Merge pull request #742 from MicrosoftDocs/public

Public to private master merge

browsers/edge/includes/configure-kiosk-mode-supported-values-include.md

@@ -11,7 +11,7 @@ ms.topic: include
 
 | | |
 |----------|------|
-|**Single-app**<p><a href="/images/Picture1.png" alt="Full-sized view single-app digital/interactive signage" target="_blank">![thumbnail](../images/Picture1-sm.png)</a><p>**Digital/interactive signage**<p>Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.<ul><li>**Digital signage** does not require user interaction.<p>***Example.*** Use digital signage for things like a rotating advertisement or menu.<p></li><li>**Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.<p>***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.</li></ul><p>**Policy setting** = Not configured (0 default)<p>                                      |                                                                                                                    <p>&nbsp;<p><a href="/images/Picture2.png" alt="Full-sized view single-app public browsing" target="_blank">![thumbnail](../images/Picture2-sm.png)</a> <p><strong>Public browsing</strong><p>Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge.  Users can only browse publically or end their browsing session.<p>The single-app public browsing mode is the only kiosk mode that has an <strong>End session</strong> button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.<p><em><strong>Example.</strong></em> A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps. <p><strong>Policy setting</strong> = Enabled (1)                                                                                                                     |
+|**Single-app**<p><a href="../images/Picture1.png" alt="Full-sized view single-app digital/interactive signage" target="_blank">![thumbnail](../images/Picture1-sm.png)</a><p>**Digital/interactive signage**<p>Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.<ul><li>**Digital signage** does not require user interaction.<p>***Example.*** Use digital signage for things like a rotating advertisement or menu.<p></li><li>**Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.<p>***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.</li></ul><p>**Policy setting** = Not configured (0 default)<p>                                      |                                                                                                                    <p>&nbsp;<p><a href="../images/Picture2.png" alt="Full-sized view single-app public browsing" target="_blank">![thumbnail](../images/Picture2-sm.png)</a> <p><strong>Public browsing</strong><p>Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge.  Users can only browse publically or end their browsing session.<p>The single-app public browsing mode is the only kiosk mode that has an <strong>End session</strong> button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.<p><em><strong>Example.</strong></em> A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps. <p><strong>Policy setting</strong> = Enabled (1)                                                                                                                     |
-| **Multi-app**<p><a href="/images/Picture5.png" alt="Full-sized view multi-app normal browsing" target="_blank">![thumbnail](../images/Picture5-sm.png)</a><p>**Normal browsing**<p>Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.<p>Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.<p>**Policy setting** = Not configured (0 default) | <p>&nbsp;<p><a href="/images/Picture6.png" alt="Full-sized view multi-app public browsing" target="_blank">![thumbnail](../images/Picture6-sm.png)</a><p><strong>Public browsing</strong><p>Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.<p>In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. <p><em><strong>Example.</strong></em> A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.<p><strong>Policy setting</strong> = Enabled (1) |
+| **Multi-app**<p><a href="../images/Picture5.png" alt="Full-sized view multi-app normal browsing" target="_blank">![thumbnail](../images/Picture5-sm.png)</a><p>**Normal browsing**<p>Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.<p>Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.<p>**Policy setting** = Not configured (0 default) | <p>&nbsp;<p><a href="../images/Picture6.png" alt="Full-sized view multi-app public browsing" target="_blank">![thumbnail](../images/Picture6-sm.png)</a><p><strong>Public browsing</strong><p>Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.<p>In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. <p><em><strong>Example.</strong></em> A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.<p><strong>Policy setting</strong> = Enabled (1) |
 
 ---

devices/hololens/hololens-cortana.md

@@ -31,13 +31,13 @@ Here are some things you can try saying (remember to say "Hey Cortana" first):
 - Restart.
 - Go to sleep.
 - Mute.
-- Launch <app name>.
+- Launch `<app name>`.
-- Move <app name> here (gaze at the spot you want the app to move to).
+- Move `<app name>` here (gaze at the spot you want the app to move to).
 - Go to Start.
 - Take a picture.
 - Start recording. (Starts recording a video.)
 - Stop recording. (Stops recording a video.)
-- Call <contact>. (Requires Skype.)
+- Call `<contact>`. (Requires Skype.)
 - What time is it?
 - Show me the latest NBA scores. 
 - How much battery do I have left?

devices/hololens/hololens-setup.md

@@ -59,7 +59,7 @@ HoloLens doesn't have an on-device command line.  With that in mind, the setting
 
 Open settings by opening the start menu and clicking on the **Settings** in the top bar.  You can also ask Cortana to open settings.
 
-Follow [this guide](https://docs.microsoft.com/en-us/windows/mixed-reality/navigating-the-windows-mixed-reality-home) to navigate around the HoloLens home.
+Follow [this guide](https://docs.microsoft.com/windows/mixed-reality/navigating-the-windows-mixed-reality-home) to navigate around the HoloLens home.
 
 ### Connect bluetooth devices
 

devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md

@@ -534,7 +534,7 @@ if ($status.Count -gt 0)
         elseif ($v[0] -eq "F")
         {
             $color = "red"
-            $v += " Go to http://aka.ms/shubtshoot"
+            $v += " Go to https://aka.ms/shubtshoot"
         }
 
         Write-Host -NoNewline $k -ForegroundColor $color
@@ -978,7 +978,7 @@ if ($status.Count -gt 0)
         elseif ($v[0] -eq "F")
         {
             $color = "red"
-            $v += " Go to http://aka.ms/shubtshoot for help"
+            $v += " Go to https://aka.ms/shubtshoot for help"
         }
 
         Write-Host -NoNewline $k -ForegroundColor $color

devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md

@@ -127,7 +127,7 @@ The administrative features in Windows 10 Enterprise, such as the Microsoft Mana
 
 ### Remote management and monitoring
 
-Surface Hub supports remote management through mobile device management (MDM) solutions such as [Microsoft Intune](https://docs.microsoft.com/en-us/intune/) and monitoring through [Azure Monitor](https://azure.microsoft.com/services/monitor/). 
+Surface Hub supports remote management through mobile device management (MDM) solutions such as [Microsoft Intune](https://docs.microsoft.com/intune/) and monitoring through [Azure Monitor](https://azure.microsoft.com/services/monitor/). 
 
 *Organization policies that this may affect:* <br> Surface Hub doesn't support installing Win32 agents required by most traditional PC management and monitoring tools, such as System Center Operations Manager.
 

devices/surface-hub/surface-hub-2s-phone-authenticate.md

@@ -40,4 +40,4 @@ Password-less phone sign-in simplifies signing-in to your meetings and files on
 3. If prompted, enter the PIN or biometric ID on your phone to complete sign-in.
 
 ## Learn more
-For more information, see [Password-less phone sign-in with the Microsoft Authenticator app](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in).
+For more information, see [Password-less phone sign-in with the Microsoft Authenticator app](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-phone-sign-in).

devices/surface-hub/surface-hub-2s-prepare-environment.md

@@ -45,6 +45,6 @@ If you affiliate Surface Hub 2S with on-premises Active Directory Domain Service
 
 ## Azure Active Directory
 
-When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
+When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
 
 If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work.

devices/surface-hub/surface-hub-2s-setup.md

@@ -44,7 +44,7 @@ When you first start Surface Hub 2S, the device automatically enters first time
  
 ## Configuring device admin accounts
 
-You can only set up device admins during first time Setup. For more information, refer to [Surface Hub 2S device affiliation](https://docs.microsoft.com/en-us/surface-hub/surface-hub-2s-prepare-environment#device-affiliation).
+You can only set up device admins during first time Setup. For more information, refer to [Surface Hub 2S device affiliation](https://docs.microsoft.com/surface-hub/surface-hub-2s-prepare-environment#device-affiliation).
 
  In the **Setup admins for this device** window, select one of the following options: Active Directory Domain Services, Azure Active Directory, or Local admin.
 
@@ -92,7 +92,7 @@ If you insert a USB thumb drive with a provisioning package into one of the USB
 
    ![* Choose provisioning package to use*](images/sh2-run13.png) <br>
 
-3. If you created a multiple devices CSV file, you will be able to choose a device configuration. For more information, refer to [Create provisioning packages for Surface Hub 2S](https://docs.microsoft.com/en-us/surface-hub/surface-hub-2s-deploy#provisioning-multiple-devices-csv-file).
+3. If you created a multiple devices CSV file, you will be able to choose a device configuration. For more information, refer to [Create provisioning packages for Surface Hub 2S](https://docs.microsoft.com/surface-hub/surface-hub-2s-deploy#provisioning-multiple-devices-csv-file).
 
 
     ![* Select a device account and friendly name from your configuration file*](images/sh2-run14.png) <br>

devices/surface/surface-enterprise-management-mode.md

@@ -226,8 +226,16 @@ create a reset package using PowerShell to reset SEMM.
 
 ## Version History
 
+
+
+### Version 2.43.136.0
+* Support to enable/disable simulatenous multithreating 
+* Separate options for WiFi and Bluetooth for some devices 
+* Battery Limit removed for Surface Studio 
+
 ### Version 2.26.136.0
 * Add support to Surface Studio 2
+* Battery Limit feature
 
 ### Version 2.21.136.0
 * Add support to Surface Pro 6

it-client

@@ -1 +0,0 @@
-Subproject commit 61e0a21977430f3c0eef1c32e398999dc090c332

mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md

@@ -51,21 +51,16 @@ Use the following procedure to install the publishing server on a separate compu
 
 9. To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: <strong>http://publishingserver:pubport</strong>. If the server is running correctly information similar to the following will be displayed:
 
-   `<Publishing Protocol="1.0">`
+   ```xml
-
+   <Publishing Protocol="1.0">
-   `  <Packages>`
+     <Packages>
-
+       <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" VersionId="5d03c08f-51dc-4026-8cf9-15ebe3d65a72" PackageUrl="\\server\share\file.appv" />
-   `  <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" VersionId="5d03c08f-51dc-4026-8cf9-15ebe3d65a72" PackageUrl="\\server\share\file.appv" />`
+     </Packages>
-
+     <NoGroup>
-   `  </Packages>`
+       <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" />
-
+     </NoGroup>
-   `  <NoGroup>`
+   </Publishing>
-
+   ```
-   `  <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" />`
-
-   `  </NoGroup>`
-
-   `</Publishing>`
 
    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 

mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer51.md

@@ -51,21 +51,16 @@ Use the following procedure to install the publishing server on a separate compu
 
 9. To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: <strong>http://publishingserver:pubport</strong>. If the server is running correctly information similar to the following will be displayed:
 
-   `<Publishing Protocol="1.0">`
+   ```xml
-
+   <Publishing Protocol="1.0">
-   `  <Packages>`
+     <Packages>
-
+       <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" VersionId="5d03c08f-51dc-4026-8cf9-15ebe3d65a72" PackageUrl="\\server\share\file.appv" />
-   `  <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" VersionId="5d03c08f-51dc-4026-8cf9-15ebe3d65a72" PackageUrl="\\server\share\file.appv" />`
+     </Packages>
-
+     <NoGroup>
-   `  </Packages>`
+       <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" />
-
+     </NoGroup>
-   `  <NoGroup>`
+   </Publishing>
-
+   ```
-   `  <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" />`
-
-   `  </NoGroup>`
-
-   `</Publishing>`
 
    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 

mdop/mbam-v1/how-to-move-mbam-10-features-to-another-computer.md

@@ -88,49 +88,55 @@ You can use the following procedure to move the MBAM Recovery and Hardware Datab
 
     Modify the MBAM Recovery and Hardware Database to use the full recovery mode.
 
-    `USE master;`
+    ```sql
+    USE master;
 
-    `GO`
+    GO
 
-    `ALTER DATABASE "MBAM Recovery and Hardware"`
+    ALTER DATABASE "MBAM Recovery and Hardware"
 
-    `   SET RECOVERY FULL;`
+       SET RECOVERY FULL;
 
-    `GO`
+    GO
+    ```
 
     Create MBAM Recovery and Hardware Database Data and MBAM Recovery logical backup devices.
 
-    `USE master`
+    ```sql
+    USE master
 
-    `GO`
+    GO
 
-    `EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device',`
+    EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device',
 
-    `'Z:\MBAM Recovery and Hardware Database Data.bak';`
+    'Z:\MBAM Recovery and Hardware Database Data.bak';
 
-    `GO`
+    GO
+    ```
 
     Back up the full MBAM Recovery and Hardware database.
 
-    `BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device];`
+    ```sql
+    BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device];
 
-    `GO`
+    GO
 
-    `BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate]`
+    BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate]
 
-    `TO FILE = 'Z:\SQLServerInstanceCertificateFile'`
+    TO FILE = 'Z:\SQLServerInstanceCertificateFile'
 
-    `WITH PRIVATE KEY`
+    WITH PRIVATE KEY
 
-    `(`
+    (
 
-    `    FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',`
+        FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',
 
-    `    ENCRYPTION BY PASSWORD = '$PASSWORD$'`
+        ENCRYPTION BY PASSWORD = '$PASSWORD$'
 
-    `);`
+    );
 
-    `GO`
+    GO
+    ```
 
     **Note**  
     Replace the values from the preceding example with those that match your environment:
@@ -181,43 +187,51 @@ You can use the following procedure to move the MBAM Recovery and Hardware Datab
 
 4.  To automate this procedure, create a SQL file (.sql) that contains the following SQL script:
 
-    `-- Restore MBAM Recovery and Hardware Database. `
+    ```sql
+    -- Restore MBAM Recovery and Hardware Database. 
 
-    `USE master`
+    USE master
 
-    `GO`
+    GO
+    ```
 
     Drop the certificate created by MBAM Setup.
 
-    `DROP CERTIFICATE [MBAM Recovery Encryption Certificate]`
+    ```sql
+    DROP CERTIFICATE [MBAM Recovery Encryption Certificate]
 
-    `GO`
+    GO
+    ```
 
     Add certificate
 
-    `CREATE CERTIFICATE [MBAM Recovery Encryption Certificate]`
+    ```sql
+    CREATE CERTIFICATE [MBAM Recovery Encryption Certificate]
 
-    `FROM FILE = 'Z: \SQLServerInstanceCertificateFile'`
+    FROM FILE = 'Z: \SQLServerInstanceCertificateFile'
 
-    `WITH PRIVATE KEY`
+    WITH PRIVATE KEY
 
-    `(`
+    (
 
-    `    FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',`
+        FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',
 
-    `    DECRYPTION BY PASSWORD = '$PASSWORD$'`
+        DECRYPTION BY PASSWORD = '$PASSWORD$'
 
-    `);`
+    );
 
-    `GO`
+    GO
+    ```
 
     Restore the MBAM Recovery and Hardware database data and the log files.
 
