Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into tocideas

windows/deployment/TOC.yml

@@ -42,7 +42,7 @@
         - name: Determine application readiness
           href: update/plan-determine-app-readiness.md 
         - name: Define your servicing strategy
-          href: update/waas-servicing-strategy-windows-10-updates.md
+          href: update/plan-define-strategy.md
         - name: Best practices for feature updates on mission-critical devices
           href: update/feature-update-mission-critical.md
         - name: Windows 10 deployment considerations
@@ -165,8 +165,10 @@
           items:
             - name: Monitor Delivery Optimization
               href: update/waas-delivery-optimization-setup.md#monitor-delivery-optimization
-            - name: Monitor Windows Updates with Update Compliance
+            - name: Monitor Windows Updates
               items:
+              - name: Monitor Windows Updates with Update Compliance
+                href: update/update-compliance-monitor.md
               - name: Get started
                 items: 
                   - name: Get started with Update Compliance
@@ -238,6 +240,8 @@
       items:
         - name: How does Windows Update work?
           href: update/how-windows-update-works.md
+        - name: Deploy Windows 10 with Microsoft 365
+          href: deploy-m365.md
         - name: Understanding the Unified Update Platform
           href: update/windows-update-overview.md
         - name: Servicing stack updates

windows/deployment/deploy-m365.md

@@ -50,8 +50,8 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
 >If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.
 
 1. [Obtain a free M365 trial](https://docs.microsoft.com/office365/admin/try-or-buy-microsoft-365).
-2. Check out the [Microsoft 365 deployment advisor](https://portal.office.com/onboarding/Microsoft365DeploymentAdvisor#/).
-3. Also check out the [Windows Analytics deployment advisor](https://portal.office.com/onboarding/WindowsAnalyticsDeploymentAdvisor#/). This advisor will walk you through deploying [Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), [Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), and [Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor). 
+2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
+3. Also check out the [Windows Analytics deployment advisor](https://aka.ms/windowsanalyticssetupguide). This advisor will walk you through deploying [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview). 
 
 That's all there is to it! 
 

windows/deployment/update/get-started-updates-channels-tools.md

@@ -47,7 +47,7 @@ The first step of controlling when and how devices install updates is assigning
 
 ### Semi-annual Channel
 
-In the Semi-annual Channel, feature updates are available as soon as Microsoft releases them, twice per year. As long as a device isn't set to defer feature updates, any device using the Semi-annual Channel will install a feature update as soon as it's released. If you use Windows Update for Business, the Semi-annual Channel provides three months of additional total deployment time before being required to update to the next release.{IS THIS STILL TRUE?}
+In the Semi-annual Channel, feature updates are available as soon as Microsoft releases them, twice per year. As long as a device isn't set to defer feature updates, any device using the Semi-annual Channel will install a feature update as soon as it's released. If you use Windows Update for Business, the Semi-annual Channel provides three months of additional total deployment time before being required to update to the next release.
 
 > [!NOTE]
 > All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.

windows/deployment/update/plan-define-strategy.md

@@ -0,0 +1,49 @@
+---
+title: Define update strategy
+description: Two examples of a calendar-based approach to consistent update installation
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer: 
+manager: laurawi
+ms.topic: article
+---
+
+# Define update strategy with a calendar
+
+Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
+
+Today, more organizations are treating deployment as a continual process of updates which roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
+
+Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, an so you might choose to update annually. The 18/30 month lifecycle cadence lets you to allow some portion of you environment to move faster while a majority can move less quickly.
+
+## Calendar approaches
+You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
+
+### Annual
+Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Configuration Manager and Microsoft 365 Apps release cycles:
+
+![Calendar showing an annual update cadence](images/annual-calendar.png)
+
+This approach provides approximately twelve months of use from each feature update before the next update is due to be installed. By aligning to the Windows 10, version H2 feature update, each release will be serviced for 30 months from the time of availability, giving you more flexibility when applying future feature updates.
+
+This cadence might be most suitable for you if any of these conditions apply:
+
+- You are just starting your journey with the Windows 10 servicing process. If you are unfamiliar with new processes that support Windows 10 servicing, moving from a once every 3-5 year project to a twice a year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
+- You want to wait and see how successful other companies are at adopting a Windows 10 feature update.
+- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
+
+### Rapid
+This calendar shows an example schedule that installs each feature update as it is released, twice per year:
+
+![Update calendar showing a faster update cadence](images/rapid-calendar.png)
+
+This cadence might be best for you if these conditions apply:
+
+- You have a strong appetite for change.
+- You want to continuously update supporting infrastructure and unlock new scenarios.
+- Your organization has a large population of information workers that can use the latest features and functionality in Windows 10 and Office.
+- You have experience with feature updates for Windows 10.

