows-analytics-get-started.md

@@ -97,6 +97,7 @@ The compatibility update scans your devices and enables application usage tracki
 | Windows 7 SP1        | The compatibility update is included in monthly quality updates for Windows 7. We recommend installing the latest [Windows Monthly Rollup](http://www.catalog.update.microsoft.com/Search.aspx?q=security%20monthly%20quality%20rollup%20for%20windows%207) before attempting to enroll devices into Windows Analytics. |
 
 ### Connected User Experiences and Telemetry service
+
 With Windows diagnostic data enabled, the Connected User Experience and Telemetry service (DiagTrack) collects system, application, and driver data. Microsoft analyzes this data, and shares it back to you through Windows Analytics. For the best experience, install these updates depending upon the operating system version.
 
 - For Windows 10, install the latest Windows 10 cumulative update.
@@ -166,20 +167,23 @@ When you run the deployment script, it initiates a full scan. The daily schedule
 Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Readiness deployment script at scale. For more information, see [Upgrade Readiness deployment script](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-deployment-script). For information on how to deploy PowerShell scripts by using Windows Intune, see [Manage PowerShell scripts in Intune for Windows 10 devices](https://docs.microsoft.com/intune/intune-management-extension).
 
 ### Distributing policies at scale
+
 There are a number of policies that can be centrally managed to control Windows Analytics device configuration. All of these policies have *preference* registry key equivalents that can be set by using the deployment script. Policy settings override preference settings if both are set.
 >[!NOTE]
->You can only set the diagnostic data level to Enhanced by using policy. For example, this is necessary for using Device Health.
+>You can only set the diagnostic data level to Enhanced by using policy. For example, this is necessary to use Device Health.
 
-These policies are under Microsoft\Windows\DataCollection:
+These policies are defined by values under **Microsoft\Windows\DataCollection**. All are REG_DWORD policies (except CommercialId which is REG_SZ).
 
-| Policy   | Value  |
+>[!IMPORTANT]
+>Configuring these keys independently without using the enrollment script is not recommended. There is additional validation that occurs when you use the enrollment script.
+
+| Policy   | Value  | 
 |-----------------------|------------------|
-| CommercialId | In order for your devices to show up in Windows Analytics, they must be configured with your organization’s Commercial ID. |
-| AllowTelemetry (in Windows 10) |	1 (Basic), 2 (Enhanced) or 3 (Full) diagnostic data. Windows Analytics will work with basic diagnostic data, but more features are available when you use the Enhanced level (for example, Device Health requires Enhanced diagnostic data and Upgrade Readiness only collects app usage and site discovery data on Windows 10 devices with Enhanced diagnostic data). For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). |
-| LimitEnhancedDiagnosticDataWindowsAnalytics (in Windows 10) |	Only applies when AllowTelemetry=2. Limits the Enhanced diagnostic data events sent to Microsoft to just those needed by Windows Analytics. For more information, see [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields).|
-| AllowDeviceNameInTelemetry (in Windows 10) |	In Windows 10, version 1803, a separate opt-in is required to enable devices to continue to send the device name.  Allowing device names to be collected can make it easier for you to identify individual devices that report problems. Without the device name, Windows Analytics can only label devices by a GUID that it generates. |
-| CommercialDataOptIn (in Windows 7 and Windows 8) |	1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. |
-
+| CommercialId | In order for your devices to show up in Windows Analytics, they must be configured with your organization’s Commercial ID. | 
+| AllowTelemetry  |	**In Windows 10**: 1 (Basic), 2 (Enhanced) or 3 (Full) diagnostic data. Windows Analytics will work with basic diagnostic data, but more features are available when you use the Enhanced level (for example, Device Health requires Enhanced diagnostic data and Upgrade Readiness only collects app usage and site discovery data on Windows 10 devices with Enhanced diagnostic data). For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). | 
+| LimitEnhancedDiagnosticDataWindowsAnalytics | **In Windows 10**: Only applies when AllowTelemetry=2. Limits the Enhanced diagnostic data events sent to Microsoft to just those needed by Windows Analytics. For more information, see [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields).| 
+| AllowDeviceNameInTelemetry | **In Windows 10, version 1803**: A separate opt-in is required to enable devices to continue to send the device name.  Allowing device names to be collected can make it easier for you to identify individual devices that report problems. Without the device name, Windows Analytics can only label devices by a GUID that it generates. | 
+| CommercialDataOptIn  | **In Windows 7 and Windows 8**: 1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. | 
 
 You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/*Provider ID*/CommercialID). (If you are using Microsoft Intune, use `MS DM Server` as the provider ID.) For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation.
 

windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md

@@ -1,26 +1,26 @@
 ---
-title: Device Guard is the combination of Windows Defender Application Control and virtualization-based protection of code integrity (Windows 10)
-description: Device Guard consists of both hardware and software system integrity hardening capabilites that can be deployed separately or in combination.
-keywords: virtualization, security, malware
+title: Windows Defender Application Control and virtualization-based protection of code integrity (Windows 10)
+description: Hardware and software system integrity hardening capabilites that can be deployed separately or in combination.
+keywords: virtualization, security, malware, device guard
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 author: dansimp
-ms.date: 09/07/2018
+ms.date: 07/01/2019
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ---
 
