**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
**Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
|IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps. **IE11 does not support some modern CSS properties, JavaScript modules and certain APIs.**
**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
|
+|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
**Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
|IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps. **IE11 does not support some modern CSS properties, JavaScript modules and certain APIs.**
**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like Windows Defender SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
|
## Configure the Enterprise Mode Site List
diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md
index c9cf088a60..d718092a90 100644
--- a/browsers/edge/group-policies/address-bar-settings-gp.md
+++ b/browsers/edge/group-policies/address-bar-settings-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Address bar
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services by hiding the functionality of the Address bar drop-down list.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md
index 5fc4021fce..7d9d3e6652 100644
--- a/browsers/edge/group-policies/adobe-settings-gp.md
+++ b/browsers/edge/group-policies/adobe-settings-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Adobe Flash
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md
index c8742367b6..b2689d9638 100644
--- a/browsers/edge/group-policies/books-library-management-gp.md
+++ b/browsers/edge/group-policies/books-library-management-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Books Library
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder in Windows. You can configure Microsoft Edge to update the configuration data for the library automatically or gather diagnostic data, such as usage data.
diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md
index c4f392209e..2301806f5f 100644
--- a/browsers/edge/group-policies/browser-settings-management-gp.md
+++ b/browsers/edge/group-policies/browser-settings-management-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Browser experience
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Not only do the other Microsoft Edge group policies enhance the browsing experience, but we also want to mention some of the other and common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing. The same goes for Pop-up Blocker; Microsoft Edge has a group policy that lets you prevent pop-up windows or let users choose to use Pop-up Blocker. You can use any one of the following group policies to continue enhancing the browsing experience for your users.
diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md
index 67fce97c58..67c6d1284c 100644
--- a/browsers/edge/group-policies/developer-settings-gp.md
+++ b/browsers/edge/group-policies/developer-settings-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Developer tools
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md
index 22ad6057c4..dc9b9406b4 100644
--- a/browsers/edge/group-policies/extensions-management-gp.md
+++ b/browsers/edge/group-policies/extensions-management-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Extensions
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md
index 58ce30eb7f..9a022da181 100644
--- a/browsers/edge/group-policies/favorites-management-gp.md
+++ b/browsers/edge/group-policies/favorites-management-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Favorites
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other.
>[!TIP]
diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md
index 8993518748..8f498a5d58 100644
--- a/browsers/edge/group-policies/home-button-gp.md
+++ b/browsers/edge/group-policies/home-button-gp.md
@@ -16,6 +16,9 @@ ms.topic: reference
# Home button
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button.
## Relevant group policies
diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml
index 7ee2caf174..cb590ce308 100644
--- a/browsers/edge/group-policies/index.yml
+++ b/browsers/edge/group-policies/index.yml
@@ -2,19 +2,19 @@
documentType: LandingData
-title: Microsoft Edge group policies
+title: Microsoft Edge Legacy group policies
metadata:
document_id:
- title: Microsoft Edge group policies
+ title: Microsoft Edge Legacy group policies
- description: Learn how to configure group policies in Microsoft Edge on Windows 10.
+ description: Learn how to configure group policies in Microsoft Edge Legacy on Windows 10.
- text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
+ text: Some of the features in Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. (To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).)
- keywords: Microsoft Edge, Windows 10, Windows 10 Mobile
+ keywords: Microsoft Edge Legacy, Windows 10, Windows 10 Mobile
ms.localizationpriority: medium
@@ -36,7 +36,7 @@ sections:
- type: markdown
- text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
+ text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Microsoft Edge Legacy works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
- items:
diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
index 009ea51226..f1a0929bb3 100644
--- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
+++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
@@ -16,6 +16,9 @@ ms.topic: reference
# Interoperability and enterprise mode guidance
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support.
>[!TIP]
diff --git a/browsers/edge/group-policies/new-tab-page-settings-gp.md b/browsers/edge/group-policies/new-tab-page-settings-gp.md
index 838228b705..2f61f0bd35 100644
--- a/browsers/edge/group-policies/new-tab-page-settings-gp.md
+++ b/browsers/edge/group-policies/new-tab-page-settings-gp.md
@@ -17,6 +17,9 @@ ms.topic: reference
# New Tab page
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads.
>[!NOTE]
diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md
index 3f41505fce..5c4bf7c5fe 100644
--- a/browsers/edge/group-policies/prelaunch-preload-gp.md
+++ b/browsers/edge/group-policies/prelaunch-preload-gp.md
@@ -13,6 +13,9 @@ ms.topic: reference
# Prelaunch Microsoft Edge and preload tabs in the background
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching.
Additionally, Microsoft Edge preloads the Start and New Tab pages during Windows sign in, which minimizes the amount of time required to start Microsoft Edge and load a new tab. You can also configure Microsoft Edge to prevent preloading of tabs.
diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md
index 52cf1ca380..480d0e275f 100644
--- a/browsers/edge/group-policies/search-engine-customization-gp.md
+++ b/browsers/edge/group-policies/search-engine-customization-gp.md
@@ -13,6 +13,9 @@ ms.topic: reference
# Search engine customization
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default.
## Relevant group policies
diff --git a/browsers/edge/group-policies/security-privacy-management-gp.md b/browsers/edge/group-policies/security-privacy-management-gp.md
index 66fc6f99a7..033d73b50e 100644
--- a/browsers/edge/group-policies/security-privacy-management-gp.md
+++ b/browsers/edge/group-policies/security-privacy-management-gp.md
@@ -13,6 +13,9 @@ ms.topic: reference
# Security and privacy
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. Because Microsoft Edge is designed like a Universal Windows app, changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the different content processes all live within app container sandboxes.
Microsoft Edge runs in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system.
diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md
index 4b9682362f..5ea55bba9f 100644
--- a/browsers/edge/group-policies/start-pages-gp.md
+++ b/browsers/edge/group-policies/start-pages-gp.md
@@ -16,6 +16,9 @@ ms.topic: reference
# Start pages
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
## Relevant group policies
diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md
index fc5a62e81c..cdce19d2e5 100644
--- a/browsers/edge/group-policies/sync-browser-settings-gp.md
+++ b/browsers/edge/group-policies/sync-browser-settings-gp.md
@@ -13,6 +13,8 @@ ms.topic: reference
# Sync browser settings
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy.
diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md
index a14fc3aaf6..fb3329f960 100644
--- a/browsers/edge/group-policies/telemetry-management-gp.md
+++ b/browsers/edge/group-policies/telemetry-management-gp.md
@@ -13,6 +13,9 @@ ms.topic: reference
# Telemetry and data collection
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
index d86492ba81..c17f639024 100644
--- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
+++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
@@ -1,50 +1,51 @@
----
-author: eavena
-ms.author: eravena
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Enabled (Turned on)*
-
-[!INCLUDE [configure-windows-defender-smartscreen-shortdesc](../shortdesc/configure-windows-defender-smartscreen-shortdesc.md)]
-
-### Supported values
-
-| Group Policy | MDM | Registry | Description | Most restricted |
-|----------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------|:------------------------------------------------:|
-| Not configured | Blank | Blank | Users can choose to use Windows Defender SmartScreen. | |
-| Disabled | 0 | 0 | Turned off. Do not protect users from potential threats and prevent users from turning it on. | |
-| Enabled | 1 | 1 | Turned on. Protect users from potential threats and prevent users from turning it off. |  |
-
----
-
-To verify Windows Defender SmartScreen is turned off (disabled):
-1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Windows Defender SmartScreen
-- **GP name:** AllowSmartScreen
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
-- **Value name:** EnabledV9
-- **Value type:** REG_DWORD
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (Turned on)*
+
+[!INCLUDE [configure-windows-defender-smartscreen-shortdesc](../shortdesc/configure-windows-defender-smartscreen-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|----------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Not configured | Blank | Blank | Users can choose to use Windows Defender SmartScreen. | |
+| Disabled | 0 | 0 | Turned off. Do not protect users from potential threats and prevent users from turning it on. | |
+| Enabled | 1 | 1 | Turned on. Protect users from potential threats and prevent users from turning it off. |  |
+
+---
+
+To verify Windows Defender SmartScreen is turned off (disabled):
+1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
+2. Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Windows Defender SmartScreen
+- **GP name:** AllowSmartScreen
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
+- **Value name:** EnabledV9
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml
index 0afcf97eb7..61b851adf2 100644
--- a/browsers/edge/index.yml
+++ b/browsers/edge/index.yml
@@ -2,19 +2,19 @@
documentType: LandingData
-title: Microsoft Edge Group Policy configuration options
+title: Microsoft Edge Legacy Group Policy configuration options
metadata:
document_id:
- title: Microsoft Edge Group Policy configuration options
+ title: Microsoft Edge Group Legacy Policy configuration options
description:
- text: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10. Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
-
- keywords: Microsoft Edge, Windows 10
+ text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Learn how to deploy and configure group policies in Microsoft Edge Legacy on Windows 10. Some of the features coming to Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
+
+ keywords: Microsoft Edge Legacy, Windows 10
ms.localizationpriority: medium
@@ -36,7 +36,7 @@ sections:
- type: markdown
- text: Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
+ text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
- items:
diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md
index 4e520db1e3..632905e3cb 100644
--- a/browsers/edge/microsoft-edge-faq.md
+++ b/browsers/edge/microsoft-edge-faq.md
@@ -17,6 +17,9 @@ ms.localizationpriority: medium
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
## How can I get the next major version of Microsoft Edge, based on Chromium?
In December 2018, Microsoft [announced](https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/#8jv53blDvL6TIKuS.97) our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop, to create better web compatibility for our customers and less fragmentation of the web for all web developers. You can get more information at the [Microsoft Edge Insiders site](https://www.microsoftedgeinsider.com/).
diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
index b8899ba2b6..c336f03247 100644
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@@ -17,7 +17,10 @@ ms.date: 10/29/2018
# Deploy Microsoft Edge kiosk mode
>Applies to: Microsoft Edge on Windows 10, version 1809
->Professional, Enterprise, and Education
+>Professional, Enterprise, and Education
+
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode.
@@ -240,7 +243,7 @@ In the following table, we show you the features available in both Microsoft Edg
|-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:|
| Print support |  |  |
| Multi-tab support |  |  |
-| Allow/Block URL support | 
*\*For Microsoft Edge kiosk mode use* Windows Defender Firewall. Microsoft kiosk browser has custom policy support. |  |
+| Allow/Block URL support |   |
| Configure Home Button |  |  |
| Set Start page(s) URL |  | 
*Same as Home button URL* |
| Set New Tab page URL |  |  |
@@ -252,7 +255,7 @@ In the following table, we show you the features available in both Microsoft Edg
| SKU availability | Windows 10 October 2018 Update Professional, Enterprise, and Education | Windows 10 April 2018 Update Professional, Enterprise, and Education |
**\*Windows Defender Firewall**
-To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide).
+To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both, using IP addresses. For more details, see [Windows Defender Firewall with Advanced Security Deployment Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide).
---
diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml
index 341292cab7..5c105dcdc2 100644
--- a/browsers/edge/microsoft-edge.yml
+++ b/browsers/edge/microsoft-edge.yml
@@ -40,7 +40,7 @@ sections:
- items:
- type: markdown
text: "
- Microsoft Edge uses Windows Hello and SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.
+ Microsoft Edge uses Windows Hello and Windows Defender SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.
**NSS Labs web browser security reports** See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks. Download the reports
**Microsoft Edge sandbox** See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege. Find out more
**Windows Defender SmartScreen** Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely. Read the docs
Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.
Internet Explorer 11 and Microsoft Edge
-
<exclude>
-
Specifies the domain or path excluded from applying the behavior and is supported on the <domain> and <path> elements.
+
exclude
+
Specifies the domain or path is excluded from applying Enterprise Mode. This attribute is only supported on the <domain> and <path> elements in the <emie> section.
Specifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section.
Example
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index 4bcf595aeb..a321e5a744 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -46,19 +46,19 @@ The following is an example of the v.2 version of the Enterprise Mode schema.
```xml
-
+
EnterpriseSitelistManager1024020150728.135021
-
+
IE8EnterpriseMSEdge
- default
+ DefaultIE11
@@ -66,14 +66,15 @@ The following is an example of the v.2 version of the Enterprise Mode schema.
IE11
- default
+ DefaultIE11
- default
- none
+ Default
+ NoneIE8Enterprise"
+ NoneIE7
@@ -232,26 +233,26 @@ These v.1 version schema attributes have been deprecated in the v.2 version of t
-
Deprecated attribute
-
New attribute
+
Deprecated element/attribute
+
New element
Replacement example
-
<forceCompatView>
+
forceCompatView
<compat-mode>
-
Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>
+
Replace forceCompatView="true" with <compat-mode>IE7Enterprise</compat-mode>
-
<docMode>
+
docMode
<compat-mode>
-
Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>
+
Replace docMode="IE5" with <compat-mode>IE5</compat-mode>
-
<doNotTransition>
+
doNotTransition
<open-in>
-
Replace <doNotTransition="true"> with <open-in>none</open-in>
+
Replace doNotTransition="true" with <open-in>none</open-in>
<domain> and <path>
@@ -259,25 +260,28 @@ These v.1 version schema attributes have been deprecated in the v.2 version of t
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index 269b2bec06..da309b68cd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -71,19 +71,19 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
```xml
-
+
EnterpriseSiteListManager1058620150728.135021
-
+
IE8EnterpriseIE11
- default
+ DefaultIE11
@@ -92,8 +92,8 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
IE8Enterprise"
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index 88e151583a..cd7c730569 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -14,11 +14,11 @@ ms.sitesec: library
ms.date: 07/27/2017
---
+# IExpress Wizard command-line options
**Applies to:**
- Windows Server 2008 R2 with SP1
-# IExpress Wizard command-line options
Use command-line options with the IExpress Wizard (IExpress.exe) to control your Internet Explorer custom browser package extraction process.
These command-line options work with IExpress:
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 5007545950..4c11b5c85e 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -41,7 +41,7 @@ sections:
- type: markdown
text: "
Find the resources you need to successfully deploy Internet Explorer 11 in your organization.
-
"
- title: Manage
@@ -49,7 +49,7 @@ sections:
- type: markdown
text: "
Find everything you need to manage Internet Explorer 11 effectively in your organization. Get information on Group Policy, blocked out-of-date ActiveX controls, scripts, and more.
-
"
- title: Support
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 3f07da3690..d9ff00d3a8 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -1,20 +1,22 @@
# [HoloLens overview](index.md)
-# [Hololens status](hololens-status.md)
# Get Started with HoloLens 2
## [HoloLens 2 hardware](hololens2-hardware.md)
## [Get your HoloLens 2 ready to use](hololens2-setup.md)
## [Set up your HoloLens 2](hololens2-start.md)
+## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md)
+## [Supported languages for HoloLens 2](hololens2-language-support.md)
## [Getting around HoloLens 2](hololens2-basic-usage.md)
# Get started with HoloLens (1st gen)
## [HoloLens (1st gen) hardware](hololens1-hardware.md)
## [Get your HoloLens (1st gen) ready to use](hololens1-setup.md)
## [Set up your HoloLens (1st gen)](hololens1-start.md)
+## [HoloLens (1st gen) fit and comfort FAQ](hololens1-fit-comfort-faq.md)
## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md)
## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md)
-# Get started with HoloLens in commercial environments
+# HoloLens in commercial environments
## [Commercial feature overview](hololens-commercial-features.md)
## [Deployment planning](hololens-requirements.md)
## [Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md)
@@ -23,16 +25,17 @@
## [Set up ring based updates for HoloLens](hololens-updates.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
-# User management and access management
-## [Share your HoloLens with multiple people](hololens-multiple-users.md)
-## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
-## [Set up limited application access](hololens-kiosk.md)
-
# Navigating Windows Holographic
## [Start menu and mixed reality home](holographic-home.md)
## [Use your voice with HoloLens](hololens-cortana.md)
-## [Find and save files](hololens-find-and-save-files.md)
-## [Create, share, and view photos and video](holographic-photos-and-video.md)
+## [Find and save files](holographic-data.md)
+## [Create, share, and view photos and video](holographic-photos-and-videos.md)
+
+# User management and access management
+## [Accounts on HoloLens](hololens-identity.md)
+## [Share your HoloLens with multiple people](hololens-multiple-users.md)
+## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
+## [Set up limited application access](hololens-kiosk.md)
# Holographic Applications
## [Try 3D Viewer](holographic-3d-viewer-beta.md)
@@ -47,12 +50,18 @@
# Hologram optics and placement in space
## [Tips for viewing clear Holograms](hololens-calibration.md)
-## [Mapping physical spaces with HoloLens](hololens-spaces.md)
+## [Environment considerations for HoloLens](hololens-environment-considerations.md)
+## [Spatial mapping on HoloLens](hololens-spaces.md)
-# Recovery and troubleshooting
-## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
-## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md)
+# Update, troubleshoot, or recover HoloLens
+## [Update HoloLens](hololens-update-hololens.md)
+## [Restart, reset, or recover](hololens-recovery.md)
+## [Troubleshoot HoloLens](hololens-troubleshooting.md)
+## [Known issues](hololens-known-issues.md)
+## [Frequently asked questions](hololens-faq.md)
+## [Hololens services status](hololens-status.md)
+# [Release Notes](hololens-release-notes.md)
# [Give us feedback](hololens-feedback.md)
-# [Insider preview for Microsoft HoloLens](hololens-insider.md)
+# [Join the Windows Insider program](hololens-insider.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
index 51b4a3afbb..4f53494c32 100644
--- a/devices/hololens/docfx.json
+++ b/devices/hololens/docfx.json
@@ -43,8 +43,9 @@
"./": {
"depot_name": "Win.itpro-hololens",
"folder_relative_path_in_docset": "./"
+ }
+
}
- }
},
"fileMetadata": {},
"template": [
@@ -52,5 +53,15 @@
],
"dest": "devices/hololens",
"markdownEngineName": "markdig"
- }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ]
}
diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md
index 0aada1fe55..0973813221 100644
--- a/devices/hololens/holographic-3d-viewer-beta.md
+++ b/devices/hololens/holographic-3d-viewer-beta.md
@@ -6,9 +6,10 @@ ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
-ms.localizationpriority: medium
-ms.date: 9/3/19
-ms.reviewer:
+ms.localizationpriority: high
+ms.date: 10/30/2019
+ms.reviewer: scooley
+audience: ITPro
manager: jarrettr
appliesto:
- HoloLens (1st gen)
@@ -59,22 +60,22 @@ If you're having trouble after reading these topics, see [Troubleshooting](#trou
- Scale/rotation/translation animation on individual objects
- Skeletal (rigged) animation with skinning
- - Maximum of 4 influences per vertex
+ - Maximum of 4 influences per vertex
### Materials
- Lambert and Phong materials are supported, with adjustable parameters
- Supported material properties for Lambert
- - Main Texture (RGB + Alpha Test)
- - Diffuse Color (RGB)
- - Ambient Color (RGB)
+ - Main Texture (RGB + Alpha Test)
+ - Diffuse Color (RGB)
+ - Ambient Color (RGB)
- Supported material properties for Phong
- - Main Texture (RGB + Alpha Test)
- - Diffuse Color (RGB)
- - Ambient Color (RGB)
- - Specular Color (RGB)
- - Shininess
- - Reflectivity
+ - Main Texture (RGB + Alpha Test)
+ - Diffuse Color (RGB)
+ - Ambient Color (RGB)
+ - Specular Color (RGB)
+ - Shininess
+ - Reflectivity
- Custom materials are not supported
- Maximum of one material per mesh
- Maximum of one material layer
diff --git a/devices/hololens/holographic-custom-apps.md b/devices/hololens/holographic-custom-apps.md
index 4936fab2b7..0a86a7b37a 100644
--- a/devices/hololens/holographic-custom-apps.md
+++ b/devices/hololens/holographic-custom-apps.md
@@ -35,7 +35,6 @@ You can install your own applications on HoloLens either by using the Device Por
> Make sure to reference any associated dependency and certificate files.
1. Select **Go**.
-
### Deploying from Microsoft Visual Studio 2015
@@ -44,7 +43,6 @@ You can install your own applications on HoloLens either by using the Device Por
1. Open the project's **Properties**.
1. Select the following build configuration: **Master/x86/Remote Machine**.
1. When you select **Remote Machine**:
-
- Make sure the address points to the Wi-Fi IP address of your HoloLens.
- Set authentication to **Universal (Unencrypted Protocol)**.
1. Build your solution.
diff --git a/devices/hololens/holographic-data.md b/devices/hololens/holographic-data.md
new file mode 100644
index 0000000000..1f28c4fac9
--- /dev/null
+++ b/devices/hololens/holographic-data.md
@@ -0,0 +1,100 @@
+---
+title: Find and save files on HoloLens
+description: Use File Explorer on HoloLens to view and manage files on your device
+keywords: how-to, file picker, files, photos, videos, pictures, OneDrive, storage, file explorer
+ms.assetid: 77d2e357-f65f-43c8-b62f-6cd9bf37070a
+author: mattzmsft
+ms.author: mazeller
+manager: v-miegge
+ms.reviewer: jarrettrenshaw
+ms.date: 12/30/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: medium
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Find, open, and save files on HoloLens
+
+Files you create on HoloLens, including photos and videos, are saved directly to your HoloLens device. View and manage them in the same way you would manage files on Windows 10:
+
+- Using the File Explorer app to access local folders.
+- Within an app's storage.
+- In a special folder (such as the video or music library).
+- Using a storage service that includes an app and file picker (such as OneDrive).
+- Using a desktop PC connected to your HoloLens by using a USB cable, using MTP (Media Transfer Protocol) support.
+
+## View files on HoloLens using File Explorer
+
+> Applies to all HoloLens 2 devices and HoloLens (1st gen) as of the [Windows 10 April 2018 Update (RS4) for HoloLens](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018).
+
+Use File Explorer on HoloLens to view and manage files on your device, including 3D objects, documents, and pictures. Go to **Start** > **All apps** > **File Explorer** to get started.
+
+> [!TIP]
+> If there are no files listed in File Explorer, select **This Device** in the top left pane.
+
+If you don’t see any files in File Explorer, the "Recent" filter may be active (clock icon is highlighted in left pane). To fix this, select the **This Device** document icon in the left pane (beneath the clock icon), or open the menu and select **This Device**.
+
+## Find and view your photos and videos
+
+[Mixed reality capture](holographic-photos-and-videos.md) lets you take mixed reality photos and videos on HoloLens. These photos and videos are saved to the device's Camera Roll folder.
+
+You can access photos and videos taken with HoloLens by:
+
+- accessing the Camera Roll directly through the [Photos app](holographic-photos-and-videos.md).
+- uploading photos and videos to cloud storage by syncing your photos and videos to OneDrive.
+- using the Mixed Reality Capture page of the [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#mixed-reality-capture).
+
+### Photos app
+
+The Photos app is one of the default apps on the **Start** menu, and comes built-in with HoloLens. Learn more about [using the Photos app to view content](holographic-photos-and-videos.md).
+
+You can also install the [OneDrive app](https://www.microsoft.com/p/onedrive/9wzdncrfj1p3) from the Microsoft Store to sync photos to other devices.
+
+### OneDrive app
+
+[OneDrive](https://onedrive.live.com/) lets you access, manage, and share your photos and videos with any device and with any user. To access the photos and videos captured on HoloLens, download the [OneDrive app](https://www.microsoft.com/p/onedrive/9wzdncrfj1p3) from the Microsoft Store on your HoloLens. Once downloaded, open the OneDrive app and select **Settings** > **Camera upload**, and turn on **Camera upload**.
+
+### Connect to a PC
+
+If your HoloLens is running the [Windows 10 April 2018 update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) or later, you can connect your HoloLens to a Windows 10 PC by using a USB cable to browse photos and videos on the device by using MTP (media transfer protocol). You'll need to make sure the device is unlocked to browse files if you have a PIN or password set up on your device.
+
+If you have enabled the [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal), you can use it to browse, retrieve, and manage the photos and videos stored on your device.
+
+## Access files within an app
+
+If an application saves files on your device, you can use that application to access them.
+
+### Requesting files from another app
+
+An application can request to save a file or open a file from another app by using [file pickers](https://docs.microsoft.com/windows/mixed-reality/app-model#file-pickers).
+
+### Known folders
+
+HoloLens supports a number of [known folders](https://docs.microsoft.com/windows/mixed-reality/app-model#known-folders) that apps can request permission to access.
+
+## View HoloLens files on your PC
+
+Similar to other mobile devices, connect HoloLens to your desktop PC using MTP (Media Transfer Protocol) and open File Explorer on the PC to access your HoloLens libraries for easy transfer.
+
+To see your HoloLens files in File Explorer on your PC:
+
+1. Sign in to HoloLens, then plug it into the PC using the USB cable that came with the HoloLens.
+
+1. Select **Open Device to view files with File Explorer**, or open File Explorer on the PC and navigate to the device.
+
+To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**.
+
+> [!NOTE]
+> HoloLens (1st gen) does not support connecting to external hard drives or SD cards.
+
+## Sync to the cloud
+
+To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens.
+
+HoloLens doesn't back up app files and data, so it's a good idea to save your important stuff to OneDrive. That way, if you reset your device or uninstall an app, your info will be backed up.
diff --git a/devices/hololens/holographic-photos-and-video.md b/devices/hololens/holographic-photos-and-video.md
deleted file mode 100644
index a02c1fb445..0000000000
--- a/devices/hololens/holographic-photos-and-video.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: Create, share, and view photos and video
-description: Create, share, and view photos and video
-ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593
-keywords: hololens
-ms.prod: hololens
-ms.sitesec: library
-author: Teresa-Motiv
-ms.author: v-tea
-ms.topic: article
-ms.localizationpriority: high
-ms.date: 8/12/19
-ms.reviewer:
-manager: jarrettr
-appliesto:
-- HoloLens (1st gen)
-- HoloLens 2
----
-
-# Create, share, and view photos and video
-
-Use your HoloLens to take photos and videos that capture the holograms you've placed in your world.
-
-To sync your photos and videos to OneDrive, open the OneDrive app and select **Settings** > **Camera upload**, and then turn on **Camera upload**.
-
-## Take a photo on HoloLens (1st gen)
-
-Use the open the **Start** menu, and then select the Photos app.
-
-Use gaze to position the photo frame, then air tap to take the picture. The picture will be saved to your collection in the Photos app.
-
-Want to snap a quick picture? Press the [volume up and volume down buttons](hololens1-hardware.md#hololens-components) at the same time.
-
-## Take a video on HoloLens (1st gen)
-
-Use the bloom gesture to go to **Start**, then select **Video**. Use gaze to position the video frame, then air tap to start recording. To stop recording, use bloom once. The video will be saved to your collection in the Photos app.
-
-To start recording more quickly, press and hold the volume up and volume down buttons simultaneously until a three-second countdown begins. To stop recording, tap both buttons.
-
-> [!TIP]
-> You can always have Cortana take a photo or a video for you. Just say "Hey Cortana, take a photo" or "Hey Cortana, take a video." [What else can I say to Cortana?](hololens-cortana.md)
-
-## Find your photos and videos
-
-To see your photos from OneDrive, select **More** > **Settings**, and then turn on **Show my cloud-only content from OneDrive**. (You'll need to sign in to the Photos app with your Microsoft account, if you haven't already.)
-
-To pin a photo or video in your world, open it, then select **Place in mixed world**. Use tap and hold to move it to where you want it.
-
-## Share photos and videos
-
-To share images to a social network, in the Collection view, tap and hold the photo you want to share, then select **Share**. Select **Share Assistant**, then select the app that you want to share to.
-
-You can also share directly from the camera app right after you take a photo—at the top of the image, select **Share**.
diff --git a/devices/hololens/holographic-photos-and-videos.md b/devices/hololens/holographic-photos-and-videos.md
new file mode 100644
index 0000000000..10e6bb4756
--- /dev/null
+++ b/devices/hololens/holographic-photos-and-videos.md
@@ -0,0 +1,150 @@
+---
+title: Capture and manage mixed reality photos and videos
+description: Learn how to capture, view, and share mixed reality photos and videos, using HoloLens.
+keywords: hololens, photo, video, capture, mrc, mixed reality capture, photos, camera, stream, livestream, demo
+ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593
+ms.prod: hololens
+ms.sitesec: library
+author: mattzmsft
+ms.author: mazeller
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: medium
+ms.date: 10/28/2019
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Create mixed reality photos and videos
+
+HoloLens gives users the experience of mixing the real world with the digital world. Mixed reality capture (MRC) lets you capture that experience as a photo or video, or share what you see with others in real-time.
+
+Mixed reality capture uses a first-person point of view so other people can see holograms as you see them. For a third-person point of view, use [spectator view](https://docs.microsoft.com/windows/mixed-reality/spectator-view). Spectator view is especially useful for demos.
+
+While it's fun to share videos amongst friends and colleagues, videos can also help teach other people to use an app or to communicate problems with apps and experiences.
+
+> [!NOTE]
+> If you can't launch mixed reality capture experiences and your HoloLens is a work device, check with your system administrator. Access to the camera can be restricted through company policy.
+
+## Capture a mixed reality photo
+
+There are several ways to take a photo of mixed reality on HoloLens; you can use hardware buttons, voice, or the Start menu.
+
+### Hardware buttons to take photos
+
+To take a quick photo of your current view, press the volume up and volume down buttons at the same time. This is a bit like the HoloLens version of a screenshot or print screen.
+
+- [Button locations on HoloLens 2](hololens2-hardware.md)
+- [Button locations on HoloLens (1st gen)](hololens1-hardware.md#hololens-components)
+
+> [!NOTE]
+> Holding the **volume up** and **volume down** buttons for three seconds will start recording a video rather than taking a photo. To stop recording, tap both **volume up** and **volume down** buttons simultaneously.
+
+### Voice commands to take photos
+
+Cortana can also take a picture. Say: "Hey Cortana, take a picture."
+
+### Start menu to take photos
+
+Use the Start gesture to go to **Start**, then select the **camera** icon.
+
+Point your head in the direction of what you want to capture, then [air tap](hololens2-basic-usage.md#touch-holograms-near-you) to take a photo. You can continue to air tap and capture additional photos. Any photos you capture will be saved to your device.
+
+Use the Start gesture again to end photo capture.
+
+## Capture a mixed reality video
+
+There are several ways to record a video of mixed reality on HoloLens; you can use hardware buttons, voice, or the Start menu.
+
+### Hardware buttons to record videos
+
+The quickest way to record a video is to press and hold the **volume up** and **volume down** buttons simultaneously until a three-second countdown begins. To stop recording, tap both buttons simultaneously.
+
+> [!NOTE]
+> Quickly pressing the **volume up** and **volume down** buttons at the same time will take a photo rather than recording a video.
+
+### Voice to record videos
+
+Cortana can also record a video. Say: "Hey Cortana, start recording." To stop a video, say "Hey Cortana, stop recording."
+
+### Start menu to record videos
+
+Use the Start gesture to go to **Start**, then select the **video** icon. Point your head in the direction of what you want to capture, then [air tap](hololens2-basic-usage.md#touch-holograms-near-you) to start recording. There will be a three second countdown and your recording will begin.
+
+To stop recording, use the Start gesture and select the highlighted **video** icon. The video will be saved to your device.
+
+> [!NOTE]
+> **Applies to HoloLens (1st gen) only**
+> The [Windows 10 October 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018) changes how the Start gesture and Windows button behave on HoloLens (1st gen). Before the update, the Start gesture or Windows button would stop a video recording. After the update, however, the Start gesture or Windows button opens the **Start** menu (or the **quick actions menu** if you are in an immersive app), from which you can select the highlighted **video** icon to stop recording.
+
+## Share what you see in real-time
+
+You can share what you see in HoloLens with friends and colleagues in real-time. There are a few methods available:
+
+1. Connecting to a Miracast-enabled device or adapter to watch on a TV.
+1. Using [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal) to watch on a PC
+1. Using the [Microsoft HoloLens companion app](https://www.microsoft.com/store/productId/9NBLGGH4QWNX) to watch on a PC.
+1. Deploying the [Microsoft Dynamics 365 Remote Assist](https://dynamics.microsoft.com/en-us/mixed-reality/remote-assist) app, which enables front-line workers to stream what they see to a remote expert. The remote expert can then guide the front-line worker verbally or by annotating in their world.
+
+> [!NOTE]
+> Sharing what you see via Windows Device Portal or Microsoft HoloLens companion app requires your HoloLens to be in [Developer mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#setting-up-hololens-to-use-windows-device-portal).
+
+### Stream video with Miracast
+
+Use the Start gesture to go to **Start**, then select the **connect** icon. From the picker that appears, select the Miracast-enabled device or adapter to which you want to connect.
+
+To stop sharing, use the Start gesture and select the highlighted **connect** icon. Because you were streaming, nothing will be saved to your device.
+
+> [!NOTE]
+> Miracast support was enabled on HoloLens (1st gen) beginning with the [Windows 10 October 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018).
+
+### Real time video with Windows Device Portal
+
+Because sharing via Windows Device Portal requires Developer mode to be enabled on HoloLens, follow the instructions in our developer documentation to [set up Developer mode and navigate Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
+
+### Microsoft HoloLens companion app
+
+Because sharing via the Microsoft HoloLens companion app requires Developer mode to be enabled on HoloLens, follow the instructions in our developer documentation to [set up Developer mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). Then, download the [Microsoft HoloLens companion app](https://www.microsoft.com/store/productId/9NBLGGH4QWNX) and follow the instructions within the app to connect to your HoloLens.
+
+Once the app is set up with your HoloLens, select the **Live stream** option from the app's main menu.
+
+## View your mixed reality photos and videos
+
+Mixed reality photos and videos are saved to the device's "Camera Roll". You can browse the contents of this folder on your HoloLens with the File Explorer app (navigate to Pictures > Camera Roll).
+
+You can also view your mixed reality photos and videos in the Photos app, which is pre-installed on HoloLens. To pin a photo in your world, select it in the Photos app and choose **Place in mixed world**. You can move the photo around your world after it's been placed.
+
+To view and/or save your mixed reality photos and videos on a PC connected to HoloLens, you can use [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#mixed-reality-capture) or your [PC's File Explorer via MTP](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018#new-features-for-hololens).
+
+## Share your mixed reality photos and videos
+
+After capturing a mixed reality photo or video, a preview will appear. Select the **share** icon above the preview to bring up the share assistant. From there, you can select the end point to which you'd like to share that photo or video.
+
+You can also share mixed reality photos and videos from OneDrive, by automatically uploading your mixed reality photos and videos. Open the OneDrive app on HoloLens and sign in with a personal [Microsoft account](https://account.microsoft.com) if you haven't already. Select the **settings** icon and choose **Camera upload**. Turn Camera upload on. Your mixed reality photos and videos will now be uploaded to OneDrive each time you launch the app on HoloLens.
+
+> [!NOTE]
+> You can only enable camera upload in OneDrive if you’re signed into OneDrive with a personal Microsoft account. If you set up HoloLens with a work or school account, you can add a personal Microsoft account in the OneDrive app to enable this feature.
+
+## Limitations of mixed reality capture
+
+- While using mixed reality capture, the framerate of HoloLens will be halved to 30 Hz.
+- Videos have a maximum length of five minutes.
+- The resolution of photos and videos may be reduced if the photo/video camera is already in use by another application, while live streaming, or when system resources are low.
