Merge branch 'master' into MDBranch20H1BluetoothPolicy

2025-05-12 13:27:23 +00:00 · 2020-02-12 11:28:23 -08:00 · 2020-02-12 11:28:23 -08:00 · 7a3ef25a7f
commit 7a3ef25a7f
parent fe4edd0b33 2b558fab0c
79 changed files with 925 additions and 337 deletions
--- a/devices/hololens/hololens-commercial-infrastructure.md
+++ b/devices/hololens/hololens-commercial-infrastructure.md
@ -16,98 +16,171 @@ appliesto:
 - HoloLens 2
 ---
-# Configure Your Network
+# Configure Your Network for HoloLens
 This portion of the document will require the following people:
-1.	Network Admin with permissions to make changes to the proxy/firewall
+
-2.	Azure Active Directory Admin
+1. Network Admin with permissions to make changes to the proxy/firewall
-3.	Mobile Device Manager Admin
+2. Azure Active Directory Admin
-4.	Teams admin for Remote Assist only
+3. Mobile Device Manager Admin
 ## Infrastructure Requirements
 HoloLens is, at its core, a Windows mobile device integrated with Azure.  It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.
 Critical cloud services include:
 - Azure active directory (AAD)
 - Windows Update (WU)
 Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale.  This guide uses [Microsoft Intune](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune) as an example, though any provider with full support for Microsoft Policy can support HoloLens.  Ask your mobile device management provider if they support HoloLens 2.
 HoloLens does support a limited set of cloud disconnected experiences.
 ### Wireless network EAP support
 - PEAP-MS-CHAPv2
 - PEAP-TLS
 - TLS
 - TTLS-CHAP
 - TTLS-CHAPv2
 - TTLS-MS-CHAPv2
 - TTLS-PAP
 - TTLS-TLS
 ### HoloLens Specific Network Requirements
 Make sure that these ports and URLs are allowed on your network firewall. This will enable HoloLens to function properly. The latest list can be found [here](hololens-offline.md).
 ### Remote Assist Specific Network Requirements
-1.	The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found [here](https://docs.microsoft.com/MicrosoftTeams/prepare-network).
+1. The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found [here](https://docs.microsoft.com/MicrosoftTeams/prepare-network).
 **Please note, if you don’t network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer.**
 1. Make sure that these ports and URLs are allowed on your network firewall. This will enable Microsoft Teams to function. The latest list can be found [here](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams).
 ### Guides Specific Network Requirements
 Guides only require network access to download and use the app.
 ## Azure Active Directory Guidance
 This step is only necessary if your company plans on managing the HoloLens and mixed reality apps.
-### 1. Ensure that you have an Azure AD License. 
+>[!NOTE]
 >This step is only necessary if your company plans on managing the HoloLens and mixed reality apps.
 1. Ensure that you have an Azure AD License.
 Please [HoloLens Licenses Requirements](hololens-licenses-requirements.md)for additional information.
-### 2. Ensure that your company’s users are in Azure Active Directory (Azure AD).
+1. If you plan on using Auto Enrollment, you will have to [Configure Azure AD enrollment.](https://docs.microsoft.com/intune/deploy-use/.set-up-windows-device-management-with-microsoft-intune#azure-active-directory-enrollment)
 1. Ensure that your company’s users are in Azure Active Directory (Azure AD).
 Instructions for adding users can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/add-users-azure-active-directory).
-### 3. We suggest that users who will be need similar licenses are added to a group.
+1. We suggest that users who will be need similar licenses are added to a group.
-1. [Create a Group](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal) 
+    1. [Create a Group](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
    1. [Add users to groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal)
-2. [Add users to groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal)
+1. Ensure that your company’s users (or group of users) are assigned the necessary licenses.
 ### 4. Ensure that your company’s users (or group of users) are assigned the necessary licenses. 
 Directions for assigning licenses can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/license-users-groups).
-### 5. **IMPORTANT:** Only do this step if users are expected to enroll their HoloLens/Mobile device onto the network. 
+1. Only do this step if users are expected to enroll their HoloLens/Mobile device into you (There are three options)
 These steps ensure that your company’s users (or a group of users) can add devices.
-1. Option 1: Give all users permission to join devices to Azure AD.
+    1. **Option 1:** Give all users permission to join devices to Azure AD.
 **Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
 **Set Users may join devices to Azure AD to *All***
-1.	Option 2: Give selected users/groups permission to join devices to Azure AD
+    1. **Option 2:** Give selected users/groups permission to join devices to Azure AD
 **Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
 **Set Users may join devices to Azure AD to *Selected***
 ![Image that shows Configuration of Azure AD Joined Devices](images/azure-ad-image.png)
-1.	Option 3: You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled by your IT department. 
+    1. **Option 3:** You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled.
-## Mobile Device Manager Admin Steps
+## Mobile Device Manager Guidance
-### Scenario 1: Kiosk Mode
+### Ongoing device management
 As a note, auto-launching an app does not currently work for HoloLens.
-How to Set Up Kiosk Mode Using Microsoft Intune.
+>[!NOTE]
-#### 1. Sync Microsoft Store to Intune ([Here](https://docs.microsoft.com/intune/apps/windows-store-for-business))
+>This step is only necessary if your company plans on managing the HoloLens and mixed reality apps.
 Ongoing device management will depend on your mobile device management infrastructure.  Most have the same general functionality but the user interface may vary widely.
-#### 2.	Check your app settings
+1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. Some CSPs are supported by HoloLens devices. (See the list of CSPs for HoloLens [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices)).
-1. Log into your Microsoft Store Business account
+1. [Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant. For example, you can create a policy that requires Bitlocker be enabled.
 1. **Manage** > **Products and Services** > **Apps and Software** > **Select the app you want to sync** > **Private Store Availability** > **Select “Everyone” or “Specific Groups”**
 1.	If you do not see your apps in **Intune** > **Client Apps** > **Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again.
-#### 3.	Configuring Kiosk Mode using MDM
+1. [Create Compliance Policy](https://docs.microsoft.com/intune/protect/compliance-policy-create-windows).
-Information on configuring Kiosk Mode in Intune can be found [here](https://docs.microsoft.com/hololens/hololens-kiosk#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)
+1. Conditional Access allows/denies mobile devices and mobile applications from accessing company resources. Two documents you may find helpful are [Plan your CA Deployment](https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access) and [Best Practices](https://docs.microsoft.com/azure/active-directory/conditional-access/best-practices).
- >[!NOTE]
+1. [This article](https://docs.microsoft.com/intune/fundamentals/windows-holographic-for-business) talks about Intune's management tools for HoloLens.
    >You can configure different users to have different Kiosk Mode experiences by using “Azure AD” as the “User logon type”. However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
-![Image that shows Configuration of Kiosk Mode in Intune](images/aad-kioskmode.png)
+1. [Create a device profile](https://docs.microsoft.com/intune/configuration/device-profile-create)
-If you are configuring Kiosk Mode on an MDM other than Intune, please check your MDM provider's documentation.
+### Manage updates
-## Additional Intune Quick Links
+Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.
-1.	[Create Profiles:](https://docs.microsoft.com/intune/configuration/device-profile-create) Profiles allow you to add and configure settings that will be pushed to the devices in your organization.
+For example, you can create a maintenance window to install updates, or choose to restart after updates are installed.  You can also choose to pause updates indefinitely until you're ready to update.
-1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. Some CSPs are supported by HoloLens devices. (See the list of CSPs for HoloLens [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices).
+Read more about [configuring update rings with Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
-1.	[Create Compliance Policy](https://docs.microsoft.com/intune/protect/create-compliance-policy)
+### Application management
-1.	 Conditional Access allows/denies mobile devices and mobile applications from accessing company resources. Two documents you may find helpful are [Plan your CA Deployment](https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access) and [Best Practices](https://docs.microsoft.com/azure/active-directory/conditional-access/best-practices).
+Manage HoloLens applications through:
-## Certificates and Authentication
+1. Microsoft Store  
-### MDM Certificate Distribution
+  The Microsoft Store is the best way to distribute and consume applications on HoloLens.  There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/windows/uwp/publish/).  
-If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit [here](https://docs.microsoft.com/intune/protect/certificates-configure) to determine which cert is best for you. If you plan to use certs for HoloLens Authentication, PFX or SCEP may be right for you.
+  All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.  
 1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/)  
  Microsoft Store for Business and Education is a custom store for your corporate environment.  It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization.  It also lets you deploy apps that are specific to your commercial environment but not to the world.
 1. Application deployment and management via Intune or another mobile device management solution  
  Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices.  See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy).
 1. _not recommended_ Device Portal  
  Applications can also be installed on HoloLens directly using the Windows Device Portal.  This isn't recommended since Developer Mode has to be enabled to use the device portal.
 Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps).
 ### Certificates
 You can distribute certifcates through your MDM provider. If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit [here](https://docs.microsoft.com/intune/protect/certificates-configure) to determine which cert is best for you. If you plan to use certs for HoloLens Authentication, PFX or SCEP may be right for you.
 Steps for SCEP can be found [here](https://docs.microsoft.com/intune/protect/certificates-profile-scep).
-### Device Certificates
+### How to Upgrade to Holographics for Business Commercial Suite
-Certificates can also be added to the HoloLens through package provisioning. Please see [HoloLens Provisioning](hololens-provisioning.md) for additional information.
+
 >[!NOTE]
 >Windows Holographics for Business (commercial suite) is only intended for HoloLens 1st gen devices. The profile will not be applied to HoloLens 2 devices.
 Directions for upgrading to the commercial suite can be found [here](https://docs.microsoft.com/intune/configuration/holographic-upgrade).
 ### How to Configure Kiosk Mode Using Microsoft Intune
 1. Sync Microsoft Store to Intune ([Here](https://docs.microsoft.com/intune/apps/windows-store-for-business)).
 1. Check your app settings
    1. Log into your Microsoft Store Business account
    1. **Manage** > **Products and Services** > **Apps and Software** > **Select the app you want to sync** > **Private Store Availability** > **Select “Everyone” or “Specific Groups”*
    1. If you do not see your apps in **Intune** > **Client Apps** > **Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again.
 1. [Create a device profile for Kiosk mode](https://docs.microsoft.com/intune/configuration/kiosk-settings#create-the-profile)
 > [!NOTE]
 > You can configure different users to have different Kiosk Mode experiences by using “Azure AD” as the “User logon type”. However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
 ![Image that shows Configuration of Kiosk Mode in Intune](images/aad-kioskmode.png)
 For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, additional directions can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)
 ## Certificates and Authentication
 Certificates can be deployed via you MDM (see "certificates" in the [MDM Section](hololens-commercial-infrastructure.md#mobile-device-manager-guidance)). Certificates can also be deployed to the HoloLens through package provisioning. Please see [HoloLens Provisioning](hololens-provisioning.md) for additional information.
 ### Additional Intune Quick Links
 1. [Create Profiles:](https://docs.microsoft.com/intune/configuration/device-profile-create) Profiles allow you to add and configure settings that will be pushed to the devices in your organization.
 ## Next (Optional) Step: [Configure HoloLens using a provisioning package](hololens-provisioning.md)
 ## Next Step: [Enroll your device](hololens-enroll-mdm.md)
--- a/devices/hololens/hololens-kiosk.md
+++ b/devices/hololens/hololens-kiosk.md
@ -14,11 +14,9 @@ manager: dansimp
 # Set up HoloLens in kiosk mode
 In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#add-guest-access-to-the-kiosk-configuration-optional)
-When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
+When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
 Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the [start gestures](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) (including [Bloom](https://docs.microsoft.com/hololens/hololens1-basic-usage) on HoloLens (1st Gen)) and Cortana are disabled, and placed apps aren't shown in the user's surroundings. 