-# Device Guard: Windows Defender Application Control and virtualization-based protection of code integrity
+# Windows Defender Application Control and virtualization-based protection of code integrity
 
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 
-Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they operate with many of the properties of mobile devices. In this configuration, specific technologies work together to restrict devices to only run authorized apps by using a feature called configurable code integrity, while simultaneously hardening the OS against kernel memory attacks through the use of virtualization-based protection of code integrity (more specifically, HVCI). 
+Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows 10 systems so they operate with many of the properties of mobile devices. In this configuration, specific technologies work together to restrict devices to only run authorized apps by using a feature called configurable code integrity, while simultaneously hardening the OS against kernel memory attacks through the use of virtualization-based protection of code integrity (more specifically, HVCI). 
 
-Configurable code integrity policies and HVCI are very powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a very strong protection capability for Windows 10 devices. This combined "configuration state" of configurable code integrity and HVCI has been referred to as Windows Defender Device Guard. 
+Configurable code integrity policies and HVCI are very powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a very strong protection capability for Windows 10 devices.  
 
 Using configurable code integrity to restrict devices to only authorized apps has these advantages over other solutions:
 
@@ -29,28 +29,22 @@ Using configurable code integrity to restrict devices to only authorized apps ha
 3. Customers can protect the configurable code integrity policy even from local administrator tampering by digitally signing the policy. This would mean that changing the policy would require both administrative privilege and access to the organization’s digital signing process, making it extremely difficult for an attacker with administrative privilege, or malicious software that managed to gain administrative privilege, to alter the application control policy. 
 4. The entire configurable code integrity enforcement mechanism can be protected by HVCI, where even if a vulnerability exists in kernel mode code, the likelihood that an attacker could successfully exploit it is significantly diminished. Why is this relevant? That’s because an attacker that compromises the kernel would otherwise have enough privilege to disable most system defenses and override the application control policies enforced by configurable code integrity or any other application control solution.
 
-## (Re-)Introducing Windows Defender Application Control
+## Windows Defender Application Control
 
-When we originally designed the configuration state that we have referred to as Windows Defender Device Guard, we did so with a specific security promise in mind. Although there were no direct dependencies between the two main OS features of the Device Guard configuration, configurable code integrity and HVCI, we intentionally focused our discussion around the Device Guard lockdown state you achieve when deploying them together. 
+When we originally designed this configuration state, we did so with a specific security promise in mind. Although there were no direct dependencies between configurable code integrity and HVCI, we intentionally focused our discussion around the lockdown state you achieve when deploying them together. However, given that HVCI relies on Windows virtualization-based security, it comes with additional hardware, firmware, and kernel driver compatibility requirements that some older systems can’t meet. As a result, many IT Professionals assumed that because some systems couldn't use HVCI, they couldn’t use configurable code integrity either. 
 
-However, the use of the term Device Guard to describe this configuration state has unintentionally left an impression for many IT professionals that the two features were inexorably linked and could not be deployed separately. 
-Additionally, given that HVCI relies on Windows virtualization-based security, it comes with additional hardware, firmware, and kernel driver compatibility requirements that some older systems can’t meet. 
-
-As a result, many IT Professionals assumed that because some systems couldn't use HVCI, they couldn’t use configurable code integrity either. 
-But configurable code integrity carries no specific hardware or software requirements other than running Windows 10, which means many IT professionals were wrongly denied the benefits of this powerful application control capability.
+Configurable code integrity carries no specific hardware or software requirements other than running Windows 10, which means many IT professionals were wrongly denied the benefits of this powerful application control capability.
 
 Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. With this in mind, we are discussing and documenting configurable code integrity as a independent technology within our security stack and giving it a name of its own: [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control). 
 We hope this change will help us better communicate options for adopting application control within an organization.
 
-Does this mean Windows Defender Device Guard configuration state is going away? Not at all. The term Device Guard will continue to be used as a way to describe the fully locked down state achieved through the use of Windows Defender Application Control (WDAC), HVCI, and hardware and firmware security features. It also allows us to work with our OEM partners to identify specifications for devices that are “Device Guard capable” so that our joint customers can easily purchase devices that meet all of the hardware and firmware requirements of the original "Device Guard" locked down scenario for Windows 10 based devices.
-
 ## Related topics
 
 [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control)
 
-[Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender Device Guard](https://channel9.msdn.com/Events/Ignite/2015/BRK2336)
+[Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender](https://channel9.msdn.com/Events/Ignite/2015/BRK2336)
 
-[Driver compatibility with Windows Defender Device Guard in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10)
+[Driver compatibility with Windows Defender in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10)
 
 [Code integrity](https://technet.microsoft.com/library/dd348642.aspx)