+
+## Default file format and resolution
+
+### Default photo format and resolution
+
+| Device | Format | Extension | Resolution |
+|----------|----------|----------|----------|
+| HoloLens 2 | [JPEG](https://en.wikipedia.org/wiki/JPEG) | .jpg | 3904x2196px |
+| HoloLens (1st gen) | [JPEG](https://en.wikipedia.org/wiki/JPEG) | .jpg | 1408x792px |
+
+### Recorded video format and resolution
+
+| Device | Format | Extension | Resolution | Speed | Audio |
+|----------|----------|----------|----------|----------|----------|
+| HoloLens 2 | [MPEG-4](https://en.wikipedia.org/wiki/MPEG-4) | .mp4 | 1920x1080px | 30fps | 48kHz Stereo |
+| HoloLens (1st gen) | [MPEG-4](https://en.wikipedia.org/wiki/MPEG-4) | .mp4 | 1216x684px | 24fps | 48kHz Stereo |
diff --git a/devices/hololens/holographic-store-apps.md b/devices/hololens/holographic-store-apps.md
index 6d0e0d820a..085f14c50e 100644
--- a/devices/hololens/holographic-store-apps.md
+++ b/devices/hololens/holographic-store-apps.md
@@ -3,7 +3,7 @@ title: Find, install, and uninstall applications
description: The Microsoft Store is your source for apps and games that work with HoloLens. Learn more about finding, installing, and uninstalling holographic apps.
ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435
ms.reviewer: v-miegge
-ms.date: 8/30/2019
+ms.date: 08/30/2019
manager: jarrettr
keywords: hololens, store, uwp, app, install
ms.prod: hololens
@@ -11,7 +11,7 @@ ms.sitesec: library
author: mattzmsft
ms.author: mazeller
ms.topic: article
-ms.localizationpriority: medium
+ms.localizationpriority: high
appliesto:
- HoloLens (1st gen)
- HoloLens 2
@@ -33,7 +33,7 @@ Open the Microsoft Store from the **Start** menu. Then browse for apps and games
## Install apps
-To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](http://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
+To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
1. To open the [**Start** menu](holographic-home.md), perform a [bloom](hololens1-basic-usage.md) gesture or tap your wrist.
2. Select the Store app and then tap to place this tile into your world.
diff --git a/devices/hololens/hololens-FAQ.md b/devices/hololens/hololens-FAQ.md
new file mode 100644
index 0000000000..a183165e4a
--- /dev/null
+++ b/devices/hololens/hololens-FAQ.md
@@ -0,0 +1,217 @@
+---
+title: Frequently asked questions about HoloLens and holograms
+description: Do you have a quick question about HoloLens or interacting with holograms? This article provides a quick answer and more resources.
+keywords: hololens, faq, known issue, help
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: medium
+ms.date: 10/30/2019
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# HoloLens and holograms: Frequently asked questions
+
+Here are some answers to questions you might have about using HoloLens, placing holograms, working with spaces, and more.
+
+Any time you're having problems, make sure HoloLens is [charged up](https://support.microsoft.com/help/12627/hololens-charge-your-hololens). Try [restarting it](hololens-restart-recover.md) to see if that fixes things. And please use the Feedback app to send us info about the issue—you'll find it on the [**Start** menu](holographic-home.md).
+
+For tips about wearing your HoloLens, see [HoloLens fit and comfort: FAQ](https://support.microsoft.com/help/13405/hololens-fit-and-comfort-faq).
+
+This FAQ addresses the following questions and issues:
+
+
+- [My holograms don't look right or are moving around](#my-holograms-dont-look-right-or-are-moving-around)
+- [I see a message that says "Finding your space"](#i-see-a-message-that-says-finding-your-space)
+- [I'm not seeing the holograms I expect to see in my space](#im-not-seeing-the-holograms-i-expect-to-see-in-my-space)
+- [I can't place holograms where I want](#i-cant-place-holograms-where-i-want)
+- [Holograms disappear or are encased in other holograms or objects](#holograms-disappear-or-are-encased-in-other-holograms-or-objects)
+- [I can see holograms that are on the other side of a wall](#i-can-see-holograms-that-are-on-the-other-side-of-a-wall)
+- [When I place a hologram on a wall, it seems to float](#when-i-place-a-hologram-on-a-wall-it-seems-to-float)
+- [Apps appear too close to me when I'm trying to move them](#apps-appear-too-close-to-me-when-im-trying-to-move-them)
+- [I'm getting a low disk space error](#im-getting-a-low-disk-space-error)
+- [HoloLens doesn't respond to my gestures](#hololens-doesnt-respond-to-my-gestures)
+- [HoloLens doesn't respond to my voice](#hololens-doesnt-respond-to-my-voice)
+- [I'm having problems pairing or using a Bluetooth device](#im-having-problems-pairing-or-using-a-bluetooth-device)
+- [I'm having problems with the HoloLens clicker](#im-having-problems-with-the-hololens-clicker)
+- [I can't connect to Wi-Fi](#i-cant-connect-to-wi-fi)
+- [My HoloLens isn't running well, is unresponsive, or won't start](#my-hololens-isnt-running-well-is-unresponsive-or-wont-start)
+- [How do I delete all spaces?](#how-do-i-delete-all-spaces)
+- [I cannot find or use the keyboard to type in the HoloLens 2 Emulator](#i-cannot-find-or-use-the-keyboard-to-type-in-the-hololens-2-emulator)
+
+## My holograms don't look right or are moving around
+
+If your holograms don't look right (for example, they're jittery or shaky, or you see black patches on top of them), try one of these fixes:
+
+- [Clean your device visor](hololens1-hardware.md#care-and-cleaning) and make sure nothing is blocking the sensors.
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Try walking around and gazing at your surroundings so HoloLens can scan them more completely.
+- If you've placed a lot of holograms, try removing some.
+
+If you're still having problems, trying running the Calibration app, which calibrates your HoloLens just for you, to help keep your holograms looking their best. Go to **Settings **>** System **>** Utilities**. Under Calibration, select **Open Calibration**.
+
+[Back to list](#list)
+
+## I see a message that says Finding your space
+
+When HoloLens is learning or loading a space, you might see a brief message that says "Finding your space." If this message continues for more than a few seconds, you'll see another message under the Start menu that says "Still looking for your space."
+
+These messages mean that HoloLens is having trouble mapping your space. When this happens, you'll be able to open apps, but you won't be able to place holograms in your environment.
+
+If you see these messages often, try the following:
+
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Make sure your device visor is clean. [Learn how](hololens1-hardware.md#care-and-cleaning).
+- Make sure you have a strong Wi-Fi signal. If you enter a new environment that has no Wi-Fi or a weak signal, HoloLens won't be able find your space. Check your Wi-Fi connection by going to **Settings **> **Network & Internet** >** Wi-Fi**.
+- Try moving more slowly.
+
+[Back to list](#list)
+
+## I'm not seeing the holograms I expect to see in my space
+
+If you don't see holograms you placed, or you're seeing some you don't expect, try the following:
+
+- Try turning on some lights. HoloLens works best in a well-lit space.
+- Remove holograms you don't need by going to **Settings** > **System** > **Holograms** > **Remove nearby holograms**. Or, if needed, select **Remove all holograms**.
+
+ > [!NOTE]
+ > If the layout or lighting in your space changes significantly, your device might have trouble identifying your space and showing your holograms.
+
+[Back to list](#list)
+
+## I can't place holograms where I want
+
+Here are some things to try if you're having trouble placing holograms:
+
+- Stand about 1 to 3 meters from where you're trying to place the hologram.
+- Don't place holograms on black or reflective surfaces.
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Walk around the rooms so HoloLens can rescan your surroundings. To see what's already been scanned, air tap to reveal the mapping mesh graphic.
+
+[Back to list](#list)
+
+## Holograms disappear or are encased in other holograms or objects
+
+If you get too close to a hologram, it will temporarily disappear—just move away from it. Also, if you've placed a lot of holograms close together, some may disappear. Try removing a few.
+
+Holograms can also be blocked or encased by other holograms or by objects such as walls. If this happens, try one of the following:
+
+- If the hologram is encased in another hologram, move it to another location: select **Adjust**, then tap and hold to position it.
+- If the hologram is encased in a wall, select **Adjust**, then walk toward the wall until the hologram appears. Tap and hold, then pull the hologram forward and out of the wall.
+- If you can't move the hologram with gestures, use your voice to remove it. Gaze at the hologram, then say "Remove." Then reopen it and place it in a new location.
+
+[Back to list](#list)
+
+## I can see holograms that are on the other side of a wall
+
+If you're very close to a wall, or if HoloLens hasn't scanned the wall yet, you'll be able to see holograms that are in the next room. Stand 1 to 3 meters from the wall and gaze to scan it.
+
+If HoloLens has problems scanning the wall, it might be because there's a black or reflective object nearby (for example, a black couch or a stainless steel refrigerator). If there is, scan the other side of the wall.
+
+[Back to list](#list)
+
+## When I place a hologram on a wall, it seems to float
+
+Holograms placed on walls will appear to be an inch or so away from the wall. If they appear farther away, try the following:
+
+- Stand 1 to 3 meters from the wall when you place a hologram and face the wall straight on.
+- Air tap the wall to reveal the mapping mesh graphic. Make sure the mesh is lined up with the wall. If it isn't, remove the hologram, rescan the wall, and try again.
+- If the issue persists, run the Calibration app. You'll find it in **Settings** > **System** > **Utilities**.
+
+[Back to list](#list)
+
+## Apps appear too close to me when I'm trying to move them
+
+Try walking around and looking at the area where you're placing the app so HoloLens will scan it from different angles. [Cleaning your device visor](hololens1-hardware.md#care-and-cleaning) may also help.
+
+[Back to list](#list)
+
+## I'm getting a low disk space error
+
+Free up some storage space by doing one or more of the following:
+
+- Remove some of the holograms you've placed, or remove some saved data from within apps. [How do I find my data?](holographic-data.md)
+- Delete some pictures and videos in the Photos app.
+- Uninstall some apps from your HoloLens. In the All apps list, tap and hold the app you want to uninstall, then select **Uninstall**. (This will also delete any of the app's data stored on the device.)
+
+[Back to list](#list)
+
+## HoloLens doesn't respond to my gestures
+
+To make sure HoloLens can see your gestures, keep your hand in the gesture frame, which extends a couple of feet on either side of you. HoloLens can also best see your hand when you hold it about 18 inches in front of your body (though you don't have to be precise about this). When HoloLens can see your hand, the cursor will change from a dot to a ring. Learn more about [using gestures in HoloLens 2](hololens2-basic-usage.md) or [using gestures in HoloLens (1st gen)](hololens1-basic-usage.md).
+
+[Back to list](#list)
+
+## HoloLens doesn't respond to my voice
+
+If Cortana isn't responding to your voice, make sure Cortana is on. In the **All apps** list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
+
+[Back to list](#list)
+
+## I'm having problems pairing or using a Bluetooth device
+
+If you're having problems [pairing a Bluetooth device](hololens-connect-devices.md), try the following:
+
+- Go to **Settings** > **Devices** and make sure Bluetooth is turned on. If it is, try turning if off and on again.
+- Make sure your Bluetooth device is fully charged or has fresh batteries.
+- If you still can't connect, [restart your HoloLens](hololens-recovery.md).
+
+If you're having trouble using a Bluetooth device, make sure it's a supported device. Supported devices include:
+
+- English-language QWERTY Bluetooth keyboards, which can be used anywhere you use the holographic keyboard.
+- Bluetooth mice.
+- The [HoloLens clicker](hololens1-clicker.md).
+
+Other Bluetooth HID and GATT devices can be paired, but they might require a companion app from Microsoft Store to work with HoloLens.
+
+HoloLens doesn't support Bluetooth audio profiles. Bluetooth audio devices, such as speakers and headsets, may appear as available in HoloLens settings, but they aren't supported.
+
+[Back to list](#list)
+
+## I'm having problems with the HoloLens clicker
+
+Use the [clicker](hololens1-clicker.md) to select, scroll, move, and resize holograms. Additional clicker gestures may vary from app to app.
+
+If you're having trouble using the clicker, make sure its charged and paired with your HoloLens. If the battery is low, the indicator light will blink amber. To see if its paired, go to **Settings** > **Devices** and see if it shows up there. [Pair the clicker](hololens-connect-devices.md#pair-the-clicker).
+
+If the clicker is charged and paired and you're still having problems, reset it by holding down the main button and the pairing button for 15 seconds. Then pair the clicker with your HoloLens again.
+
+If that doesn't help, see [Restart or recover the HoloLens clicker](hololens1-clicker.md#restart-or-recover-the-clicker).
+
+[Back to list](#list)
+
+## I can't connect to Wi-Fi
+
+Here are some things to try if you can't connect to Wi-Fi on HoloLens:
+
+- Make sure Wi-Fi is turned on. Bloom to go to Start, then select **Settings** > **Network & Internet** > **Wi-Fi** to check. If Wi-Fi is on, try turning it off and on again.
+- Move closer to the router or access point.
+- Restart your Wi-Fi router, then [restart HoloLens](hololens-recovery.md). Try connecting again.
+- If none of these things work, check to make sure your router is using the latest firmware. You can find this information on the manufacturers website.
+
+[Back to list](#list)
+
+## My HoloLens isn't running well, is unresponsive, or won't start
+
+If your device isn't performing properly, see [Restart, reset, or recover HoloLens](hololens-recovery.md).
+
+[Back to list](#list)
+
+## How do I delete all spaces?
+
+*Coming soon*
+
+[Back to list](#list)
+
+## I cannot find or use the keyboard to type in the HoloLens 2 Emulator
+
+*Coming soon*
+
+[Back to list](#list)
diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md
index 1296d0f4bd..cfc55d1070 100644
--- a/devices/hololens/hololens-calibration.md
+++ b/devices/hololens/hololens-calibration.md
@@ -32,6 +32,8 @@ HoloLens 2 prompts a user to calibrate the device under the following circumstan
- The user is using the device for the first time
- The user previously opted out of the calibration process
- The calibration process did not succeed the last time the user used the device
+- The user has deleted their calibration profiles
+- The visor is raised and the lowered and any of the above circumstances apply (this may be disabled in **Settings > System > Calibration**.)
@@ -97,7 +99,7 @@ You can also disable the calibration prompt by following these steps:
1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**.
> [!IMPORTANT]
-> Please understand that this setting may adversely affect hologram rendering quality and comfort.
+> This setting may adversely affect hologram rendering quality and comfort. When you turn off this setting, features that depend on eye tracking (such as text scrolling) no longer work in immersive applications.
### HoloLens 2 eye-tracking technology
diff --git a/devices/hololens/hololens-commercial-features.md b/devices/hololens/hololens-commercial-features.md
index 1b3fdcdcd4..309d81e904 100644
--- a/devices/hololens/hololens-commercial-features.md
+++ b/devices/hololens/hololens-commercial-features.md
@@ -1,11 +1,12 @@
---
title: Commercial features
description: The Microsoft HoloLens Commercial Suite includes features that make it easier for businesses to manage HoloLens devices. HoloLens 2 devices are equipped with commercial features by default.
+keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk mode
author: scooley
ms.author: scooley
-ms.date: 08/26/19
+ms.date: 08/26/2019
ms.topic: article
-keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk mode
+audience: ITPro
ms.prod: hololens
ms.sitesec: library
ms.localizationpriority: high
@@ -53,7 +54,7 @@ HoloLens (1st gen) came with two licensing options, the developer license and a
|Ability to block unenrollment | |✔️ |✔️ |
|Cert-based corporate Wi-Fi access | |✔️ |✔️ |
|Microsoft Store (Consumer) |Consumer |Filter by using MDM |Filter by using MDM |
-[Business Store Portal](https://docs.microsoft.com/microsoft-store/working-with-line-of-business-apps) | |✔️ |✔️ |
+|[Business Store Portal](https://docs.microsoft.com/microsoft-store/working-with-line-of-business-apps) | |✔️ |✔️ |
|**Security and identity** | | | |
|Sign in by using Azure Active Directory (AAD) account |✔️ |✔️ |✔️ |
|Sign in by using Microsoft Account (MSA) |✔️ |✔️ |✔️ |
diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md
index 6e8f48fa30..bbe2dad4d3 100644
--- a/devices/hololens/hololens-connect-devices.md
+++ b/devices/hololens/hololens-connect-devices.md
@@ -7,8 +7,8 @@ ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
-ms.localizationpriority: medium
-ms.date: 9/13/2019
+ms.localizationpriority: high
+ms.date: 09/13/2019
manager: jarrettr
appliesto:
- HoloLens (1st gen)
@@ -34,7 +34,7 @@ Classes of Bluetooth devices supported by HoloLens (1st gen):
- HoloLens (1st gen) clicker
> [!NOTE]
-> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported on HoloLens (1st gen). [Learn more](http://go.microsoft.com/fwlink/p/?LinkId=746660).
+> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported on HoloLens (1st gen). [Learn more](https://go.microsoft.com/fwlink/p/?LinkId=746660).
### Pair a Bluetooth keyboard or mouse
diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md
index 5ffe60d2e1..82ded27dd3 100644
--- a/devices/hololens/hololens-cortana.md
+++ b/devices/hololens/hololens-cortana.md
@@ -2,11 +2,12 @@
title: Use your voice with HoloLens
description: Cortana can help you do all kinds of things on your HoloLens
ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed
-ms.date: 9/13/2019
+ms.date: 11/8/2019
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
+audience: ITPro
ms.author: v-miegge
ms.topic: article
manager: jarrettr
@@ -18,12 +19,12 @@ appliesto:
# Use your voice with HoloLens
-You can use your voice to do almost anything on HoloLens, such as taking a quick photo or opening an app. Many voice commands are built into HoloLens, while others are available through Cortana.
+You can use your voice to do almost anything on HoloLens, such as taking a quick photo or opening an app. Many voice commands are built into HoloLens, while others are available through Cortana.
-This article teachs you how to control HoloLens and your holographic world with your voice and with Cortana.
+This article teaches you how to control HoloLens and your holographic world with your voice and with Cortana.
> [!NOTE]
-> Speech is only supported in [some languages](https://support.microsoft.com/help/4039262#Languages). The speech language is based on the Windows display language, not the keyboard language.
+> Speech is only supported in [some languages](hololens2-language-support.md). The speech language is based on the Windows display language, not the keyboard language.
>
> You can verify the Windows display language by selecting **Settings** > **Time and Language** > **Language**.
@@ -35,6 +36,9 @@ Get around HoloLens faster with these basic commands. In order to use these you
Use these commands throughout Windows Mixed Reality to get around faster. Some commands use the gaze cursor, which you bring up by saying “select.”
+>[!NOTE]
+>Hand rays are not supported on HoloLens (1st Gen).
+
| Say this | To do this |
| - | - |
| "Select" | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say “select” again. |
@@ -55,7 +59,7 @@ To use these commands, gaze at a 3D object, hologram, or app window.
| "Face me" | Turn it to face you |
| "Move this" | Move it (follow your gaze) |
| "Close" | Close it |
-| "Follow" / "Stop following" | Make it follow you as you move around |
+| "Follow me" / "Stop following" | Make it follow you as you move around |
### See it, say it
@@ -63,7 +67,7 @@ Many buttons and other elements on HoloLens also respond to your voice—for exa
### Dictation mode
-Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone icon or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that."
+Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone button or say "Start dictating." To stop dictating, select the button again or say "Stop dictating." To delete what you just dictated, say "Delete that."
> [!NOTE]
> To use dictation mode, you have to have an internet connection.
@@ -104,16 +108,15 @@ Here are some things you can try saying (remember to say "Hey Cortana" first).
- Take a picture.
- Start recording. (Starts recording a video.)
- Stop recording. (Stops recording a video.)
-- Call <*contact*>. (Requires Skype.)
- What time is it?
-- Show me the latest NBA scores.
+- Show me the latest NBA scores.
- How much battery do I have left?
- Tell me a joke.
-Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English-only, and the Cortana experience may vary from one region to another.
+Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another.
### Turn Cortana off
-Cortana is on the first time you use HoloLens when you enable speech. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana > Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
+Cortana is on the first time you use HoloLens when you enable speech. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana** > **Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
If Cortana isn't responding to "Hey Cortana," check that speech is enabled on Start and go to Cortana's settings and check to make sure she's on.
diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md
index 62352e9767..6c8b9118e6 100644
--- a/devices/hololens/hololens-encryption.md
+++ b/devices/hololens/hololens-encryption.md
@@ -50,6 +50,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
1. Find the XML license file that was provided when you purchased the Commercial Suite.
+1. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
>[!NOTE]
>You can configure [additional settings in the provisioning package](hololens-provisioning.md).
@@ -87,7 +88,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
1. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with device setup.
>[!NOTE]
->If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
+>If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
## Verify device encryption
diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md
index 2fd5775041..dc042a0f9f 100644
--- a/devices/hololens/hololens-enroll-mdm.md
+++ b/devices/hololens/hololens-enroll-mdm.md
@@ -1,16 +1,19 @@
---
-title: Enroll HoloLens in MDM (HoloLens)
+title: Enroll HoloLens in MDM
description: Enroll HoloLens in mobile device management (MDM) for easier management of multiple devices.
ms.prod: hololens
-ms.mktglfcycl: manage
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+ms.assetid: 2a9b3fca-8370-44ec-8b57-fb98b8d317b0
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 07/15/2019
ms.reviewer:
manager: dansimp
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
# Enroll HoloLens in MDM
@@ -39,3 +42,7 @@ When auto-enrollment is enabled, no additional manual enrollment is needed. When
1. Upon successful authentication to the MDM server, a success message is shown.
Your device is now enrolled with your MDM server. The device will need to restart to acquire policies, certificates, and apps. The Settings app will now reflect that the device is enrolled in device management.
+
+## Unenroll HoloLens from Intune
+
+You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.
\ No newline at end of file
diff --git a/devices/hololens/hololens-environment-considerations.md b/devices/hololens/hololens-environment-considerations.md
new file mode 100644
index 0000000000..bdd500b298
--- /dev/null
+++ b/devices/hololens/hololens-environment-considerations.md
@@ -0,0 +1,121 @@
+---
+title: Environment considerations for HoloLens
+description: Get the best possible experience using HoloLens when you optimize the device for your eyes and environment. Many different environmental factors are fused together to enable tracking, but as a Mixed Reality developer, there are several factors you can keep in mind to tune a space for better holograms.
+keywords: holographic frame, field of view, fov, calibration, spaces, environment, how-to
+author: dorreneb
+ms.author: dobrown
+manager: jarrettr
+ms.date: 8/29/2019
+ms.prod: hololens
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Environment considerations for HoloLens
+
+HoloLens blends the holographic with the "real" world, placing holograms in your surroundings. A holographic app window "hangs" on the wall, a holographic ballerina spins on the tabletop, bunny ears sit on top of your unwitting friend’s head. When you’re using an immersive game or app, the holographic world will spread to fill your surroundings but you’ll still be able to see and move around the space.
+
+The holograms you place will stay where you’ve put them, even if you turn off your device.
+
+## Setting up an environment
+
+HoloLens devices know how to place stable and accurate holograms by *tracking* users in a space. Without proper tracking, the device does not understand the environment or the user within it so holograms can appear in the wrong places, not appear in the same spot every time, or not appear at all. The data used to track users is represented in the *spatial map*.
+
+Tracking performance is heavily influenced by the environment the user is in, and tuning an environment to induce stable and consistent tracking is an art rather than a science. Many different environmental factors are fused together to enable tracking, but as a Mixed Reality developer, there are several factors you can keep in mind to tune a space for better tracking.
+
+### Lighting
+
+Windows Mixed Reality uses visual light to track the user's location. When an environment is too bright, the cameras can get saturated, and nothing is seen. If the environment is too dark, the cameras cannot pick up enough information, and nothing is seen. Lighting should be even and sufficiently bright that a human can see without effort, but not so bright that the light is painful to look at.
+
+Areas where there are points of bright light in an overall dim area are also problematic, as the camera has to adjust when moving in and out of bright spaces. This can cause the device to "get lost" and think that the change in light equates to a change in location. Stable light levels in an area will lead to better tracking.
+
+Any outdoor lighting can also cause instability in the tracker, as the sun may vary considerably over time. For example, tracking in the same space in the summer vs. winter can produce drastically different results, as the secondhand light outside may be higher at different times of year.
+
+If you have a luxmeter, a steady 500-1000 lux is a good place to start.
+
+#### Types of lighting
+
+Different types of light in a space can also influence tracking. Light bulbs pulse with the AC electricity running through it - if the AC frequency is 50Hz, then the light pulses at 50Hz. For a human, this pulsing is not noticed. However, HoloLens' 30fps camera sees these changes - some frames will be well-lit, some will be poorly lit, and some will be over-exposed as the camera tries to compensate for light pulses.
+
+In the USA, electricity frequency standard is 60Hz, so light bulb pulses are harmonized with HoloLens' framerate - 60Hz pulses align with HoloLens' 30 FPS framerate. However, many countries have an AC frequency standard of 50Hz, which means some HoloLens frames will be taken during pulses, and others will not. In particular, fluorescent lighting in Europe has been known to cause issues.
+
+There are a few things you can try to resolve flickering issues. Temperature, bulb age, and warm-up cycles are common causes of fluorescent flickering and replacing bulbs may help. Tightening bulbs and making sure current draws are constant can also help.
+
+### Items in a space
+
+HoloLens uses unique environmental landmarks, also known as *features*, to locate itself in a space.
+
+A device can almost never track in a feature-poor area, as the device has no way of knowing where in space it is. Adding features to the walls of a space is usually a good way to improve tracking. Posters, symbols taped to a wall, plants, unique objects, or other similar items all help. A messy desk is a good example of an environment that leads to good tracking - there are a lot of different features in a single area.
+
+Additionally, use unique features in the same space. The same poster repeated multiple times over a wall, for example, will cause device confusion as the HoloLens won't know which of the repetitive posters it is looking at. One common way of adding unique features is to use lines of masking tape to create unique, non-repetitive patterns along the walls and floor of a space.
+
+A good question to ask yourself is: if you saw just a small amount of the scene, could you uniquely locate yourself in the space? If not, it's likely the device will have problems tracking as well.
+
+#### Wormholes
+
+If you have two areas or regions that look the same, the tracker may think they are the same. This results in the device tricking itself into thinking it is somewhere else. We call these types of repetitive areas *wormholes*.
+
+To prevent wormholes, try to prevent identical areas in the same space. Identical areas can sometimes include factory stations, windows on a building, server racks, or work stations. Labelling areas or adding unique features to each similar-looking areas can help mitigate wormholes.
+
+### Movement in a space
+
+If your environment is constantly shifting and changing, the device has no stable features to locate against.
+
+The more moving objects that are in a space, including people, the easier it is to lose tracking. Moving conveyor belts, items in different states of construction, and lots of people in a space have all been known to cause tracking issues.
+
+The HoloLens can quickly adapt to these changes, but only when that area is clearly visible to the device. Areas that are not seen as frequently may lag behind reality, which can cause errors in the spatial map. For example, a user scans a friend and then turns around while the friend leaves the room. A 'ghost' representation of the friend will persist in the spatial mapping data until the user re-scans the now empty space.
+
+### Proximity of the user to items in the space
+
+Similarly to how humans cannot focus well on objects close to the eyes, HoloLens struggles when objects are close to it's cameras. If an object is too close to be seen with both cameras, or if an object is blocking one camera, the device will have far more issues with tracking against the object.
+
+The cameras can see no closer than 15cm from an object.
+
+### Surfaces in a space
+
+Strongly reflective surfaces will likely look different depending on the angle, which affects tracking. Think of a brand new car - when you move around it, light reflects and you see different objects in the surface as you move. To the tracker, the different objects reflected in the surface represent a changing environment, and the device loses tracking.
+
+Less shiny objects are easier to track against.
+
+### Wi-Fi fingerprint considerations
+
+As long as Wi-Fi is enabled, map data will be correlated with a Wi-Fi fingerprint, even when not connected to an actual WiFi network/router. Without Wi-Fi info, the space and holograms may be slightly slower to recognize. If the Wi-Fi signals change significantly, the device may think it is in a different space altogether.
+
+Network identification (such as SSID or MAC address) is not sent to Microsoft, and all Wi-Fi references are kept local on the HoloLens.
+
+## Mapping new spaces
+
+When you enter a new space (or load an existing one), you’ll see a mesh graphic spreading over the space. This means your device is mapping your surroundings. While a HoloLens will learn a space over time, there are tips and tricks to map spaces.
+
+## Environment management
+
+There are two settings which enable users to “clean up” holograms and cause HoloLens to “forget" a space. They exist in **Holograms and environments** in the settings app, with the second setting also appearing under **Privacy** in the settings app.
+
+1. **Delete nearby holograms**. When you select this setting, HoloLens will erase all anchored holograms and all stored map data for the “current space” where the device is located. A new map section would be created and stored in the database for that location once holograms are again placed in that same space.
+
+1. **Delete all holograms**.By selecting this setting, HoloLens will erase ALL map data and anchored holograms in the entire databases of spaces. No holograms will be rediscovered and any holograms need to be newly placed to again store map sections in the database.
+
+## Hologram quality
+
+Holograms can be placed throughout your environment—high, low, and all around you—but you’ll see them through a [holographic frame](https://docs.microsoft.com/windows/mixed-reality/holographic-frame) that sits in front of your eyes. To get the best view, make sure to adjust your device so you can see the entire frame. And don’t hesitate to walk around your environment and explore!
+
+For your [holograms](https://docs.microsoft.com/windows/mixed-reality/hologram) to look crisp, clear, and stable, your HoloLens needs to be calibrated just for you. When you first set up your HoloLens, you’ll be guided through this process. Later on, if holograms don’t look right or you’re seeing a lot of errors, you can make adjustments.
+
+If you are having trouble mapping spaces, try deleting nearby holograms and remapping the space.
+
+### Calibration
+
+If your holograms look jittery or shaky, or if you’re having trouble placing holograms, the first thing to try is the [Calibration app](hololens-calibration.md). This app can also help if you’re experiencing any discomfort while using your HoloLens.
+
+To get to the Calibration app, go to **Settings** > **System** > **Utilities**. Select **Open Calibration** and follow the instructions.
+
+If someone else is going to be using your HoloLens, they should run the Calibration app first so the device is set up properly for them.
+
+## See also
+
+- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping)
+- [Holograms](https://docs.microsoft.com/windows/mixed-reality/hologram)
diff --git a/devices/hololens/hololens-feedback.md b/devices/hololens/hololens-feedback.md
index 51509d0833..3199517a90 100644
--- a/devices/hololens/hololens-feedback.md
+++ b/devices/hololens/hololens-feedback.md
@@ -80,4 +80,3 @@ To easily direct other people (such as co-workers, Microsoft staff, [forum](http
1. Enter your feedback.
1. If you are reporting a reproducible issue, you can select **Reproduce**. Without closing Feedback Hub, reproduce the issue. After you finish, come back to Feedback Hub and select **I’m done**. The app adds a mixed reality capture of your repro and relevant diagnostic logs to your feedback.
1. Select **Post feedback**, and you’re done.
-
diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md
deleted file mode 100644
index 8a9687ea25..0000000000
--- a/devices/hololens/hololens-find-and-save-files.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Find and save files on HoloLens
-description: Use File Explorer on HoloLens to view and manage files on your device
-ms.assetid: 77d2e357-f65f-43c8-b62f-6cd9bf37070a
-ms.reviewer: jarrettrenshaw
-ms.date: 07/01/2019
-manager: v-miegge
-keywords: hololens
-ms.prod: hololens
-ms.sitesec: library
-author: v-miegge
-ms.author: v-miegge
-ms.topic: article
-ms.localizationpriority: medium
----
-
-# Find and save files on HoloLens
-
-Add content from [Find and save files](https://docs.microsoft.com/windows/mixed-reality/saving-and-finding-your-files)
-
-
-Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens.
-
-## View files on HoloLens
-
-Use File Explorer on HoloLens to view and manage files on your device, including 3D objects, documents, and pictures. Go to Start > All apps > File Explorer on HoloLens to get started.
-
->[!TIP]
->If there are no files listed in File Explorer, select **This Device** in the top left pane.
-
-## View HoloLens files on your PC
-
-To see your HoloLens files in File Explorer on your PC:
-
-1. Sign in to HoloLens, then plug it into the PC using the USB cable that came with the HoloLens.
-
-1. Select **Open Device to view files with File Explorer**, or open File Explorer on the PC and navigate to the device.
-
->[!TIP]
->To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**.
-
-## Sync to the cloud
-
-To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens.
-
->[!TIP]
->HoloLens doesn't back up app files and data, so it's a good idea to save your important stuff to OneDrive. That way, if you reset your device or uninstall an app, your info will be backed up.
diff --git a/devices/hololens/hololens-identity.md b/devices/hololens/hololens-identity.md
new file mode 100644
index 0000000000..3cc6cc4cfc
--- /dev/null
+++ b/devices/hololens/hololens-identity.md
@@ -0,0 +1,111 @@
+---
+title: Managing user identity and login on HoloLens
+description: Manage user identity, security, and login on HoloLens.
+keywords: HoloLens, user, account, aad, adfs, microsoft account, msa, credentials, reference
+ms.assetid: 728cfff2-81ce-4eb8-9aaa-0a3c3304660e
+author: scooley
+ms.author: scooley
+ms.date: 1/6/2019
+ms.prod: hololens
+ms.topic: article
+ms.sitesec: library
+ms.topic: article
+ms.localizationpriority: medium
+audience: ITPro
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# User identity and signin
+
+> [!NOTE]
+> This article is a technical reference for IT Pros and tech enthusiasts. If you're looking for HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)".
+
+Like other Windows devices, HoloLens always operates under a user context. There is always a user identity. HoloLens treats identity in almost the same manner as other Windows 10 devices do. This article is a deep-dive reference for identity on HoloLens, and focuses on how HoloLens differs from other Windows 10 devices.
+
+HoloLens supports several kinds of user identities. You can use one or more user accounts to sign in. Here's an overview of the identity types and authentication options on HoloLens:
+
+| Identity type | Accounts per device | Authentication options |
+| --- | --- | --- |
+| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) |
Azure web credential provider
Azure Authenticator App
Biometric (Iris) – HoloLens 2 only
PIN – Optional for HoloLens (1st gen), required for HoloLens 2
PIN – Optional for HoloLens (1st gen), required for HoloLens 2
Password
|
+| [Local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |
+
+Cloud-connected accounts (AAD and MSA) offer more features because they can use Azure services.
+
+## Setting up users
+
+The most common way to set up a new user is during the HoloLens out-of-box experience (OOBE). During setup, HoloLens prompts for a user to sign in by using the account that they want to use on the device. This account can be a consumer Microsoft account or an enterprise account that has been configured in Azure. See Setting up your [HoloLens (1st gen)](hololens1-start.md) or [HoloLens 2](hololens2-start.md).
+
+Like Windows on other devices, signing in during setup creates a user profile on the device. The user profile stores apps and data. The same account also provides Single Sign-on for apps such as Edge or Skype by using the Windows Account Manager APIs.
+
+If you use an enterprise or organizational account to sign in to HoloLens, HoloLens enrolls in the organization's IT infrastructure. This enrollment allows your IT Admin to configure Mobile Device Management (MDM) to send group policies to your HoloLens.