@ -41,14 +39,14 @@ The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft
 For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk:
 - You can use [Microsoft Intune or other mobile device management (MDM) service](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803) to configure single-app and multi-app kiosks.
- You can [use a provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks.
+- You can [use a provisioning package](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks.
 - You can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
 For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks.
 ## Start layout for HoloLens
-If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout. 
+If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout. 
 >[!NOTE]
 >Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
@ -58,7 +56,7 @@ If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-
 Save the following sample as an XML file. You can use this file when you configure the multi-app kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
 >[!NOTE]
->If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-a-provisioning-package). 
+>If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-a-provisioning-package).
 ```xml
 <LayoutModificationTemplate
@ -72,13 +70,13 @@ Save the following sample as an XML file. You can use this file when you configu
        <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="placeholderpackagename_kzf8qxf38zg5c!App" />
      </AppendGroup>      
    </RequiredStartGroups>
-  </RequiredStartGroupsCollection> 
+  </RequiredStartGroupsCollection>
 </LayoutModificationTemplate>
 ```
 ### Start layout for a provisioning package
-You will [create an XML file](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
+You will [create an XML file](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
 ```xml
 <!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
@ -102,11 +100,11 @@ You will [create an XML file](#setup-kiosk-mode-using-a-provisioning-package-win
 ## Set up kiosk mode using Microsoft Intune or MDM (Windows 10, version 1803)
-For HoloLens devices that are managed by Microsoft Intune, you [create a device profile](https://docs.microsoft.com/intune/device-profile-create) and configure the [Kiosk settings](https://docs.microsoft.com/intune/kiosk-settings).
+For HoloLens devices that are managed by Microsoft Intune, directions can be found [here](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune).
 For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-a-kiosk-configuration-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.  
-## Setup kiosk mode using a provisioning package (Windows 10, version 1803)
+## Set up kiosk mode using a provisioning package (Windows 10, version 1803)
 Process:
 1. [Create an XML file that defines the kiosk configuration.](#create-a-kiosk-configuration-xml-file)
@ -155,7 +153,7 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
 13. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
-      -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
+      - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
 14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
@ -181,7 +179,7 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
 ## Set up kiosk mode using the Windows Device Portal (Windows 10, version 1607 and version 1803) 
-1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. 
+1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
    >[!IMPORTANT]
    >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
@ -202,17 +200,14 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
 5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.
 ## Kiosk app recommendations
 - You cannot select Microsoft Edge, Microsoft Store, or the Shell app as a kiosk app.
 - We recommend that you do **not** select the Settings app and the File Explorer app as a kiosk app.
- You can select Cortana as a kiosk app. 
+- You can select Cortana as a kiosk app.
 - To enable photo or video capture, the HoloCamera app must be enabled as a kiosk app.
 ## More information
 Watch how to configure a kiosk in a provisioning package.
->[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
--- a/devices/hololens/hololens-licenses-requirements.md
+++ b/devices/hololens/hololens-licenses-requirements.md
@ -16,35 +16,56 @@ appliesto:
 - HoloLens 2
 ---
-# Licenses Required for Mixed Reality Deployment
+# Determine what licenses you need
 If you plan on using a Mobile Device Management system (MDM) to manage your HoloLens, please review the MDM License Guidance section.
 ## Mobile Device Management (MDM) Licenses Guidance
 If you plan on managing your HoloLens devices, you will need Azure AD and an MDM. Active Director (AD) cannot be used to manage HoloLens devices.
 If you plan on using an MDM other than Intune, an [Azure Active Directory Licenses](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) is required.
-
+If you plan on using Intune as your MDM, you can acquire an [Enterprise Mobility + Security (EMS) suite (E3 or E5) licenses](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing). **Please note that Azure AD is included in both suites.**
 If you plan on using Intune as your MDM, you can acquire an [Enterprise Mobility + Security (EMS) suite (E3 or E5) licenses](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing). **Please note that Azure AD is included in both suites.** 
 ## Identify the licenses needed for your scenario and products
 ### HoloLens Licenses Requirements
 You may need to upgrade your HoloLens 1st Gen Device to Windows Holographic for Business. (See [HoloLens commercial features](holoLens-commercial-features.md#feature-comparison-between-editions) to determine if you need to upgrade).
 If so, you will need to do the following:
 - Acquire a HoloLens Enterprise license XML file
 - Apply the XML file to the HoloLens. You can do this through a [Provisioning package](hololens-provisioning.md) or through your [Mobile Device Manager](https://docs.microsoft.com/intune/configuration/holographic-upgrade)
 Some of the HoloLens configurations you can apply in a provisioning package:
 - Apply certificates to the device
 - Set up a Wi-Fi connection
 - Pre-configure out of box questions like language and locale
 - (HoloLens 2) bulk enroll in mobile device management
 - (HoloLens v1) Apply key to enable Windows Holographic for Business
 Follow [this guide](hololens-provisioning.md) to create and apply a provisioning package to HoloLens.
 ### Remote Assist License Requirements
 Make sure you have the required licensing and device. Updated licensing and product requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/requirements).
-1.	[Remote Assist License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
+1. [Remote Assist License](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/buy-and-deploy-remote-assist)
-1.	[Teams Freemium/Teams](https://products.office.com/microsoft-teams/free)
+1. [Teams Freemium/Teams](https://products.office.com/microsoft-teams/free)
-1.	[Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
+1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
 ### Guides License Requirements
 Updated licensing and device requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/guides/requirements).
-1.	[Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
+1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
-1.	[Power BI](https://powerbi.microsoft.com/desktop/)
+1. [Power BI](https://powerbi.microsoft.com/desktop/)
-1.	[Guides](https://docs.microsoft.com/dynamics365/mixed-reality/guides/setup)
+1. [Guides](https://docs.microsoft.com/dynamics365/mixed-reality/guides/setup)
 ### Scenario 1: Kiosk Mode
 If you are not planning to use an MDM to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
-1.	If you are **not** planning to use an MDM to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
+1. If you are **not** planning to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
-1.	If you are planning to use an MDM other than Intune, your MDM provider will have steps on configuring Kiosk mode. 
+1. If you are planning to use an MDM to implement Kiosk mode, you will need an [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis).
-1. If you are planning to use **Intune** as your MDM, implementation directions can be found in [Configuring your Network for HoloLens]().
+
 Additional information regarding kiosk mode will be covered in [Configuring your Network for HoloLens](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune).
 ## Next Step: [Configure your network for HoloLens](hololens-commercial-infrastructure.md)
--- a/devices/hololens/hololens-provisioning.md
+++ b/devices/hololens/hololens-provisioning.md
@ -14,46 +14,49 @@ manager: dansimp
 # Configure HoloLens using a provisioning package
 [Windows provisioning](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) makes it easy for IT administrators to configure end-user devices without imaging. Windows Configuration Designer is a tool for configuring images and runtime settings which are then built into provisioning packages.
 Some of the HoloLens configurations that you can apply in a provisioning package:
-[Windows provisioning](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) makes it easy for IT administrators to configure end-user devices without imaging. Windows Configuration Designer is a tool for configuring images and runtime settings which are then built into provisioning packages. 
+- Upgrade to Windows Holographic for Business [here](hololens1-upgrade-enterprise.md)
 Some of the HoloLens configurations that you can apply in a provisioning package: 
 - Upgrade to Windows Holographic for Business
 - Set up a local account
 - Set up a Wi-Fi connection
 - Apply certificates to the device
 - Enable Developer Mode
 - Configure Kiosk mode (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803).
-To create provisioning packages, you must install Windows Configuration Designer [from Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) or [from the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box.
+## Provisioning package HoloLens wizard
 <span id="wizard" />
 ## Create a provisioning package for HoloLens using the HoloLens wizard
 The HoloLens wizard helps you configure the following settings in a provisioning package:
 - Upgrade to the enterprise edition
    >[!NOTE]
-    >Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
+    > This should only be used for HoloLens 1st Gen devices. Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
 - Configure the HoloLens first experience (OOBE)
- Configure Wi-Fi network 
+- Configure Wi-Fi network
 - Enroll device in Azure Active Directory or create a local account
 - Add certificates
 - Enable Developer Mode
 - Configure kiosk mode. (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803)).
 >[!WARNING]
 >You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
-Provisioning packages can include management instructions and policies, customization of network connections and policies, and more. 
+Provisioning packages can include management instructions and policies, customization of network connections and policies, and more.
 > [!TIP]
 > Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
 ## Steps for Creating Provisioning Packages
-### Create the provisioning package
+### 1. Install Windows Configuration Designer on your PC. (There are two ways to do this).
 1. **Option 1:** [From Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22)
 2. **Option 2:** [From the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box.
 ### 2. Create the Provisioning Package
 Use the Windows Configuration Designer tool to create a provisioning package.
@ -61,9 +64,9 @@ Use the Windows Configuration Designer tool to create a provisioning package.
 2. Click **Provision HoloLens devices**.
-   ![ICD start options](images/icd-create-options-1703.png)   
+   ![ICD start options](images/icd-create-options-1703.png)
-3. Name your project and click **Finish**. 
+3. Name your project and click **Finish**.
 4. Read the instructions on the **Getting started** page and select **Next**. The pages for desktop provisioning will walk you through the following steps.
@ -72,7 +75,6 @@ Use the Windows Configuration Designer tool to create a provisioning package.
 ### Configure settings
 <table>
 <tr><td style="width:45%" valign="top"><a id="one"></a><img src="images/one.png" alt="step one"/><img src="images/set-up-device.png" alt="set up device"/></br></br>Browse to and select the enterprise license file to upgrade the HoloLens edition.</br></br>You can also toggle <strong>Yes</strong> or <strong>No</strong> to hide parts of the first experience.</br></br>To set up the device without the need to connect to a Wi-Fi network, toggle <strong>Skip Wi-Fi setup</strong> to <strong>On</strong>.</br></br>Select a region and timezone in which the device will be used. </td><td><img src="images/set-up-device-details.png" alt="Select enterprise licence file and configure OOBE"/></td></tr>
 <tr><td style="width:45%" valign="top"><a id="two"></a><img src="images/two.png" alt="step two"/>  <img src="images/set-up-network.png" alt="set up network"/></br></br>In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select <strong>On</strong>, enter the SSID, the network type (<strong>Open</strong> or <strong>WPA2-Personal</strong>), and (if <strong>WPA2-Personal</strong>) the password for the wireless network.</td><td><img src="images/set-up-network-details-desktop.png" alt="Enter network SSID and type"/></td></tr>
@ -84,10 +86,7 @@ Use the Windows Configuration Designer tool to create a provisioning package.
 After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
- **Next step**: [How to apply a provisioning package](#apply)   
+### 3. Create a provisioning package for HoloLens using advanced provisioning
 ## Create a provisioning package for HoloLens using advanced provisioning
 >[!NOTE]
 >Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
@ -106,7 +105,7 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
    >[!IMPORTANT]
    >(For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens#perform_a_full_device_recovery).
-8. On the **File** menu, click **Save**. 
+8. On the **File** menu, click **Save**.
 4. Read the warning that project files may contain sensitive information, and click **OK**.
@ -135,9 +134,10 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
-10. When the build completes, click **Finish**. 
+10. When the build completes, click **Finish**.