-    `RESTORE DATABASE [MBAM Recovery and Hardware]`
+    ```sql
+    RESTORE DATABASE [MBAM Recovery and Hardware]
 
-    `   FROM DISK = 'Z:\MBAM Recovery and Hardware Database Data.bak'`
+       FROM DISK = 'Z:\MBAM Recovery and Hardware Database Data.bak'
 
-    `   WITH REPLACE`
+       WITH REPLACE
+    ```
 
     **Note**  
     Replace the values from the preceding example with those that match your environment:
@@ -354,35 +368,37 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
 2.  To automate this procedure, create a SQL file (.sql) that contains the following-SQL script:
 
-    `-- Modify the MBAM Compliance Status Database to use the full recovery model.`
+    ```sql
+    -- Modify the MBAM Compliance Status Database to use the full recovery model.
 
-    `USE master;`
+    USE master;
 
-    `GO`
+    GO
 
-    `ALTER DATABASE "MBAM Compliance Status"`
+    ALTER DATABASE "MBAM Compliance Status"
 
-    `   SET RECOVERY FULL;`
+       SET RECOVERY FULL;
 
-    `GO`
+    GO
 
-    `-- Create MBAM Compliance Status Data logical backup devices.`
+    -- Create MBAM Compliance Status Data logical backup devices.
 
-    `USE master`
+    USE master
 
-    `GO`
+    GO
 
-    `EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device',`
+    EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device',
 
-    `'Z: \MBAM Compliance Status Database Data.bak';`
+    'Z: \MBAM Compliance Status Database Data.bak';
 
-    `GO`
+    GO
 
     -- Back up the full MBAM Recovery and Hardware database.
 
-    `BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device];`
+    BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device];
 
-    `GO`
+    GO
+    ```
 
 3.  Run the SQL file with a command that is similar to the following one, by using the SQL Server PowerShell:
 
@@ -422,19 +438,21 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
 3.  To automate this procedure, create a SQL file (.sql) that contains the following-SQL script:
 
-    `-- Create MBAM Compliance Status Database Data logical backup devices. `
+    ```sql
+    -- Create MBAM Compliance Status Database Data logical backup devices. 
 
-    `Use master`
+    Use master
 
-    `GO`
+    GO
 
     -- Restore the MBAM Compliance Status database data files.
 
-    `RESTORE DATABASE [MBAM Compliance Status Database]`
+    RESTORE DATABASE [MBAM Compliance Status Database]
 
-    `   FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak'`
+       FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak'
 
-    `   WITH REPLACE`
+       WITH REPLACE
+    ```
 
 4.  Run the SQL File with a command that is similar to the following one, by using the SQL Server PowerShell:
 

mdop/mbam-v2/how-to-move-mbam-20-features-to-another-computer-mbam-2.md

@@ -88,49 +88,51 @@ To move the Recovery Database from one computer to another (for example, from Se
 
     Modify the MBAM Recovery Database to use the full recovery mode.
 
-    `USE master;`
+    ```sql
+    USE master;
 
-    `GO`
+    GO
 
-    `ALTER DATABASE "MBAM Recovery and Hardware"`
+    ALTER DATABASE "MBAM Recovery and Hardware"
 
-    `   SET RECOVERY FULL;`
+       SET RECOVERY FULL;
 
-    `GO`
+    GO
 
     -- Create MBAM Recovery Database Data and MBAM Recovery logical backup devices.
 
-    `USE master`
+    USE master
 
-    `GO`
+    GO
 
-    `EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device',`
+    EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device',
 
-    `'Z:\MBAM Recovery Database Data.bak';`
+    'Z:\MBAM Recovery Database Data.bak';
 
-    `GO`
+    GO
 
     -- Back up the full MBAM Recovery Database.
 
-    `BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device];`
+    BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device];
 
-    `GO`
+    GO
 
-    `BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate]`
+    BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate]
 
-    `TO FILE = 'Z:\SQLServerInstanceCertificateFile'`
+    TO FILE = 'Z:\SQLServerInstanceCertificateFile'
 
-    `WITH PRIVATE KEY`
+    WITH PRIVATE KEY
 
-    `(`
+    (
 
-    `    FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',`
+        FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',
 
-    `    ENCRYPTION BY PASSWORD = '$PASSWORD$'`
+        ENCRYPTION BY PASSWORD = '$PASSWORD$'
 
-    `);`
+    );
 
-    `GO`
+    GO
+    ```
 
     **Note**  
     Replace the following values in the example above with those that match your environment:
@@ -183,43 +185,45 @@ To move the Recovery Database from one computer to another (for example, from Se
 
 4.  To automate this procedure, create a SQL file (.sql) that contains the following-SQL script:
 
-    `-- Restore MBAM Recovery Database. `
+    ```sql
+    -- Restore MBAM Recovery Database. 
 
-    `USE master`
+    USE master
 
-    `GO`
+    GO
 
     -- Drop certificate created by MBAM Setup.
 
-    `DROP CERTIFICATE [MBAM Recovery Encryption Certificate]`
+    DROP CERTIFICATE [MBAM Recovery Encryption Certificate]
 
-    `GO`
+    GO
 
     --Add certificate
 
-    `CREATE CERTIFICATE [MBAM Recovery Encryption Certificate]`
+    CREATE CERTIFICATE [MBAM Recovery Encryption Certificate]
 
-    `FROM FILE = 'Z: \SQLServerInstanceCertificateFile'`
+    FROM FILE = 'Z: \SQLServerInstanceCertificateFile'
 
-    `WITH PRIVATE KEY`
+    WITH PRIVATE KEY
 
-    `(`
+    (
 
-    `    FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',`
+        FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',
 
-    `    DECRYPTION BY PASSWORD = '$PASSWORD$'`
+        DECRYPTION BY PASSWORD = '$PASSWORD$'
 
-    `);`
+    );
 
-    `GO`
+    GO
 
     -- Restore the MBAM Recovery Database data and log files.
 
-    `RESTORE DATABASE [MBAM Recovery and Hardware]`
+    RESTORE DATABASE [MBAM Recovery and Hardware]
 
-    `   FROM DISK = 'Z:\MBAM Recovery Database Data.bak'`
+       FROM DISK = 'Z:\MBAM Recovery Database Data.bak'
 
-    `   WITH REPLACE`
+       WITH REPLACE
+    ```
 
     **Note**  
     Replace the following values in the example above with those that match your environment:
@@ -362,35 +366,37 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
 2.  To automate this procedure, create a SQL file (.sql) that contains the following-SQL script:
 
-    `-- Modify the MBAM Compliance Status Database to use the full recovery model.`
+    ```sql
+    -- Modify the MBAM Compliance Status Database to use the full recovery model.
 
-    `USE master;`
+    USE master;
 
-    `GO`
+    GO
 
-    `ALTER DATABASE "MBAM Compliance Status"`
+    ALTER DATABASE "MBAM Compliance Status"
 
-    `   SET RECOVERY FULL;`
+       SET RECOVERY FULL;
 
-    `GO`
+    GO
 
-    `-- Create MBAM Compliance Status Data logical backup devices.`
+    -- Create MBAM Compliance Status Data logical backup devices.
 
-    `USE master`
+    USE master
 
-    `GO`
+    GO
 
-    `EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device',`
+    EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device',
 
-    `'Z: \MBAM Compliance Status Database Data.bak';`
+    'Z: \MBAM Compliance Status Database Data.bak';
 
-    `GO`
+    GO
 
     -- Back up the full MBAM Recovery database.
 
-    `BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device];`
+    BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device];
 
-    `GO`
+    GO
+    ```
 
 3.  Run the SQL file by using a Windows PowerShell command line that is similar to the following:
 
@@ -430,19 +436,21 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
 3.  To automate this procedure, create a SQL file (.sql) that contains the following-SQL script:
 
-    `-- Create MBAM Compliance Status Database Data logical backup devices. `
+    ```sql
+    -- Create MBAM Compliance Status Database Data logical backup devices. 
 
-    `Use master`
+    Use master
 
-    `GO`
+    GO
 
     -- Restore the MBAM Compliance Status database data files.
 
-    `RESTORE DATABASE [MBAM Compliance Status]`
+    RESTORE DATABASE [MBAM Compliance Status]
 
-    `   FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak'`
+       FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak'
 
-    `   WITH REPLACE`
+       WITH REPLACE
+    ```
 
 4.  Run the SQL File by using a Windows PowerShell command line that is similar to the following:
 

mdop/mbam-v25/TOC.md

@@ -83,6 +83,7 @@
 #### [Monitoring Web Service Request Performance Counters](monitoring-web-service-request-performance-counters.md)
 ### [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md)
 ## [Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md)
+## [Applying hotfixes on MBAM 2.5 SP1](apply-hotfix-for-mbam-25-sp1.md)
 ## [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
 ### [Client Event Logs](client-event-logs.md)
 ### [Server Event Logs](server-event-logs.md)

mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md

@@ -240,7 +240,7 @@ Version identifies the version of the settings location template for administrat
 
 **Hint:** You can save notes about version changes using XML comment tags `<!-- -->`, for example:
 
-``` syntax
+```xml
   <!--
      Version History
 
@@ -279,7 +279,7 @@ Author identifies the creator of the settings location template. Two optional ch
 
 Processes contains at least one `<Process>` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
 
-``` syntax
+```xml
 <Process>
   <Filename>MyApplication.exe</Filename>
   <Architecture>Win64</Architecture>
@@ -354,7 +354,7 @@ UE-V does not support ARM processors in this version.
 
 ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
 
-``` syntax
+```xml
 <Process>
   <Filename>MyApplication.exe</Filename>
   <ProductName>My Application 6.x by Contoso.com</ProductName>
@@ -374,9 +374,8 @@ FileDescription is an optional tag that allows for an administrative description
 
 For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here:
 
-``` syntax
+```xml
 <Processes>
-
   <Process>
     <Filename>MyApplication.exe</Filename>
     <FileDescription>My Application Main Engine</ FileDescription>
@@ -408,7 +407,7 @@ The product and file version elements may be left unspecified. Doing so makes th
 
 Product version: 1.0 specified in the UE-V Generator produces the following XML:
 
-``` syntax
+```xml
 <ProductVersion>
   <Major Minimum="1" Maximum="1" />
   <Minor Minimum="0" Maximum="0" />
@@ -419,7 +418,7 @@ Product version: 1.0 specified in the UE-V Generator produces the following XML:
 
 File version: 5.0.2.1000 specified in the UE-V Generator produces the following XML:
 
-``` syntax
+```xml
 <FileVersion>
   <Major Minimum="5" Maximum="5" />
   <Minor Minimum="0" Maximum="0" />
@@ -432,7 +431,7 @@ File version: 5.0.2.1000 specified in the UE-V Generator produces the following
 
 Only the Minimum attribute is present. Maximum must be included in a range as well.
 
-``` syntax
+```xml
 <ProductVersion>
   <Major Minimum="2" />
 </ProductVersion>
@@ -442,7 +441,7 @@ Only the Minimum attribute is present. Maximum must be included in a range as we
 
 Only the Minor element is present. Major must be included as well.
 
-``` syntax
+```xml
 <ProductVersion>
   <Minor Minimum="0" Maximum="0" />
 </ProductVersion>
@@ -462,7 +461,7 @@ Including a FileVersion element for an application allows for more granular fine
 
 The child elements and syntax rules for FileVersion are identical to those of ProductVersion.
 
-``` syntax
+```xml
 <Process>
   <Filename>MSACCESS.EXE</Filename>
   <Architecture>Win32</Architecture>
@@ -1177,7 +1176,7 @@ Version identifies the version of the settings location template for administrat
 
 **Hint:** You can save notes about version changes using XML comment tags `<!-- -->`, for example:
 
-``` syntax
+```xml
 <!--
     Version History
 
@@ -1216,7 +1215,7 @@ Author identifies the creator of the settings location template. Two optional ch
 
 Processes contains at least one `<Process>` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
 
-``` syntax
+```xml
 <Process>
   <Filename>MyApplication.exe</Filename>
   <Architecture>Win64</Architecture>
@@ -1291,7 +1290,7 @@ UE-V does not support ARM processors in this version.
 
 ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
 
-``` syntax
+```xml
 <Process>
   <Filename>MyApplication.exe</Filename>
   <ProductName>My Application 6.x by Contoso.com</ProductName>
@@ -1311,9 +1310,8 @@ FileDescription is an optional tag that allows for an administrative description
 
 For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here:
 
-``` syntax
+```xml
 <Processes>
-
   <Process>
     <Filename>MyApplication.exe</Filename>
     <FileDescription>My Application Main Engine</ FileDescription>
@@ -1345,7 +1343,7 @@ The product and file version elements may be left unspecified. Doing so makes th
 
 Product version: 1.0 specified in the UE-V Generator produces the following XML:
 
-``` syntax
+```xml
 <ProductVersion>
   <Major Minimum="1" Maximum="1" />
   <Minor Minimum="0" Maximum="0" />
@@ -1356,7 +1354,7 @@ Product version: 1.0 specified in the UE-V Generator produces the following XML:
 
 File version: 5.0.2.1000 specified in the UE-V Generator produces the following XML:
 
-``` syntax
+```xml
 <FileVersion>
   <Major Minimum="5" Maximum="5" />
   <Minor Minimum="0" Maximum="0" />
@@ -1369,7 +1367,7 @@ File version: 5.0.2.1000 specified in the UE-V Generator produces the following
 
 Only the Minimum attribute is present. Maximum must be included in a range as well.
 
-``` syntax
+```xml
 <ProductVersion>
   <Major Minimum="2" />
 </ProductVersion>
@@ -1379,7 +1377,7 @@ Only the Minimum attribute is present. Maximum must be included in a range as we
 
 Only the Minor element is present. Major must be included as well.
 
-``` syntax
+```xml
 <ProductVersion>
   <Minor Minimum="0" Maximum="0" />
 </ProductVersion>
@@ -1399,7 +1397,7 @@ Including a FileVersion element for an application allows for more granular fine
 
 The child elements and syntax rules for FileVersion are identical to those of ProductVersion.
 
-``` syntax
+```xml
 <Process>
   <Filename>MSACCESS.EXE</Filename>
   <Architecture>Win32</Architecture>

store-for-business/distribute-apps-from-your-private-store.md

@@ -43,13 +43,11 @@ Microsoft Store adds the app to **Products and services**. Click **Manage**, **A
 
     <!--- ![Image showing Manage menu in Microsoft Store for Business.](images/wsfb-manageinventory.png) -->
 
-3.  Use **Refine results** to search for online-licensed apps under **License type**.
+3.  Click on the application to open the application settings, then select **Private store availability**.
-4.  From the list of online-licensed apps, click the ellipses for the app you want, and then choose **Add to private store**.
+4.  Select **Everyone** to make application available for all people in your organization.
 
     <!--- ![Image showing options from Action for each app in Inventory.](images/wsfb-inventoryaddprivatestore.png) -->
 
-The value under **Private store** for the app will change to pending. It will take approximately thirty-six hours before the app is available in the private store.
-
 >[!Note]
  > If you are working with a new Line-of-Business (LOB) app, you have to wait for the app to be available in **Products & services** before adding it to your private store. For more information, see [Working with line-of-business apps](working-with-line-of-business-apps.md). 
 

store-for-business/distribute-offline-apps.md

@@ -66,8 +66,8 @@ There are several items to download or create for offline-licensed apps. The app
 
 1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
 2.  Click **Manage**.
-3.  Under **Shopping Experience**, set **Show offline apps** to **On**.
+3.  Click **Settings**.
-4.  Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline**, and click  **Get the app**, which will add the app to your inventory.
+4.  Click **Shop**. Search for the **Shopping experience** section, change the License type to **Offline**, and click  **Get the app**, which will add the app to your inventory.
 5.  Click **Manage**. You now have access to download the appx bundle package metadata and license file.
 6.  Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.)
 

windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md

@@ -42,7 +42,7 @@ Before attempting this procedure, you should read and understand the information
 
 2.  To open a Windows PowerShell console, click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
 
-    ``` syntax
+    ```powershell
     <#
     .SYNOPSIS
     This Windows PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
@@ -59,9 +59,6 @@ Before attempting this procedure, you should read and understand the information
     .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200
     #>
 
-    []()  
-
-    []()  
     function ConvertSIDToHexFormat
     {
        param([System.Security.Principal.SecurityIdentifier]$sidToConvert)

windows/client-management/mdm/activesync-csp.md

@@ -60,13 +60,13 @@ When managing over OMA DM, make sure to always use a unique GUID. Provisioning w
 
 Braces { } are required around the GUID. In OMA Client Provisioning, you can type the braces. For example:
 