+
+By default, as for other Windows 10 devices, you'll have to sign in again when HoloLens restarts or resumes from standby. You can use the Settings app to change this behavior, or the behavior can be controlled by group policy.
+
+### Linked accounts
+
+As in the Desktop version of Windows, you can link additional web account credentials to your HoloLens account. Such linking makes it easier to access resources across or within apps (such as the Store) or to combine access to personal and work resources. After you connect an account to the device, you can grant permission to use the device to apps so that you don't have to sign in to each app individually.
+
+Linking accounts does not separate the user data created on the device, such as images or downloads.
+
+### Setting up multi-user support (AAD only)
+
+> [!NOTE]
+> **HoloLens (1st gen)** began supporting multiple AAD users in the [Windows 10 April 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) as part of [Windows Holographic for Business](hololens-upgrade-enterprise.md).
+
+HoloLens supports multiple users from the same AAD tenant. To use this feature, you must use an account that belongs to your organization to set up the device. Subsequently, other users from the same tenant can sign in to the device from the sign-in screen or by tapping the user tile on the Start panel. Only one user can be signed in at a time. When a user signs in, HoloLens signs out the previous user.
+
+All users can use the apps installed on the device. However, each user has their own app data and preferences. Removing an app from the device removes it for all users.
+
+## Removing users
+
+You can remove a user from the device by going to **Settings** > **Accounts** > **Other people**. This action also reclaims space by removing all of that user's app data from the device.
+
+## Using single sign-on within an app
+
+As an app developer, you can take advantage of linked identities on HoloLens by using the [Windows Account Manager APIs](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.Web.Core), just as you would on other Windows devices. Some code samples for these APIs are available [here](https://go.microsoft.com/fwlink/p/?LinkId=620621).
+
+Any account interrupts that might occur, such as requesting user consent for account information, two-factor authentication, and so forth, must be handled when the app requests an authentication token.
+
+If your app requires a specific account type that hasn't been linked previously, your app can ask the system to prompt the user to add one. This request triggers the account settings pane to launch as a modal child of your app. For 2D apps, this window renders directly over the center of your app. For Unity apps, this request briefly takes the user out of your holographic app to render the child window. For information about customizing the commands and actions on this pane, see [WebAccountCommand Class](https://docs.microsoft.com/uwp/api/Windows.UI.ApplicationSettings.WebAccountCommand).
+
+## Enterprise and other authentication
+
+If your app uses other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://docs.microsoft.com/uwp/api/Windows.Security.Credentials.UI) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud-driven account interrupts, and appears as a child app on top of your 2D app or briefly suspends a Unity app to show the UI.
+
+## Deprecated APIs
+
+One way in which developing for HoloLens differs from developing for Desktop is that the [OnlineIDAuthenticator](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator) API is not fully supported. Although the API returns a token if the primary account is in good-standing, interrupts such as those described in this article do not display any UI for the user and fail to correctly authenticate the account.
+
+## Frequently asked questions
+
+### Is Windows Hello for Business supported on HoloLens?
+
+Windows Hello for Business (which supports using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
+
+1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md).
+1. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
+1. On HoloLens, the user can then use **Settings** > **Sign-in Options** > **Add PIN** to set up a PIN.
+
+> [!NOTE]
+> Users who sign in by using a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
+
+#### Does the type of account change the sign-in behavior?
+
+Yes, the behavior for the type of account affects the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type:
+
+- **Microsoft account**: signs in automatically
+- **Local account**: always asks for password, not configurable in **Settings**
+- **Azure AD**: asks for password by default, and configurable by **Settings** to no longer ask for password.
+
+> [!NOTE]
+> Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is only respected when the device goes into StandBy.
+
+## Additional resources
+
+Read much more about user identity protection and authentication on [the Windows 10 security and identity documentation](https://docs.microsoft.com/windows/security/identity-protection/).
+
+Learn more about setting up hybrid identity infrastructure thorough the [Azure Hybrid identity documentation](https://docs.microsoft.com/azure/active-directory/hybrid/).
diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index 5eaf9ad296..633f296a3e 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -3,49 +3,52 @@ title: Insider preview for Microsoft HoloLens (HoloLens)
description: It’s simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens.
ms.prod: hololens
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 10/23/2018
+audience: ITPro
+ms.date: 1/6/2020
ms.reviewer:
manager: dansimp
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
# Insider preview for Microsoft HoloLens
-Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens.
-
-## How do I install the Insider builds?
-
-On a device running the Windows 10 April 2018 Update, go to Settings -> Update & Security -> Windows Insider Program and select Get started. Link the account you used to register as a Windows Insider.
+Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens.
-Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms.
+## Start receiving Insider builds
-Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build.
+On a device running the Windows 10 April 2018 Update, go to **Settings** -> **Update & Security** -> **Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider.
-## How do I stop receiving Insider builds?
+Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms.
-If you no longer want to receive Insider builds of Windows Holographic, you can opt out when your HoloLens is running a production build, or you can [recover your device](https://docs.microsoft.com/windows/mixed-reality/reset-or-recover-your-hololens#perform-a-full-device-recovery) using the Windows Device Recovery Tool to recover your device to a non-Insider version of Windows Holographic.
+Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build.
+
+## Stop receiving Insider builds
+
+If you no longer want to receive Insider builds of Windows Holographic, you can opt out when your HoloLens is running a production build, or you can [recover your device](hololens-recovery.md) using the Windows Device Recovery Tool to recover your device to a non-Insider version of Windows Holographic.
To verify that your HoloLens is running a production build:
+
- Go to **Settings > System > About**, and find the build number.
-- If the build number is 10.0.17763.1, your HoloLens is running a production build. [See the list of production build numbers.](https://www.microsoft.com/itpro/windows-10/release-information)
+- [See the release notes for production build numbers.](hololens-release-notes.md)
To opt out of Insider builds:
+
- On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**.
- Follow the instructions to opt out your device.
+## Provide feedback and report issues
+Please use [the Feedback Hub app](hololens-feedback.md) on your HoloLens to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
+
+>[!NOTE]
+>Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted).
## Note for developers
You are welcome and encouraged to try developing your applications using Insider builds of HoloLens. Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started. Those same instructions work with Insider builds of HoloLens. You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development.
-
-## Provide feedback and report issues
-
-Please use [the Feedback Hub app](https://docs.microsoft.com/windows/mixed-reality/give-us-feedback) on your HoloLens or Windows 10 PC to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
-
->[!NOTE]
->Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted).
-
diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md
index 286fbfe2de..1ca366ecf5 100644
--- a/devices/hololens/hololens-kiosk.md
+++ b/devices/hololens/hololens-kiosk.md
@@ -55,7 +55,7 @@ If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-
### Start layout file for MDM (Intune and others)
-Save the following sample as an XML file. You will select this file when you configure the kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
+Save the following sample as an XML file. You can use this file when you configure the multi-app kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
>[!NOTE]
>If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-a-provisioning-package).
diff --git a/devices/hololens/hololens-known-issues.md b/devices/hololens/hololens-known-issues.md
new file mode 100644
index 0000000000..3cb3f43717
--- /dev/null
+++ b/devices/hololens/hololens-known-issues.md
@@ -0,0 +1,160 @@
+---
+title: HoloLens known issues
+description: This is the list of known issues that may affect HoloLens developers.
+keywords: troubleshoot, known issue, help
+author: mattzmsft
+ms.author: mazeller
+ms.date: 8/30/2019
+ms.topic: article
+HoloLens and holograms: Frequently asked questions
+manager: jarrettr
+ms.prod: hololens
+appliesto:
+- HoloLens 1
+---
+
+# HoloLens known issues
+
+This is the current list of known issues for HoloLens that affect developers. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
+
+## Unable to connect and deploy to HoloLens through Visual Studio
+
+>[!NOTE]
+>Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
+
+Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
+
+Issue root-cause: Users who used Visual Studio 2015 or early releases of Visual Studio 2017 to deploy and debug applications on their HoloLens and then subsequently used the latest versions of Visual Studio 2017 or Visual Studio 2019 with the same HoloLens will be affected. The newer releases of Visual Studio deploy a new version of a component, but files from the older version are left over on the device, causing the newer version to fail. This causes the following error message: DEP0100: Please ensure that target device has developer mode enabled. Could not obtain a developer license on \ due to error 80004005.
+
+### Workaround
+
+Our team is currently working on a fix. In the meantime, you can use the following steps to work around the issue and help unblock deployment and debugging:
+
+1. Open Visual Studio
+1. Select **File** > **New** > **Project**.
+1. Select **Visual C#** > **Windows Desktop** > **Console App (.NET Framework)**.
+1. Give the project a name (such as "HoloLensDeploymentFix") and make sure the Framework is set to at least .NET Framework 4.5, then Select **OK**.
+1. Right-click on the **References** node in Solution Explorer and add the following references (select to the **Browse** section and select **Browse**):
+
+ ``` CMD
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Deploy.dll
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Connectivity.dll
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\SirepInterop.dll
+ ```
+
+ >[!NOTE]
+ >If you don't have 10.0.18362.0 installed, use the most recent version that you have.
+
+1. Right-click on the project in Solution Explorer and select **Add** > **Existing Item**.
+1. Browse to C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86 and change the filter to **All Files (\*.\*)**.
+1. Select both SirepClient.dll and SshClient.dll, and Select **Add**.
+1. Locate and select both files in Solution Explorer (they should be at the bottom of the list of files) and change **Copy to Output Directory** in the **Properties** window to **Copy always**.
+1. At the top of the file, add the following to the existing list of `using` statements:
+
+ ``` CMD
+ using Microsoft.Tools.Deploy;
+ using System.Net;
+ ```
+
+1. Inside of `static void Main(...)`, add the following code:
+
+ ``` PowerShell
+ RemoteDeployClient client = RemoteDeployClient.CreateRemoteDeployClient();
+ client.Connect(new ConnectionOptions()
+ {
+ Credentials = new NetworkCredential("DevToolsUser", string.Empty),
+ IPAddress = IPAddress.Parse(args[0])
+ });
+ client.RemoteDevice.DeleteFile(@"C:\Data\Users\DefaultAccount\AppData\Local\DevelopmentFiles\VSRemoteTools\x86\CoreCLR\mscorlib.ni.dll");
+ ```
+
+1. Select **Build** > **Build Solution**.
+1. Open a Command Prompt Window and cd to the folder that contains the compiled .exe file (for example, C:\MyProjects\HoloLensDeploymentFix\bin\Debug)
+1. Run the executable and provide the device's IP address as a command-line argument. (If connected using USB, you can use 127.0.0.1, otherwise use the device’s Wi-Fi IP address.) For example, "HoloLensDeploymentFix 127.0.0.1"
+
+1. After the tool has exited without any messages (this should only take a few seconds), you will now be able to deploy and debug from Visual Studio 2017 or newer. Continued use of the tool is not necessary.
+
+We will provide further updates as they become available.
+
+## Issues launching the Microsoft Store and apps on HoloLens
+
+> [!NOTE]
+> Last Update: 4/2 @ 10 AM - Issue resolved.
+
+You may experience issues when trying to launch the Microsoft Store and apps on HoloLens. We've determined that the issue occurs when background app updates deploy a newer version of framework packages in specific sequences while one or more of their dependent apps are still running. In this case, an automatic app update delivered a new version of the .NET Native Framework (version 10.0.25531 to 10.0.27413) caused the apps that are running to not correctly update for all running apps consuming the prior version of the framework. The flow for framework update is as follows:
+
+1. The new framework package is downloaded from the store and installed
+1. All apps using the older framework are ‘updated’ to use the newer version
+
+If step 2 is interrupted before completion then any apps for which the newer framework wasn’t registered will fail to launch from the start menu. We believe any app on HoloLens could be affected by this issue.
+
+Some users have reported that closing hung apps and launching other apps such as Feedback Hub, 3D Viewer or Photos resolves the issue for them—however, this does not work 100% of the time.
+
+We have root caused that this issue was not caused the update itself, but a bug in the OS that resulted in the .NET Native framework update being handled incorrectly. We are pleased to announce that we have identified a fix and have released an update (OS version 17763.380) containing the fix.
+
+To see if your device can take the update, please:
+
+1. Go to the Settings app and open **Update & Security**.
+1. Select **Check for Updates**.
+1. If update to 17763.380 is available, please update to this build to receive the fix for the App Hang bug
+1. Upon updating to this version of the OS, the Apps should work as expected.
+
+Additionally, as we do with every HoloLens OS release, we have posted the FFU image to the [Microsoft Download Center](https://aka.ms/hololensdownload/10.0.17763.380).
+
+If you would not like to take the update, we have released a new version of the Microsoft Store UWP app as of 3/29. After you have the updated version of the Store:
+
+1. Open the Store and confirm that it loads.
+1. Use the bloom gesture to open the menu.
+1. Attempt to open previously broken apps.
+1. If it still cannot be launched, tap and hold the icon of the broken app and select uninstall.
+1. Resinstall these apps from the store.
+
+If your device is still unable to load apps, you can sideload a version of the .NET Native Framework and Runtime through the download center by following these steps:
+
+1. Please download [this zip file](https://download.microsoft.com/download/8/5/C/85C23745-794C-419D-B8D7-115FBCCD6DA7/netfx_1.7.zip) from the Microsoft Download Center. Unzipping will produce two files. Microsoft.NET.Native.Runtime.1.7.appx and Microsoft.NET.Native.Framework.1.7.appx
+1. Please verify that your device is dev unlocked. If you haven’t done that before the instructions to do that are [here](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
+1. You then want to get into the Windows Device Portal. Our recommendation is to do this over USB and you would do that by typing http://127.0.0.1:10080 into your browser.
+1. After you have the Windows Device Portal up we need you to “side load” the two files that you downloaded. To do that you need to go down the left side bar until you get to the **Apps** section and select **Apps**.
+1. You will then see a screen that is similar to the below. You want to go to the section that says **Install App** and browse to where you unzipped those two APPX files. You can only do one at a time, so after you select the first one, then click on “Go” under the Deploy section. Then do this for the second APPX file.
+
+ 
+1. At this point we believe your applications should start working again and that you can also get to the Store.
+1. In some cases, it is necessary run the additional step of launching the 3D Viewer app before affected apps will launch.
+
+We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences.
+
+## Device Update
+
+- 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session.
+
+## Visual Studio
+
+- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Visual Studio that is recommended for HoloLens development.
+- When deploying an app from Visual Studio to your HoloLens, you may see the error: **The requested operation cannot be performed on a file with a user-mapped section open. (Exception from HRESULT: 0x800704C8)**. If this happens, try again and your deployment will generally succeed.
+
+## Emulator
+
+- Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator.
+- You cannot use the PC webcam in the Emulator.
+- The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images.
+
+## Unity
+
+- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development.
+- Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/).
+
+## Windows Device Portal
+
+- The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency.
+- On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly.
+- After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled.
+
+## API
+
+- If the application sets the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) behind the user or the normal to camera.forward, holograms will not appear in Mixed Reality Capture photos or videos. Until this bug is fixed in Windows, if applications actively set the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) they should ensure the plane normal is set opposite camera-forward (for example, normal = -camera.forward).
+
+## Xbox Wireless Controller
+
+- Xbox Wireless Controller S must be updated before it can be used with HoloLens. Ensure you are [up to date](https://support.xbox.com/xbox-one/accessories/update-controller-for-stereo-headset-adapter) before attempting to pair your controller with a HoloLens.
+- If you reboot your HoloLens while the Xbox Wireless Controller is connected, the controller will not automatically reconnect to HoloLens. The Guide button light will flash slowly until the controller powers off after 3 minutes. To reconnect your controller immediately, power off the controller by holding the Guide button until the light turns off. When you power your controller on again, it will reconnect to HoloLens.
+- If your HoloLens enters standby while the Xbox Wireless Controller is connected, any input on the controller will wake the HoloLens. You can prevent this by powering off your controller when you are done using it.
diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md
index 70bee8bc2d..4bd8b317ef 100644
--- a/devices/hololens/hololens-multiple-users.md
+++ b/devices/hololens/hololens-multiple-users.md
@@ -21,6 +21,8 @@ It's common to share one HoloLens with many people or to have many people share
## Share with multiple people, each using their own account
+**Prerequisite**: The HoloLens device must be running Windows 10, version 1803 or later. HoloLens (1st gen) also need to be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+
When they use their own Azure Active Directory (Azure AD) accounts, multiple users can each keep their own user settings and user data on the device.
To make sure that multiple people can use their own accounts on your HoloLens, follow these steps to configure it:
@@ -35,7 +37,7 @@ To use HoloLens, each user follows these steps:
1. If another user has been using the device, do one of the following:
- Press the power button once to go to standby, and then press the power button again to return to the lock screen
- - Select the user tile on the upper right of the Pins panel to sign out the current user.
+ - HoloLens 2 users may select the user tile on the top of the Pins panel to sign out the current user.
1. Use your Azure AD account credentials to sign in to the device.
If this is the first time that you have used the device, you have to [calibrate](hololens-calibration.md) HoloLens to your own eyes.
diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md
index 908a2bbb45..6ee4fb35c1 100644
--- a/devices/hololens/hololens-offline.md
+++ b/devices/hololens/hololens-offline.md
@@ -1,17 +1,17 @@
---
title: Use HoloLens offline
description: To set up HoloLens, you'll need to connect to a Wi-Fi network
-ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
-ms.reviewer: jarrettrenshaw
+keywords: hololens, offline, OOBE
+audience: ITPro
ms.date: 07/01/2019
-manager: v-miegge
-keywords: hololens
-ms.prod: hololens
-ms.sitesec: library
+ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
author: v-miegge
ms.author: v-miegge
+manager: v-miegge
ms.topic: article
-ms.localizationpriority: medium
+ms.prod: hololens
+ms.sitesec: library
+ms.localizationpriority: high
appliesto:
- HoloLens (1st gen)
- HoloLens 2
@@ -35,6 +35,10 @@ HoloLens need a network connection to go through initial device set up. If your
| MSA | https://login.live.com/ppsecure/inlineconnect.srf?id=80600 |
| MSA Pin | https://account.live.com/msangc?fl=enroll |
+Additional references:
+
+- [Technical reference for AAD related IP ranges and URLs](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges)
+
## HoloLens limitations
After your HoloLens is set up, you can use it without a Wi-Fi connection, but apps that use Internet connections will have limited capabilities when you use HoloLens offline.
diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md
index b0f40d77cc..b2e0d48bc7 100644
--- a/devices/hololens/hololens-recovery.md
+++ b/devices/hololens/hololens-recovery.md
@@ -1,55 +1,103 @@
---
-title: Restore HoloLens 2 using Advanced Recovery Companion
-ms.reviewer:
-manager: dansimp
+title: Reset or recover your HoloLens
+ms.reviewer: Both basic and advanced instructions for rebooting or resetting your HoloLens.
description: How to use Advanced Recovery Companion to flash an image to HoloLens 2.
+keywords: how-to, reboot, reset, recover, hard reset, soft reset, power cycle, HoloLens, shut down, arc, advanced recovery companion
ms.prod: hololens
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: mattzmsft
+ms.author: mazeller
+ms.date: 08/30/2019
ms.topic: article
-ms.localizationpriority: medium
+ms.localizationpriority: high
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
-# Restore HoloLens 2 using Advanced Recovery Companion
+# Restart, reset, or recover HoloLens
->[!TIP]
->If you're having issues with HoloLens (the first device released), see [Restart, reset, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens). Advanced Recovery Companion is only supported for HoloLens 2.
+If you’re experiencing problems with your HoloLens you may want to try a restart, reset, or even re-flash with device recovery.
->[!WARNING]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+Here are some things to try if your HoloLens isn’t running well. This article will guide you through the recommended recovery steps in succession.
-The Advanced Recovery Companion is a new app in Microsoft Store that you can use to restore the operating system image to your HoloLens device.
+This article focuses on the HoloLens device and software, if your holograms don't look right, [this article](hololens-environment-considerations.md) talks about environmental factors that improve hologram quality.
-When your HoloLens 2 is unresponsive, not running properly, or is experiencing software or update problems, try these things in order:
+## Restart your HoloLens
-1. [Restart](#restart-hololens-2) the HoloLens 2.
-2. [Reset](#reset-hololens-2) the HoloLens 2.
-3. [Recover](#recover-hololens-2) the HoloLens 2.
+First, try restarting the device.
->[!IMPORTANT]
->Resetting or recovering your HoloLens will erase all of your personal data, including apps, games, photos, and settings. You won’t be able to restore a backup once the reset is complete.
+### Perform a safe restart by using Cortana
-## Restart HoloLens 2
+The safest way to restart the HoloLens is by using Cortana. This is generally a great first-step when experiencing an issue with HoloLens:
-A device restart can often "fix" a computer issue. First, say "Hey Cortana, restart the device."
+1. Put on your device
+1. Make sure it’s powered on, a user is logged in, and the device is not waiting for a password to unlock it.
+1. Say “Hey Cortana, reboot” or "Hey Cortana, restart."
+1. When she acknowledges she will ask you for confirmation. Wait a second for a sound to play after she has finished her question, indicating she is listening to you and then say “Yes.”
+1. The device will now restart.
-If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out. Wait 1 minute, then press the power button again to turn on the device.
+### Perform a safe restart by using the power button
-If neither of those things works, force restart the device. Hold down the power button for 10 seconds. Release it and wait 30 seconds, then press the power button again to turn on the device.
+If you still can't restart your device, you can try to restart it by using the power button:
-## Reset HoloLens 2
+1. Press and hold the power button for five seconds.
+ 1. After one second, you will see all five LEDs illuminate, then slowly turn off from right to left.
+ 1. After five seconds, all LEDs will be off, indicating the shutdown command was issued successfully.
+ 1. Note that it’s important to stop pressing the button immediately after all the LEDs have turned off.
+1. Wait one minute for the shutdown to cleanly succeed. Note that the shutdown may still be in progress even if the displays are turned off.
+1. Power on the device again by pressing and holding the power button for one second.
-If the device is still having a problem after restart, use reset to return the HoloLens 2 to factory settings.
+### Perform a safe restart by using Windows Device Portal
-To reset your HoloLens 2, go to **Settings > Update > Reset** and select **Reset device**.
+> [!NOTE]
+> To do this, HoloLens has to be configured as a developer device.
+> Read more about [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
+
+If the previous procedure doesn't work, you can try to restart the device by using [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). In the upper right corner, there is an option to restart or shut down the device.
+
+### Perform an unsafe forced restart
+
+If none of the previous methods are able to successfully restart your device, you can force a restart. This method is equivalent to pulling the battery from the HoloLens. It is a dangerous operation which may leave your device in a corrupt state. If that happens, you'll have to flash your HoloLens.
+
+> [!WARNING]
+> This is a potentially harmful method and should only be used in the event none of the above methods work.
+
+1. Press and hold the power button for at least 10 seconds.
+
+ - It’s okay to hold the button for longer than 10 seconds.
+ - It’s safe to ignore any LED activity.
+1. Release the button and wait for two or three seconds.
+1. Power on the device again by pressing and holding the power button for one second.
+If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out and the screen stops displaying holograms. Wait 1 minute, then press the power button again to turn on the device.
+
+## Reset to factory settings
>[!NOTE]
>The battery needs at least 40 percent charge to reset.
-## Recover HoloLens 2
+If your HoloLens is still experiencing issues after restarting, try resetting it to factory state. Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings.
-If the device is still having a problem after reset, you can use Advanced Recovery Companion to flash the device with a new image.
+If you reset your device, all your personal data, apps, and settings will be erased. Resetting will only install the latest installed version of Windows Holographic and you will have to redo all the initialization steps (calibrate, connect to Wi-Fi, create a user account, download apps, and so forth).
+
+1. Launch the Settings app, and then select **Update** > **Reset**.
+1. Select the **Reset device** option and read the confirmation message.
+1. If you agree to reset your device, the device will restart and display a set of spinning gears with a progress bar.
+1. Wait about 30 minutes for this process to complete.
+1. The reset will complete and the device will restart into the out-of-the-box experience.
+
+## Re-install the operating system
+
+If the device is still having a problem after rebooting and resetting, you can use a recovery tool on your computer to reinstall the HoloLens' operating system and firmware.
+
+HoloLens (1st gen) and HoloLens 2 use different tools but both tools will auto-detect your HoloLens and install new software.
+
+All of the data HoloLens needs to reset is packaged in a Full Flash Update (ffu). This is similar to an iso, wim, or vhd. [Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats)
+
+### HoloLens 2
+
+The Advanced Recovery Companion is a new app in Microsoft Store restore the operating system image to your HoloLens 2 device.
1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store.
2. Connect HoloLens 2 to your computer.
@@ -58,5 +106,26 @@ If the device is still having a problem after reset, you can use Advanced Recove
5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.)
6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device.
->[!NOTE]
->[Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats)
+>[!TIP]
+>In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion:
+
+1. Connect the HoloLens 2 to a PC with Advanced Recovery Companion installed.
+1. Press and hold the **Volume Up and Power buttons** until the device reboots. Release the Power button, but continue to hold the Volume Up button until the third LED is lit. It will the the only lit LED.
+ 1. The device should be visible in **Device Manager** as a **Microsoft HoloLens Recovery** device:
+1. Launch Advanced Recovery Companion, and follow the on-screen prompts to reflash the OS to the HoloLens 2.
+
+### HoloLens (1st gen)
+
+If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool.
+
+Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time. When you're done, the latest version of the Windows Holographic software approved for your HoloLens will be installed.
+
+To use the tool, you’ll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you can’t run this tool on a virtual machine.
+
+To recover your HoloLens
+
+1. Download and install the [Windows Device Recovery Tool](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq) on your computer.
+1. Connect the HoloLens (1st gen) to your computer using the Micro USB cable that came with your HoloLens.
+1. Run the Windows Device Recovery Tool and follow the instructions.
+
+If the HoloLens (1st gen) isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.
diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md
new file mode 100644
index 0000000000..aaf200a4b0
--- /dev/null
+++ b/devices/hololens/hololens-release-notes.md
@@ -0,0 +1,108 @@
+---
+title: What's new in Microsoft HoloLens
+description: Learn about updates in each new HoloLens release.
+author: scooley
+ms.author: scooley
+manager: dansimp
+ms.prod: hololens
+ms.sitesec: library
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 12/02/2019
+audience: ITPro
+appliesto:
+- HoloLens 1
+- HoloLens 2
+
+---
+
+# HoloLens Release Notes
+
+## HoloLens 2
+> [!Note]
+> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
+
+### January Update - build 18362.1043
+
+- Stability improvements for exclusive apps when working with the HoloLens 2 emulator.
+
+### December Update - build 18362.1042
+
+- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update.
+- Fixes stability of exclusive apps and navigation between exclusive apps.
+- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days.
+- Improves hologram stability.
+
+### November Update - build 18362.1039
+
+- Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU.
+- Improvements in visual quality of objects placed far away in latest Unity and MRTK versions.
+- Fixes addressing issues with holographic applications being stuck in a paused state on launch until the pins panel is brought up and dismissed again.
+- OpenXR runtime conformance fixes and improvements for HoloLens 2 and the emulator.
+
+## HoloLens (1st gen)
+
+### Windows 10 Holographic, version 1809
+
+> **Applies to:** Hololens (1st gen)
+
+| Feature | Details |
+|---|---|
+| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.
 |
+| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) |
+| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
+| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture). |
+| **HoloLens overlays** (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
+| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. |
+| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. |
+| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
+| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
+
+#### For international customers
+
+| Feature | Details |
+| --- | --- |
+| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands. [Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
+| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
+
+#### For administrators
+
+| Feature | Details |
+|---|----|
+| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
+| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
+| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
+| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. **Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in. |
+| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. |
+| Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. |
+
+### Windows 10, version 1803 for Microsoft HoloLens
+
+> **Applies to:** Hololens (1st gen)
+
+Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
+
+- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
+
+- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
+- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#wizard).
+
+ 
+
+- When you create a local account in a provisioning package, the password no longer expires every 42 days.
+
+- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
+
+- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
+
+- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
+
+- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
+
+- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
+
+- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
+
+- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
+
+- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.
diff --git a/devices/hololens/hololens-restart-recover.md b/devices/hololens/hololens-restart-recover.md
deleted file mode 100644
index 9bf0cddb37..0000000000
--- a/devices/hololens/hololens-restart-recover.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: Restart, reset, or recover HoloLens
-description: Restart, reset, or recover HoloLens
-ms.assetid: 9a546416-1648-403c-9e0c-742171b8812e
-ms.reviewer: jarrettrenshaw
-ms.date: 07/01/2019
-manager: v-miegge
-keywords: hololens
-ms.prod: hololens
-ms.sitesec: library
-author: v-miegge
-ms.author: v-miegge
-ms.topic: article
-ms.localizationpriority: medium
----
-
-# Restart, reset, or recover HoloLens
-
-Here are some things to try if your HoloLens is unresponsive, isn’t running well, or is experiencing software or update problems.
-
-## Restart your HoloLens
-
-If your HoloLens isn’t running well or is unresponsive, try the following things.
-
-First, try restarting the device: say, "Hey Cortana, restart the device."
-
-If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out. Wait 1 minute, then press the power button again to turn on the device.
-
-If neither of those things works, force restart the device. Hold down the power button for 10 seconds. Release it and wait 30 seconds, then press the power button again to turn on the device.
-
-## Reset or recover your HoloLens
-
-If restarting your HoloLens doesn’t help, another option is to reset it. If resetting it doesn’t fix the problem, the Windows Device Recovery Tool can help you recover your device.
-
->[!IMPORTANT]
->Resetting or recovering your HoloLens will erase all of your personal data, including apps, games, photos, and settings. You won’t be able to restore a backup once the reset is complete.
-
-## Reset
-
-Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings.
-
-To reset your HoloLens, go to **Settings** > **Update** > **Reset** and select **Reset device**. The battery will need to have at least a 40 percent charge remaining to reset.
-
-## Recover using the Windows Device Recovery Tool
-
-Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time, and the latest version of the Windows Holographic software approved for your HoloLens will be installed.
-
-To use the tool, you’ll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you can’t run this tool on a virtual machine.
-To recover your HoloLens
-
-1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
-1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens.
-1. Run the Windows Device Recovery Tool and follow the instructions.
-
-If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.
diff --git a/devices/hololens/hololens-spaces.md b/devices/hololens/hololens-spaces.md
index b8f98ea416..26790eacca 100644
--- a/devices/hololens/hololens-spaces.md
+++ b/devices/hololens/hololens-spaces.md
@@ -9,7 +9,7 @@ keywords: hololens, Windows Mixed Reality, design, spatial mapping, HoloLens, su
ms.prod: hololens
ms.sitesec: library
ms.topic: article
-ms.localizationpriority: medium
+ms.localizationpriority: high
appliesto:
- HoloLens 1 (1st gen)
- HoloLens 2
diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md
index 9438c6d9d2..e6ccdbd207 100644
--- a/devices/hololens/hololens-status.md
+++ b/devices/hololens/hololens-status.md
@@ -8,7 +8,7 @@ manager: jarrettr
audience: Admin
ms.topic: article
ms.prod: hololens
-ms.localizationpriority: Medium
+ms.localizationpriority: high
ms.sitesec: library
---
@@ -16,7 +16,7 @@ ms.sitesec: library
✔️ **All services are active**
-**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical
+**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical
Area|HoloLens (1st gen)|HoloLens 2
----|:----:|:----:
@@ -27,10 +27,10 @@ Area|HoloLens (1st gen)|HoloLens 2
## Notes and related topics
-[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/en/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens)
+[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens)
For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/status/).
-For more details about current known issues, see [HoloLens known issues](https://docs.microsoft.com/windows/mixed-reality/hololens-known-issues).
+For more details about current known issues, see [HoloLens known issues](hololens-known-issues.md).
Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/).
diff --git a/devices/hololens/hololens-troubleshooting.md b/devices/hololens/hololens-troubleshooting.md
new file mode 100644
index 0000000000..7102984f4c
--- /dev/null
+++ b/devices/hololens/hololens-troubleshooting.md
@@ -0,0 +1,94 @@
+---
+title: HoloLens troubleshooting
+description: Solutions for common HoloLens issues.
+author: mattzmsft
+ms.author: mazeller
+ms.date: 12/02/2019
+ms.prod: hololens
+ms.topic: article
+ms.custom: CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+keywords: issues, bug, troubleshoot, fix, help, support, HoloLens
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Troubleshooting HoloLens issues
+
+This article describes how to resolve several common HoloLens issues.
+
+## My HoloLens is unresponsive or won’t start
+
+If your HoloLens won't start:
+
+- If the LEDs next to the power button don't light up, or only one LED briefly blinks, you may need to charge your HoloLens.
+- If the LEDs light up when you press the power button but you can't see anything on the displays, hold the power button until all five of the LEDs turn off.
+
+If your HoloLens becomes frozen or unresponsive:
+
+- Turn off your HoloLens by pressing the power button until all five of the LEDs turn themselves off, or for 10 seconds if the LEDs are unresponsive. To start your HoloLens, press the power button again.
+
+If these steps don't work, you can try [recovering your device](hololens-recovery.md).
+
+## Holograms don't look good
+
+If your holograms are unstable, jumpy, or don’t look right, try:
+
+- Cleaning your device visor and sensor bar on the front of your HoloLens.
+- Increasing the light in your room.
+- Walking around and looking at your surroundings so that HoloLens can scan them more completely.
+- Calibrating your HoloLens for your eyes. Go to **Settings** > **System** > **Utilities**. Under **Calibration**, select **Open Calibration**.
+
+## HoloLens doesn’t respond to gestures
+
+To make sure that HoloLens can see your gestures. Keep your hand in the gesture frame - when HoloLens can see your hand, the cursor changes from a dot to a ring.
+
+Learn more about using gestures on [HoloLens (1st gen)](hololens1-basic-usage.md#use-hololens-with-your-hands) or [HoloLens 2](hololens2-basic-usage.md#the-hand-tracking-frame).
+
+If your environment is too dark, HoloLens might not see your hand, so make sure that there’s enough light.
+
+If your visor has fingerprints or smudges, use the microfiber cleaning cloth that came with the HoloLens to clean your visor gently.
+
+## HoloLens doesn’t respond to my voice commands
+
+If Cortana isn’t responding to your voice commands, make sure Cortana is turned on. On the All apps list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
+
+## I can’t place holograms or see holograms that I previously placed
+
+If HoloLens can’t map or load your space, it enters Limited mode and you won’t be able to place holograms or see holograms that you’ve placed. Here are some things to try:
+
+- Make sure that there’s enough light in your environment so HoloLens can see and map the space.
+- Make sure that you’re connected to a Wi-Fi network. If you’re not connected to Wi-Fi, HoloLens can’t identify and load a known space.
+- If you need to create a new space, connect to Wi-Fi, then restart your HoloLens.
+- To see if the correct space is active, or to manually load a space, go to **Settings** > **System** > **Spaces**.
+- If the correct space is loaded and you’re still having problems, the space may be corrupt. To fix this issue, select the space, then select **Remove**. After you remove the space, HoloLens starts to map your surroundings and create a new space.
+
+## My HoloLens can’t tell what space I’m in
+
+If your HoloLens can’t identify and load the space you’re in automatically, check the following factors:
+
+- Make sure that you’re connected to Wi-Fi
+- Make sure that there’s plenty of light in the room
+- Make sure that there haven’t been any major changes to the surroundings.