 <span id="apply" />
 ## Apply a provisioning package to HoloLens during setup
 1. Connect the device via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
@ -157,17 +157,17 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 >[!NOTE]
 >If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
-## Apply a provisioning package to HoloLens after setup
+### 4. Apply a provisioning package to HoloLens after setup
 >[!NOTE]
 >Windows 10, version 1809 only
 On your PC:
-1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md). 
+1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md).
-2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC. 
+2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC.
-3. Drag and drop the provisioning package to the Documents folder on the HoloLens. 
+3. Drag and drop the provisioning package to the Documents folder on the HoloLens.
-On your HoloLens: 
+On your HoloLens:
 1. Go to **Settings > Accounts > Access work or school**. 
 2. In **Related Settings**, select **Add or remove a provisioning package**.
 3. On the next page, select **Add a package** to launch the file picker and select your provisioning package. If the folder is empty, make sure you select **This Device** and select **Documents**.
@ -192,9 +192,4 @@ In Windows Configuration Designer, when you create a provisioning package for Wi
 >[!NOTE]
 >App installation (**UniversalAppInstall**) using a provisioning package is not currently supported for HoloLens.
-
+## Next Step: [Enroll your device](hololens-enroll-mdm.md)
--- a/devices/hololens/hololens-release-notes.md
+++ b/devices/hololens/hololens-release-notes.md
@ -19,6 +19,7 @@ appliesto:
 # HoloLens Release Notes
 ## HoloLens 2
 > [!Note]
 > HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
@ -85,7 +86,7 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for
 - Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
 - You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#wizard).
+- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
    ![Provisioning HoloLens devices](images/provision-hololens-devices.png)
@ -97,7 +98,7 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for
 - Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business. 
+- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
 - You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
--- a/devices/hololens/hololens-requirements.md
+++ b/devices/hololens/hololens-requirements.md
@ -13,62 +13,67 @@ ms.date: 07/15/2019
 # Deploy HoloLens in a commercial environment
-You can deploy and configure HoloLens at scale in a commercial setting.  
+You can deploy and configure HoloLens at scale in a commercial setting.  This article provides instructions for deploying HoloLens devices in a commercial environment. This guide assumes basic familiarity with HoloLens. Follow the [get started guide](hololens1-setup.md) to set up HoloLens for the first time.
-This article includes:
+## Overview of Deployment Steps
- Infrastructure requirements and recommendations for HoloLens management
+1. [Determine what features you need](hololens-requirements.md#step-1-determine-what-you-need)
- Tools for provisioning HoloLens
+1. [Determine what licenses you need](hololens-licenses-requirements.md)
- Instructions for remote device management
+1. [Configure your network for HoloLens](hololens-commercial-infrastructure.md).
- Options for application deployment
+    1. This section includes bandwidth requirements, URL and Ports that need to be whitelisted on your firewall, Azure AD guidance, Mobile Device Management Guidance, app deployment/management guidance, and certificate guidance.
 1. (Optional) [Configure HoloLens using a provisioning package](hololens-provisioning.md)
 1. [Enroll Device](hololens-enroll-mdm.md)
 1. [Set up ring based updates for HoloLens](hololens-updates.md)
 1. [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
-This guide assumes basic familiarity with HoloLens. Follow the [get started guide](hololens1-setup.md) to set up HoloLens for the first time.
+## Step 1. Determine what you need
-## Infrastructure for managing HoloLens
+Before deploying the HoloLens in your environment, it is important to first determine what features, apps, and type of identities are needed.
-HoloLens is, at its core, a Windows mobile device integrated with Azure.  It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.
+### Type of Features
-Critical cloud services include:
+Your feature requirements will determine which HoloLens you need. One popular feature that we see deployed in customer environments frequently is Kiosk Mode. A list of HoloLens key features, and the editions of HoloLens that support them, can be found [here](hololens-commercial-features.md).
- Azure active directory (AAD)
+**What is Kiosk Mode?**
 - Windows Update (WU)
-Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale.  This guide uses [Microsoft Intune](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune) as an example, though any provider with full support for Microsoft Policy can support HoloLens.  Ask your mobile device management provider if they support HoloLens 2.
+Kiosk mode is a way to restrict the apps that a user has access to. This means that users will only be allowed to access certain apps.
-HoloLens does support a limited set of cloud disconnected experiences.
+**What Kiosk Mode do I require?**
-## Initial set up at scale
+There are two types of Kiosk Modes: Single app and multi-app. Single app kiosk mode allows user to only access one app while multi-app kiosk mode allows users to access multiple specified apps. To determine which kiosk mode is right for your corporation, the following two questions need to be answered:
-The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time.  If you're provisioning many HoloLens devices, however, selecting your language and settings manually for each device gets tedious and limits scale.
+1. **Do different users who are require different experiences/restrictions?** Example, User A is a field service engineer who only needs access to Remote Assist. User B is a trainee who only needs access to guides… etc.
    1. If yes, you will require the following:
        1. Azure AD Accounts as the method of signing into the devices.
        1. Multi-app kiosk mode.
    1. If no, continue to question two
 1. **Do you require a multi-app experience?**
    1. If yes, Multi-app kiosk is mode is needed
    1. If your answer to question 1 and 2 are both no, Single-app kiosk mode can be used
-This section:
+**How to set up Kiosk Mode**
- Introduces Windows provisioning using provisioning packages
+There are two main ways ([provisioning packages](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) and [MDM](hololens-kiosk.md#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)) to deploy kiosk mode for HoloLens. These options will be discussed later in the document; however, you can use the links above to jump to the respective sections in this doc.
 - Walks through applying a provisioning package during first setup
-### Create and apply a provisioning package
+### Apps
-The best way to configure many new HoloLens device is with Windows provisioning.  You can use it to specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes.
+This deployment guide will cover the following types of apps:
-A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages)  (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device.
+1. Remote Assist
 2. Guides
 3. Customer Apps
-### Upgrade to Windows Holographic for Business
+Each step in this document will include instructions for each specific app.
- HoloLens Enterprise license XML file
+### Type of identity
-Some of the HoloLens configurations you can apply in a provisioning package:
+Determine the type of identity that will be used to sign into the device.
- Apply certificates to the device
+1. **Local Accounts:** This account is local to the device (like a local admin account on a windows PC). This will allow only 1 user to log into the device.
- Set up a Wi-Fi connection
+2. **MSA:** This will be a personal account (like outlook, hotmail, gmail, yahoo, etc.) This will allow only 1 user to log into the device.
- Pre-configure out of box questions like language and locale
+3. **Azure Active Directory (Azure AD) accounts:** This is an account created in Azure AD. This grants your corporation the ability to manage the HoloLens device. This will allow multiple users to log into the HoloLens 1st Gen Commercial Suite/the HoloLens 2 device.
 - (HoloLens 2) bulk enroll in mobile device management
 - (HoloLens v1) Apply key to enable Windows Holographic for Business
-Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens.
+### Determine your enrollment method
 ### Set up user identity and enroll in device management
 The last step in setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure.  There are several ways to enroll:
 1. Bulk enrollment with a security token in a provisioning package.  
  Pros: this is the most automated approach  
@ -80,66 +85,19 @@ The last step in setting up HoloLens for management at scale is to enroll device
  Pros: possible to enroll after set up  
  Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled.
-Learn more about MDM enrollment [here](hololens-enroll-mdm.md).
+  More information can be found [here](hololens-enroll-mdm.md)
-## Ongoing device management
+### Determine if you need a provisioning package
-Ongoing device management will depend on your mobile device management infrastructure.  Most have the same general functionality but the user interface may vary widely.
+There are two methods to configure a HoloLens device (Provisioning packages and MDMs). We suggest using your MDM to configure you HoloLens device, however, there are some scenarios where using a provisioning package is the better choice:
-This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens).
+1. You want to skip the Out of Box Experience (OOBE)
 1. You are having trouble deploying certificate in a complex network. The majority of the time you can deploy certificates using MDM (even in complex environments). However, some scenarios require certificates to be deployed through the provisioning package.
-[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens.
+## Next Step: [Determine what licenses you need](hololens-licenses-requirements.md)
 ### Push compliance policy via Intune
 [Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant.
 For example, you can create a policy that requires Bitlocker be enabled.
 [Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows).
 ### Manage updates
 Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.
 For example, you can create a maintenance window to install updates, or choose to restart after updates are installed.  You can also choose to pause updates indefinitely until you're ready to update.
 Read more about [configuring update rings with Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
 ## Application management
 Manage HoloLens applications through:
 1. Microsoft Store  
  The Microsoft Store is the best way to distribute and consume applications on HoloLens.  There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/windows/uwp/publish/).  
  All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.  
 1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/)  
  Microsoft Store for Business and Education is a custom store for your corporate environment.  It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization.  It also lets you deploy apps that are specific to your commercial environment but not to the world.
 1. Application deployment and management via Intune or another mobile device management solution  
  Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices.  See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy).
 1. _not recommended_ Device Portal  
  Applications can also be installed on HoloLens directly using the Windows Device Portal.  This isn't recommended since Developer Mode has to be enabled to use the device portal.
 Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps).
 ## Get support
 Get support through the Microsoft support site.
-[File a support request](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
+[File a support request](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
 ## Technical Reference
 ### Wireless network EAP support
 - PEAP-MS-CHAPv2
 - PEAP-TLS
 - TLS
 - TTLS-CHAP
 - TTLS-CHAPv2
 - TTLS-MS-CHAPv2
 - TTLS-PAP
 - TTLS-TLS
--- a/devices/hololens/hololens-whats-new.md
+++ b/devices/hololens/hololens-whats-new.md
@ -43,16 +43,14 @@ manager: dansimp
 | Read device hardware info through MDM so devices can be tracked by serial # |                                                                                        IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions.                                                                                         |
 |                Set HoloLens device name through MDM (rename)                |                                                                                                IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions.                                                                                                |
-### For international customers 
+### For international customers
 Feature | Details  
--- | --- 
+--- | ---
 Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.  
-Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. 
+Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English.
 [Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) 
 [Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md)
 ## Windows 10, version 1803 for Microsoft HoloLens
@ -60,11 +58,11 @@ Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese
 Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md). 
+- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
 - You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#wizard).
+- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
    ![Provisioning HoloLens devices](images/provision-hololens-devices.png)
@ -74,9 +72,9 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for
 - Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically. 
+- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business. 
+- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
 - You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
--- a/devices/surface/surface-dock-firmware-update.md
+++ b/devices/surface/surface-dock-firmware-update.md
@ -23,7 +23,7 @@ Microsoft Surface Dock Firmware Update supersedes the earlier Microsoft Surface
 ## Monitor the Surface Dock Firmare Update
-This section is optional and provides an overview of how to monitor installation of the firmware update. For more detailed information about monitoring the update process, see the following sections in this article: 
+This section is optional and provides an overview of how to monitor installation of the firmware update. When you are ready to install the update, see [Install the Surface Dock Firmware Update](#install-the-surface-dock-firmware-update) below. For more detailed information about monitoring the update process, see the following sections in this article: 
  - [How to verify completion of firmware update](#how-to-verify-completion-of-the-firmware-update)
  - [Event logging](#event-logging)
  - [Troubleshooting tips](#troubleshooting-tips)
@ -61,10 +61,15 @@ This section describes how to install the firmware update.