windows/deployment/vda-subscription-activation.md

@@ -66,28 +66,26 @@ For examples of activation issues, see [Troubleshoot the user experience](https:
 4. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**.
 5. Click **Add**, type **Authenticated users**, and then click **OK** three times.
 6. Follow the instructions to use sysprep at [Steps to generalize a VHD](https://docs.microsoft.com/azure/virtual-machines/windows/prepare-for-upload-vhd-image#steps-to-generalize-a-vhd) and then start the VM again.
-7. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
-8. Open Windows Configuration Designer and click **Provison desktop services**.
-9. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 10.
-
-    1. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name.
+7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps to use Windows Configuration Designer and inject an activation key. Otherwise, skip to step 20.
+8. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
+9. Open Windows Configuration Designer and click **Provison desktop services**.
+10. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name.
         - Note: You can use a different project name, but this name is also used with dism.exe in a subsequent step.
-    2. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
-10. On the Set up network page, choose **Off**.
-11. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
+11. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
+12. On the Set up network page, choose **Off**.
+13. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
     - Note: This step is different for [Azure AD-joined VMs](#azure-active-directory-joined-vms).
-12. On the Add applications page, add applications if desired. This step is optional.
-13. On the Add certificates page, add certificates if desired. This step is optional.
-14. On the Finish page, click **Create**.
-15. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 16.
-    1. In file explorer, double-click the VHD to mount the disk image. Determine the drive letter of the mounted image.
-    2. Type the following at an elevated commnand prompt. Replace the letter **G** with the drive letter of the mounted image, and enter the project name you used if it is different than the one suggested:
+14. On the Add applications page, add applications if desired. This step is optional.
+15. On the Add certificates page, add certificates if desired. This step is optional.
+16. On the Finish page, click **Create**.
+17. In file explorer, double-click the VHD to mount the disk image. Determine the drive letter of the mounted image.
+18. Type the following at an elevated command prompt. Replace the letter **G** with the drive letter of the mounted image, and enter the project name you used if it is different than the one suggested:
 
-    ```
+    ```cmd
     Dism.exe /Image=G:\ /Add-ProvisioningPackage /PackagePath: "Desktop AD Enrollment Pro GVLK.ppkg"
     ```
-    3. Right-click the mounted image in file explorer and click **Eject**.
-16. See instructions at [Upload and create VM from generalized VHD](https://docs.microsoft.com/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image.
+19. Right-click the mounted image in file explorer and click **Eject**.
+20. See instructions at [Upload and create VM from generalized VHD](https://docs.microsoft.com/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image.
 
 ## Azure Active Directory-joined VMs
 

windows/deployment/windows-autopilot/policy-conflicts.md

@@ -23,13 +23,18 @@ ms.topic: article
 
 - Windows 10
 
-There are a sigificant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
+There are a significant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
 
 <table>
 <th>Policy<th>More information
 
-<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/partner-center/regional-authorization-overview">Password policy</a>
-<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.
+<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/windows/client-management/mdm/devicelock-csp">Password Policy</a></td>
+<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.  This is especially true for kiosk scenarios where passwords are automatically generated.</td>
+
+<tr><td width="50%">Windows 10 Security Baseline / <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions">Administrator elevation prompt behavior</a>
+<br>Windows 10 Security Baseline / <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions">Require admin approval mode for administrators</a></td>
+<td>When modifying user account control (UAC) settings during the out-of-box experience (OOBE) using device Enrollment Status Page (ESP), additional UAC prompts may result, especially if the device reboots after these policies are applied enabling them to take effect.  To work around this issue, the policies can be targeted to users instead of devices so that they apply later in the process.</td>
+
 </table>
 
 ## Related topics