+
+You can also load a space manually or manage your spaces by going to **Settings** > **System** > **Spaces**.
+
+## I’m getting a “low disk space” error
+
+You’ll need to free up some storage space by doing one or more of the following:
+
+- Delete some unused spaces. Go to **Settings** > **System** > **Spaces**, select a space that you no longer need, and then select **Remove**.
+- Remove some of the holograms that you’ve placed.
+- Delete some pictures and videos from the Photos app.
+- Uninstall some apps from your HoloLens. In the **All apps** list, tap and hold the app you want to uninstall, and then select **Uninstall**.
+
+## My HoloLens can’t create a new space
+
+The most likely problem is that you’re running low on storage space. Try one of the [previous tips](#im-getting-a-low-disk-space-error) to free up some disk space.
+
+## The HoloLens emulators isn't working
+
+Information about the HoloLens emulator is located in our developer documentation. Read more about [troubleshooting the HoloLens emulator](https://docs.microsoft.com/windows/mixed-reality/using-the-hololens-emulator#troubleshooting).
diff --git a/devices/hololens/hololens-update-hololens.md b/devices/hololens/hololens-update-hololens.md
new file mode 100644
index 0000000000..14d8993c95
--- /dev/null
+++ b/devices/hololens/hololens-update-hololens.md
@@ -0,0 +1,92 @@
+---
+title: Update HoloLens
+description: Check your HoloLens' build number, update, and roll back updates.
+keywords: how-to, update, roll back, HoloLens, check build, build number
+ms.prod: hololens
+ms.sitesec: library
+author: scooley
+ms.author: scooley
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 11/27/2019
+audience: ITPro
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Update HoloLens
+
+HoloLens uses Windows Update, just like other Windows 10 devices. Your HoloLens will automatically download and install system updates whenever it is plugged-in to power and connected to the Internet, even when it is in standby.
+
+This article will walk through HoloLens tools for:
+
+- viewing your current operating system version (build number)
+- checking for updates
+- manually updating HoloLens
+- rolling back to an older update
+
+## Check your operating system version (build number)
+
+You can verify the system version number, (build number) by opening the Settings app and selecting **System** > **About**.
+
+## Check for updates and manually update
+
+You can check for updates any time in settings. To see available updates and check for new updates:
+
+1. Open the **Settings** app.
+1. Navigate to **Update & Security** > **Windows Update**.
+1. Select **Check for updates**.
+
+If an update is available, it will start downloading the new version. After the download is complete, select the **Restart Now** button to trigger the installation. If your device is below 40% and not plugged in, restarting will not start installing the update.
+
+While your HoloLens is installing the update, it will display spinning gears and a progress indicator. Do not turn off your HoloLens during this time. It will restart automatically once it has completed the installation.
+
+HoloLens applies one update at a time. If your HoloLens is more than one version behind the latest you may need to run through the update process multiple times to get it fully up to date.
+
+## Go back to a previous version - HoloLens 2
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Advanced Recovery Companion to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 2, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store.
+1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download).
+1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using a USB-A to USB-C cable. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and then select the installation file contained in the folder that you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+## Go back to a previous version - HoloLens (1st Gen)
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 1, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
+1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery).
+1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+> [!NOTE]
+> If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
+
+## Windows Insider Program on HoloLens
+
+Want to see the latest features in HoloLens? If so, join the Windows Insider Program; you'll get access to preview builds of HoloLens software updates before they're available to the general public.
+
+[Get Windows Insider preview for Microsoft HoloLens](hololens-insider.md).
diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md
index 8cceafc45f..e0b662bd3d 100644
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@@ -1,23 +1,76 @@
---
-title: Manage updates to HoloLens (HoloLens)
+title: Managing updates to HoloLens
description: Administrators can use mobile device management to manage updates to HoloLens devices.
ms.prod: hololens
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: Teresa-Motiv
+ms.author: v-tea
+audience: ITPro
ms.topic: article
-ms.localizationpriority: medium
-ms.date: 04/30/2018
-ms.reviewer:
-manager: dansimp
+ms.localizationpriority: high
+ms.date: 11/7/2019
+ms.reviewer: jarrettr
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
-# Manage updates to HoloLens
+# Managing HoloLens updates
+
+HoloLens uses Windows Update, just like other Windows 10 devices. When an update is available, it will be automatically downloaded and installed the next time your device is plugged in and connected to the Internet.
+
+This article will walk through all of the way to manage updates on HoloLens.
+
+## Manually check for updates
+
+While HoloLens periodically checks for system updates so you don't have to, there may be circumstances in which you want to manually check.
+
+To manually check for updates, go to **Settings** > **Update & Security** > **Check for updates**. If the Settings app says your device is up to date, you have all the updates that are currently available.
+
+## Go back to a previous version (HoloLens 2)
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Advanced Recovery Companion to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 2, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store.
+1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download).
+1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using a USB-A to USB-C cable . (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and then select the installation file contained in the folder that you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+## Go back to a previous version (HoloLens (1st gen))
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens (1st gen), follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
+1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery).
+1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+> [!NOTE]
+> If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
+
+# Use policies to manage updates to HoloLens
>[!NOTE]
->HoloLens devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates.
-
-For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business).
+>HoloLens (1st gen) devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates.
To configure how and when updates are applied, use the following policies:
@@ -37,7 +90,8 @@ For devices on Windows 10, version 1607 only: You can use the following update p
- [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
- [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl)
-## Related topics
+For more information about using policies to manage HoloLens, see the following articles:
+- [Policies supported by HoloLens 2](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-2)
- [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business)
- [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure)
diff --git a/devices/hololens/hololens1-clicker.md b/devices/hololens/hololens1-clicker.md
index 9e8d26b69d..9da6a40ba5 100644
--- a/devices/hololens/hololens1-clicker.md
+++ b/devices/hololens/hololens1-clicker.md
@@ -10,7 +10,7 @@ ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
-ms.localizationpriority: medium
+ms.localizationpriority: high
appliesto:
- HoloLens (1st gen)
---
diff --git a/devices/hololens/hololens1-fit-comfort-faq.md b/devices/hololens/hololens1-fit-comfort-faq.md
new file mode 100644
index 0000000000..d76375918c
--- /dev/null
+++ b/devices/hololens/hololens1-fit-comfort-faq.md
@@ -0,0 +1,64 @@
+---
+title: HoloLens (1st gen) fit and comfort frequently asked questions
+description: Answers to frequently asked questions about how to fit your HoloLens (1st gen).
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: high
+ms.date: 10/09/2019
+ms.reviewer: jarrettr
+audience: ITPro
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+---
+
+# HoloLens (1st gen) fit and comfort frequently asked questions
+
+Here are some tips on how to stay comfortable and have the best experience using your HoloLens.
+
+For step-by-step instructions and a video about putting on and adjusting your device, see [Get your HoloLens (1st gen) ready to use](hololens1-setup.md).
+
+> [!NOTE]
+> The fit and comfort tips in this topic are meant only as general guidance—they don't replace any laws or regulations, or your good judgment when using HoloLens. Stay safe, and have fun!
+
+Here are some tips on how to stay comfortable and have the best experience using your HoloLens.
+
+## I'm experiencing discomfort when I use my device. What should I do?
+
+If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first.
+
+For more information, see [Health and safety on HoloLens](https://go.microsoft.com/fwlink/p/?LinkId=746661).
+
+## I can't see the whole holographic frame, or my holograms are cut off
+
+To see the top edge of the holographic frame, move the device so it sits higher on your head, or angle the headband up slightly in front. To see the bottom edge, move the device to sit lower on your head, or angle the headband down slightly in front. If the left or right edge of the view frame isn't visible, make sure the HoloLens visor is centered on your forehead.
+
+## I need to look up or down to see holograms
+
+Try adjusting the position of your device visor so the holographic frame matches your natural gaze. Here's how:
+
+- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame.
+- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame.
+
+## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure
+
+The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens1-setup.md#adjust-fit).
+
+You can also experiment with the positioning of the headband—depending on your head size and shape, you may need to slide it up or down to reposition it on your forehead.
+
+## My HoloLens feels heavy on my nose
+
+If your HoloLens is adjusted correctly, the nose pad should rest lightly on your nose. If it feels heavy on your nose, try rotating the visor up or adjusting the angle of the headband. You can also slide the device visor out—grasp the device arms just behind the visor and pull forward gently.
+
+## How can I adjust HoloLens to fit with my glasses?
+
+The device visor can slide in and out to accommodate eyewear. Grasp the device arms just behind the visor and pull forward gently to adjust it.
+
+## My arm gets tired when I use gestures. What can I do?
+
+When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. [Learn more about gestures](hololens1-basic-usage.md#use-hololens-with-your-hands).
+
+And be sure to try out [voice commands](hololens-cortana.md) and the [HoloLens clicker](hololens1-clicker.md).
diff --git a/devices/hololens/hololens1-hardware.md b/devices/hololens/hololens1-hardware.md
index aced822bd4..285f44dd6a 100644
--- a/devices/hololens/hololens1-hardware.md
+++ b/devices/hololens/hololens1-hardware.md
@@ -15,7 +15,7 @@ appliesto:
- HoloLens (1st gen)
---
-# HoloLens (1st Gen) hardware
+# HoloLens (1st gen) hardware
@@ -48,6 +48,14 @@ The HoloLens box contains the following items:
>[!TIP]
>The [clicker](hololens1-clicker.md) ships with HoloLens (1st Gen), in a separate box.
+### Power Supply details
+
+The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It supplies 9V at 2A.
+
+Charging rate and speed may vary depending on the environment in which the device is running.
+
+In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger.
+
## Device specifications
### Display
diff --git a/devices/hololens/hololens1-setup.md b/devices/hololens/hololens1-setup.md
index 4aefbad094..cbbc2315b7 100644
--- a/devices/hololens/hololens1-setup.md
+++ b/devices/hololens/hololens1-setup.md
@@ -7,7 +7,7 @@ author: JesseMcCulloch
ms.author: jemccull
ms.topic: article
ms.localizationpriority: high
-ms.date: 8/12/19
+ms.date: 8/12/2019
ms.reviewer:
manager: jarrettr
appliesto:
@@ -29,6 +29,10 @@ When your HoloLens is on, the battery indicator shows the battery level in incre
> [!TIP]
> To get an estimate of your current battery level, say "Hey Cortana, how much battery do I have left?"
+The power supply and USB cable that come with the device are the best way to charge your HoloLens (1st gen). The power supply provides 18W of power (9V 2A).
+
+Charging rate and speed may vary depending on the environment in which the device is running.
+
## Adjust fit
> [!VIDEO https://www.microsoft.com/videoplayer/embed/be3cb527-f2f1-4f85-b4f7-a34fbaba980d]
diff --git a/devices/hololens/hololens2-basic-usage.md b/devices/hololens/hololens2-basic-usage.md
index e15003a8f4..59426de18e 100644
--- a/devices/hololens/hololens2-basic-usage.md
+++ b/devices/hololens/hololens2-basic-usage.md
@@ -28,7 +28,7 @@ This guide provides an intro to:
On HoloLens, holograms blend the digital world with your physical environment to look and sound like they're part of your world. Even when holograms are all around you, you can always see your surroundings, move freely, and interact with people and objects. We call this experience "mixed reality".
-The holographic frame positions your holograms where your eyes are most sensitive to detail and the see-through lenses leave your peripheral vision unobscured. With spatial sound, you can pinpoint a hologram by listening, even if it’s behind you. And, because HoloLens understands your physical environment, you can place holograms on and around real objects such as tables and walls.
+The holographic frame positions your holograms where your eyes are most sensitive to detail and the see-through lenses leave your peripheral vision clear. With spatial sound, you can pinpoint a hologram by listening, even if it’s behind you. And, because HoloLens understands your physical environment, you can place holograms on and around real objects such as tables and walls.
Getting around HoloLens is a lot like using your smart phone. You can use your hands to touch and manipulate holographic windows, menus, and buttons.
@@ -54,6 +54,8 @@ To bring up a **context menu**, like the ones you'll find on an app tile in the
## Use hand ray for holograms out of reach
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZOum]
+
When there are no holograms near your hands, the **touch cursor** will hide automatically and **hand rays** will appear from the palm of your hands. Hand rays allow you to interact with holograms from a distance.
> [!TIP]
@@ -71,6 +73,8 @@ To select something using **hand ray**, follow these steps:
### Grab using air tap and hold
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxnh]
+
To grab a hologram or scroll app window content using **hand ray**, start with an **air tap**, but keep your fingers together instead of releasing them.
Use **air tap and hold** to perform the following actions with hand ray:
@@ -81,7 +85,9 @@ Use **air tap and hold** to perform the following actions with hand ray:
## Start gesture
-The Start gesture opens the **Start menu**. To perform the Start gesture, hold out your hand with your palm facing you. You’ll see a **Start icon** appear over your inner wrist. Tap this icon using your other hand. The Start menu will open **where you’re looking**.
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxng]
+
+The Start gesture opens the **Start menu**. To perform the Start gesture, hold out your hand with your palm facing you. You’ll see a **Start icon** appear over your inner wrist. Tap this icon using your other hand. The Start menu will open **where you’re looking**.
> [!TIP]
>
@@ -96,12 +102,15 @@ To **close** the Start menu, do the Start gesture when the Start menu is open.
### One-handed Start gesture
+> [!IMPORTANT]
+> For the one-handed Start gesture to work:
+>
+> 1. You must update to the November 2019 update (build 18363.1039) or later.
+> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/hololens/hololens-calibration#calibrating-your-hololens-2) on the device.
+
You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together.
-> [!IMPORTANT]
-> For the one-handed Start gesture to work, your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not calibrated on the device.
-
-
+
## Start menu, mixed reality home, and apps
@@ -135,6 +144,8 @@ Move a hologram or app by following these steps:
### Resizing holograms
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZYIb]
+
Grab and use the **resize handles** that appear on the corners of 3D holograms and app windows to resize them.
For an app window, when resized this way the window content correspondingly increases in size and becomes easier to read.
diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md
new file mode 100644
index 0000000000..e97e03f502
--- /dev/null
+++ b/devices/hololens/hololens2-fit-comfort-faq.md
@@ -0,0 +1,69 @@
+---
+title: HoloLens 2 fit and comfort FAQ
+description: Answers to frequently asked questions about how to fit your HoloLens 2.
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+audience: ItPro
+ms.localizationpriority: high
+ms.date: 11/07/2019
+ms.reviewer: jarrettr
+manager: jarrettr
+appliesto:
+- HoloLens 2
+---
+
+# HoloLens 2 fit and comfort frequently asked questions
+
+Here are some tips on how to stay comfortable and have the best experience using your HoloLens.
+
+For step-by-step instructions and a video about putting on and adjusting your device, see [Get your HoloLens 2 ready to use](hololens2-setup.md).
+
+> [!NOTE]
+> The fit and comfort tips in this topic are meant only as general guidance—they don't replace any laws or regulations, or your good judgment when using HoloLens. Stay safe, and have fun!
+
+Here are some tips on how to stay comfortable and have the best experience using your HoloLens.
+
+## I'm experiencing discomfort when I use my device. What should I do?
+
+If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first.
+
+For more information, see [Health and safety on HoloLens](https://go.microsoft.com/fwlink/p/?LinkId=746661).
+
+## I can't see the whole holographic frame, or my holograms are cut off
+
+To see the top edge of the holographic frame, move the device so it sits higher on your head, or angle the headband up slightly in front. To see the bottom edge, move the device to sit lower on your head, or angle the headband down slightly in front. If the left or right edge of the view frame isn't visible, make sure the HoloLens visor is centered on your forehead.
+
+## I need to look up or down to see holograms
+
+Try adjusting the position of your device visor so the holographic frame matches your natural gaze. Here's how:
+
+- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame.
+- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame.
+
+## Hologram image color or brightness does not look right
+
+For HoloLens 2, take the following steps to ensure the highest visual quality of holograms presented in displays:
+
+- **Increase brightness of the display.** Holograms look best when the display is at its brightest level.
+- **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes.
+- **Shift visor down.** Try moving the brow pad on your forehead down, which will result in the visor moving down closer to your nose.
+- **Run eye calibration.** The display uses your IPD and eye gaze to optimize images on the display. If you don't run eye calibration, the image quality may be made worse.
+
+## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure
+
+The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit).
+
+You can also experiment with the positioning of the headband—depending on your head size and shape, you may need to slide it up or down to reposition it on your forehead.
+
+## How can I adjust HoloLens to fit with my glasses?
+
+To accommodate eyewear, you can tilt the visor.
+
+## My arm gets tired when I use gestures. What can I do?
+
+When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. You can also use hand rays to interact with holograms without raising your arms [Learn more about gestures and hand rays](hololens2-basic-usage.md#the-hand-tracking-frame).
+
+And be sure to try out [voice commands](hololens-cortana.md).
diff --git a/devices/hololens/hololens2-hardware.md b/devices/hololens/hololens2-hardware.md
index dd81a50803..ca62dbf852 100644
--- a/devices/hololens/hololens2-hardware.md
+++ b/devices/hololens/hololens2-hardware.md
@@ -35,6 +35,14 @@ Microsoft HoloLens 2 is an untethered holographic computer. It refines the holo
- **Power supply**. Plugs into a power outlet.
- **Microfiber cloth**. Use to clean your HoloLens visor.
+### Power Supply details
+
+The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It's supplies 9V at 2A.
+
+Charging rate and speed may vary depending on the environment in which the device is running.
+
+In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger.
+
## Device specifications
### Display
@@ -75,6 +83,16 @@ Microsoft HoloLens 2 is an untethered holographic computer. It refines the holo
| Bluetooth | 5.0 |
| USB | USB Type-C |
+### Power
+
+| | |
+| - | - |
+| Battery Life | 2-3 hours of active use. Up to 2 weeks of standby time. |
+| Battery technology | [Lithium batteries](https://www.microsoft.com/download/details.aspx?id=43388) |
+| Charging behavior | Fully functional when charging |
+| Cooling type | Passively cooled (no fans) |
+| Power draw | In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger. |
+
### Fit
| | |
diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md
new file mode 100644
index 0000000000..9c56ec9d8c
--- /dev/null
+++ b/devices/hololens/hololens2-language-support.md
@@ -0,0 +1,73 @@
+---
+title: Supported languages for HoloLens 2
+description:
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 9/12/2019
+audience: ITPro
+ms.reviewer: jarrettr
+manager: jarrettr
+appliesto:
+- HoloLens 2
+---
+
+# Supported languages for HoloLens 2
+
+HoloLens 2 supports the following languages, including voice commands and dictation features, keyboard layouts, and OCR recognition within apps.
+
+- Chinese Simplified (China)
+- English (Australia)
+- English (Canada)
+- English (Great Britain)
+- English (United States)
+- French (Canada)
+- French (France)
+- German (Germany)
+- Italian (Italy)
+- Japanese (Japan)
+- Spanish (Spain)
+
+HoloLens 2 is also available in the following languages. However, this support does not include speech commands or dictation features.
+
+- Chinese Traditional (Taiwan and Hong Kong)
+- Dutch (Netherlands)
+- Korean (Korea)
+
+## Changing language or keyboard
+
+The setup process configures your HoloLens for a region and language. You can change this configuration by using the **Time & language** section of **Settings**.
+
+> [!NOTE]
+> Your speech and dictation language depends on the Windows display language.
+
+## To change the Windows display language
+
+1. Go to the **Start** menu, and then select **Settings** > **Time and language** > **Language**.
+2. Select **Windows display language**, and then select a language.
+
+If the supported language you’re looking for is not in the menu, follow these steps:
+
+1. Under **Preferred languages** select **Add a language**.
+2. Search for and add the language.
+3. Select the **Windows display language** menu again and choose the language you added.
+
+The Windows display language affects the following settings for Windows and for apps that support localization:
+
+- The user interface text language.
+- The speech language.
+- The default layout of the on-screen keyboard.
+
+## To change the keyboard layout
+
+To add or remove a keyboard layout, open the **Start** menu and then select **Settings** > **Time & language** > **Keyboard**.
+
+If your HoloLens has more than one keyboard layout, use the **Layout** key to switch between them. The **Layout** key is in the lower right corner of the on-screen keyboard.
+
+> [!NOTE]
+> The on-screen keyboard can use Input Method Editor (IME) to enter characters in languages such as Chinese. However, HoloLens does not support external Bluetooth keyboards that use IME.
+>
+> While you use IME with the on-screen keyboard, you can continue to use a Bluetooth keyboard to type in English. To switch between keyboards, press ~.
diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md
index d007628794..79189a7cf6 100644
--- a/devices/hololens/hololens2-setup.md
+++ b/devices/hololens/hololens2-setup.md
@@ -1,6 +1,7 @@
---
title: Prepare a new HoloLens 2
description: This guide walks through first time set up and hardware guide.
+keywords: hololens, lights, fit, comfort, parts
ms.assetid: 02692dcf-aa22-4d1e-bd00-f89f51048e32
ms.date: 9/17/2019
keywords: hololens
@@ -20,7 +21,9 @@ The procedures below will help you set up a HoloLens 2 for the first time.
## Charge your HoloLens
-Connect the power supply to the charging port by using the USB-C cable (included). Plug the power supply into a power outlet.
+Connect the power supply to the charging port by using the USB-C cable (included). Plug the power supply into a power outlet. The power supply and USB-C-to-C cable that come with the device are the best way to charge your HoloLens 2. The charger supplies 18W of power (9V at 2A).
+
+Charging rate and speed may vary depending on the environment in which the device is running.
- When the device is charging, the battery indicator lights up to indicate the current level of charge. The last light will fade in and out to indicate active charging.
- When your HoloLens is on, the battery indicator displays the battery level in increments.
@@ -59,12 +62,23 @@ To turn on your HoloLens 2, press the Power button. The LED lights below the Po
| To turn on | Single button press. | All five lights turn on, then change to indicate the battery level. After four seconds, a sound plays. |
| To sleep | Single button press. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
| To wake from sleep | Single button press. | All five lights turn on, then change to indicate the battery level. A sound immediately plays. |
-| To turn off | Press and for hold 5s. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
+| To turn off | Press and hold for 5s. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
| To force the Hololens to restart if it is unresponsive | Press and hold for 10s. | All five lights turn on, then fade off one at a time. After the lights turn off. |
-## HoloLens indicator lights
+## HoloLens behavior reference
-Not sure what the indicator lights on your HoloLens mean? Here's some help!
+Not sure what the indicator lights on your HoloLens mean? Want to know how HoloLens should behave while charging? Here's some help!
+
+### Charging behavior
+
+| State of the Device | Action | HoloLens 2 will do this |
+| - | - | - |
+| OFF | Plug in USB Cable | Device transitions to ON with indicator lights showing battery level and device starts charging.
+| ON | Remove USB Cable | Device stops charging
+| ON | Plug in USB Cable | Device starts charging
+| SLEEP | Plug in USB Cable | Device starts charging
+| SLEEP | Remove USB Cable | Device stops charging
+| ON with USB cable plugged in | Turn off Device | Device transitions to ON with indicator lights showing battery level and device will start charging |
### Lights that indicate the battery level
@@ -76,12 +90,21 @@ Not sure what the indicator lights on your HoloLens mean? Here's some help!
| One solid light, one light fading in and out | Between 40% and 21% |
| One light fading in and out | Between 20% and 5% or lower (critical battery) |
+### Sleep Behavior
+
+| State of the Device | Action | HoloLens 2 will do this |
+| - | - | - |
+| ON | Single Power button press | Device transitions to SLEEP and turns off all indicator lights |
+| ON | No movement for 3 minutes | Device transition to SLEEP and turns off all indicator lights |
+| SLEEP | Single Power button Press | Device transitions to ON and turns on indicator lights |
+
### Lights to indicate problems
| When you do this | The lights do this | It means this |
| - | - | - |
| You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. |
-| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. |
+| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. |
+| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a hardware failure. To be sure, [reinstall the OS](hololens-recovery.md#hololens-2), and try again. After reinstalling the OS, if the light-flash pattern persists, contact [support](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb). |
## Safety and comfort
diff --git a/devices/hololens/hololens2-start.md b/devices/hololens/hololens2-start.md
index 783a6af601..78d3697f03 100644
--- a/devices/hololens/hololens2-start.md
+++ b/devices/hololens/hololens2-start.md
@@ -26,9 +26,9 @@ Before you get started, make sure you have the following available:
**A network connection**. You'll need to connect your HoloLens to a network to set it up. With HoloLens 2, you can connect with Wi-Fi or by using ethernet (you'll need a USB-C-to-Ethernet adapter). The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. [Learn more about the websites that HoloLens uses](hololens-offline.md).
-**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free.
+**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](https://account.microsoft.com) and set one up for free.
-**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661).
+**A safe, well-lit space with no tripping hazards**. [Health and safety info](https://go.microsoft.com/fwlink/p/?LinkId=746661).
**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](hololens2-setup.md#adjust-fit).
@@ -58,6 +58,10 @@ HoloLens 2 will walk you through the following steps:
HoloLens sets your time zone automatically based on information obtained from the Wi-Fi network. After setup finishes, you can change the time zone by using the Settings app.
+> [!NOTE]
+> If you progress past the Wi-Fi step and later need to switch to a different network while still in setup, you can press the **Volume Down** and **Power** buttons simultaneously to return to this step if you are running an OS version from October 2019 or later. For earlier versions, you may need to [reset the device](hololens-recovery.md) or restart it in a location where the Wi-Fi network is not available to prevent it from automatically connecting.
+>
+> Also note that during HoloLens Setup, there is a credential timeout of two minutes. The username/password needs to be entered within two minutes otherwise the username field will be automatically cleared.
1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**.
- When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens automatically enrolls in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available. In that case, you need to [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app).
diff --git a/devices/hololens/images/20190322-DevicePortal.png b/devices/hololens/images/20190322-DevicePortal.png
new file mode 100644
index 0000000000..7fdd2e34b3
Binary files /dev/null and b/devices/hololens/images/20190322-DevicePortal.png differ
diff --git a/devices/hololens/images/hololens-2-start-alternative.jpg b/devices/hololens/images/hololens-2-start-alternative.jpg
deleted file mode 100644
index e5cc5e275e..0000000000
Binary files a/devices/hololens/images/hololens-2-start-alternative.jpg and /dev/null differ
diff --git a/devices/hololens/images/hololens-2-start-alternative.png b/devices/hololens/images/hololens-2-start-alternative.png
new file mode 100644
index 0000000000..763cd8600e
Binary files /dev/null and b/devices/hololens/images/hololens-2-start-alternative.png differ
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index 2db4f6d0c9..98835e4ce5 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -1,6 +1,6 @@
---
-title: Microsoft HoloLens (HoloLens)
-description: Landing page for HoloLens commercial and enterprise management.
+title: Microsoft HoloLens
+description: Landing page Microsoft HoloLens.
ms.prod: hololens
ms.sitesec: library
ms.assetid: 0947f5b3-8f0f-42f0-aa27-6d2cad51d040
@@ -8,7 +8,12 @@ author: scooley
ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 07/14/2019
+ms.date: 10/14/2019
+audience: ITPro
+appliesto:
+- HoloLens 1
+- HoloLens 2
+
---
# Microsoft HoloLens
@@ -21,33 +26,33 @@ ms.date: 07/14/2019
## Guides in this section
| Guide | Description |
| --- | --- |
-| [Get started with HoloLens](hololens1-setup.md) | Set up HoloLens for the first time. |
-| [Deploy HoloLens in a commercial environment](hololens-requirements.md) | Configure HoloLens for scale enterprise deployment and ongoing device management. |
-| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
-| [Get support](https://support.microsoft.com/products/hololens) |Connect with Microsoft support resources for HoloLens in enterprise. |
+| [Get started with HoloLens 2](hololens2-setup.md) | Set up HoloLens 2 for the first time. |
+| [Get started with HoloLens (1st gen)](hololens1-setup.md) | Set up HoloLens (1st gen) for the first time. |
+| [Get started with HoloLens in a commercial or classroom environment](hololens-requirements.md) | Plan for a multi-device HoloLens deployment and create a strategy for ongoing device management.This section is tailored to IT professionals managing devices with existing device management infrastructure. |
## Quick reference by topic
| Topic | Description |
| --- | --- |
-| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover new features in the latest updates. |
-| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
-| [HoloLens MDM support](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using Mobile Device Management (MDM) solutions like Microsoft Intune. |
+| [What's new in HoloLens](hololens-whats-new.md) | Discover new features in the latest updates via HoloLens release notes. |
+| [Install and manage applications on HoloLens](hololens-install-apps.md) | Install and manage important applications on HoloLens at scale. |
| [HoloLens update management](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. |
| [HoloLens user management](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. |
-| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens. |
-| [Install localized version of HoloLens](hololens1-install-localized.md) | Configure HoloLens for different locale. |
+| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
+| [Get support](https://support.microsoft.com/products/hololens) | Connect with Microsoft support resources for HoloLens in enterprise. |
## Related resources
* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
-* [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial)
-* [HoloLens release notes](https://developer.microsoft.com/windows/mixed-reality/release_notes)
+* [HoloLens release notes](https://docs.microsoft.com/hololens/hololens-release-notes)
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index 2f7fc9fd1f..59d2d76a0d 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -7,6 +7,7 @@
### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md)
### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md)
+### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
## Plan
### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md)
@@ -22,6 +23,8 @@
## Deploy
### [Surface Hub 2S adoption and training](surface-hub-2s-adoption-kit.md)
+### [Surface Hub 2S adoption videos](surface-hub-2s-adoption-videos.md)
+
### [First time setup for Surface Hub 2S](surface-hub-2s-setup.md)
### [Connect devices to Surface Hub 2S](surface-hub-2s-connect.md)
### [Surface Hub 2S deployment checklist](surface-hub-2s-deploy-checklist.md)
@@ -54,6 +57,9 @@
## Overview
### [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md)
### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
+### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
+### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
+### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
## Plan
### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)
@@ -109,7 +115,6 @@
## Troubleshoot
### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md)
### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md)
-
### [Top support solutions for Surface Hub](support-solutions-surface-hub.md)
### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
### [Surface Hub Update History](surface-hub-update-history.md)
@@ -122,6 +127,4 @@
### [Surface Hub may install updates and restart outside maintenance hours](surface-hub-installs-updates-and-restarts-outside-maintenance-hours.md)
### [General Data Privacy Regulation and Surface Hub](general-data-privacy-regulation-and-surface-hub.md)
### [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
-### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
-### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
### [Change history for Surface Hub](change-history-surface-hub.md)
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index a834e039ee..ff76987746 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -30,7 +30,7 @@ If you prefer to use a graphical user interface, you can create a device account
### Create the account in the admin center
-1. Sign in to Office 365 by visiting http://portal.office.com
+1. Sign in to Office 365 by visiting https://portal.office.com
2. Provide the admin credentials for your Office 365 tenant. This will take you to your Microsoft 365 Admin Center.
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
index 2ab787b803..8eba3c49b1 100644
--- a/devices/surface-hub/docfx.json
+++ b/devices/surface-hub/docfx.json
@@ -41,7 +41,18 @@
"depot_name": "Win.surface-hub",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ],
+ "titleSuffix": "Surface Hub"
},
"externalReference": [],
"template": "op.html",
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf
index b8b6d804a9..9fa82b77c5 100644
Binary files a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf differ
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf
index 9e3ac0aa01..36d552a91a 100644
Binary files a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf differ
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf
index a40bdf33d6..216737e393 100644
Binary files a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf differ
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 22cddbc67d..3d38a356f5 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -337,12 +337,12 @@ This is what happens when you choose an option.
- **Use Microsoft Azure Active Directory**
- Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. Members of the Azure Global Admins security group from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization.
+ Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. Members of the Azure Global Admins role from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization.
- >[!IMPORTANT]
- >Administrators added to the Azure Global Admins group after you join the device to Azure AD will be unable to use the Settings app.
+ > [!IMPORTANT]
+ > Administrators added to the Azure Device Administrators role after you join the device to Azure AD will be unable to use the Settings app.
>
- >If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually.
+ > If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually.
- **Use Active Directory Domain Services**
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index 1b001aa627..ea543e69f2 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -15,130 +15,131 @@ ms.localizationpriority: medium
---
# Hybrid deployment (Surface Hub)
-A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-prem), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
->[!NOTE]
->In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-prem). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
+A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-premises), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
+
+> [!NOTE]
+> In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-premises). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
-
## Exchange on-premises
+
Use this procedure if you use Exchange on-premises.
-1. For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account. This account will be synced to Office 365.
+1. For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account. This account will be synced to Office 365.
- - In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
- - Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
-
- 
+- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
+- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
- - Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
+
- >**Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
+- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
- 
-
- - Click **Finish** to create the account.
+> **Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
- 
+
+- Click **Finish** to create the account.
+
-2. Enable the remote mailbox.
+2. Enable the remote mailbox.
- Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet.
+Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet.
- ```PowerShell
- Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
- ```
- >[!NOTE]
- >If you don't have an on-premises Exchange environment to run this cmdlet, you can make the same changes directly to the Active Directory object for the account.
- >
- >msExchRemoteRecipientType = 33
- >
- >msExchRecipientDisplayType = -2147481850
- >
- >msExchRecipientTypeDetails = 8589934592
-
-3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Microsoft 365 admin center and verify that the account created in the previous steps has merged to online.
-
-4. Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
+```PowerShell
+Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
+```
- Start a remote PowerShell session on a PC and connect to Microsoft Exchange. Be sure you have the right permissions set to run the associated cmdlets.
+> [!NOTE]
+> If you don't have an on-premises Exchange environment to run this cmdlet, you can make the same changes directly to the Active Directory object for the account.
+>
+> msExchRemoteRecipientType = 33
+>
+> msExchRecipientDisplayType = -2147481850
+>
+> msExchRecipientTypeDetails = 8589934592
- The next steps will be run on your Office 365 tenant.
+3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Microsoft 365 admin center and verify that the account created in the previous steps has merged to online.
- ```PowerShell
- Set-ExecutionPolicy RemoteSigned
- $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
- $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection
- Import-PSSession $sess
- ```
+4. Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
-5. Create a new Exchange ActiveSync policy, or use a compatible existing policy.
+Start a remote PowerShell session on a PC and connect to Microsoft Exchange. Be sure you have the right permissions set to run the associated cmdlets.
- After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy or use a compatible existing policy.
-
- Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+The next steps will be run on your Office 365 tenant.
- If you haven’t created a compatible policy yet, use the following cmdlet—-this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+```PowerShell
+Set-ExecutionPolicy RemoteSigned
+$cred=Get-Credential -Message "Please use your Office 365 admin credentials"
+$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection
+Import-PSSession $sess
+```
- ```PowerShell
- $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
- ```
+5. Create a new Exchange ActiveSync policy, or use a compatible existing policy.
- Once you have a compatible policy, then you will need to apply the policy to the device account.
+After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy or use a compatible existing policy.
- ```PowerShell
- Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
- ```
+Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
-6. Set Exchange properties.
+If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
- Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+```PowerShell
+$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+```
- ```PowerShell
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!'
- ```
+Once you have a compatible policy, you will need to apply the policy to the device account.
-7. Connect to Azure AD.
+```PowerShell
+Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
+```
- You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
- ```PowerShell
- Install-Module -Name AzureAD
- ```
-
- You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+6. Set Exchange properties.
- ```PowerShell
- Import-Module AzureAD
- Connect-AzureAD -Credential $cred
- ```
-8. Assign an Office 365 license.
+Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
- The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
-
- You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+```PowerShell
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!'
+```
- Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+7. Connect to Azure AD.
- ```PowerShell
- Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
-
- Get-AzureADSubscribedSku | Select Sku*,*Units
- $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
- $License.SkuId = SkuId You selected
-
- $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
- $AssignedLicenses.AddLicenses = $License
- $AssignedLicenses.RemoveLicenses = @()
-
- Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
- ```
+You first need to install Azure AD module for PowerShell version 2. In an elevated PowerShell prompt, run the following command:
+
+```PowerShell
+Install-Module -Name AzureAD
+```
+
+You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+
+```PowerShell
+Import-Module AzureAD
+Connect-AzureAD -Credential $cred
+```
+
+8. Assign an Office 365 license.
+
+The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+
+You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+
+Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+
+```PowerShell
+Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+
+Get-AzureADSubscribedSku | Select Sku*,*Units
+$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+$License.SkuId = SkuId You selected
+
+$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+$AssignedLicenses.AddLicenses = $License
+$AssignedLicenses.RemoveLicenses = @()
+
+Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
+```
Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
-
### Skype for Business Online
To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need.
@@ -149,7 +150,7 @@ To enable Skype for Business online, your tenant users must have Exchange mailbo
| Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL |
| Initiate an ad-hoc meeting and dial out from a meeting to phone numbers | Skype for Business Standalone Plan 2 with Audio Conferencing**Note** PSTN consumption billing is optional | E1 or E3 with Audio Conferencing, or E5| Skype for Business Server Standard CAL or Enterprise CAL |
| Give the room a phone number and make or receive calls from the room or join a dial-in conference using a phone number | Skype for Business Standalone Plan 2 with Phone System and a PSTN Voice Calling plan | E1 or E3 with Phone System and a PSTN Voice Calling plan, or E5 | Skype for Business Server Standard CAL or Plus CAL |
-
+
The following table lists the Office 365 plans and Skype for Business options.
| O365 Plan | Skype for Business | Phone System | Audio Conferencing | Calling Plans |
@@ -162,42 +163,42 @@ The following table lists the Office 365 plans and Skype for Business options.
1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment.
- ```PowerShell
- Import-Module SkypeOnlineConnector
- $cssess=New-CsOnlineSession -Credential $cred
- Import-PSSession $cssess -AllowClobber
- ```
-
+```PowerShell
+Import-Module SkypeOnlineConnector
+$cssess=New-CsOnlineSession -Credential $cred
+Import-PSSession $cssess -AllowClobber
+```
+
2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
- ```PowerShell
- Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
- ```
-
- If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
+```PowerShell
+Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
+```
- ```PowerShell
- Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool*
- ```
+If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
+
+```PowerShell
+Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool*
+```
3. Assign Skype for Business license to your Surface Hub account.
- Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
-
- - Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
-
- - Click on **Users and Groups** and then **Add users, reset passwords, and more**.
-
- - Click the Surface Hub account, and then click the pen icon to edit the account information.
-
- - Click **Licenses**.
-
- - In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
-
- - Click **Save**.
+ Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) license to the device.
- >[!NOTE]
- >You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
+- Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
+
+- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
+
+- Click the Surface Hub account, and then click the pen icon to edit the account information.
+
+- Click **Licenses**.
+
+- In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
+
+- Click **Save**.
+
+> [!NOTE]
+> You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
For validation, you should be able to use any Skype for Business client (PC, Android, etc.) to sign in to this account.
@@ -205,7 +206,7 @@ For validation, you should be able to use any Skype for Business client (PC, And
To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run:
-```
+```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName
```
@@ -217,181 +218,181 @@ The Surface Hub requires a Skype account of the type `meetingroom`, while a norm
In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
->[!NOTE]
->To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
+> [!NOTE]
+> To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
## Exchange online
+
Use this procedure if you use Exchange online.
-1. Create an email account in Office 365.
+1. Create an email account in Office 365.
- Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets.
+Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets.
- ```PowerShell
- Set-ExecutionPolicy RemoteSigned
- $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
- $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
- Import-PSSession $sess
- ```
+```PowerShell
+Set-ExecutionPolicy RemoteSigned
+$cred=Get-Credential -Message "Please use your Office 365 admin credentials"
+$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+Import-PSSession $sess
+```
-2. Set up mailbox.
+2. Set up a mailbox.
- After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
+After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
- If you're changing an existing resource mailbox:
+If you're changing an existing resource mailbox:
- ```PowerShell
- Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
+```PowerShell
+Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+```
- If you’re creating a new resource mailbox:
+If you’re creating a new resource mailbox:
- ```PowerShell
- New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
+```PowerShell
+New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+```
-3. Create Exchange ActiveSync policy.
+3. Create Exchange ActiveSync policy.
- After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
- Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, Exchange services on the Surface Hub (mail, calendar, and joining meetings) will not be enabled.
- If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
- ```PowerShell
- $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
- ```
+```PowerShell
+$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+```
- Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
+Once you have a compatible policy, you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
- ```PowerShell
- Set-Mailbox 'HUB01@contoso.com' -Type Regular
- Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
- Set-Mailbox 'HUB01@contoso.com' -Type Room
- $credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
- Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
- ```
+```PowerShell
+Set-Mailbox 'HUB01@contoso.com' -Type Regular
+Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
+Set-Mailbox 'HUB01@contoso.com' -Type Room
+$credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
+Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
+```
-4. Set Exchange properties.
+4. Set Exchange properties.
- Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
- ```PowerShell
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
- ```
+```PowerShell
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+```
-5. Add email address for your on-premises domain account.
+5. Add an email address for your on-premises domain account.
- For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account.
-
- - In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
- - Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
+For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account.
- 
+- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
+- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
- - Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
-
- >[!IMPORTANT]
- >Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
-
- 
-
- - Click **Finish** to create the account.
+
- 
+- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
-6. Run directory synchronization.
+> [!IMPORTANT]
+> Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
- After you've created the account, run a directory synchronization. When it's complete, go to the users page and verify that the two accounts created in the previous steps have merged.
+
-7. Connect to Azure AD.
+- Click **Finish** to create the account.
- You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
-
- ```PowerShell
- Install-Module -Name AzureAD
- ```
- You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+
- ```PowerShell
- Import-Module AzureAD
- Connect-AzureAD -Credential $cred
- ```
+6. Run directory synchronization.
-8. Assign an Office 365 license.
+After you've created the account, run a directory synchronization. When it's complete, go to the users page and verify that the two accounts created in the previous steps have merged.
- The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+7. Connect to Azure AD.
- Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+You first need to install Azure AD module for PowerShell version 2. In an elevated PowerShell prompt, run the following command:
- Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+```PowerShell
+Install-Module -Name AzureAD
+```
- ```PowerShell
- Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
-
- Get-AzureADSubscribedSku | Select Sku*,*Units
- $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
- $License.SkuId = SkuId You selected
-
- $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
- $AssignedLicenses.AddLicenses = $License
- $AssignedLicenses.RemoveLicenses = @()
-
- Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
- ```
+You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect:
-Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-premises](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid).
+```PowerShell
+Import-Module AzureAD
+Connect-AzureAD -Credential $cred
+```
+8. Assign an Office 365 license.
-### Skype for Business Online
-
-In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#sfb-online).
+The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+
+Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+
+Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+
+```PowerShell
+Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+
+Get-AzureADSubscribedSku | Select Sku*,*Units
+$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+$License.SkuId = SkuId You selected
+
+$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+$AssignedLicenses.AddLicenses = $License
+$AssignedLicenses.RemoveLicenses = @()
+
+Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
+```
+
+Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
+
+### Skype for Business Online
+
+In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#skype-for-business-online).
1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC.
- ```PowerShell
- Import-Module SkypeOnlineConnector
- $cssess=New-CsOnlineSession -Credential $cred
- Import-PSSession $cssess -AllowClobber
- ```
+```PowerShell
+Import-Module SkypeOnlineConnector
+$cssess=New-CsOnlineSession -Credential $cred
+Import-PSSession $cssess -AllowClobber
+```
2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
- ```PowerShell
- Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool
- 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
- ```
+```PowerShell
+Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool
+'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
+```
If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
- ```PowerShell
- Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool*
- ```
+```PowerShell
+Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool*
+```
10. Assign Skype for Business license to your Surface Hub account
- Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
+Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) license to the device.
- - Sign in as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
-
- - Click on **Users and Groups** and then **Add users, reset passwords, and more**.
-
- - Click the Surface Hub account, and then click the pen icon to edit the account information.
-
- - Click **Licenses**.
-
- - In **Assign licenses**, select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub.
-
- - Click **Save**.
+- Sign in as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
- >[!NOTE]
- > You can also use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
+- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
+
+- Click the Surface Hub account, and then click the pen icon to edit the account information.
+
+- Click **Licenses**.
+
+- In **Assign licenses**, select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub.
+
+- Click **Save**.
+
+> [!NOTE]
+> You can also use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.
-
### Skype for Business on-premises
To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run:
@@ -400,15 +401,13 @@ To run this cmdlet, you will need to connect to one of the Skype front-ends. Ope
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName
```
-
### Skype for Business hybrid
If your organization has set up [hybrid connectivity between Skype for Business Server and Skype for Business Online](https://technet.microsoft.com/library/jj205403.aspx), the guidance for creating accounts differs from a standard Surface Hub deployment.
The Surface Hub requires a Skype account of the type *meetingroom*, while a normal user would use a *user* type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account.
-
+
In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
->[!NOTE]
->To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
-
+> [!NOTE]
+> To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index 110355baf4..f60588a000 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -1,7 +1,7 @@
---
title: Surface Hub
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
layout: LandingPage
ms.prod: surface-hub
@@ -122,7 +122,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index 5b45fdcb93..91d561934c 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -117,9 +117,9 @@ The following tables include info on Windows 10 settings that have been validate
| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow Windows Defender SmartScreen | Keep this enabled to turn on Windows Defender SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Prevent ignoring Windows Defender SmartScreen warnings for websites | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Prevent ignoring Windows Defender SmartScreen warnings for files | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index d3fdb628ab..88b0653b00 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -49,6 +49,8 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
```PowerShell
New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
```
+> [!IMPORTANT]
+> ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods.
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
index a072d4d7b4..0cd6fc5219 100644
--- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
@@ -90,7 +90,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
```
-7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
+7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#skype-for-business-online).
Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
@@ -124,13 +124,13 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
- Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, alice@contoso.com):
```PowerShell
- (Get-CsTenant).TenantPoolExtension
+ Get-CsOnlineUser -Identity 'alice@contoso.com' | fl registrarpool
```
OR by setting a variable
```PowerShell
- $strRegistrarPool = (Get-CsTenant).TenantPoolExtension
- $strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
+ $strRegistrarPool = Get-CsOnlineUser -Identity 'alice@contoso.com' | fl registrarpool | out-string
+ $strRegistrarPool = $strRegistrarPool.Substring($strRegistrarPool.IndexOf(':') + 2)
```
- Enable the Surface Hub account with the following cmdlet:
diff --git a/devices/surface-hub/surface-hub-2s-account.md b/devices/surface-hub/surface-hub-2s-account.md
index 03b3f8d7ef..fb93b0e7d9 100644
--- a/devices/surface-hub/surface-hub-2s-account.md
+++ b/devices/surface-hub/surface-hub-2s-account.md
@@ -4,8 +4,8 @@ description: "This page describes the procedure for creating the Surface Hub 2S
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
@@ -47,32 +47,33 @@ Create the account using the Microsoft 365 admin center or by using PowerShell.
- **Skype for Business:** For Skype for Business only (on-premises or online), you can enable the Skype for Business object by running **Enable-CsMeetingRoom** to enable features such as Meeting room prompt for audio and Lobby hold.
-- **Calendar:** Set **Calendar Auto processing** for this account.
+- **Microsoft Teams and Skype for Business Calendar:** Set [**Calendar Auto processing**](https://docs.microsoft.com/surface-hub/surface-hub-2s-account?source=docs#set-calendar-auto-processing) for this account.
## Create account using PowerShell
Instead of using the Microsoft Admin Center portal, you can create the account using PowerShell.
### Connect to Exchange Online PowerShell
-```
-$365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential (Get-Credential) -Authentication Basic –AllowRedirection $ImportResults = Import-PSSession $365Session
+```powershell
+$365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential (Get-Credential) -Authentication Basic –AllowRedirection
+$ImportResults = Import-PSSession $365Session
```
### Create a new Room Mailbox
-```
+```powershell
New-Mailbox -MicrosoftOnlineServicesID account@YourDomain.com -Alias SurfaceHub2S -Name SurfaceHub2S -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String "" -AsPlainText -Force)
```
### Set Calendar Auto processing
-```
+```powershell
Set-CalendarProcessing -Identity "account@YourDomain.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
```
### Assign a license
-```
+```powershell
Connect-MsolService
Set-Msoluser -UserPrincipalName account@YourDomain.com -UsageLocation IE
Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "contoso:MEETING_ROOM"
@@ -85,10 +86,11 @@ Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "co
- [Visual C++ 2017 Redistributable](https://aka.ms/vs/15/release/vc_redist.x64.exe)
- [Skype for Business Online PowerShell Module](https://www.microsoft.com/download/confirmation.aspx?id=39366)
-```
+```powershell
Import-Module LyncOnlineConnector
$SfBSession = New-CsOnlineSession -Credential (Get-Credential)
Import-PSSession $SfBSession -AllowClobber
-Enable the Skype for Business meeting room
+
+# Enable the Skype for Business meeting room
Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPool(Get-CsTenant).Registrarpool -SipAddressType EmailAddress
```
diff --git a/devices/surface-hub/surface-hub-2s-adoption-kit.md b/devices/surface-hub/surface-hub-2s-adoption-kit.md
index de75086db3..2cc29c519b 100644
--- a/devices/surface-hub/surface-hub-2s-adoption-kit.md
+++ b/devices/surface-hub/surface-hub-2s-adoption-kit.md
@@ -4,18 +4,22 @@ description: "Microsoft has developed downloadable materials that you can make a
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
-ms.date: 08/22/2019
+ms.date: 11/04/2019
ms.localizationpriority: Medium
---
# Surface Hub 2S adoption and training guides
-Whether you are a small or large business, a Surface Hub adoption plan is critical in generating the right use cases and helping your users become comfortable with the device. Check out these downloadable guides designed to help you deliver training across your organization.
+Whether you're a small or large business, a Surface Hub adoption plan is critical in generating the right use cases and helping your users become comfortable with the device. Check out these downloadable guides designed to help you deliver training across your organization.
+
+## On-demand training
+
+- [Surface Hub 2S adoption and training videos](surface-hub-2s-adoption-videos.md)
## Adoption toolkit
@@ -28,7 +32,7 @@ Whether you are a small or large business, a Surface Hub adoption plan is critic
- [Training guide – help desk](downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf)
- [Training guide – Microsoft Teams desktop](downloads/Guide-SurfaceHub2S-Teams.pptx)
-[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
+[Download all training guides](https://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
## End user guides
@@ -37,7 +41,7 @@ Whether you are a small or large business, a Surface Hub adoption plan is critic
- [Guide to Microsoft Whiteboard on Surface Hub](downloads/Guide-SurfaceHub2S-Whiteboard.pptx)
- [Guide to Microsoft Teams on Surface Hub](downloads/Guide-SurfaceHub2S-Teams.pptx)
-[Download all end user guides](http://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)
+[Download all end user guides](https://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)
## Quick reference cards
@@ -52,4 +56,4 @@ Whether you are a small or large business, a Surface Hub adoption plan is critic
- [Whiteboard advanced](downloads/QRCWhiteboardAdvanced.pdf)
- [Whiteboard tools](downloads/QRCWhiteboardTools.pdf)
-[Download all quick reference cards](http://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)
+[Download all quick reference cards](https://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)
diff --git a/devices/surface-hub/surface-hub-2s-adoption-videos.md b/devices/surface-hub/surface-hub-2s-adoption-videos.md
new file mode 100644
index 0000000000..5e0419624f
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-adoption-videos.md
@@ -0,0 +1,137 @@
+---
+title: "Surface Hub 2S on-demand adoption and training videos"
+description: "This page contains on-demand training for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 11/04/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S on-demand adoption and training videos
+
+This page contains comprehensive training for Surface Hub 2S, available on demand.
+
+## Chapter 1 - Training overview
+
+> ![VIDEO ]
+
+- Welcome and introduction
+- Training overview and agenda
+- Software and technology reference
+- Surface Hub messaging
+- Industries and user roles
+- Overview of training services
+- Training best practices
+
+## Chapter 2 - Getting started with Surface Hub
+
+> ![VIDEO ]
+
+- What is Surface Hub?
+- Technical overview
+- Steelcase Roam and the mobility story
+- Surface Hub services
+- Getting started with Surface Hub
+- Gathering expectations
+
+## Chapter 3 - Navigating Surface Hub
+
+> ![VIDEO ]
+
+- Welcome screen
+- Start menu
+- Full screen
+- Clip to Whiteboard
+- Task bar menu
+- Teams/Skype
+- End Session
+
+## Chapter 4 - Whiteboarding and collaboration
+
+> ![VIDEO ]
+
+- Whiteboard introduction
+- Starting the Whiteboard
+- Whiteboard tools
+- Inserting pictures
+- Changing the background
+- Sharing the whiteboard
+- Export the Whiteboard
+
+## Chapter 5 - Exploring Surface Hub apps
+
+> ![VIDEO ]
+
+- Surface Hub apps introduction
+- PowerPoint overview
+- Microsoft Word
+- Microsoft Excel
+- Microsoft Edge
+
+## Chapter 6 - Advanced apps and Office 365
+
+> ![VIDEO ]
+
+- Advanced apps introduction
+- Microsoft Maps
+- Photos
+- Power BI
+- Sign in to Office 365
+- OneDrive
+- CoAuthor documents
+
+## Chapter 7 - Connecting devices
+
+> ![VIDEO ]
+
+- Connect introduction
+- Miracast overview
+- Touch and Pen Input
+- Wired connect overview
+- Line of Business app workflows
+- Troubleshooting Miracast and wired connect
+
+## Chapter 8 - Skype for Business meetings
+
+> ![VIDEO ]
+
+- Introduction to Skype for Business
+-Scheduling Skype for Business meetings
+- Start a meeting
+- Start an ad hoc meeting
+- Join a meeting on your calendar
+- Managing a Skype for Business meeting
+- Present content
+
+## Chapter 9 - Microsoft Teams meetings
+
+> ![VIDEO ]
+
+- Introduction to Microsoft Teams
+- Scheduling Microsoft Teams meetings
+- Start a meeting
+- Start an ad hoc meeting
+- Join a meeting on your calendar
+- Managing a Microsoft Teams meeting
+- Present content
+- Conclusion
+
+## Chapter 10 - Basic troubleshooting
+
+> ![VIDEO ]
+
+- Introduction to Surface Hub troubleshooting
+- Application troubleshooting
+- End Session
+- Restart the device
+- Power cycle the device
+- Factory reset
+- Settings
+- Manage Surface Hub
+- Conclusion
\ No newline at end of file
diff --git a/devices/surface-hub/surface-hub-2s-change-history.md b/devices/surface-hub/surface-hub-2s-change-history.md
index a24c8c12e4..f629bd6bd6 100644
--- a/devices/surface-hub/surface-hub-2s-change-history.md
+++ b/devices/surface-hub/surface-hub-2s-change-history.md
@@ -4,8 +4,8 @@ description: "This page shows change history for Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
audience: Admin
ms.manager: laurawi
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-connect.md b/devices/surface-hub/surface-hub-2s-connect.md
index 3726eae176..a32df68734 100644
--- a/devices/surface-hub/surface-hub-2s-connect.md
+++ b/devices/surface-hub/surface-hub-2s-connect.md
@@ -4,12 +4,12 @@ description: "This page explains how to connect external devices to Surface Hub
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/13/2019
ms.localizationpriority: Medium
---
@@ -28,7 +28,7 @@ In general, it’s recommended to use native cable connections whenever possible
| **Connection** | **Functionality** | **Description**|
| --- | --- | ---|
| HDMI + USB-C | HDMI-in for audio and video
USB-C for TouchBack and InkBack | USB-C supports TouchBack and InkBack with the HDMI A/V connection.
Use USB-C to USB-A to connect to legacy computers.
**NOTE:** For best results, connect HDMI before connecting a USB-C cable. If the computer you're using for HDMI is not compatible with TouchBack and InkBack, you won't need a USB-C cable. |
-| USB-C (via compute module) | Video-in Audio-in | Single cable needed for A/V
TouchBack and InkBack not supported
HDCP enabled |
+| USB-C (via compute module) | Video-in Audio-in | Single cable needed for A/V
TouchBack and InkBack is supported
HDCP enabled |
| HDMI (in port) | Video, Audio into Surface Hub 2S | Single cable needed for A/V
TouchBack and InkBack not supported
HDCP enabled |
| MiniDP 1.2 output | Video-out such as mirroring to a larger projector. | Single cable needed for A/V |
@@ -131,4 +131,4 @@ You can connect the following accessories to Surface Hub-2S using Bluetooth:
- Speakers
> [!NOTE]
-> After you connect a Bluetooth headset or speaker, you might need to change the default microphone and speaker settings. For more information, see [**Local management for Surface Hub settings**](https://docs.microsoft.com/en-us/surface-hub/local-management-surface-hub-settings).
+> After you connect a Bluetooth headset or speaker, you might need to change the default microphone and speaker settings. For more information, see [**Local management for Surface Hub settings**](https://docs.microsoft.com/surface-hub/local-management-surface-hub-settings).
diff --git a/devices/surface-hub/surface-hub-2s-custom-install.md b/devices/surface-hub/surface-hub-2s-custom-install.md
index 020256c627..c86ac8b4b3 100644
--- a/devices/surface-hub/surface-hub-2s-custom-install.md
+++ b/devices/surface-hub/surface-hub-2s-custom-install.md
@@ -4,8 +4,8 @@ description: "Learn how to perform a custom install of Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md
index b52bdc6532..77fe0fa1ca 100644
--- a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md
+++ b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md
@@ -4,8 +4,8 @@ description: "Learn how you can deploy apps to Surface Hub 2S using Intune."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-deploy-checklist.md b/devices/surface-hub/surface-hub-2s-deploy-checklist.md
index 10fe718f75..08421ad2f6 100644
--- a/devices/surface-hub/surface-hub-2s-deploy-checklist.md
+++ b/devices/surface-hub/surface-hub-2s-deploy-checklist.md
@@ -4,8 +4,8 @@ description: "Verify your deployment of Surface Hub 2S using pre- and post-deplo
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-deploy.md b/devices/surface-hub/surface-hub-2s-deploy.md
index cd99172ad3..87908ed944 100644
--- a/devices/surface-hub/surface-hub-2s-deploy.md
+++ b/devices/surface-hub/surface-hub-2s-deploy.md
@@ -4,8 +4,8 @@ description: "This page describes how to deploy Surface Hub 2S using provisionin
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-install-mount.md b/devices/surface-hub/surface-hub-2s-install-mount.md
index 7b4e3e3e00..1ae4dcadb6 100644
--- a/devices/surface-hub/surface-hub-2s-install-mount.md
+++ b/devices/surface-hub/surface-hub-2s-install-mount.md
@@ -4,8 +4,8 @@ description: "Learn how to install and mount Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md
index 1749e6cafd..be1df464ef 100644
--- a/devices/surface-hub/surface-hub-2s-manage-intune.md
+++ b/devices/surface-hub/surface-hub-2s-manage-intune.md
@@ -4,8 +4,8 @@ description: "Learn how to update and manage Surface Hub 2S using Intune."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
@@ -28,7 +28,7 @@ Surface Hub 2S allows IT administrators to manage settings and policies using a
### Auto registration — Azure Active Directory Affiliated
-When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune.
+During the initial setup process, when affiliating a Surface Hub with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune.
## Windows 10 Team Edition settings
@@ -69,6 +69,6 @@ You can set the Microsoft Teams app mode using Intune. Surface Hub 2S comes inst
To set modes, add the following settings to a custom Device Configuration Profile.
|**Name**|**Description**|**OMA-URI**|**Type**|**Value**|
-|:------ |:------------- |:--------- |:------ |:------- |
-|**Teams App ID**| App name | ./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId | String | Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams |
-|**Teams App Mode**| Teams mode | ./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode | Integer | 0 or 1 or 2 |
+|:--- |:--- |:--- |:--- |:--- |
+|**Teams App ID**|App name|./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId|String| Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams|
+|**Teams App Mode**|Teams mode|./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode|Integer| 0 or 1 or 2|
diff --git a/devices/surface-hub/surface-hub-2s-manage-passwords.md b/devices/surface-hub/surface-hub-2s-manage-passwords.md
index 3de1d293aa..accd5d7e84 100644
--- a/devices/surface-hub/surface-hub-2s-manage-passwords.md
+++ b/devices/surface-hub/surface-hub-2s-manage-passwords.md
@@ -4,8 +4,8 @@ description: "Learn how to configure Surface Hub 2S on-premises accounts with Po
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-onprem-powershell.md b/devices/surface-hub/surface-hub-2s-onprem-powershell.md
index 0d51997eda..fb2c98dcbd 100644
--- a/devices/surface-hub/surface-hub-2s-onprem-powershell.md
+++ b/devices/surface-hub/surface-hub-2s-onprem-powershell.md
@@ -4,8 +4,8 @@ description: "Learn how to configure Surface Hub 2S on-premises accounts with Po
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-onscreen-display.md b/devices/surface-hub/surface-hub-2s-onscreen-display.md
index 0f5679cd37..da4712505e 100644
--- a/devices/surface-hub/surface-hub-2s-onscreen-display.md
+++ b/devices/surface-hub/surface-hub-2s-onscreen-display.md
@@ -4,8 +4,8 @@ description: "Learn how to use the onscreen display to adjust brightness and oth
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-pack-components.md b/devices/surface-hub/surface-hub-2s-pack-components.md
index 692f4ee02d..287f43ec7b 100644
--- a/devices/surface-hub/surface-hub-2s-pack-components.md
+++ b/devices/surface-hub/surface-hub-2s-pack-components.md
@@ -4,8 +4,8 @@ description: "Instructions for packing Surface Hub 2S components, replacing the
keywords: pack, replace components, camera, compute cartridge
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-phone-authenticate.md b/devices/surface-hub/surface-hub-2s-phone-authenticate.md
index 53b8395f63..f79bbca0d4 100644
--- a/devices/surface-hub/surface-hub-2s-phone-authenticate.md
+++ b/devices/surface-hub/surface-hub-2s-phone-authenticate.md
@@ -4,8 +4,8 @@ description: "Learn how to simplify signing in to Surface Hub 2S using password-
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md
index 05c3c4b37a..8a667d95ac 100644
--- a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md
+++ b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md
@@ -4,8 +4,8 @@ description: "This page describes the ports, physical buttons, and configuration
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-prepare-environment.md b/devices/surface-hub/surface-hub-2s-prepare-environment.md
index 2b28cab313..5f10258934 100644
--- a/devices/surface-hub/surface-hub-2s-prepare-environment.md
+++ b/devices/surface-hub/surface-hub-2s-prepare-environment.md
@@ -4,12 +4,12 @@ description: "Learn what you need to do to prepare your environment for Surface
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/21/2019
ms.localizationpriority: Medium
---
@@ -17,34 +17,34 @@ ms.localizationpriority: Medium
## Office 365 readiness
-You may use Exchange and Skype for Business on-premises with Surface Hub 2S. However, if you use Exchange Online, Skype for Business Online, Microsoft Teams or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/office365/enterprise/office-365-endpoints).
+If you use Exchange Online, Skype for Business Online, Microsoft Teams, or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/office365/enterprise/office-365-endpoints).
-Office 365 endpoints help optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet level inspection or processing. This feature reduces latency and your perimeter capacity requirements.
+Office 365 endpoints help optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet-level inspection or processing. This feature reduces latency and your perimeter capacity requirements.
-Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up-to-date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service).
+Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up to date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service).
## Device affiliation
Use Device affiliation to manage user access to the Settings app on Surface Hub 2S.
-With the Windows 10 Team Edition operating system — that runs on Surface Hub 2S — only authorized users can adjust settings via the Settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended.
+With the Windows 10 Team Edition operating system (that runs on Surface Hub 2S), only authorized users can adjust settings using the Settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended.
> [!NOTE]
> You can only set Device affiliation during the initial out-of-box experience (OOBE) setup. If you need to reset Device affiliation, you’ll have to repeat OOBE setup.
## No affiliation
-No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [Bitlocker Key to a USB thumb drive](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune, however only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app.
+No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [BitLocker Key to a USB thumb drive](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune; however, only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app.
## Active Directory Domain Services
-If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app via a security group on your domain, ensuring that all security group members have permissions to change settings on Surface Hub 2S. Note also the following:
+If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app using a security group on your domain. This helps ensure that all security group members have permissions to change settings on Surface Hub 2S. Also note the following:
-- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the Bitlocker key can be saved in the AD Schema. For more information, see [Prepare your organization for BitLocker: Planning and policies](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies).
+- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the BitLocker key can be saved in the Active Directory Schema. For more information, see [Prepare your organization for BitLocker: Planning and policies](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies).
- Your organization’s Trusted Root CAs are pushed to the same container in Surface Hub 2S, which means you don’t need to import them using a provisioning package.
- You can still enroll the device with Intune to centrally manage settings on your Surface Hub 2S.
## Azure Active Directory
-When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
+When you choose to affiliate your Surface Hub 2S with Azure Active Directory (Azure AD), any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
-If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work.
+If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s BitLocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work.
diff --git a/devices/surface-hub/surface-hub-2s-quick-start.md b/devices/surface-hub/surface-hub-2s-quick-start.md
index d1d20bc7c8..3d7f08641a 100644
--- a/devices/surface-hub/surface-hub-2s-quick-start.md
+++ b/devices/surface-hub/surface-hub-2s-quick-start.md
@@ -4,8 +4,8 @@ description: "View the quick start steps to begin using Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-recover-reset.md b/devices/surface-hub/surface-hub-2s-recover-reset.md
index d055e724cd..af763b9e26 100644
--- a/devices/surface-hub/surface-hub-2s-recover-reset.md
+++ b/devices/surface-hub/surface-hub-2s-recover-reset.md
@@ -4,55 +4,66 @@ description: "Learn how to recover and reset Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
-ms.date: 06/20/2019
+ms.date: 12/05/2019
ms.localizationpriority: Medium
---
# Reset and recovery for Surface Hub 2S
-If you encounter problems with Surface Hub 2S, you can reset the device to factory settings or recover using a USB drive.
+If you encounter problems with Surface Hub 2S, you can reset the device to factory settings or restore by using a USB drive.
-To begin, sign into Surface Hub 2S with admin credentials, open the **Settings** app, select **Update & security**, and then select **Recovery**.
+To begin, sign in to Surface Hub 2S with admin credentials, open the **Settings** app, select **Update & security**, and then select **Recovery**.
-## Reset device
+## Reset the device
-1. To reset, select **Get Started**.
-2. When the **Ready to reset this device** window appears, select **Reset**. Surface Hub 2S reinstalls the operating system from the recovery partition and may take up to one hour to complete.
-3. Run **the first time Setup program** to reconfigure the device.
-4. If you manage the device using Intune or other mobile device manager (MDM) solution, retire and delete the previous record and re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe).
+1. To reset the device, select **Get Started**.
+2. When the **Ready to reset this device** window appears, select **Reset**.
+ >[!NOTE]
+ >Surface Hub 2S reinstalls the operating system from the recovery partition. This may take up to one hour to complete.
+3. To reconfigure the device, run the first-time Setup program.
+4. If you manage the device using Microsoft Intune or another mobile device management solution, retire and delete the previous record, and then re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe).
-*Figure 1. Reset and recovery for Surface Hub 2S.*
+*Figure 1. Reset and recovery for Surface Hub 2S*
-## Recover Surface Hub 2S using USB recovery drive
+## Recover Surface Hub 2S by using a USB recovery drive
-New in Surface Hub 2S, you can now reinstall the device using a recovery image.
+New in Surface Hub 2S, you can now reinstall the device by using a recovery image.
-### Recover from USB drive
+### Recovery from a USB drive
-Surface Hub 2S lets you reinstall the device using a recovery image, which allows you to reinstall the device to factory settings if you lost the Bitlocker key or no longer have admin credentials to the Settings app.
+Using Surface Hub 2S, you can reinstall the device by using a recovery image. By doing this, you can reinstall the device to the factory settings if you lost the BitLocker key, or if you no longer have admin credentials to the Settings app.
-1. Begin with a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32.
-2. Download recovery image from the [Surface Recovery website](https://support.microsoft.com/en-us/surfacerecoveryimage?devicetype=surfacehub2s) onto the USB drive and connect it to any USB-C or USB A port on Surface Hub 2S.
-3. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins.
+>[!NOTE]
+>Use a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32.
-
+1. From a separate PC, download the .zip file recovery image from the [Surface Recovery website](https://support.microsoft.com/surfacerecoveryimage?devicetype=surfacehub2s) and then return to these instructions.
+1. Unzip the downloaded file onto the root of the USB drive.
+1. Connect the USB drive to any USB-C or USB-A port on Surface Hub 2S.
+1. Turn off the device:
+ 1. While holding down the Volume down button, press the Power button.
+ 1. Keep holding both buttons until you see the Windows logo.
+ 1. Release the Power button but continue to hold the Volume until the Install UI begins.
-4. In the language selection screen, select the display language for your Surface Hub 2S.
-5. Choose **Recover from a drive** and **Fully clean the drive** and then select **Recover**. If prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process.
-Remove the USB drive when the first time setup screen appears.
+ 
+ **Figure 2. Volume and Power buttons**
+
+1. On the language selection screen, select the display language for your Surface Hub 2S.
+1. Select **Recover from a drive** and **Fully clean the drive**, and then select **Recover**. If you're prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process.
+
+When the first-time setup screen appears,remove the USB drive.
## Recover a locked Surface Hub
-On rare occasions, Surface Hub 2S may encounter an error during cleanup of user and app data at the end of a session. If this occurs, the device will automatically reboot and resume data cleanup. But if this operation fails repeatedly, the device will be automatically locked to protect user data.
+At the end of a session, Surface Hub 2S may occasionally encounter an error during the cleanup of user and app data at the end of a session. If this occurs, the device automatically reboots and resumes the data cleanup. However, if this operation repeatedly fails, the device automatically locks to protect user data.
-**To unlock Surface Hub 2S:**
-Reset or recover the device from Windows Recovery Environment (Windows RE). For more information, see [What is Windows RE?](https://technet.microsoft.com/library/cc765966.aspx)
+**To unlock a Surface Hub 2S:**
+- Reset or recover the device from the Windows Recovery Environment. For more information, see [What is Windows RE?](https://technet.microsoft.com/library/cc765966.aspx)
> [!NOTE]
-> To enter recovery mode, you need to physically unplug and replug the power cord three times.
+> To enter recovery mode, unplug the power cord and plug it in again three times.
diff --git a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md
index cf7b561dca..8d0768ba93 100644
--- a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md
+++ b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md
@@ -4,8 +4,8 @@ description: "Learn more about securing Surface Hub 2S with SEMM."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-setup.md b/devices/surface-hub/surface-hub-2s-setup.md
index 76e5ac1055..08318020fb 100644
--- a/devices/surface-hub/surface-hub-2s-setup.md
+++ b/devices/surface-hub/surface-hub-2s-setup.md
@@ -4,8 +4,8 @@ description: "Learn how to complete first time Setup for Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
@@ -27,7 +27,7 @@ When you first start Surface Hub 2S, the device automatically enters first time
- This option is not shown if connected using an Ethernet cable.