 You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firmware Update to multiple devices across your network. When using Microsoft Endpoint Configuration Manager or other deployment tool, enter the following syntax to ensure the installation is silent:
- **Msiexec.exe /i <name of msi> /quiet /norestart** 
+- **Msiexec.exe /i \<path to msi file\> /quiet /norestart** 
  For example:
  ```
  msiexec /i "\\share\folder\Surface_Dock_FwUpdate_1.42.139_Win10_17134_19.084.31680_0.msi" /quiet /norestart
  ```
 > [!NOTE]
-> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]". For example: Msiexec.exe /i <name of msi> /l*v %windir%\logs\ SurfaceDockFWI.log"
+> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]". For example: Msiexec.exe /i \<path to msi file\> /l*v %windir%\logs\ SurfaceDockFWI.log"
 For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation.
@ -76,7 +81,7 @@ For more information, refer to [Command line options](https://docs.microsoft.com
 You can use Intune to distribute Surface Dock Firmware Update to your devices. First you will need to convert the MSI file to the .intunewin format, as described in the following documentation: [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps/apps-win32-app-management).
 Use the following command:
-  - **msiexec /i <name of msi> /quiet /q**
+  - **msiexec /i \<path to msi file\> /quiet /q**
 ## How to verify completion of the firmware update
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@ -132,7 +132,7 @@ Optional. The character string that allows the user experience to include a cust
 Supported operations are Get, Replace, and Delete.
 <a href="" id="provider-providerid-requiremessagesigning"></a>**Provider/*ProviderID*/RequireMessageSigning**  
-Boolean type. Primarly used for SSL bridging mode where firewalls and proxies are deployed and where device client identity is required. When enabled, every SyncML message from the device will carry an additional HTTP header named MDM-Signature. This header contains BASE64-encoded Cryptographic Message Syntax using a Detached Signature of the complete SyncML message SHA-2 (inclusive of the SyncHdr and SyncBody). Signing is performed using the private key of the management session certificate that was enrolled as part of the enrollment process. The device public key and PKCS9 UTC signing time stamp are included as part of the authenticated attributes in the signature.
+Boolean type. Primarily used for SSL bridging mode where firewalls and proxies are deployed and where device client identity is required. When enabled, every SyncML message from the device will carry an additional HTTP header named MDM-Signature. This header contains BASE64-encoded Cryptographic Message Syntax using a Detached Signature of the complete SyncML message SHA-2 (inclusive of the SyncHdr and SyncBody). Signing is performed using the private key of the management session certificate that was enrolled as part of the enrollment process. The device public key and PKCS9 UTC signing time stamp are included as part of the authenticated attributes in the signature.
 Default value is false, where the device management client does not include authentication information in the management session HTTP header. Optionally set to true, where the client authentication information is provided in the management session HTTP header.
@ -255,12 +255,12 @@ Optional. Added in Windows 10, version 1703. Specify the Discovery server URL o
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 <a href="" id="provider-providerid-numberofdaysafterlostcontacttounenroll"></a>**Provider/*ProviderID*/NumberOfDaysAfterLostContactToUnenroll**  
-Optional. Number of days after last sucessful sync to unenroll.
+Optional. Number of days after last successful sync to unenroll.
 Supported operations are Add, Delete, Get, and Replace. Value type is integer.
 <a href="" id="provider-providerid-aadsenddevicetoken"></a>**Provider/*ProviderID*/AADSendDeviceToken**  
-Device. Added in Windows 10 version 1803. For AZure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained.
+Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained.
 Supported operations are Add, Delete, Get, and Replace. Value type is bool.
@ -552,7 +552,7 @@ Optional. Boolean value that allows the IT admin to require the device to start
 Supported operations are Add, Get, and Replace.
 <a href="" id="provider-providerid-push"></a>**Provider/*ProviderID*/Push**  
-Optional. Not configurable during WAP Provisioining XML. If removed, DM sessions triggered by Push will no longer be supported.
+Optional. Not configurable during WAP Provisioning XML. If removed, DM sessions triggered by Push will no longer be supported.
 Supported operations are Add and Delete.
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -49,10 +49,14 @@ The following steps demonstrate required settings using the Intune service:
    ![Intune license verification](images/auto-enrollment-intune-license-verification.png)
 2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal). 
 Also verify that the **MAM user scope** is set to **None**. Otherwise, it will have precedence over the MDM scope that will lead to issues. 
    ![Auto-enrollment activation verification](images/auto-enrollment-activation-verification.png)
 > [!IMPORTANT]
 > For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.
 > For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled.
 3. Verify that the device OS version is Windows 10, version 1709 or later.
 4. Auto-enrollment into Intune via Group Policy is valid only for devices which are hybrid Azure AD joined. This means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is  hybrid Azure AD joined, run  `dsregcmd /status` from the command line.
@ -62,7 +66,7 @@ Also verify that the **MAM user scope** is set to **None**. Otherwise, it will h
    Additionally, verify that the SSO State section displays **AzureAdPrt** as **YES**.
-    ![Auto-enrollment azure AD prt verification](images/auto-enrollment-azureadprt-verification.png)
+    ![Auto-enrollment Azure AD prt verification](images/auto-enrollment-azureadprt-verification.png)
    This information can also be found on the Azure AD device list.
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -200,6 +200,9 @@ The following diagram shows the Policy configuration service provider in tree fo
  <dd>
    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata" id="applicationmanagement-allowshareduserappdata">ApplicationManagement/AllowSharedUserAppData</a>
  </dd>
  <dd> 
    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall"id="applicationmanagement-blocknonadminuserinstall">ApplicationManagement/BlockNonAdminUserInstall</a> 
  </dd>
  <dd>
    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps" id="applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
  </dd>
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 02/11/2020
 ms.reviewer: 
 manager: dansimp
 ---
@ -39,6 +39,9 @@ manager: dansimp
  <dd>
    <a href="#applicationmanagement-allowshareduserappdata">ApplicationManagement/AllowSharedUserAppData</a>
  </dd>
  <dd> 
    <a href="#applicationmanagement-blocknonadminuserinstall">ApplicationManagement/BlockNonAdminUserInstall</a> 
  </dd>
  <dd>
    <a href="#applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
  </dd>
@ -414,6 +417,83 @@ Most restricted value: 0
 <hr/>
 <!--Policy-->
 <a href="" id="applicationmanagement-blocknonadminuserinstall"></a>**ApplicationManagement/BlockNonAdminUserInstall**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Windows Edition</th>
    <th>Supported?</th>
 </tr>
 <tr>
    <td>Home</td>
    <td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 <tr>
    <td>Pro</td>
    <td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 <tr>
    <td>Business</td>
    <td><img src="images/checkmark.png" alt="check mark" /><sup>7</sup></td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td><img src="images/checkmark.png" alt="check mark" /><sup>7</sup></td>
 </tr>
 <tr>
    <td>Education</td>
    <td><img src="images/checkmark.png" alt="check mark" /><sup>7</sup></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Added in the next major release of Windows 10.
 Manages non-administrator users' ability to install Windows app packages.
 If you enable this policy, non-administrators will be unable to initiate installation of Windows app packages. Administrators who wish to install an app will need to do so from an Administrator context (for example, an Administrator PowerShell window). All users will still be able to install Windows app packages via the Microsoft Store, if permitted by other policies.
 If you disable or do not configure this policy, all users will be able to initiate installation of Windows app packages.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Prevent non-admin users from installing packaged Windows apps*
 -   GP name: *BlockNonAdminUserInstall*
 -   GP path: *Windows Components/App Package Deployment*
 -   GP ADMX file name: *AppxPackageManager.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:  
 - 0 (default) - Disabled. All users will be able to initiate installation of Windows app packages.
 - 1 - Enabled. Non-administrator users will not be able to initiate installation of Windows app packages.
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="applicationmanagement-disablestoreoriginatedapps"></a>**ApplicationManagement/DisableStoreOriginatedApps**  
@ -1032,6 +1112,7 @@ Footnotes:
 -   4 - Added in Windows 10, version 1803.
 -   5 - Added in Windows 10, version 1809.
 -   6 - Added in Windows 10, version 1903.
 -   7 - Added in the next major release of Windows 10.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -307,6 +307,10 @@ ADMX Info:
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 -   0 (default) – Disabled.
 -   1 – Allowed.
 <!--/SupportedValues-->
 <!--Example-->
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@ -253,6 +253,7 @@
 ##### [Update Compliance Perspectives](update/update-compliance-perspectives.md)
 ### Best practices
 #### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
 #### [Update Windows 10 media with Dynamic Update](update/media-dynamic-update.md)
 #### [Deploy feature updates during maintenance windows](update/feature-update-maintenance-window.md)
 #### [Deploy feature updates for user-initiated installations](update/feature-update-user-install.md)
 #### [Conclusion](update/feature-update-conclusion.md)
--- a/windows/deployment/update/images/update-catalog.png
+++ b/windows/deployment/update/images/update-catalog.png
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@ -0,0 +1,453 @@
 ---
 title: Update Windows 10 media with Dynamic Update
 description: Learn how to deploy feature updates to your mission critical devices
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: SteveDiAcetis
 ms.localizationpriority: medium
 ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 # Update Windows 10 media with Dynamic Update
 **Applies to**: Windows 10
 This topic explains how to acquire and apply Dynamic Update packages to existing Windows 10 images <em>prior to deployment</em> and includes Windows PowerShell scripts you can use to automate this process.
 Volume-licensed media is available for each release of Windows 10 in the Volume Licensing Service Center (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. You can use Dynamic Update to ensure that Windows 10 devices have the latest feature update packages as part of an in-place upgrade while preserving language pack and Features on Demand (FODs) that might have been previously installed. Dynamic Update also eliminates the need to install a separate quality update as part of the in-place upgrade process.
 ## Dynamic Update
 Whenever installation of a feature update starts (whether from media or an environment connected to Windows Update), *Dynamic Update* is one of the first steps. Windows 10 Setup contacts a Microsoft endpoint to fetch Dynamic Update packages, and then applies those updates to your operating system installation media. The update packages includes the following kinds of updates:
 - Updates to Setup.exe binaries or other files that Setup uses for feature updates
 - Updates for the "safe operating system" (SafeOS) that is used for the Windows recovery environment
 - Updates to the servicing stack necessary to complete the feature update (see [Servicing stack updates](servicing-stack-updates.md) for more information)
 - The latest cumulative (quality) update
 - Updates to applicable drivers already published by manufacturers specifically intended for Dynamic Update
 Dynamic Update preserves language pack and Features on Demand packages by reacquiring them.
 Devices must be able to connect to the internet to obtain Dynamic Updates. In some environments, it's not an option to obtain Dynamic Updates. You can still do a media-based feature update by acquiring Dynamic Update packages and applying it to the image prior to starting Setup on the device.
 ## Acquire Dynamic Update packages
 You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. For example, you could enter *1809 Dynamic Update x64*, which would return results like this:
 ![Table with columns labeled Title, Products, Classification, Last Updated, Version, and Size and four rows listing various dynamic updates and associated KB articles](images/update-catalog.png)
 The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the s. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in <em>bold</em> the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.
 |To find this Dynamic Update packages, search for or check the results here-->  |Title  |Product  |Description (select the **Title** link to see **Details**)  |
 |---------|---------|---------|---------|
 |Safe OS Dynamic Update      | 2019-08 Dynamic Update...        | Windows 10 Dynamic Update,Windows **Safe OS Dynamic Update**         | ComponentUpdate:        |
 |Setup Dynamic Update     | 2019-08 Dynamic Update...         | Windows 10 Dynamic Update        | **SetupUpdate**        |
 |Latest cumulative update     | 2019-08 **Cumulative Update for Windows 10**    |  Windows 10       |  Install this update to resolve issues in Windows...       |
 |Servicing stack Dynamic Update     | 2019-09 **Servicing Stack Update for Windows 10**        |  Windows 10...       | Install this update to resolve issues in Windows...        |
 If you want to customize the image with additional languages or Features on Demand, download supplemental media ISO files from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). For example, since Dynamic Update will be disabled for your devices, and if users require specific Features on Demand, you can preinstall these into the image.