-``` syntax
+```xml
 <characteristic type="{C556E16F-56C4-4EDB-9C64-D9469EE1FBE0}"/>
 ```
 
 For OMA DM, you must use the ASCII values of %7B and %7D for the opening and closing braces, respectively. For example, if the GUID is "C556E16F-56C4-4EDB-9C64-D9469EE1FBE0", type:
 
-``` syntax
+```xml
 <Target>
    <LocURI>
       ./Vendor/MSFT/ActiveSync/Accounts/%7BC556E16F-56C4-4EDB-9C64-D9469EE1FBE0%7D

windows/client-management/mdm/assignedaccess-csp.md

@@ -14,6 +14,7 @@ ms.date: 09/18/2018
 
 # AssignedAccess CSP
 
+**Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.**
 
 The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, then the next user login that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
 
@@ -134,7 +135,7 @@ Additionally, the Status payload includes the following fields:
 Supported operation is Get.
 
 <a href="" id="assignedaccess-shelllauncher"></a>**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher**
-Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. Shell Launcher V2 is introduced in Windows 10, version 1903 to support both UWP and Win32 apps as the custom shell. For more information, see [Shell Launcher](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shelllauncher).
+Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. Shell Launcher V2 is introduced in Windows 10, version 1903 to support both UWP and Win32 apps as the custom shell. For more information, see [Shell Launcher](https://docs.microsoft.com/windows/configuration/kiosk-shelllauncher).
 
 > [!Note]
 > You cannot set both ShellLauncher and KioskModeApp at the same time on the device.
@@ -246,6 +247,8 @@ KioskModeApp Replace
 
 ## AssignedAccessConfiguration XSD
 
+Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
+
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema
@@ -253,9 +256,14 @@ KioskModeApp Replace
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
     xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
     targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
     >
 
+    <xs:import namespace="http://schemas.microsoft.com/AssignedAccess/201810/config"/>
+    <xs:import namespace="http://schemas.microsoft.com/AssignedAccess/2020/config"/>
+
     <xs:complexType name="profile_list_t">
         <xs:sequence minOccurs="1" >
             <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded"/>
@@ -270,6 +278,7 @@ KioskModeApp Replace
         <xs:choice>
             <xs:sequence minOccurs="1" maxOccurs="1">
                 <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element ref="rs5:FileExplorerNamespaceRestrictions" minOccurs="0" maxOccurs="1"/>
                 <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
                 <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
             </xs:sequence>
@@ -286,6 +295,10 @@ KioskModeApp Replace
                     <xs:selector xpath="default:App"/>
                     <xs:field xpath="@AppUserModelId|@DesktopAppPath"/>
                 </xs:unique>
+                <xs:unique name="OnlyOneAppCanHaveAutoLaunch">
+                    <xs:selector xpath="default:App"/>
+                    <xs:field xpath="@rs5:AutoLaunch"/>
+                </xs:unique>
             </xs:element>
         </xs:sequence>
     </xs:complexType>
@@ -304,8 +317,14 @@ KioskModeApp Replace
     <xs:complexType name="app_t">
         <xs:attribute name="AppUserModelId" type="xs:string"/>
         <xs:attribute name="DesktopAppPath" type="xs:string"/>
+        <xs:attributeGroup ref="autoLaunch_attributeGroup"/>
     </xs:complexType>
     
+    <xs:attributeGroup name="autoLaunch_attributeGroup">
+        <xs:attribute ref="rs5:AutoLaunch"/>
+        <xs:attribute ref="rs5:AutoLaunchArguments" use="optional"/>
+    </xs:attributeGroup>
+
     <xs:complexType name="taskbar_t">
         <xs:attribute name="ShowTaskbar" type="xs:boolean" use="required"/>
     </xs:complexType>
@@ -322,7 +341,8 @@ KioskModeApp Replace
 
     <xs:complexType name="config_list_t">
         <xs:sequence minOccurs="1" >
-            <xs:element name="Config" type="config_t" minOccurs="1" maxOccurs="unbounded"/>
+            <xs:element ref="v3:GlobalProfile" minOccurs="0" maxOccurs="1"/>
+            <xs:element name="Config" type="config_t" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
     </xs:complexType>
 
@@ -340,6 +360,7 @@ KioskModeApp Replace
 
     <xs:complexType name="autologon_account_t">
         <xs:attribute name="HiddenId" type="guid_t" fixed="{74331115-F68A-4DF9-8D2C-52BA2CE2ADB1}"/>
+        <xs:attribute ref="rs5:DisplayName" use="optional" />
     </xs:complexType>
 
     <xs:complexType name="group_t">
@@ -365,6 +386,22 @@ KioskModeApp Replace
         </xs:restriction>
     </xs:simpleType>
 
+    <xs:complexType name="fileExplorerNamespaceRestrictions_t">
+        <xs:sequence minOccurs="1">
+            <xs:element name="AllowedNamespace" type="allowedFileExplorerNamespace_t"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="allowedFileExplorerNamespace_t">
+        <xs:attribute name="Name" type="allowedFileExplorerNamespaceValues_t"/>
+    </xs:complexType>
+
+    <xs:simpleType name="allowedFileExplorerNamespaceValues_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Downloads"/>
+        </xs:restriction>
+    </xs:simpleType>
+
     <!--below is the definition of the config xml content-->
     <xs:element name="AssignedAccessConfiguration">
         <xs:complexType>
@@ -385,7 +422,94 @@ KioskModeApp Replace
         </xs:complexType>
     </xs:element>
 </xs:schema>
+```
 
+Here is the schema for new features introduced in Windows 10 1809 release
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    >
+
+    <xs:import namespace="http://schemas.microsoft.com/AssignedAccess/2020/config"/>
+
+    <xs:complexType name="fileExplorerNamespaceRestrictions_t">
+        <xs:choice>
+            <xs:sequence minOccurs="0">
+                <xs:element name="AllowedNamespace" type="allowedFileExplorerNamespace_t" minOccurs="0"/>
+                <xs:element ref="v3:AllowRemovableDrives" minOccurs="0" maxOccurs="1"/>
+            </xs:sequence>
+            <xs:element ref="v3:NoRestriction" minOccurs="0" maxOccurs="1" />
+        </xs:choice>
+    </xs:complexType>
+
+    <xs:complexType name="allowedFileExplorerNamespace_t">
+        <xs:attribute name="Name" type="allowedFileExplorerNamespaceValues_t" use="required"/>
+    </xs:complexType>
+
+    <xs:simpleType name="allowedFileExplorerNamespaceValues_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Downloads"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:element name="FileExplorerNamespaceRestrictions" type="fileExplorerNamespaceRestrictions_t" />
+
+    <xs:attribute name="AutoLaunch" type="xs:boolean"/>
+
+    <xs:attribute name="AutoLaunchArguments" type="xs:string"/>
+
+    <xs:attribute name="DisplayName" type="xs:string"/>
+
+</xs:schema>
+```
+
+Schema for Windows 10 prerelease
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2020/config"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2020/config"
+    xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning"
+    vc:minVersion="1.1"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2020/config"
+    >
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="globalProfile_t">
+        <xs:attribute name="Id" type="guid_t" />
+    </xs:complexType>
+  
+    <xs:element name="AllowRemovableDrives"/>
+    <xs:element name="NoRestriction" />
+    <xs:element name="GlobalProfile" type="globalProfile_t" />
+
+</xs:schema>
+```
+
+To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. e.g. to configure auto-launch feature which is added in 1809 release, use below sample, notice an alias r1809 is given to the 201810 namespace for 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+```xml
+<AssignedAccessConfiguration
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:r1809="http://schemas.microsoft.com/AssignedAccess/201810/config"
+>
+    <Profiles>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+            <AllAppsList>
+                <AllowedApps>
+                  <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" r1809:AutoLaunch="true" r1809:AutoLaunchArguments="1.txt"/>
 ```
 
 ## Example AssignedAccessConfiguration XML
@@ -796,7 +920,7 @@ StatusConfiguration Get
 
 StatusConfiguration Replace On
 
-```syntax
+```xml
 <SyncML xmlns='SYNCML:SYNCML1.2'>
   <SyncBody>
     <Replace>
@@ -1219,7 +1343,7 @@ ShellLauncherConfiguration Get
 
 ## AssignedAccessAlert XSD
 
-```syntax
+```xml
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema
     elementFormDefault="qualified"

windows/client-management/mdm/certificatestore-csp.md

@@ -360,7 +360,7 @@ Supported operations are Add, Get, and Replace.
 
 Add a root certificate to the MDM server.
 
-``` syntax
+```xml
 <Add>
    <CmdID>1</CmdID>
    <Item>
@@ -379,7 +379,7 @@ Add a root certificate to the MDM server.
 
 Get all installed client certificates.
 
-``` syntax
+```xml
 <Get>
    <CmdID>1</CmdID>
    <Item>
@@ -394,7 +394,7 @@ Get all installed client certificates.
 
 Delete a root certificate.
 
-``` syntax
+```xml
 <Delete>
    <CmdID>1</CmdID>
    <Item>
@@ -409,7 +409,7 @@ Delete a root certificate.
 
 Configure the device to enroll a client certificate through SCEP.
 
-``` syntax
+```xml
 <Atomic>
 <CmdID>100</CmdID>
 <Add>
@@ -588,7 +588,7 @@ Configure the device to enroll a client certificate through SCEP.
 
 Configure the device to automatically renew an MDM client certificate with the specified renew period and retry interval.
 
-``` syntax
+```xml
 <Atomic>
    <CmdID>1</CmdID>
      <Replace>

windows/client-management/mdm/cm-cellularentries-csp.md

@@ -198,7 +198,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid
 
 To delete a connection, you must first delete any associated proxies and then delete the connection. The following example shows how to delete the proxy and then the connection.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
    <characteristic type="CM_ProxyEntries">
       <nocharacteristic type="GPRS_Proxy"/>
@@ -214,7 +214,7 @@ To delete a connection, you must first delete any associated proxies and then de
 
 Configuring a GPRS connection:
 
-``` syntax
+```xml
 <wap-provisioningdoc>
    <characteristic type="CM_CellularEntries">
       <characteristic type="GPRSConn">
@@ -231,7 +231,7 @@ Configuring a GPRS connection:
 
 Configuring an LTE connection:
 
-``` syntax
+```xml
 <wap-provisioningdoc>
    <characteristic type="CM_CellularEntries">
       <characteristic type="LteConn">
@@ -250,7 +250,7 @@ Configuring an LTE connection:
 
 Configuring a CDMA connection:
 
-``` syntax
+```xml
 <wap-provisioningdoc>
    <characteristic type="CM_CellularEntries">
       <characteristic type="CDMAConn">

windows/client-management/mdm/cmpolicy-csp.md

@@ -240,7 +240,7 @@ Specifies the type of connection being referenced. The following list describes
 
 Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
 
    <characteristic type="CM_CellularEntries">
@@ -285,7 +285,7 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
 
 Adding a host-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
 
    <characteristic type="CM_CellularEntries">
@@ -334,7 +334,7 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C
 
 Adding an application-based mapping policy:
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Atomic>
@@ -401,7 +401,7 @@ Adding an application-based mapping policy:
 
 Adding a host-based mapping policy:
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Atomic>

windows/client-management/mdm/cmpolicyenterprise-csp.md

@@ -240,7 +240,7 @@ Specifies the type of connection being referenced. The following list describes
 
 Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
 
    <characteristic type="CM_CellularEntries">
@@ -285,7 +285,7 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
 
 Adding a host-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
 
    <characteristic type="CM_CellularEntries">
@@ -334,7 +334,7 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C
 
 Adding an application-based mapping policy:
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Atomic>
@@ -401,7 +401,7 @@ Adding an application-based mapping policy:
 
 Adding a host-based mapping policy:
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Atomic>

windows/client-management/mdm/customdeviceui-csp.md

@@ -38,7 +38,7 @@ Package Full Name of the App that needs be launched in the background. This can
 
 **Set StartupAppID**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>      
         <Replace>
@@ -60,7 +60,7 @@ Package Full Name of the App that needs be launched in the background. This can
 
 **Get all background tasks**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>      
         <Get>
@@ -78,7 +78,7 @@ Package Full Name of the App that needs be launched in the background. This can
 
 **Add background task**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>      
         <Add>

windows/client-management/mdm/device-update-management.md

@@ -648,7 +648,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 
 Example
 
-``` syntax
+```xml
         <Replace>
             <CmdID>$CmdID$</CmdID>
             <Item>
@@ -919,7 +919,7 @@ The following screenshots of the administrator console shows the list of update
 
 Set auto update to notify and defer.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
     <SyncBody>
         <Replace xmlns="">

windows/client-management/mdm/deviceinstanceservice-csp.md

@@ -70,7 +70,7 @@ The parent node to group SIM2 specific information in case of dual SIM mode.
 
 The following sample shows how to query roaming status and phone number on the device.
 
-``` syntax
+```xml
 <Get>
       <CmdID>2</CmdID>
       <Item>
@@ -88,7 +88,7 @@ The following sample shows how to query roaming status and phone number on the d
 
 Response from the phone.
 
-``` syntax
+```xml
 <Results>
    <CmdID>3</CmdID>
    <MsgRef>1</MsgRef>

windows/client-management/mdm/devicelock-csp.md

@@ -126,7 +126,7 @@ Required. This node has the same set of policy nodes as the **ProviderID** node.
 
 Set device lock policies:
 
-``` syntax
+```xml
 <Atomic>
    <CmdID>13</CmdID>
    <Add>

windows/client-management/mdm/diagnosticlog-csp.md

@@ -420,7 +420,7 @@ Default value is 0 meaning no keyword.
 
 Get provider **Keywords**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>
@@ -440,7 +440,7 @@ Get provider **Keywords**
 
 Set provider **Keywords**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Replace>

windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md

@@ -105,7 +105,7 @@ After the previous package is sent, the unenrollment process begins.
 
 When the server initiates disconnection, all undergoing sessions for the enrollment ID are aborted immediately to avoid deadlocks. The server will not get a response for the unenrollment, instead a generic alert notification is sent with messageid=1.
 
-``` syntax
+```xml
 <Alert>
       <CmdID>4</CmdID>
       <Data>1226</Data>

windows/client-management/mdm/dmclient-csp.md

@@ -70,7 +70,7 @@ Supported operation is Get.
 
 The following is a Get command example.
 
-``` syntax
+```xml
 <Get>
    <CmdID>12</CmdID>
    <Item>
@@ -173,7 +173,7 @@ To work around the timeout, you can use this setting to keep the session alive b
 
 Here is an example of DM message sent by the device when it is in pending state:
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncHdr>
 <VerDTD>1.2</VerDTD>
@@ -229,7 +229,7 @@ Added in Windows 10, version 1607. The list of management server URLs in the fo
 
  
 
-``` syntax
+```xml
    <Replace>
        <CmdID>101</CmdID>
        <Item>
@@ -770,7 +770,7 @@ Note that &lt;LocURI&gt;./Vendor/MSFT/DMClient/Unenroll&lt;/LocURI&gt; is suppor
 
 The following SyncML shows how to remotely unenroll the device. Note that this command should be inserted in the general DM packages sent from the server to the device.
 