- You cannot connect to a wireless network in hotspots (captive portals) that redirect sign-in requests to a provider’s website.
-3. **Enter device account info.** Use **domain\user** for on-premises and hybrid environments and **user@example.com** for online environments. Select **Next.**
+3. **Enter device account info.** Use **domain\user** for on-premises and hybrid environments and **user\@example.com** for online environments. Select **Next.**
1. **Enter additional info.** If requested, provide your Exchange server address and then select **Next.**
diff --git a/devices/surface-hub/surface-hub-2s-site-planning.md b/devices/surface-hub/surface-hub-2s-site-planning.md
index 683d732f9a..9b04ea0174 100644
--- a/devices/surface-hub/surface-hub-2s-site-planning.md
+++ b/devices/surface-hub/surface-hub-2s-site-planning.md
@@ -4,8 +4,8 @@ description: "Learn more about rooms for Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-site-readiness-guide.md b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md
index e765207b4c..8db9d3818e 100644
--- a/devices/surface-hub/surface-hub-2s-site-readiness-guide.md
+++ b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md
@@ -4,8 +4,8 @@ description: "Get familiar with site readiness requirements and recommendations
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-techspecs.md b/devices/surface-hub/surface-hub-2s-techspecs.md
index 12955c3afb..4e40f9ae25 100644
--- a/devices/surface-hub/surface-hub-2s-techspecs.md
+++ b/devices/surface-hub/surface-hub-2s-techspecs.md
@@ -4,12 +4,12 @@ description: "View tech specs for Surface Hub 2S including pen, camera, and opti
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
+author: greg-lindsay
manager: laurawi
-ms.author: robmazz
+ms.author: greglin
audience: Admin
ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/19/2019
ms.localizationpriority: Medium
---
@@ -27,10 +27,10 @@ ms.localizationpriority: Medium
|**Graphics**| Intel UHD Graphics 620 |
|**Wireless**| Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac compatible) Bluetooth Wireless 4.1 technology Miracast display |
|**Connections**| USB-A Mini-DisplayPort 1.2 video output RJ45 gigabit Ethernet (1000/100/10 BaseT) HDMI video input (HDMI 2.0, HDCP 2.2 /1.4) USB-C with DisplayPort input Four USB-C (on display) |
-|**Sensors**| Doppler occupancy sensor Accelerometer Gyroscope |
+|**Sensors**| Doppler occupancy 2 Accelerometer Gyroscope |
|**Audio/Video**| Full-range, front facing 3-way stereo speakers Full band 8-element MEMS microphone array Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree HFOV |
|**Pen**| Microsoft Surface Hub 2 Pen (active) |
-|**Software**| Windows 10 Microsoft Teams for Surface Hub 2 Skype for Business Microsoft Whiteboard Microsoft Office (Mobile) Microsoft Power BI 2 |
+|**Software**| Windows 10 Microsoft Teams for Surface Hub 3 Skype for Business Microsoft Whiteboard Microsoft Office (Mobile) Microsoft Power BI 2 |
|**Exterior**| Casing: Precision machined aluminum with mineral-composite resin Color: Platinum Physical Buttons: Power, Volume, Source |
|**What’s in the box**| One Surface Hub 2S One Surface Hub 2 Pen One Surface Hub 2 Camera 2.5 m AC Power Cable Quick Start Guide |
|**Warranty**| 1-year limited hardware warranty |
@@ -41,4 +41,5 @@ ms.localizationpriority: Medium
|**Input Power, standby**| 5 W max |
> [!NOTE]
-> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. 2 Software license required for some features. Sold separately.
+> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. 2 Doppler sensor not available in Hong Kong, India, Kuwait, and Oman due to government regulations.
+ 3 Software license required for some features. Sold separately.
diff --git a/devices/surface-hub/surface-hub-2s-unpack.md b/devices/surface-hub/surface-hub-2s-unpack.md
index 474bec14da..950a5caa6f 100644
--- a/devices/surface-hub/surface-hub-2s-unpack.md
+++ b/devices/surface-hub/surface-hub-2s-unpack.md
@@ -4,8 +4,8 @@ description: "This page includes information about safely unpacking Surface Hub
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-2s-whats-new.md b/devices/surface-hub/surface-hub-2s-whats-new.md
index 2f0dad2a22..13d7eb06ce 100644
--- a/devices/surface-hub/surface-hub-2s-whats-new.md
+++ b/devices/surface-hub/surface-hub-2s-whats-new.md
@@ -4,8 +4,8 @@ description: "Learn more about new features in Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
diff --git a/devices/surface-hub/surface-hub-site-readiness-guide.md b/devices/surface-hub/surface-hub-site-readiness-guide.md
index cf21867432..d12281f55b 100644
--- a/devices/surface-hub/surface-hub-site-readiness-guide.md
+++ b/devices/surface-hub/surface-hub-site-readiness-guide.md
@@ -1,12 +1,12 @@
---
title: Surface Hub Site Readiness Guide
ms.reviewer:
-manager: dansimp
+manager: laurawi
description: Use this Site Readiness Guide to help plan your Surface Hub installation.
ms.prod: surface-hub
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: greg-lindsay
+ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
---
@@ -28,7 +28,7 @@ The room needs to be large enough to provide good viewing angles, but small enou
- The screen is not in direct sunlight, which could affect viewing or damage the screen.
- Ventilation openings are not blocked.
- Microphones are not affected by noise sources, such as fans or vents.
-You can find more details in the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections. For cleaning, care, and safety information, see the mounting guides and user guide at http://www.microsoft.com/surface/support/surface-hub.
+You can find more details in the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections. For cleaning, care, and safety information, see the mounting guides and user guide at https://www.microsoft.com/surface/support/surface-hub.
### Hardware considerations
@@ -47,7 +47,7 @@ For details about cable ports, see the [55” Microsoft Surface Hub technical in
Microsoft Surface Hub has an internal PC and does not require an external computer system.
-For power recommendations, see [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md). For power cable safety warnings, see the mounting guides at http://www.microsoft.com/surface/support/surface-hub.
+For power recommendations, see [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md). For power cable safety warnings, see the mounting guides at https://www.microsoft.com/surface/support/surface-hub.
### Data and other connections
@@ -77,7 +77,7 @@ Before you move Surface Hub, make sure that all the doorways, thresholds, hallwa
### Unpacking Surface Hub
-For unpacking information, refer to the unpacking guide included in the shipping container. You can open the unpacking instructions before you open the shipping container. These instructions can also be found here: http://www.microsoft.com/surface/support/surface-hub
+For unpacking information, refer to the unpacking guide included in the shipping container. You can open the unpacking instructions before you open the shipping container. These instructions can also be found here: https://www.microsoft.com/surface/support/surface-hub
>[!IMPORTANT]
>Retain and store all Surface Hub shipping materials—including the pallet, container, and screws—in case you need to ship Surface Hub to a new location or send it
@@ -85,22 +85,22 @@ for repairs. For the 84” Surface Hub, retain the lifting handles.
### Lifting Surface Hub
-The 55” Surface Hub requires two people to safely lift and mount. The 84” Surface Hub requires four people to safely lift and mount. Those assisting must be able to lift 70 pounds to waist height. Review the unpacking and mounting guide for details on lifting Surface Hub. You can find it at http://www.microsoft.com/surface/support/surface-hub.
+The 55” Surface Hub requires two people to safely lift and mount. The 84” Surface Hub requires four people to safely lift and mount. Those assisting must be able to lift 70 pounds to waist height. Review the unpacking and mounting guide for details on lifting Surface Hub. You can find it at https://www.microsoft.com/surface/support/surface-hub.
## Mounting and setup
-See your mounting guide at http://www.microsoft.com/surface/support/surface-hub for detailed instructions.
+See your mounting guide at https://www.microsoft.com/surface/support/surface-hub for detailed instructions.
There are three ways to mount your Surface Hub:
- **Wall mount**: Lets you permanently hang Surface Hub on a conference space wall.
- **Floor support mount**: Supports Surface Hub on the floor while it is permanently anchored to a conference space wall.
-- **Rolling stand**: Supports Surface Hub and lets you move it to other conference locations. For links to guides that provide details about each mounting method, including building requirements, see http://www.microsoft.com/surface/support/surface-hub.
+- **Rolling stand**: Supports Surface Hub and lets you move it to other conference locations. For links to guides that provide details about each mounting method, including building requirements, see https://www.microsoft.com/surface/support/surface-hub.
For specifications on available mounts for the original Surface Hub, see the following:
-- [Surface Hub Mounts and Stands Datasheet](http://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf)
-- [Surface Hub Stand and Wall Mount Specifications](http://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf)
+- [Surface Hub Mounts and Stands Datasheet](https://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf)
+- [Surface Hub Stand and Wall Mount Specifications](https://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf)
## The Connect experience
@@ -129,13 +129,10 @@ For example, to provide audio, video, and touchback capability to all three vide
When you create your wired connect cable bundles, check the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections for specific technical and physical details and port locations for each type of Surface Hub. Make the cables long enough to reach from Surface Hub to where the presenter will sit or stand.
-For details on Touchback and Inkback, see the user guide at http://www.microsoft.com/surface/support/surface-hub.
+For details on Touchback and Inkback, see the user guide at https://www.microsoft.com/surface/support/surface-hub.
## See also
-[Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov)
-
-
-
+[Watch the video (opens in a pop-up media player)](https://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov)
diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md
index 9c1f451f63..468e0d3329 100644
--- a/devices/surface-hub/surface-hub-start-menu.md
+++ b/devices/surface-hub/surface-hub-start-menu.md
@@ -3,8 +3,8 @@ title: Configure Surface Hub Start menu
description: Use MDM to customize the Start menu on Surface Hub.
ms.prod: surface-hub
ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
ms.topic: article
ms.date: 08/15/2018
ms.reviewer:
@@ -182,7 +182,3 @@ This example shows a link to a website and a link to a .pdf file. The secondary
>[!NOTE]
>The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark.
-
-## More information
-
-- [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/)
diff --git a/devices/surface-hub/surface-hub-update-history.md b/devices/surface-hub/surface-hub-update-history.md
index bc07173a20..943400d44c 100644
--- a/devices/surface-hub/surface-hub-update-history.md
+++ b/devices/surface-hub/surface-hub-update-history.md
@@ -442,7 +442,7 @@ This update brings the Windows 10 Team Anniversary Update to Surface Hub and inc
* General
* Enabled Audio Device Selection (for Surface Hubs attached using external audio devices)
* Enabled support for HDCP on DisplayPort output connector
- * System UI changes to settings for usability optimization (refer to [User and Admin Guides](http://www.microsoft.com/surface/support/surface-hub) for additional details)
+ * System UI changes to settings for usability optimization (refer to [User and Admin Guides](https://www.microsoft.com/surface/support/surface-hub) for additional details)
* Bug fixes and performance optimizations to speed up the Azure Active Directory sign-in flow
* Significantly improved time needed to reset and restore Surface Hub
* Windows Defender UI has been added within settings
@@ -520,9 +520,9 @@ This update to the Surface Hub includes quality improvements and security fixes.
## Related topics
-* [Windows 10 feature road map](http://go.microsoft.com/fwlink/p/?LinkId=785967)
-* [Windows 10 release information](http://go.microsoft.com/fwlink/p/?LinkId=724328)
-* [Windows 10 November update: FAQ](http://windows.microsoft.com/windows-10/windows-update-faq)
-* [Microsoft Surface update history](http://go.microsoft.com/fwlink/p/?LinkId=724327)
-* [Microsoft Lumia update history](http://go.microsoft.com/fwlink/p/?LinkId=785968)
-* [Get Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=616447)
+* [Windows 10 feature roadmap](https://go.microsoft.com/fwlink/p/?LinkId=785967)
+* [Windows 10 release information](https://go.microsoft.com/fwlink/p/?LinkId=724328)
+* [Windows 10 November update: FAQ](https://windows.microsoft.com/windows-10/windows-update-faq)
+* [Microsoft Surface update history](https://go.microsoft.com/fwlink/p/?LinkId=724327)
+* [Microsoft Lumia update history](https://go.microsoft.com/fwlink/p/?LinkId=785968)
+* [Get Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=616447)
diff --git a/devices/surface-hub/surface-hub-wifi-direct.md b/devices/surface-hub/surface-hub-wifi-direct.md
index 5120dc9b9c..8d94858bfa 100644
--- a/devices/surface-hub/surface-hub-wifi-direct.md
+++ b/devices/surface-hub/surface-hub-wifi-direct.md
@@ -1,13 +1,13 @@
---
title: How Surface Hub addresses Wi-Fi Direct security issues
-description: This topic provides guidance on Wi-Fi Direct security risks.
+description: Guidance about Wi-Fi Direct security risks.
keywords: change history
ms.prod: surface-hub
ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 06/20/2019
+ms.date: 11/27/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
@@ -15,101 +15,103 @@ ms.localizationpriority: medium
# How Surface Hub addresses Wi-Fi Direct security issues
-Microsoft Surface Hub is an all-in-one productivity device that enables teams to better brainstorm, collaborate, and share ideas. Surface Hub relies on Miracast for wireless projection by using Wi-Fi Direct.
+Microsoft Surface Hub is an all-in-one productivity device that enables teams to better brainstorm, collaborate, and share ideas. Surface Hub relies on Miracast for wireless projection through Wi-Fi Direct.
-This topic provides guidance on Wi-Fi Direct security vulnerabilities, how Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. This hardening information will help customers with high security requirements understand how best to protect their Surface Hub connected networks and data in transit.
+This article describes Wi-Fi Direct security vulnerabilities, how Surface Hub addresses those risks, and how administrators can configure Surface Hub for the highest level of security. This information will help customers who have high security requirements protect their Surface Hub-connected networks and data in transit.
-The intended audiences for this topic include IT and network administrators interested in deploying Microsoft Surface Hub in their corporate environment with optimal security settings.
+The intended audiences for this article are IT and network administrators who want to deploy Surface Hub in their corporate environment with optimal security settings.
## Overview
-Microsoft Surface Hub's security depends extensively on Wi-Fi Direct / Miracast and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Since the device only supports WPS (as opposed to WPA2 Pre-Shared Key (PSK) or WPA2 Enterprise), issues traditionally associated with 802.11 encryption are simplified by design.
+Security for Surface Hub depends extensively on Wi-Fi Direct/Miracast and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Because the device only supports WPS (as opposed to WPA2 Pre-Shared Key [PSK] or WPA2 Enterprise), the issues often associated with 802.11 encryption are simplified.
-It is important to note Surface Hub operates on par with the field of Miracast receivers, meaning that it is protected from, and vulnerable to, a similar set of exploits as all WPS-based wireless network devices. But Surface Hub’s implementation of WPS has extra precautions built in, and its internal architecture helps prevent an attacker – even after compromising the Wi-Fi Direct / Miracast layer – to move past the network interface onto other attack surfaces and connected enterprise networks see [Wi-Fi Direct vulnerabilities and how Surface Hub addresses them](#vulnerabilities).
+Surface Hub operates on par with the field of Miracast receivers. So, it's vulnerable to a similar set of exploits as all WPS-based wireless network devices. But the Surface Hub implementation of WPS has extra precautions built in. Also, its internal architecture helps prevent an attacker who has compromised the Wi-Fi Direct/Miracast layer from moving past the network interface onto other attack surfaces and connected enterprise networks.
## Wi-Fi Direct background
-Miracast is part of the Wi-Fi Display standard, which itself is supported by the Wi-Fi Direct protocol. These standards are supported in modern mobile devices for screen sharing and collaboration.
+Miracast is part of the Wi-Fi Display standard, which is supported by the Wi-Fi Direct protocol. These standards are supported in modern mobile devices for screen sharing and collaboration.
-Wi-Fi Direct or Wi-Fi "Peer to Peer" (P2P) is a standard released by the Wi-Fi Alliance for "Ad-Hoc" networks. This allows supported devices to communicate directly and create groups of networks without requiring a traditional Wi-Fi Access Point or an Internet connection.
+Wi-Fi Direct or Wi-Fi "peer to peer" (P2P) is a standard from the Wi-Fi Alliance for "Ad-Hoc" networks. Supported devices can communicate directly and create groups of networks without a conventional Wi-Fi access point or Internet connection.
-Security for Wi-Fi Direct is provided by WPA2 using the WPS standard. Authentication mechanism for devices can be a numerical pin (WPS-PIN), a physical or virtual Push Button (WPS-PBC), or an out-of-band message such as Near Field Communication (WPS-OOO). The Microsoft Surface Hub supports both Push Button (which is the default) and PIN methods.
+Security for Wi-Fi Direct is provided by WPA2 under the WPS standard. The authentication mechanism for devices can be a numerical pin (WPS-PIN), a physical or virtual push button (WPS-PBC), or an out-of-band message such as near field communication (WPS-OOO). Surface Hub supports both the PIN method and the push-button method, which is the default.
-In Wi-Fi Direct, groups are created as either "persistent," allowing for automatic reconnection using stored key material, or "temporary," where devices cannot re-authenticate without user intervention or action. Wi-Fi Direct groups will typically determine a Group Owner (GO) through a negotiation protocol, which mimics the "station" or "Access Point" functionality for the established Wi-Fi Direct Group. This Wi-Fi Direct GO provides authentication (via an “Internal Registrar”), and facilitate upstream network connections. For Surface Hub, this GO negotiation does not take place, as the network only operates in "autonomous" mode, where Surface Hub is always the Group Owner. Finally, Surface Hub does not and will not join other Wi-Fi Direct networks itself as a client.
+In Wi-Fi Direct, groups are created as one of the following types:
+- *Persistent*, in which automatic reconnection can occur by using stored key material
+- *Temporary*, in which devices can't re-authenticate without user action
-
-## Wi-Fi Direct vulnerabilities and how Surface Hub addresses them
+Wi-Fi Direct groups determine a *group owner* (GO) through a negotiation protocol, which mimics the "station" or "access point" functionality for the established Wi-Fi Direct group. The Wi-Fi Direct GO provides authentication (via an "internal registrar") and facilitates upstream network connections. For Surface Hub, this GO negotiation doesn't occur. The network only operates in "autonomous" mode, and Surface Hub is always the group owner. Finally, Surface Hub itself doesn't join other Wi-Fi Direct networks as a client.
-**Vulnerabilities and attacks in the Wi-Fi Direct invitation, broadcast, and discovery process**: Wi-Fi Direct / Miracast attacks may target weaknesses in the group establishment, peer discovery, device broadcast, or invitation processes.
+## How Surface Hub addresses Wi-Fi Direct vulnerabilities
-|Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+**Vulnerabilities and attacks in the Wi-Fi Direct invitation, broadcast, and discovery process:** Wi-Fi Direct/Miracast attacks may target weaknesses in the group establishment, peer discovery, device broadcast, or invitation processes.
+
+|Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| The discovery process may remain active for an extended period of time, which could allow Invitations and connections to be established without the intent of the device owner. | Surface Hub only operates as the Group Owner (GO), which does not perform the client Discovery or GO negotiation process. Broadcast can be turned off by fully disabling wireless projection. |
-| Invitation and discovery using PBC allows an unauthenticated attacker to perform repeated connection attempts or unauthenticated connections are automatically accepted. | By requiring WPS PIN security, Administrators can reduce the potential for such unauthorized connections or "Invitation bombs" (where invitations are repeatedly sent until a user mistakenly accepts one). |
+| The discovery process may remain active for an extended period of time, which could allow invitations and connections to be established without the approval of the device owner. | Surface Hub only operates as the group owner, which doesn't perform the client discovery or GO negotiation processes. You can fully disable wireless projection to turn off broadcast. |
+| Invitation and discovery through PBC allows an unauthenticated attacker to perform repeated connection attempts, or unauthenticated connections are automatically accepted. | By requiring WPS PIN security, administrators can reduce the potential for such unauthorized connections or "invitation bombs," in which invitations are repeatedly sent until a user mistakenly accepts one. |
-**Wi-Fi Protected Setup (WPS) Push Button Connect (PBC) vs PIN Entry**: Public weaknesses have been demonstrated in WPS-PIN method design and implementation, other vulnerabilities exist within WPS-PBC involving active attacks against a protocol designed for one time use.
+**Wi-Fi Protected Setup (WPS) push button connect (PBC) vs PIN entry:** Public weaknesses have been demonstrated in WPS-PIN method design and implementation. WPS-PBC has other vulnerabilities that could allow active attacks against a protocol that's designed for one-time use.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| WPS-PBC is vulnerable to active attackers. As stated within the WPS specification: "The PBC method has zero bits of entropy and only protects against passive eavesdropping attacks. PBC protects against eavesdropping attacks and takes measures to prevent a device from joining a network that was not selected by the device owner. The absence of authentication, however, means that PBC does not protect against active attack". Attackers can use selective wireless jamming or other potential denial-of-service vulnerabilities in order to trigger an unintended Wi-Fi Direct GO or connection. Additionally, an active attacker, with only physical proximity, can repeatedly teardown any Wi-Fi Direct group and attempt the described attack until it is successful. |Enable WPS-PIN security within Surface Hub’s configuration. As discussed within the Wi-Fi WPS specification: "The PBC method should only be used if no PIN-capable Registrar is available and the WLAN user is willing to accept the risks associated with PBC". |
-| WPS-PIN implementations can be brute-forced using a Vulnerability within the WPS standard. Due to the design of split PIN verification, a number of implementation vulnerabilities occurred in the past several years across a wide range of Wi-Fi hardware manufacturers. In 2011 two researchers (Stefan Viehböck and Craig Heffner) released information on this vulnerability and tools such as "Reaver" as a proof of concept. | The Microsoft implementation of WPS within Surface Hub changes the pin every 30 seconds. In order to crack the pin, an attacker must work through the entire exploit in less than 30 seconds. Given the current state of tools and research in this area, a brute-force pin-cracking attack through WPS is unlikely. |
-| WPS-PIN can be cracked using an offline attack due to weak initial key (E-S1,E S2) entropy. In 2014, Dominique Bongard discussed a "Pixie Dust" attack where poor initial randomness for the pseudo random number generator (PRNG) within the wireless device lead to the ability to perform an offline brute-force attack. | The Microsoft implementation of WPS within Surface Hub is not susceptible to this offline PIN brute-force attack. The WPS-PIN is randomized for each connection. |
+| WPS-PBC is vulnerable to active attackers. The WPS specification states: "The PBC method has zero bits of entropy and only protects against passive eavesdropping attacks. PBC protects against eavesdropping attacks and takes measures to prevent a device from joining a network that was not selected by the device owner. The absence of authentication, however, means that PBC does not protect against active attack." Attackers can use selective wireless jamming or other denial-of-service techniques to trigger an unintended Wi-Fi Direct GO or connection. Also, an active attacker who merely has physical proximity can repeatedly tear down any Wi-Fi Direct group and attempt the attack until it succeeds. | Enable WPS-PIN security in Surface Hub configuration. The Wi-Fi WPS specification states: "The PBC method should only be used if no PIN-capable registrar is available and the WLAN user is willing to accept the risks associated with PBC." |
+| WPS-PIN implementations can be subject to brute-force attacks that target a vulnerability in the WPS standard. The design of split PIN verification led to multiple implementation vulnerabilities over the past several years across a range of Wi-Fi hardware manufacturers. In 2011, researchers Stefan Viehböck and Craig Heffner released information about this vulnerability and tools such as "Reaver" as a proof of concept. | The Microsoft implementation of WPS in Surface Hub changes the PIN every 30 seconds. To crack the PIN, an attacker must complete the entire exploit in less than 30 seconds. Given the current state of tools and research in this area, a brute-force PIN-cracking attack through WPS is unlikely to succeed. |
+| WPS-PIN can be cracked by an offline attack because of weak initial key (E-S1,E S2) entropy. In 2014, Dominique Bongard described a "Pixie Dust" attack where poor initial randomness for the pseudo random number generator (PRNG) in the wireless device allowed an offline brute-force attack. | The Microsoft implementation of WPS in Surface Hub is not susceptible to this offline PIN brute-force attack. The WPS-PIN is randomized for each connection. |
-**Unintended exposure of network services**: Network daemons intended for Ethernet or WLAN services may be accidentally exposed due to misconfiguration (such as binding to “all”/0.0.0.0 interfaces), a poorly configured device firewall, or missing firewall rules altogether.
+**Unintended exposure of network services:** Network daemons that are intended for Ethernet or WLAN services may be accidentally exposed because of misconfiguration (such as binding to "all"/0.0.0.0 interfaces). Other possible causes include a poorly configured device firewall or missing firewall rules.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| Misconfiguration binds a vulnerable or unauthenticated network service to "all" interfaces, which includes the Wi-Fi Direct interface. This potentially exposes services not intended to be accessible to Wi-Fi Direct clients, which may be weakly or automatically authenticated. | Within Surface Hub, the default firewall rules only permit the required TCP and UDP network ports and by default deny all inbound connections. Strong authentication can be configured by enabling the WPS-PIN mode. |
+| Misconfiguration binds a vulnerable or unauthenticated network service to "all" interfaces, which includes the Wi-Fi Direct interface. This can expose services that shouldn't be accessible to Wi-Fi Direct clients, which may be weakly or automatically authenticated. | In Surface Hub, the default firewall rules only permit the required TCP and UDP network ports and by default deny all inbound connections. Configure strong authentication by enabling the WPS-PIN mode.|
-**Bridging Wi-Fi Direct and other wired or wireless networks**: While network bridging between WLAN or Ethernet networks is a violation of the Wi-Fi Direct specification, such a bridge or misconfiguration may effectively lower or remove wireless access controls for the internal corporate network.
+**Bridging Wi-Fi Direct and other wired or wireless networks:** Network bridging between WLAN or Ethernet networks is a violation of the Wi-Fi Direct specification. Such a bridge or misconfiguration may effectively lower or remove wireless access controls for the internal corporate network.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| Wi-Fi Direct devices could allow unauthenticated or poorly authenticated access to bridged network connections. This may allow Wi-Fi Direct networks to route traffic to internal Ethernet LAN or other infrastructure or enterprise WLAN networks in violation of existing IT security protocols. | Surface Hub cannot be configured to bridge Wireless interfaces or allow routing between disparate networks. The default firewall rules add defense in depth to any such routing or bridge connections. |
+| Wi-Fi Direct devices could allow unauthenticated or poorly authenticated access to bridged network connections. This might allow Wi-Fi Direct networks to route traffic to internal Ethernet LAN or other infrastructure or to enterprise WLAN networks in violation of existing IT security protocols. | Surface Hub can't be configured to bridge wireless interfaces or allow routing between disparate networks. The default firewall rules add defense in depth to any such routing or bridge connections. |
-**The use of Wi-Fi Direct “legacy” mode**: Exposure to unintended networks or devices when operating in “legacy” mode may present a risk. Device spoofing or unintended connections could occur if WPS-PIN is not enabled.
+**The use of Wi-Fi Direct "legacy" mode:** Exposure to unintended networks or devices may occur when you operate in "legacy" mode. Device spoofing or unintended connections could occur if WPS-PIN is not enabled.
-
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| By supporting both Wi-Fi Direct and 802.11 infrastructure clients, the system is operating in a "legacy" support mode. This may expose the connection setup phase indefinitely, allowing for groups to be joined or devices invited to connect well after their intended setup phase terminates. | Surface Hub does not support Wi-Fi Direct legacy clients. Only Wi-Fi Direct connections can be made to Surface Hub even when WPS-PIN mode is enabled. |
+| By supporting both Wi-Fi Direct and 802.11 infrastructure clients, the system is operating in a "legacy" support mode. This may expose the connection-setup phase indefinitely, allowing groups to be joined or devices invited to connect well after their intended setup phase terminates. | Surface Hub doesn't support Wi-Fi Direct legacy clients. Only Wi-Fi Direct connections can be made to Surface Hub even when WPS-PIN mode is enabled. |
-**Wi-Fi Direct GO negotiation during connection setup**: The Group Owner within Wi-Fi Direct is analogous to the “Access Point” in a traditional 802.11 wireless network. The negotiation can be gamed by a malicious device.
+**Wi-Fi Direct GO negotiation during connection setup:** The group owner in Wi-Fi Direct is analogous to the "access point" in a conventional 802.11 wireless network. The negotiation can be gamed by a malicious device.
-|Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+|Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| If groups are dynamically established or if the Wi-Fi Direct device can be made to join new groups, the Group Owner (GO) negotiation can be won by a malicious device that always specifies the max Group Owner "intent" value of 15. (Unless such device is configured to always be a Group Owner, in which case the connection fails.) | Surface Hub takes advantage of Wi-Fi Direct "Autonomous mode", which skips the GO negotiation phase of the connection setup. Surface Hub is always the Group Owner. |
+| If groups are dynamically established or the Wi-Fi Direct device can be made to join new groups, the group owner negotiation can be won by a malicious device that always specifies the maximum group owner "intent" value of 15. (But the connection fails if the device is configured to always be a group owner.) | Surface Hub takes advantage of Wi-Fi Direct "Autonomous mode," which skips the GO negotiation phase of connection setup. And Surface Hub is always the group owner. |
-**Unintended or malicious Wi-Fi deauthentication**: Wi-Fi deauthentication is an age-old attack that can be used by a physically local attacker to expedite information leaks against the connection setup process, trigger new four-way handshakes, target Wi-Fi Direct WPS-PBC for active attack, or create denial-of-service attacks.
+**Unintended or malicious Wi-Fi deauthentication:** Wi-Fi deauthentication is an old attack in which a local attacker can expedite information leaks in the connection-setup process, trigger new four-way handshakes, target Wi-Fi Direct WPS-PBC for active attacks, or create denial-of-service attacks.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| Deauthentication packets can be sent by an unauthenticated attacker to cause the station to re-authenticate and sniff the resulting handshake. Cryptographic or brute-force attacks can be attempted on the resulting handshake. Mitigations for these attack include: enforcing length and complexity policies for pre-shared keys; configuring the Access Point (if applicable) to detect malicious levels of deauthentication packets; and using WPS to automatically generate strong keys. In PBC mode the user is interacting with a physical or virtual button to allow arbitrary device association. This process should happen only at setup within a small window, once the button is automatically "pushed", the device will accept any station associating via a canonical PIN value (all zeros). Deauthentication can force a repeated setup process. | The current Surface Hub design uses WPS in PIN or PBC mode. No PSK configuration is permitted, helping enforce the generation of strong keys. It is recommended to enable WPS-PIN. |
-| Beyond denial-of-service attacks, deauthentication packets can also be used to trigger a reconnect which re-opens the window of opportunity for active attacks against WPS-PBC. | Enable WPS-PIN security within Surface Hub’s configuration. |
+| Deauthentication packets can be sent by an unauthenticated attacker to cause the station to re-authenticate then to sniff the resulting handshake. Cryptographic or brute-force attacks can be attempted on the resulting handshake. Mitigation for these attack includes enforcing length and complexity policies for pre-shared keys, configuring the access point (if applicable) to detect malicious levels of deauthentication packets, and using WPS to automatically generate strong keys. In PBC mode, the user interacts with a physical or virtual button to allow arbitrary device association. This process should happen only at setup, within a short window. After the button is automatically "pushed," the device will accept any station that associates via a canonical PIN value (all zeros). Deauthentication can force a repeated setup process. | Surface Hub uses WPS in PIN or PBC mode. No PSK configuration is permitted. This method helps enforce generation of strong keys. It's best to enable WPS-PIN security for Surface Hub. |
+| In addition to denial-of-service attacks, deauthentication packets can be used to trigger a reconnect that re-opens the window of opportunity for active attacks against WPS-PBC. | Enable WPS-PIN security in the Surface Hub configuration. |
-**Basic wireless information disclosure**: Wireless networks, 802.11 or otherwise, are inherently sources of information disclosure. Although the information is largely connection or device metadata, it remains an accepted risk for any 802.11 administrator. Wi-Fi Direct with device authentication via WPS-PIN effectively reveals the same information as a PSK or Enterprise 802.11 network.
+**Basic wireless information disclosure:** Wireless networks, 802.11 or otherwise, are inherently at risk of information disclosure. Although this information is mostly connection or device metadata, this problem remains a known risk for any 802.11 network administrator. Wi-Fi Direct with device authentication via WPS-PIN effectively reveals the same information as a PSK or Enterprise 802.11 network.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| During broadcast, connection setup, or even with already encrypted connections, basic information about the devices and packet sizes is wirelessly transmitted. At a basic level, a local attacker within wireless range can determine the names of wireless devices, the MAC addresses of communicating equipment, and possibly other details such as the version of the wireless stack, packet sizes, or the configured Access Point or Group Owner options by examining the relevant 802.11 Information Elements. | The Wi-Fi Direct network employed by Surface Hub cannot be further protected from metadata leaks, in the same way 802.11 Enterprise or PSK wireless networks also leak such metadata. Physical security and removing potential threats from the wireless proximity can be used to reduce any potential information leaks. |
+| During broadcast, connection setup, or even normal operation of already-encrypted connections, basic information about devices and packet sizes is wirelessly transmitted. At a basic level, a local attacker who's within wireless range can examine the relevant 802.11 information elements to determine the names of wireless devices, the MAC addresses of communicating equipment, and possibly other details, such as the version of the wireless stack, packet sizes, or the configured access point or group owner options. | The Wi-Fi Direct network that Surface Hub uses can't be further protected from metadata leaks, just like for 802.11 Enterprise or PSK wireless networks. Physical security and removal of potential threats from wireless proximity can help reduce potential information leaks. |
-**Wireless evil twin or spoofing attacks**: Spoofing the wireless name is a trivial and known exploit for a physically local attacker in order to lure unsuspecting or mistaken users to connect.
+**Wireless evil twin or spoofing attacks:** Spoofing the wireless name is a simple, well-known exploit a local attacker can use to lure unsuspecting or mistaken users to connect.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| By spoofing or cloning the wireless name or "SSID" of the target network, an attacker may trick the user into connecting to fake malicious network. By supporting unauthenticated, auto-join Miracast an attacker could capture the intended display materials or attempt to perform network attacks on the connecting device. | While no specific protections against joining a spoofed Surface Hub are in place, this attack is partially mitigated in two ways. First, any potential attack must be physically within Wi-Fi range. Second, this attack is only possible during the very first connection. Subsequent connections use a persistent Wi-Fi Direct group and Windows will remember and prioritize this prior connection during future Hub use. (Note: Spoofing the MAC address, Wi-Fi channel and SSID simultaneously was not considered for this report and may result in inconsistent Wi-Fi behavior.) Overall this weakness is a fundamental problem for any 802.11 wireless network not using Enterprise WPA2 protocols such as EAP-TLS or EAP-PWD, which are not supported in Wi-Fi Direct. |
+| By spoofing or cloning the wireless name or "SSID" of the target network, an attacker may trick the user into connecting to a fake, malicious network. By supporting unauthenticated, auto-join Miracast, an attacker could capture the intended display materials or launch network attacks on the connecting device. | While there are no specific protections against joining a spoofed Surface Hub, this vulnerability is partially mitigated in two ways. First, any potential attack must be physically within Wi-Fi range. Second, this attack is only possible during the first connection. Subsequent connections use a persistent Wi-Fi Direct group, and Windows will remember and prioritize this prior connection during future Hub use. (Note: Spoofing the MAC address, Wi-Fi channel, and SSID simultaneously was not considered for this report and may result in inconsistent Wi-Fi behavior.) Overall, this weakness is a fundamental problem for any 802.11 wireless network that lacks Enterprise WPA2 protocols such as EAP-TLS or EAP-PWD, which Wi-Fi Direct doesn't support. |
## Surface Hub hardening guidelines
-Surface Hub is designed to facilitate collaboration and allow users to start or join meetings quickly and efficiently. As such, the default Wi-Fi Direct settings for Surface Hub are optimized for this scenario.