 ## Update Windows 10 installation media
 Properly updating the installation media involves a large number of actions operating on several different targets (image files). Some actions are repeated on different targets. The target images files include:
 - Windows Preinstallation Environment (WinPE): a small operating system used to install, deploy, and repair Windows operating systems
 - Windows Recovery Environment (WinRE): repairs common causes of unbootable operating systems. WinRE is based on WinPE and can be customized with additional drivers, languages, optional packages, and other troubleshooting or diagnostic tools.
 - Windows operating system: one or more editions of Windows 10 stored in \sources\install.wim
 - Windows installation media: the complete collection of files and folders in the Windows 10 installation media. For example, \sources folder, \boot folder, Setup.exe, and so on.
 This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26).
 |Task  |WinRE (winre.wim)  |WinPE (boot.wim)  |Operating system (install.wim)  | New media |
 |---------|---------|---------|---------|------|
 |Add servicing stack Dynamic Update     |  1       | 9        | 18        |
 |Add language pack     | 2        |   10      |  19       |
 |Add localized optional packages     |  3       | 11        |         |
 |Add font support     |  4       |  12       |         |
 |Add text-to-speech      | 5        |   13      |         |
 |Update Lang.ini     |         |  14       |         |
 |Add Features on Demand     |         |         |  20       |
 |Add Safe OS Dynamic Update     | 6        |        |       |
 |Add Setup Dynamic Update     |         |         |         | 26
 |Add latest cumulative update     |         | 15        | 21        |
 |Clean up the image     |  7       | 16        | 22        |
 |Add Optional Components     |         |         |  23       |
 |Add .Net and .Net cumulative updates     |         |        | 24        |
 |Export image     | 8        |  17       | 25        |
 ### Multiple Windows editions
 The main operating system file (install.wim) contains multiple editions of Windows 10. It’s possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
 ### Additional languages and features
 You don't have to add more languages and features to the image to accomplish the updates, but it's an opportunity to customize the image with more languages, Optional Components, and Features on Demand beyond what is in your starting image. To do this, it's important to make these changes in the correct order: first apply servicing stack updates, followed by language additions, then by feature additions, and finally the latest cumulative update. The provided sample script installs a second language (in this case Japanese (ja-JP)). Since this language is backed by an lp.cab, there's no need to add a Language Experience Pack. Japanese is added to both the main operating system and to the recovery environment to allow the user to see the recovery screens in Japanese. This includes adding localized versions of the packages currently installed in the recovery image. 
 Optional Components, along with the .Net feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid this. One option is to skip the image cleanup step, though that will result in a larger install.wim. Another option is to install the .Net and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you will have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month).
 ## Windows PowerShell scripts to apply Dynamic Updates to an existing image
 These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages is stored locally in this folder structure:
 |Folder  |Description  |
 |---------|---------|
 |C:\mediaRefresh     |  Parent folder that contains the PowerShell script       |
 |C:\mediaRefresh\oldMedia |  Folder that contains the original media that will be refreshed. For example, contains Setup.exe, and \sources folder.       |
 |C:\mediaRefresh\newMedia     | Folder that will contain the updated media. It is copied from \oldMedia, then used as the target for all update and cleanup operations.        |
 ### Get started
 The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there is a script error and it's necessary to start over from a known state. Also, it will provide a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they are not read-only.
 ```
 function Get-TS { return "{0:HH:mm:ss}" -f (Get-Date) } 
 Write-Host "$(Get-TS): Starting media refresh"
 # Declare media for FOD and LPs
 $FOD_ISO_PATH = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso"
 $LP_ISO_PATH = "C:\mediaRefresh\packages\CLIENTLANGPACKDVD_OEM_MULTI.iso"
 # Declare language for showcasing adding optional localized components
 $LANG = "ja-jp"
 $LANG_FONT_CAPABILITY = "jpan"
 # Declare Dynamic Update packages
 $LCU_PATH = “C:\mediaRefresh\packages\LCU.msu”
 $SSU_PATH = “C:\mediaRefresh\packages\SSU_DU.msu”
 $SETUP_DU_PATH = "C:\mediaRefresh\packages\Setup_DU.cab"
 $SAFE_OS_DU_PATH = “C:\mediaRefresh\packages\SafeOS_DU.cab”
 $DOTNET_CU_PATH = "C:\mediaRefresh\packages\DotNet_CU.msu”
 # Declare folders for mounted images and temp files
 $WORKING_PATH = "C:\mediaRefresh\temp"
 $MEDIA_OLD_PATH = "C:\mediaRefresh\oldMedia"
 $MEDIA_NEW_PATH = "C:\mediaRefresh\newMedia"
 $MAIN_OS_MOUNT = $WORKING_PATH + "\MainOSMount”
 $WINRE_MOUNT = $WORKING_PATH + "\WinREMount”
 $WINPE_MOUNT = $WORKING_PATH + "\WinPEMount”
 # Mount the language pack ISO
 Write-Host "$(Get-TS): Mounting LP ISO"
 $LP_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter
 # Declare language related cabs
 $WINPE_OC_PATH = Join-Path $LP_ISO_DRIVE_LETTER":" -ChildPath "Windows Preinstallation Environment" | Join-Path -ChildPath "x64" | Join-Path -ChildPath "WinPE_OCs"
 $WINPE_OC_LANG_PATH = Join-Path $WINPE_OC_PATH $LANG
 $WINPE_OC_LANG_CABS = Get-ChildItem $WINPE_OC_LANG_PATH -name
 $WINPE_OC_LP_PATH = Join-Path $WINPE_OC_LANG_PATH "lp.cab"
 $WINPE_FONT_SUPPORT_PATH = Join-Path $WINPE_OC_PATH "WinPE-FontSupport-$LANG.cab"
 $WINPE_SPEECH_TTS_PATH = Join-Path $WINPE_OC_PATH "WinPE-Speech-TTS.cab"
 $WINPE_SPEECH_TTS_LANG_PATH = Join-Path $WINPE_OC_PATH "WinPE-Speech-TTS-$LANG.cab"
 $OS_LP_PATH = $LP_ISO_DRIVE_LETTER + ":\x64\langpacks\" + "Microsoft-Windows-Client-Language-Pack_x64_" + $LANG + ".cab"
 # Mount the Features on Demand ISO
 Write-Host "$(Get-TS): Mounting FOD ISO"
 $FOD_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter
 $FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\" 
 # Create folders for mounting images and storing temporary files
 New-Item -ItemType directory -Path $WORKING_PATH -ErrorAction Stop | Out-Null
 New-Item -ItemType directory -Path $MAIN_OS_MOUNT -ErrorAction stop | Out-Null
 New-Item -ItemType directory -Path $WINRE_MOUNT -ErrorAction stop | Out-Null
 New-Item -ItemType directory -Path $WINPE_MOUNT -ErrorAction stop | Out-Null
 # Keep the original media, make a copy of it for the new, updateed media.
 Write-Host "$(Get-TS): Copying original media to new media path"
 Copy-Item -Path $MEDIA_OLD_PATH“\*” -Destination $MEDIA_NEW_PATH -Force -Recurse -ErrorAction stop | Out-Null
 Get-ChildItem -Path $MEDIA_NEW_PATH -Recurse | Where-Object { -not $_.PSIsContainer -and $_.IsReadOnly } | ForEach-Object { $_.IsReadOnly = $false }
 ```
 ### Update WinRE
 The script assumes that only a single edition is being updated, indicated by Index = 1 (Windows 10 Education Edition). Then the script mounts the image, saves Winre.wim to the working folder, and mounts it. It then applies servicing stack Dynamic Update, since its s are used for updating other s. Since the script is optionally adding Japanese, it adds the language pack to the image, and installs the Japanese versions of all optional packages already installed in Winre.wim. Then, it applies the Safe OS Dynamic Update package.
 It finishes by cleaning and exporting the image to reduce the image size.
 > [!NOTE]
 > Skip adding the latest cumulative update to Winre.wim because it contains unnecessary s in the recovery environment. The s that are updated and applicable are contained in the safe operating system Dynamic Update package. This also helps to keep the image small.
 ```
 # Mount the main operating system, used throughout the script
 Write-Host "$(Get-TS): Mounting main OS"
 Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim” -Index 1 -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null  
 #
 # update Windows Recovery Environment (WinRE)
 #
 Copy-Item -Path $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim” -Destination $WORKING_PATH"\winre.wim” -Force -Recurse -ErrorAction stop | Out-Null
 Write-Host "$(Get-TS): Mounting WinRE"
 Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim” -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null 
 # Add servicing stack update
 Write-Host "$(Get-TS): Adding package $SSU_PATH"
 Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null  
 #
 # Optional: Add the language to recovery environment
 #
 # Install lp.cab cab
 Write-Host "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
 Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null  
 # Install language cabs for each optional package installed
 $WINRE_INSTALLED_OC = Get-WindowsPackage -Path $WINRE_MOUNT
 Foreach ($PACKAGE in $WINRE_INSTALLED_OC) {
    if ( ($PACKAGE.PackageState -eq "Installed") `
            -and ($PACKAGE.PackageName.startsWith("WinPE-")) `
            -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
        $INDEX = $PACKAGE.PackageName.IndexOf("-Package")
        if ($INDEX -ge 0) {
            $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
            if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
                $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
                Write-Host "$(Get-TS): Adding package $OC_CAB_PATH"
                Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null  
            }
        }
    }
 }
 # Add font support for the new language
 if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
    Write-Host "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
    Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
 }
 # Add TTS support for the new language
 if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
    if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
        Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
        Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
        Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
        Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
    }
 }
 # Add Safe OS
 Write-Host "$(Get-TS): Adding package $SAFE_OS_DU_PATH"
 Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null   
 # Perform image cleanup
 Write-Host "$(Get-TS): Performing image cleanup on WinRE"
 DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
 # Dismount
 Dismount-WindowsImage -Path $WINRE_MOUNT  -Save -ErrorAction stop | Out-Null 
 # Export
 Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\winre2.wim”
 Export-WindowsImage -SourceImagePath $WORKING_PATH"\winre.wim” -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\winre2.wim” -ErrorAction stop | Out-Null
 Move-Item -Path $WORKING_PATH"\winre2.wim” -Destination $WORKING_PATH"\winre.wim” -Force -ErrorAction stop | Out-Null
 ```
 ### Update WinPE
 This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. Finally, it cleans and exports Boot.wim, and copies it back to the new media.