-``` syntax
+```xml
     <Exec>
        <CmdID>2</CmdID>
        <Item>

windows/client-management/mdm/dynamicmanagement-csp.md

@@ -29,7 +29,7 @@ The following diagram shows the DynamicManagement configuration service provider
 <p style="margin-left: 20px">Default value is False. Supported operations are Get and Replace.</p>
 <p style="margin-left: 20px">Example to turn on NotificationsEnabled:</p>
 
-``` syntax
+```xml
 <Replace>
       <CmdID>100</CmdID>
       <Item>
@@ -84,7 +84,7 @@ The following diagram shows the DynamicManagement configuration service provider
 
 Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 meters radius of the specified latitude/longitude
 
-``` syntax
+```xml
     <Replace>
       <CmdID>200</CmdID>
       <Item>
@@ -138,7 +138,7 @@ Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 me
 
 Disable camera using network trigger with time trigger, from 9-5, when ip4 gateway is 192.168.0.1
 
-``` syntax
+```xml
 <Replace>
       <CmdID>300</CmdID>
       <Item>
@@ -193,7 +193,7 @@ Disable camera using network trigger with time trigger, from 9-5, when ip4 gatew
 
 Delete a context
 
-``` syntax
+```xml
 <Delete>
       <CmdID>400</CmdID>
       <Item>
@@ -206,7 +206,7 @@ Delete a context
 
 Get ContextStatus and SignalDefinition from a specific context
 
-``` syntax
+```xml
 <Get>
       <CmdID>400</CmdID>
       <Item>

windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md

@@ -64,7 +64,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 > [!NOTE]
 > The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
      
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Replace>
@@ -114,7 +114,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
     
       Here is the snippet from appv.admx:
 
-      ``` syntax
+      ```xml
       <!--  Publishing Server 2  -->
       <policy name="Publishing_Server2_Policy" class="Machine" displayName="$(string.PublishingServer2)" 
           explainText="$(string.Publishing_Server_Help)" presentation="$(presentation.Publishing_Server2)" 
@@ -206,7 +206,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 
       Here is the example XML for Publishing_Server2_Policy :
         
-      ``` syntax
+      ```xml
       <data id="Publishing_Server2_Name_Prompt" value="Name"/>
       <data id="Publishing_Server_URL_Prompt" value="http://someuri"/>
       <data id="Global_Publishing_Refresh_Options" value="1"/>
@@ -226,7 +226,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 > [!NOTE]
 > The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
     
-    ``` syntax
+    ```xml
     <?xml version="1.0" encoding="utf-8"?>
        <SyncML xmlns="SYNCML:SYNCML1.2">
          <SyncBody>
@@ -264,7 +264,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 
 The \<Data> payload is \<disabled/>. Here is an example to disable AppVirtualization/PublishingAllowServer2.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Replace>

windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md

@@ -275,7 +275,7 @@ After the installation of updates is completed, the IT Admin can use the DURepor
 <a href="" id="example-script"></a>
 ## Example PowerShell script
 
-``` syntax
+```powershell
 param (
 # [Parameter (Mandatory=$true, HelpMessage="Input File")]
         [String]$inputFile,

windows/client-management/mdm/enterprise-app-management.md

@@ -78,7 +78,7 @@ Note that performing a full inventory of a device can be resource intensive on t
 
 Here is an example of a query for all apps on the device.
 
-``` syntax
+```xml
 <!-- Get all apps under AppManagement -->
 <Get>
    <CmdID>1</CmdID>
@@ -92,7 +92,7 @@ Here is an example of a query for all apps on the device.
 
 Here is an example of a query for a specific app for a user.
 
-``` syntax
+```xml
 <!-- Get all information of a specific app for a user -->
 <Get>
    <CmdID>1</CmdID>
@@ -121,7 +121,7 @@ For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](
 
 Here is an example of a query for all app licenses on a device.
 
-``` syntax
+```xml
 <!-- Get all app licenses for the device -->
 <Get>
    <CmdID>1</CmdID>
@@ -135,7 +135,7 @@ Here is an example of a query for all app licenses on a device.
 
 Here is an example of a query for all app licenses for a user.
 
-``` syntax
+```xml
 <!-- Get a specific app license for a user -->
 <Get>
    <CmdID>1</CmdID>
@@ -161,7 +161,7 @@ For more information about the AllowAllTrustedApps policy, see [Policy CSP](poli
 
 Here are some examples.
 
-``` syntax
+```xml
 <!-- Get policy (Default)-->
 <Get>
   <CmdID>1</CmdID>
@@ -199,7 +199,7 @@ For more information about the AllowDeveloperUnlock policy, see [Policy CSP](pol
 
 Here is an example.
 
-``` syntax
+```xml
 <!-- Get policy (Default)-->
 <Get>
   <CmdID>1</CmdID>
@@ -244,7 +244,7 @@ Here are the requirements for this scenario:
 
 Here are some examples.
 
-``` syntax
+```xml
 <Exec>
    <CmdID>1</CmdID>
           <Item>
@@ -281,7 +281,7 @@ In the SyncML, you need to specify the following information in the Exec command
 
 Here is an example of an offline license installation.
 
-``` syntax
+```xml
 <Exec>
    <CmdID>1</CmdID>
    <Item>
@@ -315,7 +315,7 @@ The Add command for the package family name is required to ensure proper removal
 
 Here is an example of a line-of-business app installation.
 
-``` syntax
+```xml
 <!-- Add PackageFamilyName -->
 <Add>
    <CmdID>0</CmdID>
@@ -342,7 +342,7 @@ Here is an example of a line-of-business app installation.
 
 Here is an example of an app installation with dependencies.
 
-``` syntax
+```xml
 <!-- Add PackageFamilyName -->
 <Add>
    <CmdID>0</CmdID>
@@ -376,7 +376,7 @@ Here is an example of an app installation with dependencies.
 
 Here is an example of an app installation with dependencies and optional packages.
 
-``` syntax
+```xml
 <!-- Add PackageFamilyName -->
 <Add>
    <CmdID>0</CmdID>
@@ -438,7 +438,7 @@ Here is an example of app installation.
 > **Note**  This is only supported in Windows 10 for desktop editions.
 
 
-``` syntax
+```xml
 <!-- Add PackageFamilyName -->
 <Add>
    <CmdID>0</CmdID>
@@ -475,7 +475,7 @@ Here is an example of app installation with dependencies.
 > **Note**  This is only supported in Windows 10 for desktop editions.
 
 
-``` syntax
+```xml
 <!-- Add PackageFamilyName -->
 <Add>
    <CmdID>0</CmdID>
@@ -526,7 +526,7 @@ When an app is installed successfully, the node is cleaned up and no longer pres
 
 Here is an example of a query for a specific app installation.
 
-``` syntax
+```xml
 <!-- Get all app status under AppInstallation for a specific app-->
 <Get>
    <CmdID>2</CmdID>
@@ -540,7 +540,7 @@ Here is an example of a query for a specific app installation.
 
 Here is an example of a query for all app installations.
 
-``` syntax
+```xml
 <!-- Get all app status under AppInstallation-->
 <Get>
    <CmdID>2</CmdID>
@@ -558,7 +558,7 @@ Application installations can take some time to complete, hence they are done as
 
 Here is an example of an alert.
 
-``` syntax
+```xml
 <Alert>
     <CmdID>4</CmdID>
     <Data>1226</Data>
@@ -594,7 +594,7 @@ To uninstall an app, you delete it under the origin node, package family name, a
 
 Here is an example for uninstalling all versions of an app for a user.
 
-``` syntax
+```xml
 <!-- Uninstall App for a Package Family-->
 <Delete>
    <CmdID>1</CmdID>
@@ -608,7 +608,7 @@ Here is an example for uninstalling all versions of an app for a user.
 
 Here is an example for uninstalling a specific version of the app for a user.
 
-``` syntax
+```xml
 <!-- Uninstall App for a specific package full name-->
 <Delete>
    <CmdID>1</CmdID>
@@ -631,7 +631,7 @@ Removing provisioned app occurs in the device context.
 
 Here is an example for removing a provisioned app from a device.
 
-``` syntax
+```xml
 <!— Remove Provisioned App for a Package Family-->
 <Delete>
    <CmdID>1</CmdID>
@@ -645,7 +645,7 @@ Here is an example for removing a provisioned app from a device.
 
 Here is an example for removing a specific version of a provisioned app from a device:
 
-``` syntax
+```xml
 <!-- Remove Provisioned App for a specific package full name-->
 <Delete>
    <CmdID>1</CmdID>
@@ -663,7 +663,7 @@ You can remove app licenses from a device per app based on the content ID.
 
 Here is an example for removing an app license for a user.
 
-``` syntax
+```xml
 <!-- Remove App License for a User-->
 <Delete>
    <CmdID>1</CmdID>
@@ -677,7 +677,7 @@ Here is an example for removing an app license for a user.
 
 Here is an example for removing an app license for a provisioned package (device context).
 
-``` syntax
+```xml
 <!-- Remove App License for a provisioned package (device) -->
 <Delete>
    <CmdID>1</CmdID>
@@ -697,7 +697,7 @@ For user-based uninstallation, use ./User in the LocURI, and for provisioning, u
 
 Here is an example. There is only one uninstall for hosted and store apps.
 
-``` syntax
+```xml
 <Alert>
     <Data>1226</Data>
     <Item>
@@ -723,7 +723,7 @@ To update an app from Microsoft Store, the device requires contact with the stor
 
 Here is an example of an update scan.
 
-``` syntax
+```xml
 <!— Initiate a update scan for a user-->
 <Exec>
    <CmdID>1</CmdID>
@@ -737,7 +737,7 @@ Here is an example of an update scan.
 
 Here is an example of a status check.
 
-``` syntax
+```xml
 <!— Get last error related to the update scan-->
 <Get>
    <CmdID>1</CmdID>
@@ -766,7 +766,7 @@ Turning off updates only applies to updates from the Microsoft Store at the devi
 
 Here is an example.
 
-``` syntax
+```xml
 <!— Prevent app from being automatically updated-->
 <Replace>
    <CmdID>1</CmdID>
@@ -795,7 +795,7 @@ You can install app on non-system volumes, such as a secondary partition or remo
 
 Here is an example.
 
-``` syntax
+```xml
 <!-- Get policy (Default)-->
 <Get>
    <CmdID>1</CmdID>
@@ -832,7 +832,7 @@ The RestrictAppDataToSystemVolume policy in [Policy CSP](policy-configuration-se
 
 Here is an example.
 
-``` syntax
+```xml
 <!-- Get policy (Default)-->
 <Get>
    <CmdID>1</CmdID>
@@ -873,7 +873,7 @@ The valid values are 0 (off, default value) and 1 (on).
 
 Here is an example.
 
-``` syntax
+```xml
 <!-- Get policy (Default)-->
 <Get>
    <CmdID>1</CmdID>

windows/client-management/mdm/enterpriseapn-csp.md

@@ -132,7 +132,7 @@ The following image shows the EnterpriseAPN configuration service provider in tr
 
 ## Examples
 
-``` syntax
+```xml
 <!--
 Copyright (c) Microsoft Corporation.  All rights reserved.
 -->

windows/client-management/mdm/enterpriseappmanagement-csp.md

@@ -209,7 +209,7 @@ The Microsoft Store application has a GUID of d5dc1ebb-a7f1-df11-9264-00237de2db
 
 Use the following SyncML format to query to see if the application is installed on a managed device:
 
-``` syntax
+```xml
 <Get>
       <CmdID>1</CmdID>
       <Item>
@@ -222,7 +222,7 @@ Use the following SyncML format to query to see if the application is installed
 
 Response from the device (it contains list of subnodes if this app is installed in the device).
 
-``` syntax
+```xml
 <Results>
    <CmdID>3</CmdID>
    <MsgRef>1</MsgRef>
@@ -266,7 +266,7 @@ The value actually applied to the device can be queried via the nodes under the
 
 Enroll enterprise ID “4000000001” for the first time:
 
-``` syntax
+```xml
 <Add>
    <CmdID>2</CmdID>
    <Item>
@@ -293,7 +293,7 @@ Enroll enterprise ID “4000000001” for the first time:
 
 Update the enrollment token (for example, to update an expired application enrollment token):
 
-``` syntax
+```xml
 <Replace>
    <CmdID>2</CmdID>
    <Item>
@@ -310,7 +310,7 @@ Update the enrollment token (for example, to update an expired application enrol
 
 Query all installed applications that belong to enterprise id “4000000001”:
 
-``` syntax
+```xml
 <Get>
    <CmdID>2</CmdID>
    <Item>
@@ -325,7 +325,7 @@ Query all installed applications that belong to enterprise id “4000000001”:
 
 Response from the device (that contains two installed applications):
 
-``` syntax
+```xml
 <Results>
    <CmdID>3</CmdID>
    <MsgRef>1</MsgRef>
@@ -444,7 +444,7 @@ To perform an XAP update, create the Name, URL, Version, and DownloadInstall nod
 
  
 
-``` syntax
+```xml
 <Atomic>
    <CmdID>2</CmdID>
    <!-- The Add command can be used if the download node does not have a matching product ID
@@ -514,7 +514,7 @@ To perform an XAP update, create the Name, URL, Version, and DownloadInstall nod
 
 Uninstall an installed enterprise application with product ID “{7BB316008A-141D-4A79-810F-8B764C4CFDFB }”:
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Delete>

windows/client-management/mdm/enterpriseassignedaccess-csp.md

@@ -61,7 +61,7 @@ Application | <img src="images/enterpriseassignedaccess-csp.png" alt="modern app
 Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically.
 
 Application example:
-``` syntax
+```xml
 <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}" autoRun="true">
    <PinToStart>
       <Size>Large</Size>
@@ -78,7 +78,7 @@ Entry | Description
 Application | Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. For the list of product ID and AUMID, see [ProductIDs in Windows 10 Mobile](#productid). The following example shows how to pin both Outlook mail and Outlook calendar.
 
 Application example:
-``` syntax
+```xml
 <Apps>
     <!-- Outlook Calendar -->
     <Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}"
@@ -110,7 +110,7 @@ Entry | Description
 Folder | A folder should be contained in `<Applications/>` node among with other `<Application/>` nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder.
 
 Folder example:
-``` syntax
+```xml
 <Application folderId="4" folderName="foldername">
     <PinToStart>
         <Size>Large</Size>
@@ -123,7 +123,7 @@ Folder example:
 ```
 An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder.
 
-``` syntax
+```xml
 <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
     <PinToStart>
         <Size>Medium</Size>
@@ -252,7 +252,7 @@ For example, in place of SettingPageDisplay, you would use ms-settings:display.
 
 Here is an example for Windows 10, version 1703.
 
-``` syntax
+```xml
 <Settings>
   <System name="ms-settings:display"/>
   <System name="ms-settings:appsforwebsites"/>
@@ -327,14 +327,14 @@ Starting in Windows 10, version 1703, Quick action settings no longer require an
 
 In this example, all settings pages and quick action settings are allowed. An empty \<Settings> node indicates that none of the settings are blocked.
 
-``` syntax
+```xml
 <Settings>
 </Settings>
 ```
 
 In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.
 
-``` syntax
+```xml
 <Settings>
   <System name="SettingsPageGroupPCSystem" />
   <System name="SettingsPageDisplay" />
@@ -350,7 +350,7 @@ In this example for Windows 10, version 1511, all System setting pages are ena
 ```
 Here is an example for Windows 10, version 1703.
 
-``` syntax
+```xml
 <Settings>
   <System name="ms-settings:display"/>
   <System name="ms-settings:appsforwebsites"/>
@@ -382,7 +382,7 @@ Buttons | The following list identifies the hardware buttons on the device that
 > Custom buttons are hardware buttons that can be added to devices by OEMs.
 
 Buttons example:
-``` syntax
+```xml
 <Buttons>
    <ButtonLockdownList>
       <!-- Lockdown all buttons -->
@@ -407,7 +407,7 @@ The Search and custom buttons can be <em>remapped</em> or configured to open a s
 
 To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.
 
-``` syntax
+```xml
 <ButtonRemapList>
    <Button name="Search">
       <ButtonEvent name="Press">
@@ -503,7 +503,7 @@ MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which i
 
 MenuItems example:
 
-``` syntax
+```xml
 <MenuItems>
    <DisableMenuItems/>
 </MenuItems>
@@ -1196,7 +1196,7 @@ The XML examples in this section show how to perform various tasks by using OMA
 
 The following example shows how to add a new policy.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
   <characteristic type="EnterpriseAssignedAccess">
     <characteristic type="AssignedAccess">
@@ -1211,7 +1211,7 @@ The following example shows how to add a new policy.
 
 The following example shows how to specify the language to display on the device.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
    <characteristic type="EnterpriseAssignedAccess">
   <characteristic type="Language">
@@ -1230,7 +1230,7 @@ These XML examples show how to perform various tasks using OMA DM.
 
 The following example shows how to lock down a device.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
       <Add>
@@ -1251,7 +1251,7 @@ The following example shows how to lock down a device.
 
 The following example shows how to change the accent color to one of the standard colors.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
       <Replace>
@@ -1274,7 +1274,7 @@ The following example shows how to change the accent color to one of the standar
 
 The following example shows how to change the theme.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
        <Replace>
@@ -1297,7 +1297,7 @@ The following example shows how to change the theme.
 
 The following example shows how to set a custom theme accent color for the enterprise environment.
 
-``` syntax
+```xml
 <SyncBody>
    <Replace>
       <CmdID>1</CmdID>
@@ -1333,7 +1333,7 @@ The following example shows how to set a custom theme accent color for the enter
 
 Use the examples in this section to set a new lock screen and manage the lock screen features. If using a UNC path, format the LocURI as \\\\host\\share\\image.jpg.
 
-``` syntax
+```xml
 <Add>
   <CmdID>2</CmdID>
   <Item>
@@ -1351,7 +1351,7 @@ Use the examples in this section to set a new lock screen and manage the lock sc
 
 The following example shows how to query the device for the file being used as the lock screen.
 
-``` syntax
+```xml
 <Get>
   <CmdID>2</CmdID>
   <Item>
@@ -1364,7 +1364,7 @@ The following example shows how to query the device for the file being used as t
 
 The following example shows how to change the existing lock screen image to one of your choosing.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
       <Replace>
@@ -1389,7 +1389,7 @@ The following example shows how to change the existing lock screen image to one
 
 The following example shows how to set the time zone to UTC-07 Mountain Time (US & Canada).
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
       <Replace>
@@ -1411,7 +1411,7 @@ The following example shows how to set the time zone to UTC-07 Mountain Time (US
 
 The following example shows how to set the time zone to Pacific Standard Time (UTC-08:00) without observing daylight savings time (UTC+01:00).
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
       <Replace>
@@ -1435,7 +1435,7 @@ The following example shows how to set the time zone to Pacific Standard Time (U
 
 The following example shows how to set the language.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
       <Replace>

windows/client-management/mdm/enterprisedesktopappmanagement-csp.md

@@ -54,19 +54,13 @@ In Windows 10, version 1703 service release, a new tag \<DownloadFromAad\> was a
 
 Here is an example:
 
-```syntax
+```xml
 <Enforcement>
-
   <CommandLine>/quiet</CommandLine>
-
   <TimeOut>5</TimeOut>
-
   <RetryCount>3</RetryCount>
-
   <RetryInterval>5</RetryInterval>
-
   <DownloadFromAad>1</DownloadFromAad>
-
 </Enforcement>
 ```
 
@@ -112,7 +106,7 @@ Value type is string. Supported operation is Get.
 