+Surface Hub is designed to facilitate collaboration and allow users to start or join meetings quickly and efficiently. The default Wi-Fi Direct settings for Surface Hub are optimized for this scenario.
-For users who require additional security around the wireless interface, we recommend Surface Hub users enable the WPS-PIN security setting. This disables WPS-PBC mode and offers client authentication, and provides the strongest level of protection by preventing any unauthorized connections to Surface Hub.
+For additional wireless interface security, Surface Hub users should enable the WPS-PIN security setting. This setting disables WPS-PBC mode and offers client authentication. It provides the strongest level of protection by preventing unauthorized connection to Surface Hub.
-If concerns remain around authentication and authorization of a Surface Hub, we recommend users connect the device to a separate network, either Wi-Fi (such as a "guest" Wi-Fi network) or using separate Ethernet network (preferably an entirely different physical network, but a VLAN can also provide some added security). Of course, this approach may preclude connections to internal network resources or services, and may require additional network configurations to regain access.
+If you still have concerns about authentication and authorization for Surface Hub, we recommend that you connect the device to a separate network. You could use Wi-Fi (such as a "guest" Wi-Fi network) or a separate Ethernet network, preferably an entirely different physical network. But a VLAN can also provide added security. Of course, this approach may preclude connections to internal network resources or services and may require additional network configuration to regain access.
-Also recommended:
-- [Install regular system updates.](manage-windows-updates-for-surface-hub.md)
-- Update the Miracast settings to disable auto-present mode.
+Also recommended:
+- [Install regular system updates](manage-windows-updates-for-surface-hub.md)
+- Update the Miracast settings to disable auto-present mode
## Learn more
@@ -118,7 +120,3 @@ Also recommended:
-
-
-
-
diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md
index 3a335c36cb..bc26815d56 100644
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@@ -3,46 +3,53 @@
## [Get started](get-started.md)
## Overview
-### [Surface Pro Tech specs](https://www.microsoft.com/surface/devices/surface-pro/tech-specs)
-### [Surface Book Tech specs](https://www.microsoft.com/surface/devices/surface-book/tech-specs)
-### [Surface Studio Tech specs](https://www.microsoft.com/surface/devices/surface-studio/tech-specs)
-### [Surface Go Tech specs](https://www.microsoft.com/surface/devices/surface-go/tech-specs)
-### [Surface Laptop 2 Tech specs](https://www.microsoft.com/surface/devices/surface-laptop/tech-specs)
+
+### [Surface Pro 7 for Business](https://www.microsoft.com/surface/business/surface-pro-7)
+### [Surface Pro X for Business](https://www.microsoft.com/surface/business/surface-pro-x)
+### [Surface Laptop 3 for Business](https://www.microsoft.com/surface/business/surface-laptop-3)
+### [Surface Book 2 for Business](https://www.microsoft.com/surface/business/surface-book-2)
+### [Surface Studio 2 for Business](https://www.microsoft.com/surface/business/surface-studio-2)
+### [Surface Go](https://www.microsoft.com/surface/business/surface-go)
+### [Secure, work-anywhere mobility with LTE Advanced](https://www.microsoft.com/surface/business/lte-laptops-and-tablets)
## Plan
+
### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md)
### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md)
### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
-### [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
+### [Considerations for Surface and Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
### [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md)
### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)
## Deploy
+
### [Deploy Surface devices](deploy.md)
### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
-### [Windows 10 ARM-based PC app compatibility](surface-pro-arm-app-performance.md)
+### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md)
### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)
+### [Enable the Surface Laptop keyboard during MDT deployment](enable-surface-keyboard-for-windows-pe-deployment.md)
### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)
### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)
### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
### [Surface System SKU reference](surface-system-sku-reference.md)
## Manage
+
### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md)
### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
### [Surface Dock Firmware Update](surface-dock-firmware-update.md)
### [Battery Limit setting](battery-limit.md)
### [Surface Brightness Control](microsoft-surface-brightness-control.md)
### [Surface Asset Tag](assettag.md)
-### [Surface firmware and driver updates](update.md)
-### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
+### [Manage Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
## Secure
+### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
### [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md
index 7ccc8ed708..db6a63ad69 100644
--- a/devices/surface/assettag.md
+++ b/devices/surface/assettag.md
@@ -3,12 +3,13 @@ title: Surface Asset Tag Tool
description: This topic explains how to use the Surface Asset Tag Tool.
ms.prod: w10
ms.mktglfcycl: manage
+ms.localizationpriority: medium
ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 02/01/2019
-ms.reviewer:
+ms.date: 10/21/2019
+ms.reviewer: hachidan
manager: dansimp
---
@@ -33,6 +34,9 @@ To run Surface Asset Tag:
extract the zip file, and save AssetTag.exe in desired folder (in
this example, C:\\assets).
+ > [!NOTE]
+ > For Surface Pro X, use the application named **AssetTag_x86** in the ZIP file.
+
2. Open a command console as an Administrator and run AssetTag.exe,
entering the full path to the tool.
diff --git a/devices/surface/battery-limit.md b/devices/surface/battery-limit.md
index 48b26edcc5..c5d75cda00 100644
--- a/devices/surface/battery-limit.md
+++ b/devices/surface/battery-limit.md
@@ -6,22 +6,26 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: dansimp
-ms.date: 10/02/2018
+ms.date: 10/31/2019
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Battery Limit setting
Battery Limit option is a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. This setting is recommended in cases in which the device is continuously connected to power, for example when devices are integrated into kiosk solutions.
-## Battery Limit information
+## How Battery Limit works
Setting the device on Battery Limit changes the protocol for charging the device battery. When Battery Limit is enabled, the battery charge will be limited to 50% of its maximum capacity. The charge level reported in Windows will reflect this limit. Therefore, it will show that the battery is charged up to 50% and will not charge beyond this limit. If you enable Battery Limit while the device is above 50% charge, the Battery icon will show that the device is plugged in but discharging until the device reaches 50% of its maximum charge capacity.
-Adding the Battery Limit option to Surface UEFI requires a [Surface UEFI firmware update](update.md), available through Windows Update or via the MSI driver and firmware packages on the Microsoft Download Center. Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each supported device. Currently, Battery Limit is supported on a subset of Surface devices and will be available in the future on other Surface device models.
+## Supported devices
+The Battery Limit UEFI setting is built into the latest Surface devices including Surface Pro 7 and Surface Laptop 3. Earlier devices require a
+ [Surface UEFI firmware update](update.md), available through Windows Update or via the MSI driver and firmware packages on the [Surface Support site](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each supported device.
## Enabling Battery Limit in Surface UEFI (Surface Pro 4 and later)
diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index dcff7acd6d..ebbb3fc3b5 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -9,6 +9,9 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
---
# Change history for Surface documentation
@@ -19,7 +22,9 @@ This topic lists new and updated topics in the Surface documentation library.
| **New or changed topic** | **Description** |
| ------------------------ | --------------- |
+| [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)| New document explaining how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices.|
| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)| New document highlighting key considerations for deploying, managing, and servicing Surface Pro X.|
+|Multiple topics| Updated with information on Surface Pro 7, Surface Pro X, and Surface Laptop 3.|
## September 2019
diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
index ec997db3be..2513abc0f9 100644
--- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
+++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
@@ -1,5 +1,5 @@
---
-title: Considerations for Surface and System Center Configuration Manager (Surface)
+title: Considerations for Surface and Microsoft Endpoint Configuration Manager
description: The management and deployment of Surface devices with Configuration Manager is fundamentally the same as any other PC; this article describes scenarios that may require additional considerations.
keywords: manage, deployment, updates, driver, firmware
ms.prod: w10
@@ -9,30 +9,32 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 11/25/2019
ms.reviewer:
manager: dansimp
---
# Considerations for Surface and System Center Configuration Manager
-Fundamentally, management and deployment of Surface devices with System Center Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device.
+Fundamentally, management and deployment of Surface devices with System Center Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client; to publish apps, settings, and policies, you use the same process as you would use for any other device.
You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for System Center Configuration Manager](https://docs.microsoft.com/sccm/index).
-Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios; the solutions documented in this article may apply to other devices and manufacturers as well.
+Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios. The solutions documented in this article may apply to other devices and manufacturers as well.
->[!NOTE]
->For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager.
+> [!NOTE]
+> For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager.
## Updating Surface device drivers and firmware
-For devices that receive updates through Windows Update, drivers for Surface components – and even firmware updates – are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
-As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
+For devices that recieve updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or System Center Configuration Manager, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/).
->[!NOTE]
->Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2 – for more information see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
+
+> [!NOTE]
+> Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2. For more information, see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
## Surface Ethernet adapters and Configuration Manager deployment
@@ -64,9 +66,9 @@ Instructions for applying prestaged media to UEFI devices, such as Surface devic
Surface devices come preinstalled with a licensed copy of Windows. For example, Surface Pro 4 is preinstalled with Windows 10 Professional. The license key for this preinstalled copy of Windows is embedded in the firmware of the device with OEM Activation 3.0 (OA 3.0). When you run Windows installation media on a device with an OA 3.0 key, Windows setup automatically reads the license key and uses it to install and activate Windows. In most situations, this simplifies the reinstallation of Windows, because the user does not have to find or enter a license key.
-When you reimage a device by using Windows Enterprise, this embedded license key does not cause a conflict. This is because the installation media for Windows Enterprise is configured to install only an Enterprise edition of Windows and therefore is incompatible with the license key embedded in the system firmware. If a product key is not specified (such as when you intend to activate with Key Management Services (KMS) or Active Directory Based Activation), a Generic Volume License Key (GVLK) is used until Windows is activated by one of those technologies.
+When you reimage a device by using Windows Enterprise, this embedded license key does not cause a conflict. This is because the installation media for Windows Enterprise is configured to install only an Enterprise edition of Windows and therefore is incompatible with the license key embedded in the system firmware. If a product key is not specified (such as when you intend to activate with Key Management Services [KMS] or Active Directory Based Activation), a Generic Volume License Key (GVLK) is used until Windows is activated by one of those technologies.
-However, issues may arise when organizations intend to use versions of Windows that are compatible with the firmware embedded key. For example, an organization that wants to install Windows 10 Professional on a Surface 3 device that originally shipped with Windows 10 Home edition may encounter difficulty when Windows setup automatically reads the Home edition key during installation and installs as Home edition rather than Professional. To avoid this conflict, you can use the Ei.cfg or Pid.txt file (see [Windows Setup Edition Configuration and Product ID Files](https://technet.microsoft.com/library/hh824952.aspx)) to explicitly instruct Windows setup to prompt for a product key, or you can enter a specific product key in the deployment task sequence. If you do not have a specific key, you can use the default product keys for Windows, which you can find in [Customize and deploy a Windows 10 operating system](https://dpcenter.microsoft.com/en/Windows/Build/cp-Windows-10-build) on the Device Partner Center.
+However, issues may arise when organizations intend to use versions of Windows that are compatible with the firmware embedded key. For example, an organization that wants to install Windows 10 Professional on a Surface 3 device that originally shipped with Windows 10 Home edition may encounter difficulty when Windows setup automatically reads the Home edition key during installation and installs as Home edition rather than Professional. To avoid this conflict, you can use the Ei.cfg or Pid.txt file to explicitly instruct Windows setup to prompt for a product key, or you can enter a specific product key in the deployment task sequence. For more information, see [Windows Setup Edition Configuration and Product ID Files](https://technet.microsoft.com/library/hh824952.aspx). If you do not have a specific key, you can use the default product keys for Windows, which you can find in [Customize and deploy a Windows 10 operating system](https://dpcenter.microsoft.com/en/Windows/Build/cp-Windows-10-build) on the Device Partner Center.
## Apply an asset tag during deployment
diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md
index f160c5977b..efc6802f8f 100644
--- a/devices/surface/customize-the-oobe-for-surface-deployments.md
+++ b/devices/surface/customize-the-oobe-for-surface-deployments.md
@@ -13,13 +13,13 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.audience: itpro
+ms.date: 10/21/2019
---
# Customize the OOBE for Surface deployments
-
-This article walks you through the process of customizing the Surface out-of-box experience for end users in your organization.
+This article describes customizing the Surface out-of-box experience for end users in your organization.
It is common practice in a Windows deployment to customize the user experience for the first startup of deployed computers — the out-of-box experience, or OOBE.
@@ -28,6 +28,9 @@ It is common practice in a Windows deployment to customize the user experience f
In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome.
+> [!NOTE]
+> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://technet.microsoft.com/itpro/windows/deploy/create-a-windows-10-reference-image).
>[!NOTE]
@@ -57,7 +60,7 @@ To provide the factory Surface Pen pairing experience in OOBE, you must copy fou
- %windir%\\system32\\oobe\\info\\default\\1033\\PenSuccess\_en-US.png
>[!NOTE]
->You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 3 to deploy to Surface Pro 3, and the files from Surface Book to deploy Surface Book, but you should not use the files from a Surface Pro 3 to deploy Surface Book or Surface Pro 4.
+>You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 7 to deploy to Surface Pro 7, and the files from Surface Book 2 to deploy Surface Book 2, but you should not use the files from a Surface Pro 7 to deploy Surface Book or Surface Pro 6.
diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md
index 5c4cc7c4a3..7c3f3bd079 100644
--- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md
+++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md
@@ -9,7 +9,9 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 09/21/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
ms.reviewer:
manager: dansimp
---
@@ -17,12 +19,25 @@ manager: dansimp
# Deploy Surface app with Microsoft Store for Business and Education
**Applies to**
-* Surface Pro 4
-* Surface Book
-* Surface 3
->[!NOTE]
->The Surface app ships in Surface Studio.
+- Surface Pro 7
+- Surface Laptop 3
+- Surface Pro 6
+- Surface Laptop 2
+- Surface Go
+- Surface Go with LTE
+- Surface Book 2
+- Surface Pro with LTE Advanced (Model 1807)
+- Surface Pro (Model 1796)
+- Surface Laptop
+- Surface Studio
+- Surface Studio 2
+- Surface Book
+- Surface Pro 4
+- Surface 3 LTE
+- Surface 3
+- Surface Pro 3
+
The Surface app is a lightweight Microsoft Store app that provides control of many Surface-specific settings and options, including:
@@ -34,9 +49,12 @@ The Surface app is a lightweight Microsoft Store app that provides control of ma
* Enable or disable Surface audio enhancements
-* Quick access to support documentation and information for your device
+* Quick access to support documentation and information for your device
-If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business.
+Customers using Windows Update will ordinarily receive Surface app as part of automatic updates. But if your organization is preparing images for deployment to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business.
+
+> [!NOTE]
+> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
## Surface app overview
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index 94094f2b60..92527470f2 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -2,8 +2,8 @@
title: Deploy the latest firmware and drivers for Surface devices (Surface)
description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
-ms.reviewer:
-manager: dansimp
+ms.reviewer: dansimp
+manager: kaushika
keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device
ms.localizationpriority: medium
ms.prod: w10
@@ -11,70 +11,95 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: dansimp
-ms.date: 08/13/2019
+ms.audience: itpro
+ms.date: 11/25/2019
ms.author: dansimp
ms.topic: article
---
# Deploy the latest firmware and drivers for Surface devices
-Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment.
-## Download MSI files
-To download MSI files, refer to the following Microsoft Support page:
-
-- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)
-Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
+> **Home users:** This article is only intended for technical support agents and IT professionals, and applies only to Surface devices. If you're looking for help to install Surface updates or firmware on a home device, please see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
+
+Under typical conditions, Windows Update automatically keeps Windows Surface devices up-to-date by downloading and installing the latest device drivers and firmware. However, you may sometimes have to download and install updates manually. For example, you may have to manually manage updates when you deploy a new version of Windows.
+
+## Downloading MSI files
+
+[Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface) provides links to download installation files for the following:
+
+- Administrative tools
+- Drivers for accessories
+- For some devices, updates for Windows
## Deploying MSI files
-Driver and firmware updates for Surface devices consisting of all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
-The MSI file names contain useful information including the minimum supported Windows build number required to install the drivers and firmware. For example, to install the drivers contained in SurfaceBook_Win10_17763_19.080.2031.0.msi requires Windows 10 Fall Creators Update version 1709 or later installed on your Surface Book.
+Specific versions of Windows 10 have separate MSI files. Each MSI file contains all required cumulative driver and firmware updates for Surface devices.
-To view build numbers for each version, refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information).
+The MSI file names contain useful information, including the minimum supported Windows build number that is required to install the drivers and firmware. For example, to install the drivers that are contained in SurfaceBook_Win10_17763_19.080.2031.0.msi on a Surface Book, the device must be running Windows 10 Fall Creators Update, version 1709 or later.
+
+For more information about build numbers for each Windows version, see [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information).
### Surface MSI naming convention
-Beginning in August 2019, MSI files use the following naming formula:
-- Product > Windows release > Windows build number > Version number > Revision of version number (typically zero).
+Beginning in August, 2019, MSI files have used the following naming convention:
-**Example:**
-SurfacePro6_Win10_18362_19.073.44195_0.msi :
+> *Product*\_*Windows release*\_*Windows build number*\_*Version number*\_*Revision of version number (typically zero)*.
-| Product | Windows release | Build | Version | Revision of version |
-| --- | --- | --- | --- | --- |
-| SurfacePro6 | Win10 | 18362 | 19.073.44195 | 0 |
-| | | | Indicates key date and sequence information. | Indicates release history of the update. |
-| | | | **19:** Signifies the year (2019). **073**: Signifies the month (July) and week of the release (3). **44195**: Signifies the minute of the month that the MSI file was created. |**0:** Signifies it's the first release of version 1907344195 and has not been re-released for any reason. |
+**Example**
+
+Consider the following MSI file:
+
+> SurfacePro6_Win10_18362_19.073.44195_0.msi
+
+This file name provides the following information:
+
+- **Product:** SurfacePro6
+- **Windows release:** Win10
+- **Build:** 18362
+- **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows:
+ - **Year:** 19 (2019)
+ - **Month and week:** 073 (third week of July)
+ - **Minute of the month:** 44195
+- **Revision of version:** 0 (first release of this version)
### Legacy Surface MSI naming convention
-Legacy MSI files prior to August 2019 followed the same overall naming formula but used a different method to derive the version number.
-**Example:**
-SurfacePro6_Win10_16299_1900307_0.msi :
+Legacy MSI files (files that were built before August, 2019) followed the same overall naming formula, but used a different method to derive the version number.
-| Product | Windows release | Build | Version | Revision of version |
-| --- | --- | --- | --- | --- |
-| SurfacePro6 | Win10 | 16299 | 1900307 | 0 |
-| | | | Indicates key date and sequence information. | Indicates release history of the MSI file. |
-| | | | **19:** Signifies the year (2019) **003**: Signifies that it’s the third release of 2019. **07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
+**Example**
-Look to the **version** number to determine the latest files that contain the most recent security updates. For example, you might need to install the newest file from the following list:
+Consider the following MSI file:
+> SurfacePro6_Win10_16299_1900307_0.msi
+
+This file name provides the following information:
+
+- **Product:** SurfacePro6
+- **Windows release:** Win10
+- **Build:** 16299
+- **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows:
+ - **Year:** 19 (2019)
+ - **Number of release:** 003 (third release of the year)
+ - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro)
+- **Revision of version:** 0 (first release of this version)
+
+Use the **version** number to determine the latest files that contain the most recent security updates. For example, consider the following list:
- SurfacePro6_Win10_16299_1900307_0.msi
- SurfacePro6_Win10_17134_1808507_3.msi
- SurfacePro6_Win10_17763_1808707_3.msi
-The first file — SurfacePro6_Win10_16299_1900307_0.msi — is the newest because its VERSION field has the newest build in 2019; the other files are from 2018.
+In this list, the newest file is the first file (SurfacePro6_Win10_16299_1900307_0.msi). Its **Version** field has the newest date (2019). The other files are from 2018.
## Supported devices
-Downloadable MSI files are available for Surface devices from Surface Pro 2 and later.
->[!NOTE]
->There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update.
+For downloadable MSI files for devices that run Surface Pro 2 and later versions, see [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). This article contains information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3, as they are released.
-For more information about deploying Surface drivers and firmware, refer to:
+> [!NOTE]
+> There are no downloadable firmware or driver updates available for Surface devices that run Windows RT, including Surface RT and Surface 2. To update these devices, use Windows Update.
+
+For more information about how to deploy Surface drivers and firmware, see the following articles:
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
-- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business)
+- [Surface for Business help](https://www.microsoft.com/surface/support/business)
diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
index 258912cc3d..fe487f8337 100644
--- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
+++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
@@ -9,7 +9,9 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
ms.reviewer:
manager: dansimp
---
@@ -17,13 +19,21 @@ manager: dansimp
# Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit
**Applies to**
-- Surface Studio
-- Surface Pro 4
-- Surface Book
+
+- Surface Studio and later
+- Surface Pro 4 and later
+- Surface Book and later
+- Surface Laptop and later
+- Surface Go
- Surface 3
- Windows 10
-This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app. When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
+This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app.
+
+> [!NOTE]
+> MDT is not currently supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
+When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
By following the procedures in this article, you can create an up-to-date reference image and deploy this image to your Surface devices, a process known as *reimaging*. Reimaging will erase and overwrite the existing environment on your Surface devices. This process allows you to rapidly configure your Surface devices with identical environments that can be configured to precisely fit your organization’s requirements.
diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md
index 08149e26b7..68749b654c 100644
--- a/devices/surface/deploy.md
+++ b/devices/surface/deploy.md
@@ -11,6 +11,8 @@ ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Deploy Surface devices
@@ -39,19 +41,7 @@ Learn about about deploying ARM- and Intel-based Surface devices.
| [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)| See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. |
[Battery Limit setting](battery-limit.md) | Learn how to use Battery Limit, a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity.
-
-
-
-
## Related topics
-[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
+[Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
index 026be430c1..42faacbcac 100644
--- a/devices/surface/docfx.json
+++ b/devices/surface/docfx.json
@@ -37,11 +37,22 @@
"depot_name": "Win.surface",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ],
+ "titleSuffix": "Surface"
},
"externalReference": [],
"template": "op.html",
"dest": "devices/surface",
"markdownEngineName": "markdig"
- }
+}
}
diff --git a/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
new file mode 100644
index 0000000000..855d637526
--- /dev/null
+++ b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
@@ -0,0 +1,120 @@
+---
+title: How to enable the Surface Laptop keyboard during MDT deployment (Surface)
+description: When you use MDT to deploy Windows 10 to Surface laptops, you need to import keyboard drivers to use in the Windows PE environment.
+keywords: windows 10 surface, automate, customize, mdt
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: surface
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.date: 10/31/2019
+ms.reviewer: scottmca
+ms.localizationpriority: medium
+ms.audience: itpro
+manager: jarrettr
+appliesto:
+- Surface Laptop (1st Gen)
+- Surface Laptop 2
+- Surface Laptop 3
+---
+
+# How to enable the Surface Laptop keyboard during MDT deployment
+
+> [!NOTE]
+> This article addresses a deployment approach that uses Microsoft Deployment Toolkit (MDT). You can also apply this information to other deployment methodologies.
+
+> [!IMPORTANT]
+> If you are deploying a Windows 10 image to a Surface Laptop that has Windows 10 in S mode preinstalled, see KB [4032347, Problems when deploying Windows to Surface devices with preinstalled Windows 10 in S mode](https://support.microsoft.com/help/4032347/surface-preinstall-windows10-s-mode-issues).
+
+On most types of Surface devices, the keyboard should work during Lite Touch Installation (LTI). However, Surface Laptop requires some additional drivers to enable the keyboard. For Surface Laptop (1st Gen) and Surface Laptop 2 devices, you must prepare the folder structure and selection profiles that allow you to specify keyboard drivers for use during the Windows Preinstallation Environment (Windows PE) phase of LTI. For more information about this folder structure, see [Deploy a Windows 10 image using MDT: Step 5: Prepare the drivers repository](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt?redirectedfrom=MSDN#step-5-prepare-the-drivers-repository).
+
+To add the keyboard drivers to the selection profile, follow these steps:
+
+1. Download the latest Surface Laptop MSI file from the appropriate locations:
+ - [Surface Laptop (1st Gen) Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=55489)
+ - [Surface Laptop 2 Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=57515)
+ - [Surface Laptop 3 with Intel Processor Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=100429)
+
+2. Extract the contents of the Surface Laptop MSI file to a folder that you can easily locate (for example, c:\surface_laptop_drivers). To extract the contents, open an elevated Command Prompt window and run the command from the following example:
+
+ ```cmd
+ Msiexec.exe /a SurfaceLaptop_Win10_15063_1703008_1.msi targetdir=c:\surface_laptop_drivers /qn
+ ```
+
+3. Open the Deployment Workbench and expand the **Deployment Shares** node and your deployment share, then navigate to the **WindowsPEX64** folder.
+
+ 
+
+4. Right-click the **WindowsPEX64** folder and select **Import Drivers**.
+5. Follow the instructions in the Import Driver Wizard to import the driver folders into the WindowsPEX64 folder.
+
+> [!NOTE]
+> Check the downloaded MSI package to determine the format and directory structure. The directory structure will start with either SurfacePlatformInstaller (older MSI files) or SurfaceUpdate (Newer MSI files) depending on when the MSI was released.
+
+To support Surface Laptop (1st Gen), import the following folders:
+
+ - SurfacePlatformInstaller\Drivers\System\GPIO
+ - SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver
+ - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
+
+Or for newer MSI files beginning with "SurfaceUpdate", use:
+
+- SurfaceUpdate\SerialIOGPIO
+- SurfaceUpdate\SurfaceHidMiniDriver
+- SurfaceUpdate\SurfaceSerialHubDriver
+
+To support Surface Laptop 2, import the following folders:
+
+ - SurfacePlatformInstaller\Drivers\System\GPIO
+ - SurfacePlatformInstaller\Drivers\System\SurfaceHIDMiniDriver
+ - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
+ - SurfacePlatformInstaller\Drivers\System\I2C
+ - SurfacePlatformInstaller\Drivers\System\SPI
+ - SurfacePlatformInstaller\Drivers\System\UART
+
+Or for newer MSI files beginning with "SurfaceUpdate", use:
+
+- SurfaceUpdate\SerialIOGPIO
+- SurfaceUpdate\IclSerialIOI2C
+- SurfaceUpdate\IclSerialIOSPI
+- SurfaceUpdate\IclSerialIOUART
+- SurfaceUpdate\SurfaceHidMini
+- SurfaceUpdate\SurfaceSerialHub
+
+
+To support Surface Laptop 3 with Intel Processor, import the following folders:
+
+- SurfaceUpdate\IclSerialIOGPIO
+- SurfaceUpdate\IclSerialIOI2C
+- SurfaceUpdate\IclSerialIOSPI
+- SurfaceUpdate\IclSerialIOUART
+- SurfaceUpdate\SurfaceHidMini
+- SurfaceUpdate\SurfaceSerialHub
+- SurfaceUpdate\SurfaceHotPlug
+
+
+6. Verify that the WindowsPEX64 folder now contains the imported drivers. The folder should resemble the following:
+
+ 
+
+7. Configure a selection profile that uses the WindowsPEX64 folder. The selection profile should resemble the following:
+
+ 
+
+8. Configure the Windows PE properties of the MDT deployment share to use the new selection profile, as follows:
+
+ - For **Platform**, select **x64**.
+ - For **Selection profile**, select the new profile.
+ - Select **Include all drivers from the selection profile**.
+
+ 
+
+9. Verify that you have configured the remaining Surface Laptop drivers by using either a selection profile or a **DriverGroup001** variable.
+ - For Surface Laptop (1st Gen), the model is **Surface Laptop**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop folder as shown in the figure that follows this list.
+ - For Surface Laptop 2, the model is **Surface Laptop 2**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 2 folder.
+
+ 
+
+After configuring the MDT Deployment Share to use the new selection profile and related settings, continue the deployment process as described in [Deploy a Windows 10 image using MDT: Step 6: Create the deployment task sequence](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt#step-6-create-the-deployment-task-sequence).
diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md
index 7eb53c4ec9..e8a0143aab 100644
--- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md
+++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md
@@ -9,7 +9,9 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 01/06/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
ms.reviewer:
manager: dansimp
---
@@ -20,6 +22,11 @@ With Microsoft Surface Enterprise Management Mode (SEMM), you can securely confi
For a more high-level overview of SEMM, see [Microsoft Surface Enterprise Management Mode](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode).
+A streamlined method of managing firmware from the cloud on Surface Pro 7,Surface Pro X and Surface Laptop 3 is now available via public preview. For more information,refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+
+> [!NOTE]
+> SEMM is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md).
+
#### Download and install Microsoft Surface UEFI Configurator
The tool used to create SEMM packages is Microsoft Surface UEFI Configurator. You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
Run the Microsoft Surface UEFI Configurator Windows Installer (.msi) file to start the installation of the tool. When the installer completes, find Microsoft Surface UEFI Configurator in the All Apps section of your Start menu.
diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
index 00aa0c1f1a..1b1216cd8d 100644
--- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md
+++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
@@ -13,13 +13,14 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.audience: itpro
+ms.date: 10/21/2019
---
# Ethernet adapters and Surface deployment
-This article provides guidance and answers to help you perform a network deployment to Surface devices.
+This article provides guidance and answers to help you perform a network deployment to Surface devices including Surface Pro 3 and later.
Network deployment to Surface devices can pose some unique challenges for system administrators. Due to the lack of a native wired Ethernet adapter, administrators must provide connectivity through a removable Ethernet adapter.
@@ -32,6 +33,9 @@ The primary concern when selecting an Ethernet adapter is how that adapter will
Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware.
+> [!NOTE]
+> PXE boot is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
The following Ethernet devices are supported for network boot with Surface devices:
- Surface USB-C to Ethernet and USB 3.0 Adapter
@@ -50,7 +54,6 @@ Third-party Ethernet adapters are also supported for network deployment, althoug
## Boot Surface devices from the network
-
To boot from the network or a connected USB stick, you must instruct the Surface device to boot from an alternate boot device. You can alter the boot order in the system firmware to prioritize USB boot devices, or you can instruct it to boot from an alternate boot device during the boot up process.
To boot a Surface device from an alternative boot device, follow these steps:
diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md
index 407e12ba82..af2bc13af9 100644
--- a/devices/surface/get-started.md
+++ b/devices/surface/get-started.md
@@ -1,7 +1,7 @@
---
title: Get started with Surface devices
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
layout: LandingPage
ms.assetid:
@@ -14,7 +14,7 @@ ms.localizationpriority: High
---
# Get started with Surface devices
-Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization.
+Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface for Business devices in your organization.
@@ -28,8 +28,8 @@ Harness the power of Surface, Windows, and Office connected together through the
diff --git a/devices/surface/images/df1.png b/devices/surface/images/df1.png
new file mode 100644
index 0000000000..92aff587bc
Binary files /dev/null and b/devices/surface/images/df1.png differ
diff --git a/devices/surface/images/df2a.png b/devices/surface/images/df2a.png
new file mode 100644
index 0000000000..2a755ac374
Binary files /dev/null and b/devices/surface/images/df2a.png differ
diff --git a/devices/surface/images/df3.png b/devices/surface/images/df3.png
new file mode 100644
index 0000000000..c5263ce83f
Binary files /dev/null and b/devices/surface/images/df3.png differ
diff --git a/devices/surface/images/df3b.png b/devices/surface/images/df3b.png
new file mode 100644
index 0000000000..60370c5541
Binary files /dev/null and b/devices/surface/images/df3b.png differ
diff --git a/devices/surface/images/dfciconfig.png b/devices/surface/images/dfciconfig.png
new file mode 100644
index 0000000000..2e8b0b4fee
Binary files /dev/null and b/devices/surface/images/dfciconfig.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig5a.png b/devices/surface/images/manage-surface-uefi-fig5a.png
new file mode 100644
index 0000000000..7baecb2fff
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig5a.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig7a.png b/devices/surface/images/manage-surface-uefi-fig7a.png
new file mode 100644
index 0000000000..62e6536ea8
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig7a.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-1.png b/devices/surface/images/surface-laptop-keyboard-1.png
new file mode 100644
index 0000000000..090ca2b58e
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-1.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-2.png b/devices/surface/images/surface-laptop-keyboard-2.png
new file mode 100644
index 0000000000..2a2cb8b3be
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-2.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-3.png b/devices/surface/images/surface-laptop-keyboard-3.png
new file mode 100644
index 0000000000..80ccc1fc3c
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-3.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-4.png b/devices/surface/images/surface-laptop-keyboard-4.png
new file mode 100644
index 0000000000..cf08e7a292
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-4.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-5.png b/devices/surface/images/surface-laptop-keyboard-5.png
new file mode 100644
index 0000000000..cf4bc9109c
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-5.png differ
diff --git a/devices/surface/images/uefidfci.png b/devices/surface/images/uefidfci.png
new file mode 100644
index 0000000000..ec95181145
Binary files /dev/null and b/devices/surface/images/uefidfci.png differ
diff --git a/devices/surface/index.md b/devices/surface/index.md
index 2677bffc49..3d8e45e45e 100644
--- a/devices/surface/index.md
+++ b/devices/surface/index.md
@@ -3,8 +3,8 @@ title: Microsoft Surface documentation and resources
layout: HubPage
hide_bc: true
description: Surface and Surface Hub documentation for admins & IT professionals
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
manager: laurawi
ms.topic: hub-page
keywords: Microsoft Surface, Microsoft Surface Hub, Surface documentation
diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md
index 225135d993..5e14c8444d 100644
--- a/devices/surface/ltsb-for-surface.md
+++ b/devices/surface/ltsb-for-surface.md
@@ -10,6 +10,8 @@ ms.author: dansimp
ms.topic: article
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Long-Term Servicing Channel (LTSC) for Surface devices
@@ -28,23 +30,7 @@ General-purpose Surface devices are intended to run on the Semi-Annual Channel t
Surface devices in specialized scenarios–such as PCs that control medical equipment, point-of-sale systems, and ATMs–might consider the use of LTSC. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization.
-
-
-
-
## Related topics
-- [Surface TechCenter](https://technet.microsoft.com/windows/surface)
-
-- [Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
-
-
+- [Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)
diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
index ede174d674..e43a14a63b 100644
--- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
+++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
@@ -1,6 +1,6 @@
---
title: Best practice power settings for Surface devices
-description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience.
+description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -9,7 +9,9 @@ ms.author: dansimp
ms.topic: article
ms.reviewer:
manager: dansimp
-ms.date: 08/21/2019
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/28/2019
---
# Best practice power settings for Surface devices
@@ -49,7 +51,7 @@ module (SAM). The SAM chip functions as the Surface device power-policy
owner, using algorithms to calculate optimal power requirements. It
works in conjunction with Windows power manager to allocate or throttle
only the exact amount of power required for hardware components to
-function.