 ```
 # 
 # update Windows Preinstallation Environment (WinPE)
 # 
 # Get the list of images contained within WinPE
 $WINPE_IMAGES = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH“\sources\boot.wim”
 Foreach ($IMAGE in $WINPE_IMAGES) {
    # update WinPE
    Write-Host "$(Get-TS): Mounting WinPE"
    Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH“\sources\boot.wim” -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null  
    # Add SSU
    Write-Host "$(Get-TS): Adding package $SSU_PATH"
    Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null
    # Install lp.cab cab
    Write-Host "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
    Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null  
    # Install language cabs for each optional package installed
    $WINPE_INSTALLED_OC = Get-WindowsPackage -Path $WINPE_MOUNT
    Foreach ($PACKAGE in $WINPE_INSTALLED_OC) {
        if ( ($PACKAGE.PackageState -eq "Installed") `
                -and ($PACKAGE.PackageName.startsWith("WinPE-")) `
                -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
            $INDEX = $PACKAGE.PackageName.IndexOf("-Package")
            if ($INDEX -ge 0) {
                $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
                if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
                    $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
                    Write-Host "$(Get-TS): Adding package $OC_CAB_PATH"
                    Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null  
                }
            }
        }
    }
    # Add font support for the new language
    if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
        Write-Host "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
        Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
    }
    # Add TTS support for the new language
    if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
        if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
            Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
            Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
            Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
            Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
        }
    }
    # Generates a new Lang.ini file which is used to define the language packs inside the image
    if ( (Test-Path -Path $WINPE_MOUNT"\sources\lang.ini") ) {
        Write-Host "$(Get-TS): Updating lang.ini"
        DISM /image:$WINPE_MOUNT /Gen-LangINI /distribution:$WINPE_MOUNT | Out-Null
    }    
    # Add latest cumulative update
    Write-Host "$(Get-TS): Adding package $LCU_PATH"
    Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null  
    # Perform image cleanup
    Write-Host "$(Get-TS): Performing image cleanup on WinPE"
    DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
    # Dismount
    Dismount-WindowsImage -Path $WINPE_MOUNT -Save -ErrorAction stop | Out-Null 
    #Export WinPE
    Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\boot2.wim”
    Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH“\sources\boot.wim” -SourceIndex $IMAGE.ImageIndex -DestinationImagePath $WORKING_PATH"\boot2.wim" -ErrorAction stop | Out-Null
 }
 Move-Item -Path $WORKING_PATH"\boot2.wim" -Destination $MEDIA_NEW_PATH“\sources\boot.wim” -Force -ErrorAction stop | Out-Null
 ```
 ### Update the main operating system
 For this next phase, there is no need to mount the main operating system, since it was already mounted in the previous scripts. This script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it leverages `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod).
 Now is the time to enable other Optional Components or add other Features on Demand. If such a feature has an associated cumulative update (for example, .Net), this is the time to apply those. The script then proceeds with applying the latest cumulative update. Finally, the script cleans and exports the image.
 You can install Optional Components, along with the .Net feature, offline, but that will require the device to be restarted. This is why the script installs .Net and Optional Components after cleanup and before export.
 ```
 # 
 # update Main OS
 # 
 # Add servicing stack update
 Write-Host "$(Get-TS): Adding package $SSU_PATH"
 Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null
 # Optional: Add language to main OS
 Write-Host "$(Get-TS): Adding package $OS_LP_PATH"
 Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null  
 # Optional: Add a Features on Demand to the image
 Write-Host "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0"
 Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 Write-Host "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0"
 Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 Write-Host "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0"
 Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 Write-Host "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0"
 Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 Write-Host "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0"
 Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 Write-Host "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0"
 Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 # Note: If I wanted to enable additional Features on Demand, I'd add these here.
 # Add latest cumulative update
 Write-Host "$(Get-TS): Adding package $LCU_PATH"
 Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null 
 # Copy our updated recovery image from earlier into the main OS
 # Note: If I were updating more than 1 edition, I'd want to copy the same recovery image file 
 # into each edition to enable single instancing
 Copy-Item -Path $WORKING_PATH"\winre.wim” -Destination $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim” -Force -Recurse -ErrorAction stop | Out-Null
 # Perform image cleanup
 Write-Host "$(Get-TS): Performing image cleanup on main OS"
 DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
 #
 # Note: If I wanted to enable additional Optional Components, I'd add these here. 
 # In addition, we'll add .Net 3.5 here as well. Both .Net and Optional Components might require 
 # the image to be booted, and thus if we tried to cleanup after installation, it would fail.
 #
 Write-Host "$(Get-TS): Adding NetFX3~~~~"
 Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
 # Add .Net Cumulative Update
 Write-Host "$(Get-TS): Adding package $DOTNET_CU_PATH"
 Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null
 # Dismount
 Dismount-WindowsImage -Path $MAIN_OS_MOUNT -Save -ErrorAction stop | Out-Null
 # Export
 Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim”
 Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH“\sources\install.wim” -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\install2.wim” -ErrorAction stop | Out-Null
 Move-Item -Path $WORKING_PATH"\install2.wim” -Destination $MEDIA_NEW_PATH“\sources\install.wim” -Force -ErrorAction stop | Out-Null
 ```
 ### Update remaining media files
 This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup.exe as needed, along with the latest compatibility database, and replacement component manifests.
 ```
 #
 # update remaining files on media
 #
 # Add Setup DU by copy the files from the package into the newMedia
 Write-Host "$(Get-TS): Adding package $SETUP_DU_PATH"
 cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PATH"\sources" | Out-Null
 ```
 ### Finish up
 As a last step, the script removes the working folder of temporary files, and unmounts our language pack and Features on Demand ISOs.
 ```
 #
 # Perform final cleanup
 #
 # Remove our working folder
 Remove-Item -Path $WORKING_PATH -Recurse -Force -ErrorAction stop | Out-Null
 # Dismount ISO images
 Write-Host "$(Get-TS): Dismounting ISO images"
 Dismount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Out-Null
 Dismount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Out-Null 
 Write-Host "$(Get-TS): Media refresh completed!"
 ```
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@ -23,7 +23,7 @@ ms.topic: article
 ## Overview 
-You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. See 
+You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. See [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) for more information. 
 An IT administrator can set policies for Windows Update for Business by using Group Policy, or they can be set locally (per device). All of the relevant policies are under the path **Computer configuration > Administrative Templates > Windows Components > Windows Update**.
@ -42,10 +42,10 @@ Follow these steps on a device running the Remote Server Administration Tools or
 ### Set up a ring
 1. Start Group Policy Management Console (gpmc.msc).
-2. Expand **Forest > Domains > *\<your domain\>*.
+2. Expand **Forest > Domains > *\<your domain\>**.
 3. Right-click *\<your domain>* and select **Create a GPO in this domain and link it here**.
 4. In the **New GPO** dialog box, enter *Windows Update for Business - Group 1* as the name of the new Group Policy Object.
-5. Right-click the **Windows Update for Business - Group 1" object, and then select **Edit**.
+5. Right-click the **"Windows Update for Business - Group 1"** object, and then select **Edit**.
 6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You are now ready to start assigning policies to this ring (group) of devices.
--- a/windows/deployment/usmt/usmt-identify-users.md
+++ b/windows/deployment/usmt/usmt-identify-users.md
@ -10,7 +10,6 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.date: 04/19/2017
 ms.topic: article
 ---
@ -21,9 +20,7 @@ It is important to carefully consider how you plan to migrate users. By default,
 ## In This Topic
 - [Migrating Local Accounts](#bkmk-8)
 - [Migrating Domain Accounts](#bkmk-9)
 - [Command-Line Options](#bkmk-7)
 ## <a href="" id="bkmk-8"></a>Migrating Local Accounts
@ -36,8 +33,8 @@ Before migrating local accounts, note the following:
 - [Be careful when specifying a password for local accounts.](#bkmk-8) If you create the local account with a blank password, anyone could log on to that account on the destination computer. If you create the local account with a password, the password is available to anyone with access to the USMT command-line tools.
-> [!NOTE]
+>[!NOTE]
-> If there are multiple users on a computer, and you specify a password with the **/lac** option, all migrated users will have the same password.
+>If there are multiple users on a computer, and you specify a password with the **/lac** option, all migrated users will have the same password.
 ## <a href="" id="bkmk-9"></a>Migrating Domain Accounts
@ -49,8 +46,8 @@ USMT provides several options to migrate multiple users on a single computer. Th
 - [Specifying users.](#bkmk-8) You can specify which users to migrate with the **/all**, **/ui**, **/uel**, and **/ue** options with both the ScanState and LoadState command-line tools.
-   > [!IMPORTANT]  
+  >[!IMPORTANT]  
-   > The **/uel** option excludes users based on the **LastModified** date of the Ntuser.dat file. The **/uel** option is not valid in offline migrations.
+  >The **/uel** option excludes users based on the **LastModified** date of the Ntuser.dat file. The **/uel** option is not valid in offline migrations.
 - [Moving users to another domain.](#bkmk-8) You can move user accounts to another domain using the **/md** option with the LoadState command-line tool.
@ -58,13 +55,11 @@ USMT provides several options to migrate multiple users on a single computer. Th
 - [Renaming user accounts.](#bkmk-8) You can rename user accounts using the **/mu** option.
-  > [!NOTE]
+  >[!NOTE]
-  > By default, if a user name is not specified in any of the command-line options, the user will be migrated.
+  >By default, if a user name is not specified in any of the command-line options, the user will be migrated.