 **SyncML to request CSP version information**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
   <SyncBody>
     <Get>
@@ -140,7 +134,7 @@ The following table describes the fields in the previous sample:
 
 **SyncML to perform MSI operations for application uninstall**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
   <SyncBody>
     <Delete>
@@ -168,7 +162,7 @@ The following table describes the fields in the previous sample:
 
 **SyncML to perform MSI operations for application status reporting**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
   <SyncBody>
     <Get>
@@ -196,7 +190,7 @@ The following table describes the fields in the previous sample:
 
 **SyncML to perform MSI install operations for an application targeted to a specific user on the device. The Add command is required to preceed the Exec command.**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
   <SyncBody>
     <Add>
@@ -290,7 +284,7 @@ The following table describes the fields in the previous sample:
 
 **SyncML to perform MSI install operations for an application targeted to all users on the device (per-device installation)**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
   <SyncBody>
     <Add>
@@ -540,7 +534,7 @@ Here's a list of references:
 ## Alert example
 
 
-``` syntax
+```xml
 <Alert>
        <CmdID>4</CmdID>
        <Data>1224</Data>

windows/client-management/mdm/enterpriseextfilessystem-csp.md

@@ -70,7 +70,7 @@ Supported operations is Get.
 
 The following example shows how to retrieve a file from the device.
 
-``` syntax
+```xml
 <Get>
     <CmdID>2</CmdID>
     <Item>
@@ -83,7 +83,7 @@ The following example shows how to retrieve a file from the device.
 
 The following example shows the file name that is returned in the body of the response syncML code. In this example, the full path of the file on the device is C:/data/test/bin/filename.txt.
 
-``` syntax
+```xml
 <Results>
     <CmdID>3</CmdID>
     <MsgRef>1</MsgRef>
@@ -103,7 +103,7 @@ The following example shows the file name that is returned in the body of the re
 
 The following example shows how to push a file to the device.
 
-``` syntax
+```xml
 <Add>
    <CmdID>2</CmdID>
    <Item>

windows/client-management/mdm/enterprisemodernappmanagement-csp.md

@@ -52,7 +52,7 @@ Supported operation is Get.
 
 Here's an example of AppInventoryResults operation.
 
-``` syntax
+```xml
 <Get>
    <CmdID>11</CmdID>
    <Item>
@@ -100,7 +100,7 @@ Supported operation is Get and Replace.
 
 The following example sets the inventory query for the package names and checks the status for reinstallation for all main packages that are nonStore apps.
 
-``` syntax
+```xml
 <Replace>
    <CmdID>10</CmdID>
    <Item>
@@ -208,7 +208,7 @@ Supported operations are Get and Delete.
 
 Here's an example for uninstalling an app:
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
         <!-- Uninstall app -->
@@ -345,7 +345,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 The following example sets the value for the 'Server'
 
-``` syntax
+```xml
 <!— Configure app settings -->
 <Add>
    <CmdID>0</CmdID>
@@ -363,7 +363,7 @@ The following example sets the value for the 'Server'
 
 The following example gets all managed app settings for a specific app.
 
-``` syntax
+```xml
 <!—Get app settings -->
 <Get>
    <CmdID>0</CmdID>
@@ -583,7 +583,7 @@ For examples of how to use this CSP to for reporting apps inventory, installatio
 
 Query the device for a specific app subcategory, such as nonStore apps.
 
-``` syntax
+```xml
 <Get>
   <CmdID>1</CmdID>
   <Item>
@@ -598,8 +598,7 @@ The result contains a list of apps, such as \<Data>App1/App2/App\</Data\>.
 
 Subsequent query for a specific app for its properties.
 
-``` syntax
+```xml
-
 <Get>
    <CmdID>1</CmdID>
    <Item>

windows/client-management/mdm/federated-authentication-device-enrollment.md

@@ -92,7 +92,7 @@ https://EnterpriseEnrollment.Contoso.com/EnrollmentServer/Discovery.svc
 
 The following example shows the discovery service request.
 
-``` syntax
+```xml
     <?xml version="1.0"?>
     <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing"
        xmlns:s="http://www.w3.org/2003/05/soap-envelope">
@@ -198,7 +198,7 @@ The server has to send a POST to a redirect URL of the form ms-app://string (the
 
 The following example shows a response received from the discovery web service which requires authentication via WAB.
 
-``` syntax
+```xml
     <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
        xmlns:a="http://www.w3.org/2005/08/addressing">
       <s:Header>
@@ -252,7 +252,7 @@ wsse:BinarySecurityToken/attributes/EncodingType: The &lt;wsse:BinarySecurityTok
 
 The following is an enrollment policy request example with a received security token as client credential.
 
-``` syntax
+```xml
     <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
        xmlns:a="http://www.w3.org/2005/08/addressing"
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
@@ -305,7 +305,7 @@ MS-XCEP supports very flexible enrollment policies using various Complex Types a
 
 The following snippet shows the policy web service response.
 
-``` syntax
+```xml
       <s:Envelope
          xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
          xmlns:s="http://www.w3.org/2003/05/soap-envelope"
@@ -399,7 +399,7 @@ The RST may also specify a number of AdditionalContext items, such as DeviceType
 
 The following example shows the enrollment web service request for federated authentication.
 
-``` syntax
+```xml
     <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
        xmlns:a="http://www.w3.org/2005/08/addressing"
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
@@ -505,7 +505,7 @@ Here is a sample RSTR message and a sample of OMA client provisioning XML within
 
 The following example shows the enrollment web service response.
 
-``` syntax
+```xml
     <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" 
        xmlns:a="http://www.w3.org/2005/08/addressing" 
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

windows/client-management/mdm/hotspot-csp.md

@@ -134,7 +134,7 @@ Changes to this node require a reboot.
 
 For CDMA networks that use a separate Network Access Identity (NAI) for Internet sharing, a new parm, TetheringNAI, has been added in the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md) configuration service provider. The following sample demonstrates how to specify the connection.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
     <characteristic type="CM_CellularEntries">
         <characteristic type="TetheringNAIConn">

windows/client-management/mdm/implement-server-side-mobile-application-management.md

@@ -59,7 +59,7 @@ Below are protocol changes for MAM enrollment:
 
 Here is an example provisioning XML for MAM enrollment.  
 
-``` syntax
+```xml
 <wap-provisioningdoc version="1.1"> 
   <characteristic type="APPLICATION"> 
     <parm name="APPID" value="w7"/> 

windows/client-management/mdm/maps-csp.md

@@ -126,7 +126,7 @@ Here is a list of GUIDs of the most downloaded reqions.
 
 Here is an example queuing a map package of New York for download.
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
        <Add>
@@ -144,7 +144,7 @@ Here is an example queuing a map package of New York for download.
 
 Here is an example that gets the status of the New York map package on the device.
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
        <Get>

windows/client-management/mdm/messaging-csp.md

@@ -55,7 +55,7 @@ The following diagram shows the Messaging configuration service provider in tree
 
 **SyncML example**
 
-``` syntax
+```xml
  <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Replace>

windows/client-management/mdm/mobile-device-enrollment.md

@@ -103,7 +103,7 @@ To manually trigger enrollment migration, you can run MDMMaintenenceTask.
 
 The enrollment server can decline enrollment messages using the SOAP Fault format. Errors created can be sent as follows:
 
-``` syntax
+```xml
 <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
     <s:header>
         <a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rstrc/wstep</a:action>
@@ -200,7 +200,7 @@ The enrollment server can decline enrollment messages using the SOAP Fault forma
 
 In Windows 10, version 1507, we added the deviceenrollmentserviceerror element. Here is an example:
 
-``` syntax
+```xml
 <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
     <s:header>
         <a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rstrc/wstep</a:action>

windows/client-management/mdm/multisim-csp.md

@@ -74,7 +74,7 @@ Supported operation is Get and Replace. Value type is bool.
 ## Examples
 
 Get modem
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>
@@ -93,7 +93,7 @@ Get modem
 ```
 
 Get slots
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>
@@ -112,7 +112,7 @@ Get slots
 ```
 
 Get slot state
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>
@@ -131,7 +131,7 @@ Get slot state
 ```
 
 Select slot
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Replace>

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -1664,7 +1664,7 @@ The software version information from **DevDetail/SwV** does not match the versi
 
 Applies only to phone prior to build 10586.218: When ApplicationManagement/ApplicationRestrictions policy is deployed to Windows 10 Mobile, installation and update of apps dependent on Microsoft Frameworks may get blocked with error 0x80073CF9. To work around this issue, you must include the Microsoft Framework Id to your list of allowed apps.
 
-``` syntax
+```xml
 <App ProductId="{00000000-0000-0000-0000-000000000000}" PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"/>
 ```
 
@@ -1713,7 +1713,7 @@ The following XML sample explains the properties for the EAP TLS XML including c
 >For PEAP or TTLS Profiles the EAP TLS XML is embedded within some PEAP or TTLS specific elements.
 
  
-``` syntax
+```xml
 <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
  <EapMethod>
   <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>

windows/client-management/mdm/nodecache-csp.md

@@ -19,7 +19,7 @@ The NodeCache configuration service provider is used to manage the client cache.
 
 NodeCache supports the comparison of hash values instead of actual node values:
 
-``` syntax
+```xml
 <Type xmlns="syncml:metinf">
 application/x-nodemon-sha256
 </type>
@@ -76,7 +76,7 @@ Supported operations are Get, Add, and Delete.
 
 Here's an example for setting the ExpectedValue to nonexistent.
 
-``` syntax
+```xml
 <Add>
    <CmdID>10</CmdID>
    <Item>
@@ -146,7 +146,7 @@ Supported operations are Add, Get, and Delete.
 
 Creating settings for node caching:
 
-``` syntax
+```xml
 <Add>
    <CmdID>2</CmdID>
    <Item>
@@ -222,7 +222,7 @@ Creating settings for node caching:
 
 Getting nodes under Provider ID MDMSRV1, cache version, changed nodes, node, expected value:
 
-``` syntax
+```xml
 <Get>
    <CmdID>18</CmdID>
    <Item>
@@ -267,7 +267,7 @@ Getting nodes under Provider ID MDMSRV1, cache version, changed nodes, node, exp
 
 Replacing the cache version, node URI, and expected value:
 
-``` syntax
+```xml
 <Replace>
    <CmdID>2</CmdID>
    <Item>
@@ -299,7 +299,7 @@ Replacing the cache version, node URI, and expected value:
 
 For AutoSetExpectedValue, a Replace operation with empty data will query the ./DevDetail/Ext/Microsoft/DeviceName.
 
-```syntax
+```xml
           <Add>
             <CmdID>2001</CmdID>
             <Item>
@@ -335,12 +335,12 @@ A Get operation on ./Vendor/MSFT/NodeCache/MDM%20SyncML%20Server/Nodes/20/Expect
 
 A Get operation on the ChangedNodesData returns an encoded XML. Here is example:
 
-```syntax
+```xml
 <Nodes><Node Id="10" Uri=""></Node><Node Id="20" Uri="./DevDetail/Ext/Microsoft/DeviceName">U09NRU5FV1ZBTFVF</Node></Nodes>
 ```
 It represents this:
 
-```syntax
+```xml
 <Nodes>
     <Node Id="10" Uri=""></Node>
     <Node Id="20" Uri="./DevDetail/Ext/Microsoft/DeviceName">U09NRU5FV1ZBTFVF</Node>

windows/client-management/mdm/office-csp.md

@@ -67,7 +67,7 @@ The only supported operation is Get.
 
 Sample SyncML to install Office 365 Business Retail from current channel.
 
-```syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Exec>
@@ -89,7 +89,7 @@ Sample SyncML to install Office 365 Business Retail from current channel.
 
 To uninstall the Office 365 from the system:
 
-```syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Exec>
@@ -111,7 +111,7 @@ To uninstall the Office 365 from the system:
 
 To get the current status of Office 365 on the device.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>

windows/client-management/mdm/on-premise-authentication-device-enrollment.md

@@ -86,7 +86,7 @@ https://EnterpriseEnrollment.Contoso.com/EnrollmentServer/Discovery.svc
 
 The following example shows the discovery service request.
 
-``` syntax
+```xml
     <?xml version="1.0"?>
     <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing"
        xmlns:s="http://www.w3.org/2003/05/soap-envelope">
@@ -134,7 +134,7 @@ The discovery response is in the XML format and includes the following fields:
 
 The following example shows a response received from the discovery web service for OnPremise authentication:
 
-``` syntax
+```xml
     <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
        xmlns:a="http://www.w3.org/2005/08/addressing">
       <s:Header>
@@ -171,7 +171,7 @@ For the OnPremise authentication policy, the UsernameToken in GetPolicies contai
 
 The following example shows the policy web service request.
 
-``` syntax
+```xml
     <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
        xmlns:a="http://www.w3.org/2005/08/addressing"
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
@@ -219,7 +219,7 @@ MS-XCEP supports very flexible enrollment policies using various Complex Types a
 
 The following snippet shows the policy web service response.
 
-``` syntax
+```xml
       <s:Envelope
          xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
          xmlns:s="http://www.w3.org/2003/05/soap-envelope"
@@ -311,7 +311,7 @@ The RST may also specify a number of AdditionalContext items, such as DeviceType
 
 The following example shows the enrollment web service request for OnPremise authentication.
 
-``` syntax
+```xml
     <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
        xmlns:a="http://www.w3.org/2005/08/addressing" 
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
@@ -396,7 +396,7 @@ The following example shows the enrollment web service request for OnPremise aut
 
 The following example shows the enrollment web service response.
 
-``` syntax
+```xml
     <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" 
        xmlns:a="http://www.w3.org/2005/08/addressing" 
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

windows/client-management/mdm/passportforwork-csp.md

@@ -273,7 +273,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
           <SyncBody>
             <Add>

windows/client-management/mdm/personalization-csp.md

@@ -71,7 +71,7 @@ The following diagram shows the Personalization configuration service provider i
 
 ## Example SyncML
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Replace>

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -5456,7 +5456,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 Set the minimum password length to 4 characters.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
     <SyncBody>
         <Replace>
@@ -5478,7 +5478,7 @@ Set the minimum password length to 4 characters.
 
 Do not allow NFC.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
     <SyncBody>
         <Replace>

windows/client-management/mdm/policy-csp-applicationmanagement.md

@@ -594,7 +594,7 @@ List of semi-colon delimited Package Family Names of Windows apps. Listed Window
 
 For this policy to work, the Windows apps need to declare in their manifest that they will use the start up task. Example of the declaration here: 
 
-``` syntax
+```xml
 <desktop:Extension Category="windows.startupTask"> 
    <desktop:StartupTask TaskId="CoffeeStartupTask" Enabled="true" DisplayName="ms-resource:Description" /> 
 </desktop:Extension>
@@ -972,7 +972,7 @@ Value type is string.
 <!--Example-->
 Sample SyncML:
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1"> 
   <SyncBody> 
     <Add> 
@@ -999,7 +999,7 @@ Sample SyncML:
 ```
 XSD:
 
-``` syntax
+```xml
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
   <xs:simpleType name="recurrence" final="restriction">
     <xs:restriction base="xs:string">

windows/client-management/mdm/policy-csp-deviceinstallation.md

@@ -121,7 +121,7 @@ ADMX Info:
 To enable this policy, use the following SyncML. This example allows Windows to install compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use `` as a delimiter. 
 