 ## Related topics
-[Determine What to Migrate](usmt-determine-what-to-migrate.md)
+[Determine What to Migrate](usmt-determine-what-to-migrate.md)<br>
-
+[ScanState Syntax](usmt-scanstate-syntax.md)<br>
 [ScanState Syntax](usmt-scanstate-syntax.md)
 [LoadState Syntax](usmt-loadstate-syntax.md)
--- a/windows/release-information/resolved-issues-windows-10-1507.yml
+++ b/windows/release-information/resolved-issues-windows-10-1507.yml
@ -34,7 +34,6 @@ sections:
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
      <tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -60,6 +59,5 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a>.&nbsp;This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1607.yml
+++ b/windows/release-information/resolved-issues-windows-10-1607.yml
@ -40,7 +40,6 @@ sections:
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 14393.3144<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='256msg'></div><b>Internet Explorer 11 and apps using the WebBrowser control may fail to render</b><br>JavaScript may fail to render as expected in IE11 and in apps using JavaScript or the WebBrowser control.<br><br><a href = '#256msgdesc'>See details ></a></td><td>OS Build 14393.3085<br><br>July 09, 2019<br><a href ='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -68,7 +67,6 @@ sections:
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='301msgdesc'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><div>&nbsp;Applications and scripts that call the <a href=\"https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a href=\"https://docs.microsoft.com/en-us/windows/win32/adsi/adsi-winnt-provider\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries.&nbsp;When requesting additional pages you may receive the error, “1359: an internal error occurred.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a>.</div><br><a href ='#301msg'>Back to top</a></td><td>OS Build 14393.3053<br><br>June 18, 2019<br><a href ='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a></td><td>Resolved:<br>September 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>August 01, 2019 <br>05:00 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a>.&nbsp;This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 14393.3144<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ b/windows/release-information/resolved-issues-windows-10-1709.yml
@ -38,7 +38,6 @@ sections:
      <tr><td><div id='255msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.<br><br><a href = '#255msgdesc'>See details ></a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -74,7 +73,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.&nbsp;The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ b/windows/release-information/resolved-issues-windows-10-1803.yml
@ -41,7 +41,6 @@ sections:
      <tr><td><div id='325msg'></div><b>Notification issue: \"Your device is missing important security and quality fixes.\"</b><br>Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"<br><br><a href = '#325msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 03, 2019 <br>12:32 PM PT</td></tr>
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -79,7 +78,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a>.&nbsp;The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>Resolved:<br>August 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@ -42,7 +42,6 @@ sections:
      <tr><td><div id='255msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.<br><br><a href = '#255msgdesc'>See details ></a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -81,7 +80,6 @@ sections:
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='301msgdesc'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><div>&nbsp;Applications and scripts that call the <a href=\"https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a href=\"https://docs.microsoft.com/en-us/windows/win32/adsi/adsi-winnt-provider\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries.&nbsp;When requesting additional pages you may receive the error, “1359: an internal error occurred.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516077' target='_blank'>KB4516077</a>.</div><br><a href ='#301msg'>Back to top</a></td><td>OS Build 17763.55<br><br>October 09, 2018<br><a href ='https://support.microsoft.com/help/4464330' target='_blank'>KB4464330</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516077' target='_blank'>KB4516077</a></td><td>Resolved:<br>September 24, 2019 <br>10:00 AM PT<br><br>Opened:<br>August 01, 2019 <br>05:00 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a>.&nbsp;This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1903.yml
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@ -52,7 +52,6 @@ sections:
      <tr><td><div id='253msg'></div><b>Initiating a Remote Desktop connection may result in black screen</b><br>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.<br><br><a href = '#253msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='236msg'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><br>Windows Sandbox may fail to start on devices in which the operating system language was changed between updates.<br><br><a href = '#236msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -95,7 +94,6 @@ sections:
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='317msgdesc'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><div>Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the <strong>Windows Update</strong> dialog or within U<strong>pdate history</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue has been resolved for most users. If you are still having issues, please see <a href=\"https://support.microsoft.com/help/4528159\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528159</a>.</div><br><a href ='#317msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>November 12, 2019 <br>08:11 AM PT<br><br>Opened:<br>August 16, 2019 <br>01:41 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512508' target='_blank'>KB4512508</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.&nbsp;The ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 18362.295<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512508' target='_blank'>KB4512508</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
@ -40,7 +40,6 @@ sections:
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512514' target='_blank'>KB4512514</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='197msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#197msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -86,7 +85,6 @@ sections:
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='307msgdesc'></div><b>Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV</b><div>Symantec identified the potential for a negative interaction that may occur after Windows Updates code signed with SHA-2 only certificates are installed on devices with Symantec or Norton antivirus programs installed. The software may not correctly identify files included in the update as code signed by Microsoft, putting the device at risk for a delayed or incomplete update.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>The safeguard hold has been removed.&nbsp;Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection and Norton antivirus programs. See the <a href=\"https://support.symantec.com/us/en/article.tech255857.html\" target=\"_blank\">Symantec support article</a> for additional detail and please reach out to Symantec or Norton support if you encounter any issues.</div><br><a href ='#307msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved External<br></td><td>Last updated:<br>August 27, 2019 <br>02:29 PM PT<br><br>Opened:<br>August 13, 2019 <br>10:05 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a>.&nbsp;The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
@ -38,7 +38,6 @@ sections:
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512478' target='_blank'>KB4512478</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='209msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#209msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -74,7 +73,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a>.&nbsp;The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
+++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
@ -37,7 +37,6 @@ sections:
      <tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516030' target='_blank'>KB4516030</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -73,7 +72,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a>.&nbsp;The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-server-2012.yml
+++ b/windows/release-information/resolved-issues-windows-server-2012.yml
@ -36,7 +36,6 @@ sections:
      <tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516069' target='_blank'>KB4516069</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      </table>
      "
@ -71,7 +70,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a>.&nbsp;The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-10-1507.yml
+++ b/windows/release-information/status-windows-10-1507.yml
@ -29,11 +29,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@ -29,11 +29,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@ -29,11 +29,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@ -33,11 +33,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@ -33,11 +33,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@ -33,11 +33,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-10-1909.yml
+++ b/windows/release-information/status-windows-10-1909.yml
@ -33,11 +33,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@ -29,11 +29,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@ -29,11 +29,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ b/windows/release-information/status-windows-server-2008-sp2.yml
@ -29,11 +29,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@ -29,11 +29,11 @@ sections:
    columns: 3
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
--- a/windows/release-information/windows-message-center.yml
+++ b/windows/release-information/windows-message-center.yml
@ -23,11 +23,11 @@ sections:
    columns: 2
    items:
-    - href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
+    - href: https://aka.ms/Windows7ESU
-      html: Find out what you need to know >
+      html: Stay protected with Extended Security Updates >
      image: 
-        src: https://docs.microsoft.com/media/common/i_alert.svg
+        src: https://docs.microsoft.com/media/common/i_subscription.svg
-      title: Windows 7 has reached end of support
+      title: Still have devices running Windows 7 in your enterprise?
    - href: https://aka.ms/1909mechanics
      html: Explore the improvements >
      image: 
@ -50,6 +50,8 @@ sections:
    text: "
      <table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
      <tr><td id='389'><a href = 'https://support.microsoft.com/help/4532693' target='_blank'><b>Take action: February 2020 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='389' href='#389'></a><br><div>The February 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>February 11, 2020 <br>08:00 AM PT</td></tr>
      <tr><td id='388'><b>Take action: ESU security updates available for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2</b><a class='docon docon-link heading-anchor' aria-labelledby='388' href='#388'></a><br><div>Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 reached end of support on January 14, 2020. For customers who have purchased Extended Security Updates (ESU), the first monthly ESU security updates are now available. If your organization has&nbsp;not yet been able to complete your transition to Windows 10, Windows Server 2016, or Windows Server 2019 and want to continue to receive security updates for your current version of Windows, you will need to purchase Extended Security Updates. For information on how to do so, please see <a href=\"https://aka.ms/Windows7ESU\" rel=\"noopener noreferrer\" target=\"_blank\">How to get Extended Security Updates for eligible Windows devices</a>, Windows 7 <a href=\"https://support.microsoft.com/help/4527873\" rel=\"noopener noreferrer\" target=\"_blank\">ESU frequently ask questions</a>, and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 <a href=\"https://www.microsoft.com/en-us/cloud-platform/extended-security-updates\" rel=\"noopener noreferrer\" target=\"_blank\">ESU frequently asked questions</a>.</div><div><br></div><div>We recommend ESU customers review the applicable KB article below for prerequisites and other important information you will need to deploy these updates.</div><div><br></div><div>The following updates were released today for Windows Server 2008 SP2:</div><ul><li>Extended Security Updates (ESU) Licensing Preparation Package (<a href=\"https://support.microsoft.com/help/4538484\" rel=\"noopener noreferrer\" target=\"_blank\">KB4538484</a>)</li><li>Monthly Rollup (<a href=\"https://support.microsoft.com/help/4537810\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537810</a>)</li><li>Security Only (<a href=\"https://support.microsoft.com/help/4537822\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537822</a>)</li><li>Servicing Stack Update (<a href=\"https://support.microsoft.com/help/4537830\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537830</a>)</li><li>Internet Explorer 9 Cumulative Updates (<a href=\"https://support.microsoft.com/help/4537767\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537767</a>)</li></ul><div></div><div>The following updates were released today for Windows 7 SP1 and Windows Server 2008 R2 SP1:</div><ul><li>Extended Security Updates (ESU) Licensing Preparation Package (<a href=\"https://support.microsoft.com/help/4538483\" rel=\"noopener noreferrer\" target=\"_blank\">KB4538483</a>)</li><li>Monthly Rollup (<a href=\"https://support.microsoft.com/help/4537820\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537820</a>)</li><li>Security Only (<a href=\"https://support.microsoft.com/help/4537813\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537813</a>)</li><li>Servicing Stack Update (<a href=\"https://support.microsoft.com/help/4537829\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537829</a>)</li><li>Internet Explorer 11 Cumulative Updates (<a href=\"https://support.microsoft.com/help/4537767\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537767</a>)</li></ul></td><td>February 11, 2020 <br>08:00 AM PT</td></tr>
      <tr><td id='387'><b>Resolved: Windows Search shows blank box</b><a class='docon docon-link heading-anchor' aria-labelledby='387' href='#387'></a><br><div>We are aware of a temporary server-side issue causing Windows search to show a blank box. This issue has been resolved&nbsp;for most users and in some cases, you might need to restart your device. We are working diligently to fully resolve the issue and will provide an update once resolved.&nbsp;</div><div><br></div><div>This issue was resolved at 12:00 PM PST. If you are still experiencing issues, please restart your device. In rare cases, you may need to manually end the SearchUI.exe or SearchApp.exe process via Task Manager. (To locate these processes, select <strong>CTRL + Shift + Esc </strong>then select the <strong>Details </strong>tab.)</div></td><td>February 05, 2020 <br>12:00 PM PT</td></tr>
      <tr><td id='385'><a href = 'https://support.microsoft.com/help/4532695' target='_blank'><b>January 2020 Windows 10, version 1909 \"D\" optional release is available.</b></a><a class='docon docon-link heading-anchor' aria-labelledby='385' href='#385'></a><br><div>The January<strong> </strong>2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>January 28, 2020 <br>08:00 AM PT</td></tr>
      <tr><td id='383'><b>January 2020 Windows \"C\" optional release is available.</b><a class='docon docon-link heading-anchor' aria-labelledby='383' href='#383'></a><br><div>The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>January 23, 2020 <br>12:00 PM PT</td></tr>
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -76,7 +76,7 @@
 ##### [Take response actions on a machine]()
 ###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
 ###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
-###### [Initiate Automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
+###### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
 ###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
 ###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
 ###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
@ -105,8 +105,8 @@
 ### [Automated investigation and remediation]()
 #### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md)
-#### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
+#### [Use the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
-##### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
+#### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
 ### [Secure score](microsoft-defender-atp/overview-secure-score.md)
 ### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
--- a/windows/security/threat-protection/images/AR_icon.png
+++ b/windows/security/threat-protection/images/AR_icon.png
--- a/windows/security/threat-protection/images/ASR_icon.png
+++ b/windows/security/threat-protection/images/ASR_icon.png
--- a/windows/security/threat-protection/images/EDR_icon.png
+++ b/windows/security/threat-protection/images/EDR_icon.png
--- a/windows/security/threat-protection/images/MTE_icon.png
+++ b/windows/security/threat-protection/images/MTE_icon.png
--- a/windows/security/threat-protection/images/NGP_icon.png
+++ b/windows/security/threat-protection/images/NGP_icon.png
--- a/windows/security/threat-protection/images/air-icon.png
+++ b/windows/security/threat-protection/images/air-icon.png
--- a/windows/security/threat-protection/images/asr-icon.png
+++ b/windows/security/threat-protection/images/asr-icon.png
--- a/windows/security/threat-protection/images/edr-icon.png
+++ b/windows/security/threat-protection/images/edr-icon.png
--- a/windows/security/threat-protection/images/mte-icon.png
+++ b/windows/security/threat-protection/images/mte-icon.png
--- a/windows/security/threat-protection/images/ngp-icon.png
+++ b/windows/security/threat-protection/images/ngp-icon.png
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@ -23,12 +23,11 @@ ms.topic: conceptual
 <table>
 <tr>
 <td><a href="#tvm"><center><img src="images/TVM_icon.png"> <br><b>Threat & Vulnerability Management</b></center></a></td>
-<td><a href="#asr"><center><img src="images/ASR_icon.png"> <br><b>Attack surface reduction</b></center></a></td>
+<td><a href="#asr"><center><img src="images/asr-icon.png"> <br><b>Attack surface reduction</b></center></a></td>
-<td><center><a href="#ngp"><img src="images/NGP_icon.png"><br> <b>Next generation protection</b></a></center></td>
+<td><center><a href="#ngp"><img src="images/ngp-icon.png"><br> <b>Next generation protection</b></a></center></td>
-<td><center><a href="#edr"><img src="images/EDR_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
+<td><center><a href="#edr"><img src="images/edr-icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
-<td><center><a href="#ai"><img src="images/AR_icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
+<td><center><a href="#ai"><img src="images/air-icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
-<td><center><a href="#ss"><img src="images/SS_icon.png"><br><b>Secure score</b></a></center></td>
+<td><center><a href="#mte"><img src="images/mte-icon.png"><br> <b>Microsoft Threat Experts</b></a></center></td>
 <td><center><a href="#mte"><img src="images/MTE_icon.png"><br> <b>Microsoft Threat Experts</b></a></center></td>
 </tr>
 <tr>
 <td colspan="7">
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@ -26,6 +26,9 @@ ms.topic: conceptual
 Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 Watch this video for a quick overview of Microsoft Defender ATP's APIs. 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application
 - Get an access token using this application
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@ -19,6 +19,8 @@ ms.topic: conceptual
 # Overview of automated investigations
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bOeh]
 Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) offers a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address. To address this challenge, Microsoft Defender ATP uses automated investigation and remediation capabilities to significantly reduce the volume of alerts that must be investigated individually. 
 The automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. The **Automated investigations** list shows all the investigations that were initiated automatically, and includes details, such as status, detection source, and when the investigation was initiated.
@ -26,10 +28,7 @@ The automated investigation feature leverages various inspection algorithms, and
 > [!TIP]
 > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
-
+## How the automated investigation starts
 ## Understand the automated investigation flow
 ### How the automated investigation starts
 When an alert is triggered, a security playbook goes into effect. Depending on the security playbook, an automated investigation can start. For example, suppose a malicious file resides on a machine. When that file is detected, an alert is triggered. The automated investigation process begins. Microsoft Defender ATP checks to see if the malicious file is present on any other machines in the organization. Details from the investigation, including verdicts (Malicious, Suspicious, and Clean) are available during and after the automated investigation.
@ -40,7 +39,7 @@ When an alert is triggered, a security playbook goes into effect. Depending on t
 >- Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464/windows-10-update-kb4493464)) or later
 >- Later versions of Windows 10
-### Details of an automated investigation
+## Details of an automated investigation
 During and after an automated investigation, you can view details about the investigation. Selecting a triggering alert brings you to the investigation details view where you can pivot from the **Investigation graph**, **Alerts**, **Machines**, **Evidence**, **Entities**, and **Log** tabs.
@ -56,13 +55,13 @@ During and after an automated investigation, you can view details about the inve
 > [!IMPORTANT]
 > Go to the **Action center** to get an aggregated view all pending actions and manage remediation actions. The **Action center** also acts as an audit trail for all automated investigation actions. 
-### How an automated investigation expands its scope
+## How an automated investigation expands its scope
 While an investigation is running, any other alerts generated from the machine are added to an ongoing automated investigation until that investigation is completed. In addition, if the same threat is seen on other machines, those machines are added to the investigation.
 If an incriminated entity is seen in another machine, the automated investigation process will expand its scope to include that machine, and a general security playbook will start on that machine. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
-### How threats are remediated
+## How threats are remediated
 Depending on how you set up the machine groups and their level of automation, the automated investigation will either require user approval (default) or automatically remediate threats.
--- a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
@ -28,6 +28,8 @@ ms.topic: article
 Conditional Access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications.
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4byD1]
 With Conditional Access, you can control access to enterprise information based on the risk level of a device. This helps keep trusted users on trusted devices using trusted applications.
 You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state. 
--- a/windows/security/threat-protection/microsoft-defender-atp/images/ASR_icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/ASR_icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.jpg
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.jpg
--- a/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.jpg
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.jpg
--- a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.jpg
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.jpg
--- a/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/TVM_icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/TVM_icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/air-icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/air-icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/asr-icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/asr-icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/edr-icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/edr-icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/mte-icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/mte-icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/ngp-icon.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/ngp-icon.png
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
@ -53,7 +53,7 @@ As part of the process of creating a machine group, you'll:
 2. Click **Add machine group**.
-3. Enter the group name and automation settings and specify the matching rule that determines which machines belong to the group. For more information on automation levels, see [Understand the Automated investigation flow](automated-investigations.md#understand-the-automated-investigation-flow).
+3. Enter the group name and automation settings and specify the matching rule that determines which machines belong to the group. See [How the automated investigation starts](automated-investigations.md#how-the-automated-investigation-starts).
    >[!TIP]
    >If you want to group machines by organizational unit, you can configure the registry key for the group affiliation. For more information on device tagging, see [Create and manage machine tags](machine-tags.md).
@ -83,7 +83,6 @@ Machines that are not matched to any groups are added to Ungrouped machines (def
 ## Related topics
 ## Related topic
 - [Manage portal access using role-based based access control](rbac.md)
 - [Create and manage machine tags](machine-tags.md)
 - [Get list of tenant machine groups using Graph API](get-machinegroups-collection.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
@ -54,6 +54,9 @@ The Microsoft Defender ATP APIs can be grouped into three:
 Microsoft Defender ATP offers a layered API model exposing data and capabilities in a structured, clear and easy to use model, exposed through a standard Azure  AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form. 
 Watch this video for a quick overview of Microsoft Defender ATP's APIs. 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
 The **Investigation API** exposes the richness of Microsoft Defender ATP - exposing calculated or 'profiled' entities (for example, machine, user, and file) and discrete events (for example, process creation and file creation) which typically describes a behavior related to an entity, enabling access to data via investigation interfaces allowing a query-based access to data. For more information see, [Supported APIs](exposed-apis-list.md).
 The **Response API** exposes the ability to take actions in the service and on devices, enabling customers to ingest indicators, manage settings, alert status, as well as take response actions on devices programmatically such as isolate machines from the network, quarantine files, and others. 
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@ -25,6 +25,8 @@ ms.topic: conceptual
 Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4obJq]
 Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 -   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
@ -48,12 +50,11 @@ Microsoft Defender ATP uses the following combination of technology built into W
 <table>
 <tr>
 <td><a href="#tvm"><center><img src="images/TVM_icon.png"> <br><b>Threat & Vulnerability Management</b></center></a></td>
-<td><a href="#asr"><center><img src="images/ASR_icon.png"><br><b>Attack surface reduction</b></center></a></td>
+<td><a href="#asr"><center><img src="images/asr-icon.png"><br><b>Attack surface reduction</b></center></a></td>
-<td><center><a href="#ngp"><img src="images/ngp_icon.png"><br> <b>Next generation protection</b></a></center></td>
+<td><center><a href="#ngp"><img src="images/ngp-icon.png"><br> <b>Next generation protection</b></a></center></td>
-<td><center><a href="#edr"><img src="images/edr_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
+<td><center><a href="#edr"><img src="images/edr-icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
-<td><center><a href="#ai"><img src="images/AR_icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
+<td><center><a href="#ai"><img src="images/air-icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
-<td><center><a href="#ss"><img src="images/SS_icon.png"><br><b>Secure score</b></a></center></td>
+<td><center><a href="#mte"><img src="images/mte-icon.png"><br> <b>Microsoft Threat Experts</b></a></center></td>
 <td><center><a href="#mte"><img src="images/MTE_icon.png"><br> <b>Microsoft Threat Experts</b></a></center></td>
 </tr>
 <tr>
 <td colspan="7">
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@ -27,6 +27,10 @@ Effectively identifying, assessing, and remediating endpoint weaknesses is pivot
 It helps organizations discover vulnerabilities and misconfigurations in real-time, based on sensors, without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.
 Watch this video for a quick overview of Threat & Vulnerability Management.    
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4mLsn]
 ## Next-generation capabilities 
 Threat & Vulnerability Management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledgebase.  
@ -75,3 +79,4 @@ Microsoft Defender ATP’s Threat & Vulnerability Management allows security adm
 - [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
 - [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine)
 - [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
 - [BLOG: Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/)
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
@ -35,6 +35,8 @@ In general, to onboard devices to the service:
 - Use the appropriate management tool and deployment method for your devices
 - Run a detection test to verify that the devices are properly onboarded and reporting to the service
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bGqr]
 ## In this section
 Topic | Description
 :---|:---
--- a/windows/security/threat-protection/microsoft-defender-atp/rbac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
@ -28,6 +28,8 @@ ms.topic: article
 Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the  portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do. 
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bJ2a]
 Large geo-distributed security operations teams typically adopt a tier-based model to assign and authorize access to security portals. Typical tiers include the following three levels:
 Tier | Description
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@ -209,6 +209,8 @@ Results of deep analysis are matched against threat intelligence and any matches
 Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available within the **Deep analysis** tab, on the file's profile page.
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bGqr]
 **Submit for deep analysis** is enabled when the file is available in the Microsoft Defender ATP backend sample collection, or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
 > [!NOTE]
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@ -91,7 +91,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-
    - Your organization must have [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (this is included in [Microsoft 365 E5](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview)).
    - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; this is included in Microsoft 365 E5.)
-    - Your Windows machines must be running Windows OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) for more details about releases.)
+    - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) for more details about releases.)
    - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
    - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md).)
@ -119,7 +119,7 @@ Here's what you see in the Windows Security app:
 ### Are you using Windows OS 1709, 1803, or 1809?
-If you are using Windows OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), or [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. In this case, you can use PowerShell to determine whether tamper protection is enabled.
+If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), or [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. In this case, you can use PowerShell to determine whether tamper protection is enabled.
 #### Use PowerShell to determine whether tamper protection is turned on
@ -155,7 +155,7 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili
 ### To which Windows OS versions is configuring tamper protection is applicable?
-Windows OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
+Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
 ### Is configuring tamper protection in Intune supported on servers?
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
@ -1,6 +1,6 @@
 ---
 title: Document your AppLocker rules (Windows 10)
-description: Learn how to document your Applocker rules with this planning guide. Associate rule conditions with files, permissions, rule source, and implementation.
+description: Learn how to document your AppLocker rules and associate rule conditions with files, permissions, rule source, and implementation.
 ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd
 ms.reviewer: 
 ms.author: dansimp
@ -23,7 +23,7 @@ ms.date: 09/21/2017
 - Windows 10
 - Windows Server
-This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded.
+This topic describes what AppLocker rule conditions to associate with each file, how to associate these rule conditions, the source of the rule, and whether the file should be included or excluded.
 ## Record your findings
@ -119,9 +119,10 @@ The following table details sample data for documenting rule type and rule condi
 </tbody>
 </table>
 ## Next steps
-For each rule, determine whether to use the allow or deny option. Then, three tasks remain:
+For each rule, determine whether to use the allow or deny option, and then complete the following tasks:
 -   [Determine Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
 -   [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
--- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
@ -83,7 +83,7 @@ To trust a subdomain, you must precede your domain with two dots, for example: `
 ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? 
-When using Windows Pro and Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). 
+When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). 
 ### Is there a size limit to the domain lists that I need to configure?
--- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 11/09/2017
+ms.date: 02/11/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@ -42,3 +42,4 @@ Your environment needs the following software to run Windows Defender Applicatio
 |Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Professional for Workstations edition, version 1803 or higher<br>Windows 10 Professional Education edition version 1803 or higher<br>Windows 10 Education edition, version 1903 or higher<br>Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. |
 |Browser|Microsoft Edge and Internet Explorer|
 |Management system<br> (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)<br><br>**-OR-**<br><br>[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/)<br><br>**-OR-**<br><br>[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)<br><br>**-OR-**<br><br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|
 |Windows Defender Exploit Protection settings|The following settings should be configured or verified in the **Windows Security** app under **App & browser control** > **Exploit protection** > **Exploit protection settings** > **System Settings**.<br><br>**Control flow guard (CFG)** must be set to **Use default (On)** or **Off by default**. If set to **On by default**, [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard) will not launch.<br><br>**Randomize memory allocations (Bottom-up ASLR)** must be set to **Use default (On)** or **Off by default**. If set to "On by default", the `Vmmem` process will have high CPU utilization while a Windows Defender Application Guard window is open.|