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Replace>
@@ -238,7 +238,7 @@ To enable this policy, use the following SyncML. This example allows Windows to
 Enclose the class GUID within curly brackets {}. To configure multiple classes, use `&#xF000;` as a delimiter. 
 
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Replace>
@@ -417,7 +417,7 @@ ADMX Info:
 To enable this policy, use the following SyncML. This example prevents Windows from installing devices that are not specifically described by any other policy setting. 
 
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Replace>
@@ -519,7 +519,7 @@ ADMX Info:
 To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use <code>&amp;#xF000;</code> as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_IDs_Deny_Retroactive to true. 
 
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Replace>
@@ -626,7 +626,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f
 Enclose the class GUID within curly brackets {}. To configure multiple classes, use `&#xF000;` as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_Classes_Deny_Retroactive to true. 
 
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Replace>

windows/client-management/mdm/policy-csp-internetexplorer.md

@@ -2249,7 +2249,7 @@ ADMX Info:
 
 <!--/ADMXBacked-->
 <!--Example-->
-```syntax
+```xml
   <SyncBody>
       <Replace>
           <CmdID>2</CmdID>

windows/client-management/mdm/policy-csp-remotedesktopservices.md

@@ -224,7 +224,7 @@ This policy setting specifies whether to prevent the mapping of client drives in
 
 By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format `<driveletter>` on `<computername>`. You can use this policy setting to override this behavior.
 
-If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP.
+If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2019 and Windows 10.
 
 If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.
 

windows/client-management/mdm/policy-csp-restrictedgroups.md

@@ -76,7 +76,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
 
 Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of 0 members when applying the policy implies clearing the access group and should be used with caution.
 
-``` syntax
+```xml
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">  
   <xs:simpleType name="member_name">
     <xs:restriction base="xs:string">

windows/client-management/mdm/policy-csp-smartscreen.md

@@ -73,6 +73,9 @@ manager: dansimp
 <!--Description-->
 Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
 
+> [!Note]
+> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.
+
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  

windows/client-management/mdm/policy-csp-userrights.md

@@ -20,7 +20,7 @@ User rights are assigned for user accounts or groups. The name of the policy def
 
 Here is an example syncml for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
 
-```syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
 
 <SyncBody>

windows/client-management/mdm/policy-csp-windowslogon.md

@@ -305,7 +305,7 @@ If you disable or don't configure this policy setting, any user can disconnect t
 
 Here is an example to enable this policy:
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Atomic>

windows/client-management/mdm/registry-ddf-file.md

@@ -17,7 +17,7 @@ ms.date: 06/26/2017
 
 This topic shows the OMA DM device description framework (DDF) for the **Registry** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
-``` syntax
+```xml
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
     <VerDTD>1.2</VerDTD>
     <Node>

windows/client-management/mdm/remotefind-csp.md

@@ -102,7 +102,7 @@ Supported operation is Get.
 ## Examples
 
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
     <SyncBody>
         <Atomic>  

windows/client-management/troubleshoot-windows-freeze.md

@@ -204,7 +204,7 @@ If the physical computer is still running in a frozen state, follow these steps
 
    2. From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings: 
 
-      * ` `*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`   
+      * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`   
 
          Make sure that the [CrashDumpEnabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`.            
 

windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md

@@ -130,7 +130,7 @@ After you use Group Policy to apply a customized Start and taskbar layout on a c
 - [Add image for secondary tiles](start-secondary-tiles.md)
 - [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
 - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
 - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
  
  

windows/configuration/kiosk-xml.md

@@ -26,7 +26,7 @@ ms.topic: article
 ## Full XML sample
 
 >[!NOTE]
->Updated for Windows 10, version 1809.  
+>Updated for Windows 10, version 1903, and Windows 10 Prerelease
 
 ```xml
 <?xml version="1.0" encoding="utf-8" ?>
@@ -165,11 +165,479 @@ ms.topic: article
 </AssignedAccessConfiguration>
 ```
 
+## Auto Launch Sample XML
+
+This sample demonstrates that both UWP and Win32 apps can be configured to automatically launch, when assigned access account logs in. One profile can have at most one app configured for auto launch. AutoLaunchArguments are passed to the apps as is and the app needs to handle the arguments explicitly.
+
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:r1809="http://schemas.microsoft.com/AssignedAccess/201810/config"
+>
+    <Profiles>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" r1809:AutoLaunch="true"/>
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
+                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
+                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
+                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                              -->
+                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+        <Profile Id="{5B328104-BD89-4863-AB27-4ED6EE355485}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" r1809:AutoLaunch="true" r1809:AutoLaunchArguments="1.txt"/>
+                </AllowedApps>
+            </AllAppsList>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\Accessories\notepad.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="false"/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <Config>
+            <Account>aauser1</Account>
+            <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+        </Config>
+        <Config>
+            <Account>aauser2</Account>
+            <DefaultProfile Id="{5B328104-BD89-4863-AB27-4ED6EE355485}"/>
+        </Config>
+    </Configs>
+</AssignedAccessConfiguration>
+
+```
+
+## [Preview] Global Profile Sample XML
+Global Profile is currently supported in Windows 10 Prerelease. Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
+
+This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in 
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:v2="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
+>
+    <Profiles>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" v2:AutoLaunch="true" v2:AutoLaunchArguments="123"/>
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
+                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
+                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
+                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                              -->
+                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <v3:GlobalProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+    </Configs>
+</AssignedAccessConfiguration>
+```
+
+Below sample shows dedicated profile and global profile mixed usage, aauser would use one profile, everyone else that's non-admin will use another profile.
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:v2="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
+>
+    <Profiles>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" v2:AutoLaunch="true" v2:AutoLaunchArguments="123"/>
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
+                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
+                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
+                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                              -->
+                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+        <Profile Id="{5B328104-BD89-4863-AB27-4ED6EE355485}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" v2:AutoLaunch="true" v2:AutoLaunchArguments="1.txt"/>
+                </AllowedApps>
+            </AllAppsList>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\Accessories\notepad.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="false"/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <v3:GlobalProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+        <Config>
+            <Account>aauser</Account>
+            <DefaultProfile Id="{5B328104-BD89-4863-AB27-4ED6EE355485}"/>
+        </Config>
+    </Configs>
+</AssignedAccessConfiguration>
+
+```
+
+## [Preview] Folder Access sample xml
+In Windows 10 1809 release, folder access is locked down that when common file dialog is opened, IT Admin can specify if user has access to the Downloads folder, or no access to any folder at all. This restriction has be redesigned for finer granulatity and easier use, available in current Windows 10 Prerelease.
+
+IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Note that Downloads and Removable Drives can be allowed at the same time.
+
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:v2="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
+>
+    <Profiles>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" />
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C24}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" />
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <v2:FileExplorerNamespaceRestrictions>
+            </v2:FileExplorerNamespaceRestrictions>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C25}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" />
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <v2:FileExplorerNamespaceRestrictions>
+                <v2:AllowedNamespace Name="Downloads"/>
+            </v2:FileExplorerNamespaceRestrictions>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C26}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" />
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <v2:FileExplorerNamespaceRestrictions>
+                <v3:AllowRemovableDrives />
+            </v2:FileExplorerNamespaceRestrictions>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C27}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" />
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <v2:FileExplorerNamespaceRestrictions>
+                <v2:AllowedNamespace Name="Downloads"/>
+                <v3:AllowRemovableDrives/>
+            </v2:FileExplorerNamespaceRestrictions>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C28}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" />
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <v2:FileExplorerNamespaceRestrictions>
+                <v3:NoRestriction />
+            </v2:FileExplorerNamespaceRestrictions>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <Config>
+            <Account>multi1</Account>
+            <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+        </Config>
+        <Config>
+            <Account>multi2</Account>
+            <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C24}"/>
+        </Config>
+        <Config>
+            <Account>multi3</Account>
+            <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C25}"/>
+        </Config>
+        <Config>
+            <Account>multi4</Account>
+            <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C26}"/>
+        </Config>
+        <Config>
+            <Account>multi5</Account>
+            <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C27}"/>
+        </Config>
+        <Config>
+            <Account>multi6</Account>
+            <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C28}"/>
+        </Config>
+    </Configs>
+</AssignedAccessConfiguration>
+
+
+```
 
 ## XSD for AssignedAccess configuration XML
 
 >[!NOTE]
->Updated for Windows 10, version 1809.
+>Updated for Windows 10, version 1903 and Windows 10 Prerelease.
+Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -179,10 +647,12 @@ ms.topic: article
     xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
     xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config"
     xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
     targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
     >
 
     <xs:import namespace="http://schemas.microsoft.com/AssignedAccess/201810/config"/>
+    <xs:import namespace="http://schemas.microsoft.com/AssignedAccess/2020/config"/>
 
     <xs:complexType name="profile_list_t">
         <xs:sequence minOccurs="1" >
@@ -261,7 +731,8 @@ ms.topic: article
 
     <xs:complexType name="config_list_t">
         <xs:sequence minOccurs="1" >
-      <xs:element name="Config" type="config_t" minOccurs="1" maxOccurs="unbounded"/>
+            <xs:element ref="v3:GlobalProfile" minOccurs="0" maxOccurs="1"/>
+            <xs:element name="Config" type="config_t" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
     </xs:complexType>
 
@@ -343,8 +814,7 @@ ms.topic: article
 </xs:schema>
 ```
 
-## XSD schema for new elements in Windows 10, version 1809
+Here is the schema for new features introduced in Windows 10 1809 release
-
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema
@@ -352,17 +822,24 @@ ms.topic: article
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns="http://schemas.microsoft.com/AssignedAccess/201810/config"
     xmlns:default="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
     targetNamespace="http://schemas.microsoft.com/AssignedAccess/201810/config"
     >
 
+    <xs:import namespace="http://schemas.microsoft.com/AssignedAccess/2020/config"/>
+
     <xs:complexType name="fileExplorerNamespaceRestrictions_t">
-    <xs:sequence minOccurs="1">
+        <xs:choice>
-      <xs:element name="AllowedNamespace" type="allowedFileExplorerNamespace_t"/>
+            <xs:sequence minOccurs="0">
+                <xs:element name="AllowedNamespace" type="allowedFileExplorerNamespace_t" minOccurs="0"/>
+                <xs:element ref="v3:AllowRemovableDrives" minOccurs="0" maxOccurs="1"/>
             </xs:sequence>
+            <xs:element ref="v3:NoRestriction" minOccurs="0" maxOccurs="1" />
+        </xs:choice>
     </xs:complexType>
 
     <xs:complexType name="allowedFileExplorerNamespace_t">
-    <xs:attribute name="Name" type="allowedFileExplorerNamespaceValues_t"/>
+        <xs:attribute name="Name" type="allowedFileExplorerNamespaceValues_t" use="required"/>
     </xs:complexType>
 
     <xs:simpleType name="allowedFileExplorerNamespaceValues_t">
@@ -381,3 +858,46 @@ ms.topic: article
 
 </xs:schema>
 ```
+
+Schema for Windows 10 prerelease
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2020/config"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2020/config"
+    xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning"
+    vc:minVersion="1.1"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2020/config"
+    >
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="globalProfile_t">
+        <xs:attribute name="Id" type="guid_t" />
+    </xs:complexType>
+  
+    <xs:element name="AllowRemovableDrives"/>
+    <xs:element name="NoRestriction" />
+    <xs:element name="GlobalProfile" type="globalProfile_t" />
+
+</xs:schema>
+```
+
+To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. e.g. to configure auto-launch feature which is added in 1809 release, use below sample, notice an alias r1809 is given to the 201810 namespace for 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+```xml
+<AssignedAccessConfiguration
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:r1809="http://schemas.microsoft.com/AssignedAccess/201810/config"
+>
+    <Profiles>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+            <AllAppsList>
+                <AllowedApps>
+                  <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" r1809:AutoLaunch="true" r1809:AutoLaunchArguments="1.txt"/>
+```

windows/configuration/lock-down-windows-10-to-specific-apps.md

@@ -172,7 +172,7 @@ Here are the predefined assigned access AppLocker rules for **desktop apps**:
 The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
 
 <span id="apps-sample" />
-<code>xml
+```xml
 &lt;AllAppsList&gt;
         &lt;AllowedApps&gt;
           &lt;App AppUserModelId=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
@@ -184,6 +184,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
           &lt;App DesktopAppPath=&quot;C:\Windows\System32\notepad.exe&quot; rs5:AutoLaunch=&quot;true&quot; rs5:AutoLaunchArguments=&quot;123.txt&quot;/&gt;
         &lt;/AllowedApps&gt;
 &lt;/AllAppsList&gt;</code>
+```
 
 ##### FileExplorerNamespaceRestrictions
 
@@ -217,6 +218,13 @@ The following example shows how to allow user access to the Downloads folder in
     </Profiles>
 </AssignedAccessConfiguration>
 ```
+FileExplorerNamespaceRestriction has been extended in current Windows 10 Prerelease for finer granularity and easier use, see in the [Assigned access XML reference.](kiosk-xml.md) for full samples. The changes will allow IT Admin to configure if user can access Downloads folder, Removable drives, or no restriction at all by using certain new elements. Note that FileExplorerNamesapceRestrictions and AllowedNamespace:Downloads are available in namespace http://schemas.microsoft.com/AssignedAccess/201810/config, AllowRemovableDrives and NoRestriction are defined in a new namespace http://schemas.microsoft.com/AssignedAccess/2020/config.
+
+* When FileExplorerNamespaceRestrictions node is not used, or used but left empty, user will not be able to access any folder in common dialog (e.g. Save As in Microsoft Edge browser).
+* When Downloads is mentioned in allowed namespace, user will be able to access Downloads folder.
+* When AllowRemovableDrives is used, user will be to access removable drives.
+* When NoRestriction is used, no restriction will be applied to the dialog.
+* AllowRemovableDrives and AllowedNamespace:Downloads can be used at the same time.
 
 ##### StartLayout
 
@@ -401,6 +409,67 @@ Group accounts are specified using `<UserGroup>`. Nested groups are not supporte
 
 <span id="add-xml" />
 
+#### [Preview] Global Profile
+Global profile is added in curernt Windows 10 Prerelease. There are times when IT Admin wants to everyone who logging into a specific devices are assigned access users, even there is no dedicated profile for that user, or there are times that Assigned Access could not identify a profile for the user and a fallback profile is wished to use. Global Profile is designed for these scenarios.
+
+Usage is demonstrated below, by using the new xml namespace and specify GlobalProfile from that namespace. When GlobalProfile is configured, a non-admin account logs in, if this user does not have designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, global profile will be applied for the user.
+
+Note:
+1. GlobalProfile can only be multi-app profile
+2. Only one GlobalProfile can be used in one AssignedAccess Configuration Xml
+3. GlobalProfile can be used as the only config, or it can be used among with regular user or group Config.
+
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:v2="http://schemas.microsoft.com/AssignedAccess/201810/config"
+    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
+>
+    <Profiles>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+            <AllAppsList>
+                <AllowedApps>
+                    <App AppUserModelId="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer" v2:AutoLaunch="true" v2:AutoLaunchArguments="123"/>
+                    <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                    <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                    <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                </AllowedApps>
+            </AllAppsList>
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsLive.calendar" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />
+                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
+                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
+                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
+                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                              -->
+                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
+                              <!-- for 3rd party desktop application, place the link file under appropriate folder -->
+                              <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\MyLOB.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <v3:GlobalProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+    </Configs>
+</AssignedAccessConfiguration>
+```
+
 ### Add XML file to provisioning package
 
 Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).

windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md

@@ -1,6 +1,6 @@
 ---
 title: Introduction to configuration service providers (CSPs) for IT pros (Windows 10)
-description: Configuration service providers (CSPs) expose device configuration settings in Windows 10. 
+description: Configuration service providers (CSPs) expose device configuration settings in Windows 10. 
 ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
 ms.reviewer: 
 manager: dansimp
@@ -16,35 +16,33 @@ ms.date: 07/27/2017
 
 # Introduction to configuration service providers (CSPs) for IT pros
 
-
 **Applies to**
 
--   Windows 10
+-   Windows 10
--   Windows 10 Mobile
+-   Windows 10 Mobile
 
-Configuration service providers (CSPs) expose device configuration settings in Windows 10. This topic is written for people who have no experience with CSPs.
+Configuration service providers (CSPs) expose device configuration settings in Windows 10. This topic is written for people who have no experience with CSPs.
 
-The CSPs are documented on the [Hardware Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
+The CSPs are documented on the [Hardware Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
 
 >[!NOTE]
->The explanation of CSPs and CSP documentation also apply to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
+>This explanation of CSPs and CSP documentation also applies to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
 
  [See what's new for CSPs in Windows 10, version 1809.](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1809)
 
 ## What is a CSP?
 
+A CSP is an interface in the client operating system, between configuration settings specified in a provisioning document, and configuration settings on the device. CSPs are similar to Group Policy client-side extensions, in that they provide an interface to read, set, modify, or delete configuration settings for a given feature. Typically, these settings map to registry keys, files or permissions. Some of these settings are configurable, and some are read-only.
 
-A CSP is an interface in the client operating system between configuration settings specified in a provisioning document and configuration settings on the device. Their function is similar to that of Group Policy client-side extensions in that they provide an interface to read, set, modify, or delete configuration settings for a given feature. Typically, these settings map to registry keys, files or permissions. Some of these settings are configurable and some are read-only.
+Starting with Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. On the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.
-
-Starting in Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. In the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.
 
 Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkId=717438) contains the settings to create a Wi-Fi profile.
 
-CSPs are behind many of the management tasks and policies for Windows 10 in Microsoft Intune and non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244).
+CSPs are behind many of the management tasks and policies for Windows 10, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244).
 
 ![how intune maps to csp](../images/policytocsp.png)
 
-CSPs receive configuration policies in the XML-based SyncML format pushed to it from an MDM-compliant management server such as Microsoft Intune. Traditional enterprise management systems, such as System Center Configuration Manager, can also target CSPs by using a client-side WMI-to-CSP bridge.
+CSPs receive configuration policies in the XML-based SyncML format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as System Center Configuration Manager, can also target CSPs, by using a client-side WMI-to-CSP bridge.
 
 ### Synchronization Markup Language (SyncML)
 
@@ -52,22 +50,21 @@ The Open Mobile Alliance Device Management (OMA-DM) protocol uses the XML-based
 
 ### The WMI-to-CSP Bridge
 
-The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs via scripts and traditional enterprise management software such as Configuration Manager using Windows Management Instrumentation (WMI). The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
+The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs via scripts and traditional enterprise management software, such as Configuration Manager using Windows Management Instrumentation (WMI). The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
 
 [Learn how to use the WMI Bridge Provider with PowerShell.](https://go.microsoft.com/fwlink/p/?LinkId=761090)
 
 ## Why should you learn about CSPs?
 
-
 Generally, enterprises rely on Group Policy or MDM to configure and manage devices. For devices running Windows, MDM services use CSPs to configure your devices.
 
-In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management, or you want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried.
+In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. You may also want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried.
 
-In addition, some of the topics in the [Windows 10 and Windows 10 Mobile](/windows/windows-10) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](../cortana-at-work/cortana-at-work-overview.md) which links to the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244). In the CSP topics, you can learn about all of the available configuration settings.
+Some of the topics in the [Windows 10 and Windows 10 Mobile](/windows/windows-10) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](../cortana-at-work/cortana-at-work-overview.md), which links to the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244). In the CSP topics, you can learn about all of the available configuration settings.
 
 ### CSPs in Windows Configuration Designer
 
-You can use Windows Configuration Designer to create [provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=717466) to apply settings to devices during the out-of-box-experience (OOBE) and after devices are set up. You can use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows Configuration Designer are based on CSPs.
+You can use Windows Configuration Designer to create [provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=717466) to apply settings to devices during the out-of-box-experience (OOBE), and after the devices are set up. You can also use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows Configuration Designer are based on CSPs.
 
 Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
 
@@ -83,12 +80,11 @@ When a CSP is available but is not explicitly included in your MDM solution, you
 
 ### CSPs in Lockdown XML
 
-Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](../mobile-devices/lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601). In Windows 10, version 1703, you can also use the new [Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) to configure your Lockdown XML.
+Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](../mobile-devices/lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601). In Windows 10, version 1703, you can also use the new [Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) to configure your Lockdown XML.
 
 ## <a href="" id="bkmk-csp-doc"></a>How do you use the CSP documentation?
 
-
+All CSPs in Windows 10 are documented in the [Configuration service provider reference](https://go.microsoft.com/fwlink/p/?LinkId=717390).
-All CSPs in Windows 10 are documented in the [Configuration service provider reference](https://go.microsoft.com/fwlink/p/?LinkId=717390).
 
 The [main CSP topic](https://go.microsoft.com/fwlink/p/?LinkId=717390) tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.
 
@@ -98,17 +94,17 @@ The documentation for each CSP follows the same structure. After an introduction
 
 The full path to a specific configuration setting is represented by its Open Mobile Alliance - Uniform Resource Identifier (OMA-URI). The URI is relative to the devices’ root node (MSFT, for example). Features supported by a particular CSP can be set by addressing the complete OMA-URI path.
 
-The following example shows the diagram for the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes and rectangular elements are settings or policies for which a value must be supplied.
+The following example shows the diagram for the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.
 
 ![assigned access csp tree](../images/provisioning-csp-assignedaccess.png)
 
-The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see it uses the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608).
+The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608).
 
 ```XML
 ./Vendor/MSFT/AssignedAccess/KioskModeApp
 ```
 
-When an element in the diagram uses italic font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
+When an element in the diagram uses _italic_ font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
 
 ![placeholder in csp tree](../images/csp-placeholder.png)
 
@@ -120,12 +116,11 @@ The documentation for most CSPs will also include an XML example.
 
 ## CSP examples
 
-
 CSPs provide access to a number of settings useful to enterprises. This section introduces two CSPs that an enterprise might find particularly useful.
 
 -   [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601)
 
-    The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings on a Windows 10 Mobile device. An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.
+    The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings on a Windows 10 Mobile device. An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.
 
     In addition to lockscreen wallpaper, theme, time zone, and language, the EnterpriseAssignedAccess CSP includes AssignedAccessXml which can be used to lock down the device through the following settings:
 
@@ -139,7 +134,7 @@ CSPs provide access to a number of settings useful to enterprises. This section
     -   Creating role-specific configurations.
 -   [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244)
 
-    The Policy configuration service provider enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
+    The Policy configuration service provider enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
 
     Some of the settings available in the Policy CSP include the following:
 
@@ -159,7 +154,7 @@ CSPs provide access to a number of settings useful to enterprises. This section
     -   **Update**, such as specifying whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store
     -   **WiFi**, such as whether to enable Internet sharing
 
-Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both:
+Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both:
 
 -   [ActiveSync CSP](https://go.microsoft.com/fwlink/p/?LinkId=723219)
 -   [Application CSP](https://go.microsoft.com/fwlink/p/?LinkId=723220)
@@ -218,13 +213,3 @@ Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile E
 -   [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkID=71743)
 -   [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723274)
 -   [WindowsSecurityAuditing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723415)
-
-
- 
-
- 
-
-
-
-
-

windows/deployment/deploy-m365.md

@@ -67,7 +67,7 @@ Examples of these two deployment advisors are shown below.
 
 ## M365 Enterprise poster
 
-[![M365 Enterprise poster](images/m365e.png)](http://aka.ms/m365eposter)
+[![M365 Enterprise poster](images/m365e.png)](https://aka.ms/m365eposter)
 
 ## Related Topics
 

windows/deployment/mbr-to-gpt.md

@@ -419,7 +419,7 @@ This issue occurs because in Windows 10, version 1903 and later versions, MBR2GP
 
 To fix this issue, mount the Windows PE image (WIM), copy the missing file from the [Windows 10, version 1903 Assessment and Development Kit (ADK)](https://go.microsoft.com/fwlink/?linkid=2086042) source, and then commit the changes to the WIM. To do this, follow these steps:
 
-1. Mount the Windows PE WIM to a path (for example, C:\WinPE_Mount). For more information about how to mount WIM files, see [Mount an image](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image).
+1. Mount the Windows PE WIM to a path (for example, C:\WinPE_Mount). For more information about how to mount WIM files, see [Mount an image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image).
 
 2. Copy the ReAgent files and the ReAgent localization files from the Window 10, version 1903 ADK source folder to the mounted WIM.
 
@@ -427,7 +427,7 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
    
    **Command 1:**
    ```cmd
-   copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgnet*.*" "C:\WinPE_Mount\Windows\System32"
+   copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32"
    ```
    This command copies three files:
 
@@ -437,16 +437,16 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
    
    **Command 2:**
    ```cmd
-   copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgnet*.*" "C:\WinPE_Mount\Windows\System32\En-Us"
+   copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgent*.*" "C:\WinPE_Mount\Windows\System32\En-Us"
    ```   
    This command copies two files:
    * ReAgent.adml
    * ReAgent.dll.mui
 
-   >![Note]  
+   > [!NOTE]
    > If you aren't using an English version of Windows, replace "En-Us" in the path with the appropriate string that represents the system language.
    
-3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image).
+3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image).
  
 
 ## Related topics

windows/deployment/planning/features-lifecycle.md

@@ -6,6 +6,7 @@ ms.mktglfcycl: plan
 ms.localizationpriority: medium
 ms.sitesec: library
 author: greg-lindsay
+manager: laurawi
 ms.author: greglin
 ms.topic: article
 ---

windows/deployment/planning/windows-10-1709-removed-features.md

@@ -6,6 +6,7 @@ ms.mktglfcycl: plan
 ms.localizationpriority: medium
 ms.sitesec: library
 author: greg-lindsay
+manager: laurawi
 ms.topic: article
 ---
 # Features that are removed or deprecated in Windows 10, version 1709

windows/deployment/planning/windows-10-1903-removed-features.md

@@ -6,6 +6,7 @@ ms.mktglfcycl: plan
 ms.localizationpriority: medium
 ms.sitesec: library
 author: greg-lindsay
+manager: laurawi
 ms.author: greglin
 ms.topic: article
 ---

windows/deployment/update/update-compliance-wd-av-status.md

@@ -39,4 +39,4 @@ Because of the way Windows Defender is associated with the rest of Windows devic
 
 ## Related topics
 
-- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)
+- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)

windows/deployment/update/waas-morenews.md

@@ -16,6 +16,8 @@ ms.topic: article
 Here's more news about [Windows as a service](windows-as-a-service.md):
 
 <ul>
+  <li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Call-to-action-review-your-Windows-Update-for-Business-deferral/ba-p/394244">Call to action: review your Windows Update for Business deferral values</a> - April 3, 2019</li>
   <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540">Windows 10, version 1809 designated for broad deployment</a> - March 28, 2019</li>
 <li><a href="https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience">Data, insights and listening to improve the customer experience</a> - March 6, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Getting-to-know-the-Windows-update-history-pages/ba-p/355079">Getting to know the Windows update history pages</a> - February 21, 2019</li>

windows/deployment/update/waas-wu-settings.md

@@ -173,7 +173,7 @@ If this setting is set to *Not Configured*, an administrator can still configure
 
 #### Configuring Automatic Updates by editing the registry
 
-> ![Note]
+> [!NOTE]
 > Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be resolved. Modify the registry at your own risk.
 
 In an environment that does not have Active Directory deployed, you can edit registry settings to configure group policies for Automatic Update.
@@ -224,14 +224,14 @@ To do this, follow these steps:
     
       **m**, where **m** equals the time period to wait between the time Automatic Updates starts and the time that it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes)
       
-      > ![Note]
+      > [!NOTE]
       > This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later versions.
       
     * NoAutoRebootWithLoggedOnUsers (REG_DWORD):
     
       **0** (false) or **1** (true). If set to **1**, Automatic Updates does not automatically restart a computer while users are logged on.
       
-      > ![Note]
+      > [!NOTE]
       > This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions.
 
 To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance.

windows/deployment/update/windows-as-a-service.md

@@ -27,13 +27,13 @@ Everyone wins when transparency is a top priority. We want you to know when upda
 
 The latest news:
 <ul compact style="list-style: none"> 
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Upgrading-Windows-10-devices-with-installation-media-different/ba-p/746126">Upgrading Windows 10 devices with installation media different than the original OS install language</a> - July 9, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Moving-to-the-next-Windows-10-feature-update-for-commercial/ba-p/732968">Moving to the next Windows 10 feature update for commercial customers</a> - July 1, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Updating-Windows-10-version-1903-using-Configuration-Manager-or/ba-p/639100">Updating Windows 10, version 1903 using Configuration Manager or WSUS</a> - May 23, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-in-Windows-Update-for-Business-in-Windows-10-version/ba-p/622064">What’s new in Windows Update for Business in Windows 10, version 1903</a> - May 21, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1903/ba-p/622024">What’s new for IT pros in Windows 10, version 1903</a> - May 21, 2019</li>
 <li><a href="https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update">How to get the Windows 10 May 2019 Update</a> - May 21, 2019</li>
  <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847">The benefits of Windows 10 Dynamic Update</a> - April 17, 2019</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Call-to-action-review-your-Windows-Update-for-Business-deferral/ba-p/394244">Call to action: review your Windows Update for Business deferral values</a> - April 3, 2019</li>
 </ul>
 
 [See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog).
@@ -43,7 +43,11 @@ Written by IT pros for IT pros, sharing real world examples and scenarios for Wi
 
 <img src="images/champs-2.png" alt="" width="640" height="320">
 
-<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Deployment-rings-The-hidden-strategic-gem-of-Windows-as-a/ba-p/659622">**NEW** Deployment rings: The hidden [strategic] gem of Windows as a service</a>
+<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979">**NEW** Tactical considerations for creating Windows deployment rings</a>
+
+<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-Enterprise-vs-Windows-10-Pro-Modern-management/ba-p/720445">**NEW** Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization</a>
+
+<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Deployment-rings-The-hidden-strategic-gem-of-Windows-as-a/ba-p/659622">Deployment rings: The hidden [strategic] gem of Windows as a service</a>
 
 <a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Classifying-Windows-updates-in-common-deployment-tools/ba-p/331175">Classifying Windows updates in common deployment tools</a>
 

windows/deployment/update/windows-update-troubleshooting.md

@@ -138,7 +138,7 @@ Or
 DownloadManager [0]12F4.1FE8::09/29/2017-13:45:08.530 [agent]DO job {C6E2F6DC-5B78-4608-B6F1-0678C23614BD} hit a transient error, updateId = 5537BD35-BB74-40B2-A8C3-B696D3C97CBA.201 <NULL>, error = 0x80D0000A 
 ``` 
  
-Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft. For more information , see [I need to disable Windows Firewall](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766337\(v=ws.10\)) or [Windows Update stuck at 0 percent on Windows 10 or Windows Server 2016](https://support.microsoft.com/help/4039473/windows-update-stuck-at-0-percent-on-windows-10-and-windows-server-201).
+Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft. For more information, see [I need to disable Windows Firewall](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766337(v=ws.10)).
  
 ## Issues arising from configuration of conflicting policies 
 Windows Update provides a wide range configuration policies to control the behavior of WU service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting polices may lead to unexpected behaviors. 

windows/deployment/upgrade/upgrade-readiness-deployment-script.md

@@ -20,9 +20,12 @@ To automate the steps provided in [Get started with Upgrade Readiness](upgrade-r
 >[!IMPORTANT]
 >Upgrade Readiness was previously called Upgrade Analytics. References to Upgrade Analytics in any scripts or online content pertain to the Upgrade Readiness solution.
 
+>[!IMPORTANT]
+>The latest version of the Upgrade Readiness Script is **2.4.4 - 10.10.2018**
+
 For detailed information about using the Upgrade Readiness (also known as upgrade analytics) deployment script, see the [Upgrade Analytics blog](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/New-version-of-the-Upgrade-Analytics-Deployment-Script-available/ba-p/187164?advanced=false&collapse_discussion=true&q=new%20version%20of%20the%20upgrade%20analytics%20deployment%20script%20available&search_type=thread).
 
-> The following guidance applies to version 11.11.16 or later of the Upgrade Readiness deployment script. If you are using an older version, download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
+> The following guidance applies to version **2.4.4 - 10.10.2018** of the Upgrade Readiness deployment script. If you are using an older version, download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
 
 The Upgrade Readiness deployment script does the following:
 
@@ -70,7 +73,7 @@ To run the Upgrade Readiness deployment script:
     >
     > *IEOptInLevel = 3 Data collection is enabled for all sites*
 
-4. A recent version (03.02.17) of the deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**.
+4. The deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**.
 
     The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**.
 
@@ -79,7 +82,7 @@ To run the Upgrade Readiness deployment script:
     \*vortex\*.data.microsoft.com<BR>
     \*settings\*.data.microsoft.com
 
-5. The latest version (03.28.2018) of the deployment script configures insider builds to continue to send the device name to the diagnostic data management service and the analytics portal. If you do not want to have insider builds send the device name sent to analytics and be available in the analytics portal, set **DeviceNAmeOptIn = false**. By default it is true, which preserves the behavior on previous versions of Windows. This setting only applies to insider builds. Note that the device name is also sent to AppInsights, so to ensure the device name is not sent to either place you would need to also set **AppInsightsOptIn = false**.
+5. The deployment script configures insider builds to continue to send the device name to the diagnostic data management service and the analytics portal. If you do not want to have insider builds send the device name sent to analytics and be available in the analytics portal, set **DeviceNAmeOptIn = false**. By default it is true, which preserves the behavior on previous versions of Windows. This setting only applies to insider builds. Note that the device name is also sent to AppInsights, so to ensure the device name is not sent to either place you would need to also set **AppInsightsOptIn = false**.
 
 6.  After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
 
@@ -147,8 +150,12 @@ Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Mi
 | 59 - CleanupOneSettings failed to delete LastPersistedEventTimeOrFirstBoot property at registry key path: **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Diagtrack** |The CleanupOneSettings function clears some of the cached values needed by the Appraiser which is the data collector on the monitored device. This helps in the download of the most recent for accurate running of the data collector. Verify that the account has the correct permissions to change or add registry keys. |
 | 60 - CleanupOneSettings failed to delete registry key: **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\ Diagnostics\Diagtrack\SettingsRequests** | Verify that the account has the correct permissions to change or add registry keys. |
 | 61 - CleanupOneSettings failed with an exception | CleanupOneSettings failed with an unexpected exception. |
-| 63 - Diagnostic data is disabled for the device | If AllowTelemetry == 0, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. |
+| 62 - AllowTelemetry property value at registry key path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** is not of type REG_DWORD. It should be of type REG_DWORD. | Ensure that the **AllowTelemetry** property at path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** is a REG_DWORD. |
-
+| 63 - Diagnostic data is disabled for the device | If AllowTelemetry equals **0**, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. |
+| 64 - AllowTelemetry property value at registry key path **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is not of type REG_DWORD. It should be of type REG_DWORD. | Ensure that the **AllowTelemetry** property at **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is a REG_DWORD. |
+| 65 - Diagnostic data is disabled for the device | If AllowTelemetry equals **0**, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**. |
+| 66 - All recent data uploads for the Universal Telemetry Client failed. | Review the UtcConnectionReport in WMI in the namespace **root\cimv2\mdm\dmmap** under the **MDM_Win32CompatibilityAppraiser_UniversalTelemetryClient01** class. Only SYSTEM has access to this class. Use [PSExec](https://docs.microsoft.com/sysinternals/downloads/psexec) to execute your WMI utility as SYSTEM.  |
+| 67 - CheckUtcCsp failed with an exception | There was an error reading the WIM/CIM class **MDM_Win32CompatibilityAppraiser_UniversalTelemetryClient01** in the namespace **root\cimv2\mdm\dmmap**. Review system for WMI errors. |
 
 
 

windows/deployment/upgrade/windows-10-upgrade-paths.md

@@ -27,9 +27,9 @@ This topic provides a summary of available upgrade paths to Windows 10. You can
 > 
 > **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
 > 
-> In-place upgrade from Windows 7, Windows 8.1, or Windows 10 semi-annual channel to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). 
+> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). 
 > 
-> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
+> **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
 > 
 > **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355).
 
@@ -61,7 +61,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Home Basic</td>
@@ -72,7 +71,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Home Premium</td>
@@ -83,7 +81,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Professional</td>
@@ -94,7 +91,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Ultimate</td>
@@ -105,7 +101,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Enterprise</td>
@@ -116,7 +111,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td rowspan="10" nowrap="nowrap">Windows 8.1</td>
@@ -130,7 +124,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Connected</td>
@@ -141,7 +134,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Pro</td>
@@ -152,7 +144,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Pro Student</td>
@@ -163,7 +154,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Pro WMC</td>
@@ -174,7 +164,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Enterprise</td>
@@ -185,7 +174,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Embedded Industry</td>
@@ -196,7 +184,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Windows RT</td>
@@ -207,7 +194,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
-        <td></td>
     </tr>
     <tr>
         <td>Windows Phone 8.1</td>
@@ -218,18 +204,16 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td>✔</td>
-        <td></td>
     </tr>
     <tr>
         <td rowspan="8" nowrap="nowrap">Windows 10</td>
     </tr>
     <tr>
         <td>Home</td>
-        <td>✔</td>
-        <td>✔</td>
-        <td>✔</td>
-        <td>✔</td>
         <td></td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -237,11 +221,10 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
     <tr>
         <td>Pro</td>
         <td>D</td>
-        <td>✔</td>
-        <td>✔</td>
-        <td>✔</td>
-        <td>✔</td>
         <td></td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -250,9 +233,8 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
-        <td>✔</td>
-        <td>D</td>
         <td></td>
+        <td>D</td>
         <td></td>
         <td></td>
     </tr>
@@ -262,7 +244,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td>✔</td>
-        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -276,7 +257,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td>✔</td>
-        <td>✔</td>
     </tr>
     <tr>
         <td>Mobile Enterprise</td>
@@ -285,9 +265,8 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
-        <td></td>
         <td>D</td>
-        <td>✔</td>
+        <td></td>
     </tr>
 </table>
 

windows/deployment/windows-10-subscription-activation.md

@@ -8,6 +8,7 @@ ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
 author: greg-lindsay
+manager: laurawi
 ms.collection: M365-modern-desktop
 search.appverid:
 - MET150

windows/deployment/windows-autopilot/white-glove.md

@@ -8,6 +8,7 @@ ms.localizationpriority: low
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
+manager: laurawi
 ms.author: greg-lindsay
 ms.collection: M365-modern-desktop
 ms.topic: article

windows/deployment/windows-autopilot/windows-autopilot-scenarios.md

@@ -26,14 +26,13 @@ Windows Autopilot includes support for a growing list of scenarios, designed to
 
 The following Windows Autopilot scenarios are described in this guide:
 
-<table>
+| Scenario | More information |
-<th>Scenario<th>More information
+| --- | --- |
-<tr><td>Deploy devices that will be set up by a member of the organization and configured for that person<td>[Windows Autopilot user-driven mode](user-driven.md)
+| Deploy devices that will be set up by a member of the organization and configured for that person | [Windows Autopilot user-driven mode](user-driven.md) |
-<tr><td>Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.<td>[Windows Autopilot self-deploying mode](self-deploying.md)
+| Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.| [Windows Autopilot self-deploying mode](self-deploying.md) |
-<tr><td>Re-deploy a device in a business-ready state.<td>[Windows Autopilot Reset](windows-autopilot-reset.md)
+| Re-deploy a device in a business-ready state.| [Windows Autopilot Reset](windows-autopilot-reset.md) |
-<tr><td>Pre-provision a device with up-to-date applications, policies and settings.<td>[White glove](white-glove.md)
+| Pre-provision a device with up-to-date applications, policies and settings.| [White glove](white-glove.md) |
-<tr><td>Deploy Windows 10 on an existing Windows 7 or 8.1 device<td>[Windows Autopilot for existing devices](existing-devices.md)
+| Deploy Windows 10 on an existing Windows 7 or 8.1 device | [Windows Autopilot for existing devices](existing-devices.md) |
-</table>
 
 ## Windows Autopilot capabilities
 

windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md

@@ -46,7 +46,7 @@ d) use the software in any way that is against the law or to create or propagate
 
 e) share, publish, distribute, or lend the software, provide the software as a stand-alone hosted solution for others to use, or transfer the software or this agreement to any third party.
 
-4. EXPORT RESTRICTIONS. You must comply with all domestic and international export laws and regulations that apply to the software, which include restrictions on destinations, end users, and end use. For further information on export restrictions, visit http://aka.ms/exporting.
+4. EXPORT RESTRICTIONS. You must comply with all domestic and international export laws and regulations that apply to the software, which include restrictions on destinations, end users, and end use. For further information on export restrictions, visit https://aka.ms/exporting.
 
 5. SUPPORT SERVICES. Microsoft is not obligated under this agreement to provide any support services for the software. Any support provided is “as is”, “with all faults”, and without warranty of any kind.
 

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md

@@ -107,7 +107,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
 | | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)** 
 |   23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)** 
 |   23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)** 
-|   23.3 Windows Defender Potentially Unwanted Applications(PUA) Protection | [Defender/PUAProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-puaprotection) | Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)** 
+|   23.3 Windows Defender Potentially Unwanted Applications(PUA) Protection | [Defender/PUAProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-puaprotection) | Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)** 
 | 24. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)** 
 | 25. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded.  **Set to 1 (one)** 
 | | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)** 
@@ -115,8 +115,8 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
 | 26. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). 
 | | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)** 
 | 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)**
-|   27.1 Windows Update Allow Update Service | [Update/AllowUpdateService](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) | Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**
+|   27.1 Windows Update Allow Update Service | [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) | Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**
-|   27.2 Windows Update Service URL| [Update/UpdateServiceUrl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) | Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with this Value:
+|   27.2 Windows Update Service URL| [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) | Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with this Value:
 
         <Replace>
             <CmdID>$CmdID$</CmdID>

windows/security/identity-protection/access-control/dynamic-access-control.md

@@ -96,10 +96,6 @@ By default, devices running any of the supported versions of Windows are able to
 
 Every domain controller needs to have the same Administrative Template policy setting, which is located at **Computer Configuration\\Policies\\Administrative Templates\\System\\KDC\\Support Dynamic Access Control and Kerberos armoring**.
 
-### Support for using the Key Distribution Center (KDC) Group Policy setting to enable Dynamic Access Control for a domain.
-
-Every domain controller needs to have the same Administrative Template policy setting, which is located at **Computer Configuration\\Policies\\Administrative Templates\\System\\KDC\\Support Dynamic Access Control and Kerberos armoring**.
-
 ### Support in Active Directory to store user and device claims, resource properties, and central access policy objects.
 
 ### Support for using Group Policy to deploy central access policy objects.

windows/security/identity-protection/access-control/local-accounts.md

@@ -250,7 +250,7 @@ You can use Local Users and Groups to assign rights and permissions on the local
 You cannot use Local Users and Groups on a domain controller. However, you can use Local Users and Groups on a domain controller to target remote computers that are not domain controllers on the network.
 
 **Note**  
-You use Active Directory Users and Computers to manage users and groups in Active Directory.loca
+You use Active Directory Users and Computers to manage users and groups in Active Directory.
 
 You can also manage local users by using NET.EXE USER and manage local groups by using NET.EXE LOCALGROUP, or by using a variety of PowerShell cmdlets and other scripting technologies.
 

windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md

@@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article

windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article

windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -30,13 +30,13 @@ ms.reviewer:
 ## How many is adequate
 
  
-How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic.  Windows Server 2019 includes the KDC AS Requests performance counter.  You can use this counter to determine how much of a domain controller's load is due to initial Kerberos authentication.  It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication - it remains unchanged.
+How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic.  Windows Server 2016 and above includes the KDC AS Requests performance counter.  You can use this counter to determine how much of a domain controller's load is due to initial Kerberos authentication.  It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication - it remains unchanged.
 
 
-Windows 10 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys.  This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2019 domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers.  Therefore, users in a key trust deployment must authenticate to a Windows Server 2019 domain controller.
+Windows 10 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys.  This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2016 and above domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers.  Therefore, users in a key trust deployment must authenticate to a Windows Server 2016 and above domain controller.
   
  
-Determining an adequate number of Windows Server 2019 domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding the most current version of a domain controller (in this case Windows Server 2019) to a deployment of existing domain controllers (Windows Server 2008R2, Windows Server 2012R2 or Windows Server 2016) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on". To illustrate the "piling on" concept, consider the following scenario:
+Determining an adequate number of Windows Server domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding the most current version of a domain controller (in this case Windows Server 2019) to a deployment of existing domain controllers (Windows Server 2008R2, Windows Server 2012R2 or Windows Server 2016) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on". To illustrate the "piling on" concept, consider the following scenario:
 
  
 Consider a controlled environment where there are 1000 client computers and the authentication load of these 1000 client computers is evenly distributed across 10 domain controllers in the environment.  The Kerberos AS requests load would look something like the following:

windows/security/identity-protection/hello-for-business/hello-and-password-changes.md

@@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article

windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md

@@ -9,8 +9,8 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article

windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -19,7 +19,7 @@ ms.reviewer:
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services
 
 **Applies to**
--   Windows 10, version 1703 or later
+-   Windows 10, version 1703 or later
 -   On-premises deployment
 -   Certificate trust
 
@@ -123,7 +123,7 @@ The service account used for the device registration server depends on the domai
 
 Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them.  Group Managed Service Accounts, or GMSA have security advantages over normal user accounts because Windows handles password management.  This means the password is long, complex, and changes periodically.  The best part of GMSA is all this happens automatically.  AD FS supports GMSA and should be configured using them for additional defense in depth security.
 
-GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers.  Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA.  Before you can create a GSMA, you must first create a root key for the service.  You can skip this if your environment already uses GSMA.
+GMSA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers.  Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GMSA.  Before you can create a GMSA, you must first create a root key for the service.  You can skip this if your environment already uses GMSA.
 
 #### Create KDS Root Key
 
@@ -526,12 +526,3 @@ For detailed information about the certificate, use `Certutil -q -v <certificate
 3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*)
 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
 5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
-
-
-
-
-
-
-
-
-

windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article

windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article

windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article

windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: dulcemontemayor
+author: mapalko
-ms.author: dolmont
+ms.author: mapalko
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article