+function. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
## Utilizing the custom power profile in Surface
diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md
new file mode 100644
index 0000000000..7f470ab3ac
--- /dev/null
+++ b/devices/surface/manage-surface-driver-and-firmware-updates.md
@@ -0,0 +1,65 @@
+---
+title: Manage Surface driver and firmware updates (Surface)
+description: This article describes the available options to manage firmware and driver updates for Surface devices.
+ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
+ms.reviewer:
+manager: dansimp
+keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
+ms.localizationpriority: medium
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.pagetype: surface, devices
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.audience: itpro
+ms.date: 10/21/2019
+---
+
+# Manage Surface driver and firmware updates
+
+This article describes the available options that you can use to manage firmware and driver updates for Surface devices including Surface Pro 3 and later.
+
+To see a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+
+On Surface devices, the firmware is exposed to the operating system as a driver and is visible in Device Manager. This design allows a Surface device firmware to be automatically updated along with all drivers through Windows Update. This mechanism provides a seamless, automatic experience for receiving the latest firmware and driver updates. Although automatic updating is easy for end users, updating firmware and drivers automatically may not always be appropriate for organizations and businesses. In cases where you strictly manage updates or when you deploy a new operating system to a Surface device, automatic updates from Windows Update may not be appropriate.
+
+## Methods for deploying firmware
+
+Windows Update automatically provides firmware for computers that receive updates directly from Microsoft. However, in environments where Windows Server Update Services (WSUS) manages updates, Windows Update cannot update the firmware. For managed environments, there are a number of options you can use to deploy firmware updates.
+
+### Windows Update
+
+The simplest solution to ensure that firmware on Surface devices in your organization is kept up to date is to allow Surface devices to receive updates directly from Microsoft. You can implement this solution easily by excluding Surface devices from Group Policy that directs computers to receive updates from WSUS.
+
+Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives updates from Windows Update downloads each update independently from Microsoft instead of accessing a central location. These operations increase demand on Internet connectivity and bandwidth. Additionally, such updates are not subjected to testing or review by administrators.
+
+For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 4: Configure Group Policy Settings for Automatic Updates](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates).
+
+### Windows Installer Package
+
+Surface driver and firmware updates are packaged as Windows Installer (MSI) files. To deploy these Windows Installer packages, you can use application deployment utilities such as the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager. Such solutions provide the means for administrators to test and review updates before deploying them, and to centralize deployment. For each device, it is important to select the correct MSI file for the device and its operating system. For more information see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+
+For instructions on how to deploy updates by using Endpoint Configuration Manager (formerly System Center Configuration Manager), refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
+
+> [!NOTE]
+> You can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
+
+### Microsoft System Center Configuration Manager
+
+Starting in Microsoft System Center Configuration Manager version 1710, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. The process resembles that for deploying regular updates. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager).
+
+## Considerations when deploying updates and operating systems together
+
+The process of deploying firmware updates during an operating system deployment is straightforward. You can import the firmware and driver pack into either System Center Configuration Manager or MDT, and use them to deploy a fully updated environment to a target Surface device, complete with firmware. For a complete step-by-step guide to using MDT to deploy Windows to a Surface device, see [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](deploy-windows-10-to-surface-devices-with-mdt.md).
+
+> [!IMPORTANT]
+> Select the correct MSI file for each specific device and its operating system. For more information, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+
+**WindowsPE and Surface firmware and drivers**
+
+System Center Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase.
+
+## Supported devices
+Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release.
diff --git a/devices/surface/manage-surface-pro-3-firmware-updates.md b/devices/surface/manage-surface-pro-3-firmware-updates.md
deleted file mode 100644
index e37749103c..0000000000
--- a/devices/surface/manage-surface-pro-3-firmware-updates.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Manage Surface driver and firmware updates (Surface)
-description: This article describes the available options to manage firmware and driver updates for Surface devices.
-ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
-ms.reviewer:
-manager: dansimp
-keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
-ms.localizationpriority: medium
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.date: 07/27/2017
----
-
-# Manage Surface driver and firmware updates
-
-
-This article describes the available options to manage firmware and driver updates for Surface devices.
-
-For a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
-
-On Surface devices, the firmware is exposed to the operating system as a driver and is visible in Device Manager. This allows a Surface device firmware to be automatically updated along with all drivers through Windows Update. This mechanism provides a seamless, automatic experience to receive the latest firmware and driver updates. Although automatic updating is easy for end users, updating firmware and drivers automatically may not always apply to organizations and businesses. Automatic updates with Windows Update may not be applicable where updates are carefully managed, or when you deploy a new operating system to a Surface device.
-
-## Methods for firmware deployment
-
-
-Although firmware is provided automatically by Windows Update for computers that receive updates directly from Microsoft, in environments where updates are carefully managed by using Windows Server Update Services (WSUS), updating the firmware through Windows Update is not supported. For managed environments, there are a number of options you can use to deploy firmware updates.
-
-**Windows Update**
-
-The simplest solution to ensure that firmware on Surface devices in your organization is kept up to date is to allow Surface devices to receive updates directly from Microsoft. You can implement this solution easily by excluding Surface devices from Group Policy that directs computers to receive updates from WSUS.
-
-Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives Windows Updates directly will separately download each update rather than accessing a central location, which increases demand on Internet connectivity and bandwidth. Updates are also provided automatically to devices, without being subjected to testing or review by administrators.
-
-For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](https://technet.microsoft.com/library/dn595129).
-
-**Windows Installer Package**
-
-The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](https://blogs.technet.microsoft.com/surface/2015/03/04/surface-pro-3-msi-now-available/) blog post.
-
-For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](https://technet.microsoft.com/library/gg682082). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](https://technet.microsoft.com/library/dn744279#sec04). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
-
-**Provisioning packages**
-
-New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
-
-**Windows PowerShell**
-
-Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](https://blogs.technet.microsoft.com/deploymentguys/2013/05/16/deploying-drivers-and-firmware-to-surface-pro/) blog post.
-
-## Operating system deployment considerations
-
-
-The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](https://www.microsoft.com/download/details.aspx?id=45292) from the Microsoft Download Center.
-
-The individual driver files are also made available in the Microsoft Download Center if you are using deployment tools. The driver files are available in the ZIP archive file in the list of available downloads for your device.
-
-**Windows PE and Surface firmware and drivers**
-
-A best practice for deployment with any solution that uses the Windows Preinstallation Environment (WinPE), such as System Center Configuration Manager or MDT, is to configure WinPE with only the drivers that are required during the WinPE stage of deployment. These usually include drivers for network adapters and storage controllers. This best practice helps to prevent errors with more complex drivers that rely on components that are not present in WinPE. For Surface Pro 3 devices, this is especially true of the Touch Firmware. The Touch Firmware should never be loaded in a WinPE environment on Surface Pro 3.
diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md
index 74e22a3d1b..d205908048 100644
--- a/devices/surface/manage-surface-uefi-settings.md
+++ b/devices/surface/manage-surface-uefi-settings.md
@@ -17,18 +17,25 @@ manager: dansimp
# Manage Surface UEFI settings
-Current and future generations of Surface devices, including Surface Pro 4, Surface Book, and Surface Studio, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings.
+All current and future generations of Surface devices use a unique Unified Extensible Firmware Interface (UEFI) engineered by Microsoft specifically for these devices. Surface UEFI settings provide the ability to enable or disable built-in devices and components, protect UEFI settings from being changed, and adjust the Surface device boot settings.
->[!NOTE]
->Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI.
+## Support for cloud-based management
-You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot.
+With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. DFCI is currently available for Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
-## PC information
+## Open Surface UEFI menu
-On the **PC information** page, detailed information about your Surface device is provided:
+To adjust UEFI settings during system startup:
-- **Model** – Your Surface device’s model will be displayed here, such as Surface Book or Surface Pro 4. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
+1. Shut down your Surface and wait about 10 seconds to make sure it's off.
+2. Press and hold the **Volume-up** button and - at the same time - press and release the **Power button.**
+3. As the Microsoft or Surface logo appears on your screen, continue to hold the **Volume-up** button until the UEFI screen appears.
+
+## UEFI PC information page
+
+The PC information page includes detailed information about your Surface device:
+
+- **Model** – Your Surface device’s model will be displayed here, such as Surface Book 2 or Surface Pro 7. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
- **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management.
- **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios.
@@ -52,9 +59,9 @@ You will also find detailed information about the firmware of your Surface devic
You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device.
-## Security
+## UEFI Security page
-On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
+The Security page allows you to set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
- Uppercase letters: A-Z
@@ -70,21 +77,21 @@ The password must be at least 6 characters and is case sensitive.
*Figure 2. Add a password to protect Surface UEFI settings*
-On the **Security** page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
+On the Security page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
*Figure 3. Configure Secure Boot*
-You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
+You can also enable or disable the Trusted Platform Module (TPM) device on the Security page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
*Figure 4. Configure Surface UEFI security settings*
-## Devices
+## UEFI menu: Devices
-On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include:
+The Devices page allows you to enable or disable specific devices and components including:
- Docking and USB Ports
@@ -102,13 +109,13 @@ On the **Devices** page you can enable or disable specific devices and component
Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 5.
-
+
*Figure 5. Enable and disable specific devices*
-## Boot configuration
+## UEFI menu: Boot configuration
-On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices:
+The Boot Configuration page allows you to change the order of your boot devices as well as enable or disable boot of the following devices:
- Windows Boot Manager
@@ -128,68 +135,83 @@ For the specified boot order to take effect, you must set the **Enable Alternate
You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.
+## UEFI menu: Management
+The Management page allows you to manage use of Zero Touch UEFI Management and other features on eligible devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
-## Exit
+
+*Figure 7. Manage access to Zero Touch UEFI Management and other features*
-Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 7.
+
+Zero Touch UEFI Management lets you remotely manage UEFI settings by using a device profile within Intune called Device Firmware Configuration Interface (DFCI). If you do not configure this setting, the ability to manage eligible devices with DFCI is set to **Ready**. To prevent DFCI, select **Opt-Out**.
+
+> [!NOTE]
+> The UEFI Management settings page and use of DFCI is only available on Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+
+For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+
+## UEFI menu: Exit
+
+Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8.
-*Figure 7. Click Restart Now to exit Surface UEFI and restart the device*
+*Figure 8. Click Restart Now to exit Surface UEFI and restart the device*
## Surface UEFI boot screens
-When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 8 through 17.
+When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 9 through 18.
-*Figure 8. The Surface UEFI firmware update displays a blue progress bar*
+*Figure 9. The Surface UEFI firmware update displays a blue progress bar*
-*Figure 9. The System Embedded Controller firmware update displays a green progress bar*
+*Figure 10. The System Embedded Controller firmware update displays a green progress bar*
-*Figure 10. The SAM Controller firmware update displays an orange progress bar*
+*Figure 11. The SAM Controller firmware update displays an orange progress bar*
-*Figure 11. The Intel Management Engine firmware update displays a red progress bar*
+*Figure 12. The Intel Management Engine firmware update displays a red progress bar*
-*Figure 12. The Surface touch firmware update displays a gray progress bar*
+*Figure 13. The Surface touch firmware update displays a gray progress bar*
-*Figure 13. The Surface KIP firmware update displays a light green progress bar*
+*Figure 14. The Surface KIP firmware update displays a light green progress bar*
-*Figure 14. The Surface ISH firmware update displays a light pink progress bar*
+*Figure 15. The Surface ISH firmware update displays a light pink progress bar*
-*Figure 15. The Surface Trackpad firmware update displays a pink progress bar*
+*Figure 16. The Surface Trackpad firmware update displays a pink progress bar*
-*Figure 16. The Surface TCON firmware update displays a light gray progress bar*
+*Figure 17. The Surface TCON firmware update displays a light gray progress bar*
-*Figure 17. The Surface TPM firmware update displays a purple progress bar*
+*Figure 18. The Surface TPM firmware update displays a purple progress bar*
>[!NOTE]
->An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 18.
+>An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 19.
-*Figure 18. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
+*Figure 19. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
## Related topics
-[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
+- [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
+
+- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
\ No newline at end of file
diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md
index 41b2e3d994..1761581ced 100644
--- a/devices/surface/microsoft-surface-brightness-control.md
+++ b/devices/surface/microsoft-surface-brightness-control.md
@@ -8,9 +8,11 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 1/15/2019
-ms.reviewer:
+ms.date: 10/31/2019
+ms.reviewer: hachidan
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Surface Brightness Control
@@ -19,11 +21,10 @@ When deploying Surface devices in point of sale or other “always-on”
kiosk scenarios, you can optimize power management using the new Surface
Brightness Control app.
-Available for download with [Surface Tools for
-IT](https://www.microsoft.com/download/details.aspx?id=46703), Surface Brightness Control is
-designed to help reduce thermal load and lower the overall carbon
-footprint for deployed Surface devices. The tool automatically dims the screen when not in use and
-includes the following configuration options:
+Available for download with [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703).
+Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices.
+If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list.
+The tool automatically dims the screen when not in use and includes the following configuration options:
- Period of inactivity before dimming the display.
@@ -45,9 +46,14 @@ documentation](https://docs.microsoft.com/windows/desktop/sysinfo/registry).
1. Run regedit from a command prompt to open the Windows Registry
Editor.
- - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
+ - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Surface\Surface
Brightness Control\
-
+
+ If you're running an older version of Surface Brightness control, run the following command instead:
+
+ - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
+ Brightness Control\
+
| Registry Setting | Data| Description
|-----------|------------|---------------
@@ -60,6 +66,11 @@ Full Brightness | Default: 100 Option: Range of 0-100 percent of screen b
## Changes and updates
+### Version 1.16.137
+*Release Date: 22 October 2019*
+This version of Surface Brightness Control adds support for the following:
+-Recompiled for x86, adding support for Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+
### Version 1.12.239.0
*Release Date: 26 April 2019*
This version of Surface Brightness Control adds support for the following:
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index 29b42615a0..90b623c490 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -2,7 +2,7 @@
title: Microsoft Surface Data Eraser (Surface)
description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10
-ms.reviewer:
+ms.reviewer: hachidan
manager: dansimp
ms.localizationpriority: medium
keywords: tool, USB, data, erase
@@ -13,7 +13,8 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 05/15/2018
+ms.audience: itpro
+ms.date: 11/13/2019
---
# Microsoft Surface Data Eraser
@@ -28,6 +29,9 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
Compatible Surface devices include:
+* Surface Pro 7
+* Surface Pro X
+* Surface Laptop 3
* Surface Pro 6
* Surface Laptop 2
* Surface Go
@@ -156,6 +160,18 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
+### 3.28.137
+*Release Date: 11 Nov 2019*
+This version of Surface Data Eraser:
+
+- Includes bug fixes
+
+### Version 3.21.137
+*Release Date: 21 Oct 2019*
+This version of Surface Data Eraser is compiled for x86 and adds support for the following devices:
+
+- Supports Surface Pro 7, Surface Pro X, and Surface Laptop 3
+
### Version 3.2.78.0
*Release Date: 4 Dec 2018*
diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md
index b6921a138f..7fbd031cf5 100644
--- a/devices/surface/microsoft-surface-deployment-accelerator.md
+++ b/devices/surface/microsoft-surface-deployment-accelerator.md
@@ -2,9 +2,9 @@
title: Microsoft Surface Deployment Accelerator (Surface)
description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
-ms.reviewer:
+ms.reviewer: hachidan
manager: dansimp
-ms.date: 07/27/2017
+ms.date: 10/31/2019
ms.localizationpriority: medium
keywords: deploy, install, tool
ms.prod: w10
@@ -14,19 +14,18 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
+ms.audience: itpro
---
# Microsoft Surface Deployment Accelerator
+Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools.
-Microsoft Surface Deployment Accelerator (SDA) provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
-
-SDA includes a wizard that automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. The resulting deployment solution is complete with everything you need to immediately begin the deployment of Windows to a Surface device. You can also use SDA to create and capture a Windows reference image and then deploy it with the latest Windows updates.
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.
-You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](https://technet.microsoft.com/windows/dn913725).
-
**Download Microsoft Surface Deployment Accelerator**
You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:
diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md
index 956924345f..488bd63a15 100644
--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@@ -13,13 +13,16 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 10/31/2019
---
# Step by step: Surface Deployment Accelerator
This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. This article also contains instructions on how to perform these tasks without an Internet connection or without support for Windows Deployment Services network boot (PXE).
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
+
## How to install Surface Deployment Accelerator
For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).
diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md
index 51db33fb4e..b311e28937 100644
--- a/devices/surface/support-solutions-surface.md
+++ b/devices/surface/support-solutions-surface.md
@@ -14,10 +14,14 @@ ms.author: dansimp
ms.topic: article
ms.date: 09/26/2019
ms.localizationpriority: medium
+ms.audience: itpro
---
# Top support solutions for Surface devices
+> [!Note]
+> **Home users**: This article is only intended for use by IT professionals and technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
+
Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated. For a complete listing of the update history, see [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) and [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined).
@@ -47,7 +51,7 @@ These are the top Microsoft Support solutions for common issues experienced when
- [Troubleshoot connecting Surface to a second screen](https://support.microsoft.com/help/4023496)
-- [Microsoft Surface Dock Updater](https://docs.microsoft.com/surface/surface-dock-updater)
+- [Microsoft Surface Dock Firmware Update](https://docs.microsoft.com/surface/surface-dock-updater)
## Surface Drivers and Firmware
diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
index f095bc3269..51e39c27a3 100644
--- a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
+++ b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
@@ -9,8 +9,10 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 01/03/2018
-ms.reviewer:
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
+ms.reviewer: scottmca
manager: dansimp
---
@@ -55,7 +57,7 @@ Before you choose to use Windows 10 Enterprise LTSC edition on Surface devices,
* Surface device replacements (for example, devices replaced under warranty) may contain subtle variations in hardware components that require updated device drivers and firmware. Compatibility with these updates may require the installation of a more recent version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise with the SAC servicing option.
>[!NOTE]
->Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4).
+>Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware such as Surface Pro 7, Surface Pro X, or Surface Laptop 3 without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4).
Surface devices running Windows 10 Enterprise LTSC edition will not receive new features. In many cases these features are requested by customers to improve the usability and capabilities of Surface hardware. For example, new improvements for High DPI applications in Windows 10, version 1703. Customers that use Surface devices in the LTSC configuration will not see the improvements until they either update to a new Windows 10 Enterprise LTSC release or upgrade to a version of Windows 10 with support for the SAC servicing option.
diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md
index 41b2939439..62c4129d08 100644
--- a/devices/surface/surface-diagnostic-toolkit-business.md
+++ b/devices/surface/surface-diagnostic-toolkit-business.md
@@ -3,12 +3,12 @@ title: Deploy Surface Diagnostic Toolkit for Business
description: This topic explains how to use the Surface Diagnostic Toolkit for Business.
ms.prod: w10
ms.mktglfcycl: manage
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 09/27/2019
+ms.date: 10/31/2019
ms.reviewer: hachidan
manager: dansimp
ms.audience: itpro
@@ -41,6 +41,8 @@ Command line | Directly troubleshoot Surface devices remotely without user inter
SDT for Business is supported on Surface 3 and later devices, including:
+- Surface Pro 7
+- Surface Laptop 3
- Surface Pro 6
- Surface Laptop 2
- Surface Go
@@ -168,6 +170,13 @@ You can select to run a wide range of logs across applications, drivers, hardwar
- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
## Changes and updates
+### Version 2.43.139.0
+*Release date: October 21, 2019*
+This version of Surface Diagnostic Toolkit for Business adds support for the following:
+
+- Surface Pro 7
+- Surface Laptop 3
+
### Version 2.42.139.0
*Release date: September 24, 2019*
This version of Surface Diagnostic Toolkit for Business adds support for the following:
diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md
index c02d79e984..f1e3460df4 100644
--- a/devices/surface/surface-diagnostic-toolkit-command-line.md
+++ b/devices/surface/surface-diagnostic-toolkit-command-line.md
@@ -10,16 +10,16 @@ ms.topic: article
ms.date: 11/15/2018
ms.reviewer: hachidan
manager: dansimp
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.audience: itpro
---
# Run Surface Diagnostic Toolkit for Business using commands
-Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features.
+Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
>[!NOTE]
->To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device.
+>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device.
## Running SDT app console
diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
index 4d8b505670..738ec1ecae 100644
--- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
+++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
@@ -7,36 +7,34 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 11/15/2018
+ms.date: 10/31/2019
ms.reviewer: hachidan
manager: dansimp
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.audience: itpro
---
# Use Surface Diagnostic Toolkit for Business in desktop mode
-This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error.
+This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
+
1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests.
2. Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1.
-
- *Figure 1. SDT in desktop mode*
+*Figure 1. SDT in desktop mode*
3. When SDT indicates the device has the latest updates, click **Continue** to advance to the catalog of available tests, as shown in figure 2.
-
- *Figure 2. Select from SDT options*
+*Figure 2. Select from SDT options*
4. You can choose to run all the diagnostic tests. Or, if you already suspect a particular issue such as a faulty display or a power supply problem, click **Select** to choose from the available tests and click **Run Selected**, as shown in figure 3. See the following table for details of each test.
-
- *Figure 3. Select hardware tests*
+*Figure 3. Select hardware tests*
Hardware test | Description
--- | ---
@@ -55,6 +53,7 @@ This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help user
+
## Running multiple hardware tests to troubleshoot issues
SDT is designed as an interactive tool that runs a series of tests. For each test, SDT provides instructions summarizing the nature of the test and what users should expect or look for in order for the test to be successful. For example, to diagnose if the display brightness is working properly, SDT starts at zero and increases the brightness to 100 percent, asking users to confirm – by answering **Yes** or **No** -- that brightness is functioning as expected, as shown in figure 4.
@@ -62,7 +61,6 @@ SDT is designed as an interactive tool that runs a series of tests. For each tes
For each test, if functionality does not work as expected and the user clicks **No**, SDT generates a report of the possible causes and ways to troubleshoot it.
-
*Figure 4. Running hardware diagnostics*
1. If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**.
@@ -75,24 +73,18 @@ For each test, if functionality does not work as expected and the user clicks **
SDT enables you to diagnose and repair applications that may be causing issues, as shown in figure 5.
-
*Figure 5. Running repairs*
-
-
-
-
+
### Generating logs for analyzing issues
SDT provides extensive log-enabled diagnosis support across applications, drivers, hardware, and operating system issues, as shown in figure 6.
-
*Figure 6. Generating logs*
-
-
+
### Generating detailed report comparing device vs. optimal configuration
Based on the logs, SDT generates a report for software- and firmware-based issues that you can save to a preferred location.
diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
index 35c9b5f49f..df3918d715 100644
--- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
+++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
@@ -10,7 +10,7 @@ ms.topic: article
ms.date: 06/11/2019
ms.reviewer: cottmca
manager: dansimp
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.audience: itpro
---
diff --git a/devices/surface/surface-dock-firmware-update.md b/devices/surface/surface-dock-firmware-update.md
index 1bb2ddeb4b..751ea36a4d 100644
--- a/devices/surface/surface-dock-firmware-update.md
+++ b/devices/surface/surface-dock-firmware-update.md
@@ -8,7 +8,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 09/18/2019
+ms.date: 10/09/2019
ms.reviewer: scottmca
manager: dansimp
ms.audience: itpro
@@ -38,16 +38,29 @@ If preferred, you can manually complete the update as follows:
> [!NOTE]
>
> - Manually installing the MSI file may prompt you to restart Surface; however, restarting is optional and not required.
->- You will need to disconnect and reconnect the dock twice before the update fully completes.
+> - You will need to disconnect and reconnect the dock twice before the update fully completes.
+> - To create a log file, specify the path in the Msiexec command. For example, append /l*v %windir%\logs\ SurfaceDockFWI.log".
## Network deployment
You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firmware Update to multiple devices across your network. When using System Center Configuration Manager or other deployment tool, enter the following syntax to ensure the installation is silent:
-- **Msiexec.exe /i /quiet /norestart**
+- **Msiexec.exe /i /quiet /norestart**
+
+> [!NOTE]
+> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation.
+> [!IMPORTANT]
+> If you want to keep your Surface Dock updated using any other method, refer to [Update your Surface Dock](https://support.microsoft.com/help/4023478/surface-update-your-surface-dock) for details.
+
+## Intune deployment
+You can use Intune to distribute Surface Dock Firmware Update to your devices. First you will need to convert the MSI file to the .intunewin format, as described in the following documentation: [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps/apps-win32-app-management).
+
+Use the following command:
+ - **msiexec /i /quiet /q**
+
## How to verify completion of firmware update
Surface dock firmware consists of two components:
@@ -73,15 +86,16 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
## Event logging
-**Table 1. Event logging for Surface Dock Firmware Update**
+**Table 1. Log files for Surface Dock Firmware Update**
| Log | Location | Notes |
-| -------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Surface Dock Firmware Update log | /l*v %windir%\logs\ SurfaceDockFWI.log | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. |
-| Windows Device Install log | %windir%\inf\ setupapi.dev.log | For more information about using Device Install Log, refer [to SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. |
+| -------------------------------- | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Surface Dock Firmware Update log | Path needs to be specified (see note) | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. |
+| Windows Device Install log | %windir%\inf\setupapi.dev.log | For more information about using Device Install Log, refer to [SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. |
-
-**Table 2. Event log IDs for Surface Dock Firmware Update**
+
+**Table 2. Event log IDs for Surface Dock Firmware Update**
+Events are logged in the Application Event Log. Note: Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater.
| Event ID | Event type |
| -------- | -------------------------------------------------------------------- |
@@ -90,6 +104,10 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
| 2003 | Dock firmware update failed to get firmware version. |
| 2004 | Querying the firmware version. |
| 2005 | Dock firmware failed to start update. |
+| 2006 | Failed to send offer/payload pairs. |
+| 2007 | Firmware update finished. |
+| 2008 | BEGIN dock telemetry. |
+| 2011 | END dock telemetry. |
## Troubleshooting tips
@@ -101,7 +119,7 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
## Changes and updates
-Microsoft periodically releases new versions of Surface Dock Firmware Update. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Firmware Update.
+Microsoft periodically releases new versions of Surface Dock Firmware Update.Note that the MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version of the MSI.
## Versions reference
### Version 1.42.139
@@ -113,6 +131,8 @@ This version, contained in Surface_Dock_FwUpdate_1.42.139_Win10_17134_19.084.316
- Component10CurrentFwVersion updated to **4ac3970**.
- Component20CurrentFwVersion updated to **4a1d570**.
+It adds support for Surface Pro 7 and Surface Laptop 3.
+
## Legacy versions
### Version 2.23.139.0
diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md
index 5944375042..81b911bb6f 100644
--- a/devices/surface/surface-enterprise-management-mode.md
+++ b/devices/surface/surface-enterprise-management-mode.md
@@ -9,9 +9,11 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 01/06/2017
-ms.reviewer:
+ms.date: 12/02/2019
+ms.reviewer: scottmca
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Microsoft Surface Enterprise Management Mode
@@ -19,12 +21,13 @@ manager: dansimp
Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal.
>[!NOTE]
->SEMM is only available on devices with Surface UEFI firmware such as Surface Pro 4 and later, Surface Go, Surface Laptop, Surface Book, and Surface Studio. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
+>SEMM is only available on devices with Surface UEFI firmware. This includes most Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 commercial SKUs with an Intel processor. SEMM is not supported on the 15" Surface Laptop 3 SKU with AMD processor (only available as a retail SKU).
When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
+
## Microsoft Surface UEFI Configurator
The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
@@ -33,8 +36,6 @@ The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown i
*Figure 1. Microsoft Surface UEFI Configurator*
->[!NOTE]
->Windows 10 is required to run Microsoft Surface UEFI Configurator
You can use the Microsoft Surface UEFI Configurator tool in three modes:
@@ -62,17 +63,9 @@ See the [Surface Enterprise Management Mode certificate requirements](#surface-e
After a device is enrolled in SEMM, the configuration file is read and the settings specified in the file are applied to UEFI. When you run a configuration package on a device that is already enrolled in SEMM, the signature of the configuration file is checked against the certificate that is stored in the device firmware. If the signature does not match, no changes are applied to the device.
-You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
+### Enable or disable devices in Surface UEFI with SEMM
-
-
-*Figure 3. Enable or disable devices in Surface UEFI with SEMM*
-
-
-
-*Figure 4. Configure advanced settings with SEMM*
-
-You can enable or disable the following devices with SEMM:
+The following list shows all the available devices you can manage in SEMM:
* Docking USB Port
* On-board Audio
@@ -86,31 +79,40 @@ You can enable or disable the following devices with SEMM:
* Wi-Fi and Bluetooth
* LTE
-You can configure the following advanced settings with SEMM:
+ >[!NOTE]
+>The built-in devices that appear in the UEFI Devices page may vary depending on your device or corporate environment. For example, the UEFI Devices page is not supported on Surface Pro X; LTE only appears on LTE-equipped devices.
+### Configure advanced settings with SEMM
+**Table 1. Advanced settings**
+
+| Setting | Description |
+| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| IPv6 for PXE Boot | Allows you to manage Ipv6 support for PXE boot. If you do not configure this setting, IPv6 support for PXE boot is disabled. |
+| Alternate Boot | Allows you to manage use of an Alternate boot order to boot directly to a USB or Ethernet device by pressing both the Volume Down button and Power button during boot. If you do not configure this setting, Alternate boot is enabled. |
+| Boot Order Lock | Allows you to lock the boot order to prevent changes. If you do not configure this setting, Boot Order Lock is disabled. |
+| USB Boot | Allows you to manage booting to USB devices. If you do not configure this setting, USB Boot is enabled. |
+| Network Stack | Allows you to manage Network Stack boot settings. If you do not configure this setting, the ability to manage Network Stack boot settings is disabled. |
+| Auto Power On | Allows you to manage Auto Power On boot settings. If you do not configure this setting, Auto Power on is enabled. |
+| Simultaneous Multi-Threading (SMT) | Allows you to manage Simultaneous Multi-Threading (SMT) to enable or disable hyperthreading. If you do not configure this setting, SMT is enabled. |
+|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
+| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. |
+| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. |
+| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the DateTime page is displayed. |
+| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. |
+
-* IPv6 support for PXE boot
-* Alternate boot order, where the Volume Down button and Power button can be pressed together during boot, to boot directly to a USB or Ethernet device
-* Lock the boot order to prevent changes
-* Support for booting to USB devices
-* Enable Network Stack boot settings
-* Enable Auto Power On boot settings
-* Display of the Surface UEFI **Security** page
-* Display of the Surface UEFI **Devices** page
-* Display of the Surface UEFI **Boot** page
-* Display of the Surface UEFI **DateTime** page
>[!NOTE]
->When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
+>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 3.
-*Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
+*Figure 3. Display of the last two characters of the certificate thumbprint on the Successful page*
-These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
+These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 4.
-*Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
+*Figure 4. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
>[!NOTE]
>Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
@@ -132,11 +134,11 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a
### Recovery request
-In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
+In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 5) with a Recovery Request operation.
-*Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
+*Figure 5. Initiate a SEMM recovery request on the Enterprise Management page*
When you use the process on the **Enterprise Management** page to reset SEMM on a Surface device, you are provided with a Reset Request. This Reset Request can be saved as a file to a USB drive, copied as text, or read as a QR Code with a mobile device to be easily emailed or messaged. Use the Microsoft Surface UEFI Configurator Reset Request option to load a Reset Request file or enter the Reset Request text or QR Code. Microsoft Surface UEFI Configurator will generate a verification code that can be entered on the Surface device. If you enter the code on the Surface device and click **Restart**, the device will be unenrolled from SEMM.
@@ -226,6 +228,10 @@ create a reset package using PowerShell to reset SEMM.
## Version History
+### Version 2.59.
+* Support to Surface Pro 7, Surface Pro X, and Surface Laptop 3 13.5" and 15" models with Intel processor. Note: Surface Laptop 3 15" AMD processor is not supported.
+- Support to Wake on Power feature
+
### Version 2.54.139.0
* Support to Surface Hub 2S
* Bug fixes
diff --git a/devices/surface/surface-manage-dfci-guide.md b/devices/surface/surface-manage-dfci-guide.md
new file mode 100644
index 0000000000..efb5fa93b5
--- /dev/null
+++ b/devices/surface/surface-manage-dfci-guide.md
@@ -0,0 +1,188 @@
+---
+title: Intune management of Surface UEFI settings
+description: This article explains how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices.
+ms.localizationpriority: medium
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.date: 11/13/2019
+ms.reviewer: jesko
+manager: dansimp
+ms.audience: itpro
+---
+# Intune management of Surface UEFI settings
+
+## Introduction
+
+The ability to manage devices from the cloud has dramatically simplified IT deployment and provisioning across the lifecycle. With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For answers to frequently asked questions, see [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
+
+### Background
+
+Like any computer running Windows 10, Surface devices rely on code stored in the SoC that enables the CPU to interface with hard drives, display devices, USB ports, and other devices. The programs stored in this read-only memory (ROM) are known as firmware (while programs stored in dynamic media are known as software).
+
+In contrast to other Windows 10 devices available in the market today, Surface provides IT admins with the ability to configure and manage firmware through a rich set of UEFI configuration settings. This provides a layer of hardware control on top of software-based policy management as implemented via mobile device management (MDM) policies, Configuration Manager or Group Policy. For example, organizations deploying devices in highly secure areas with sensitive information can prevent camera use by removing functionality at the hardware level. From a device standpoint, turning the camera off via a firmware setting is equivalent to physically removing the camera. Compare the added security of managing at the firmware level to relying only on operating system software settings. For example, if you disable the Windows audio service via a policy setting in a domain environment, a local admin could still re-enable the service.
+
+### DFCI versus SEMM
+
+Until now, managing firmware required enrolling devices into Surface Enterprise Management Mode (SEMM) with the overhead of ongoing manual IT-intensive tasks. As an example, SEMM requires IT staff to physically access each PC to enter a two-digit pin as part of the certificate management process. Although SEMM remains a good solution for organizations in a strictly on-premises environment, its complexity and IT-intensive requirements make it costly to use.
+
+Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console, now unified as [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). The following figure shows UEFI settings viewed directly on the device (left) and viewed in the Endpoint Manager console (right).
+
+
+
+Crucially, DFCI enables zero touch management, eliminating the need for manual interaction by IT admins. DFCI is deployed via Windows Autopilot using the device profiles capability in Intune. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain on-premises infrastructure.
+
+## Supported devices
+
+At this time, DFCI is supported in the following devices:
+
+- Surface Pro 7
+- Surface Pro X
+- Surface Laptop 3
+
+> [!NOTE]
+> Surface Pro X does not support DFCI settings management for built-in camera, audio, and Wi-Fi/Bluetooth.
+
+## Prerequisites
+
+- Devices must be registered with Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider) or OEM distributor.
+
+- Before configuring DFCI for Surface, you should be familiar with Autopilot configuration requirements in [Microsoft Intune](https://docs.microsoft.com/intune/) and [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/) (Azure AD).
+
+## Before you begin
+
+Add your target Surface devices to an Azure AD security group. For more information about creating and managing security groups, refer to [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#create-your-azure-ad-security-groups).
+
+## Configure DFCI management for Surface devices
+
+A DFCI environment requires setting up a DFCI profile that contains the settings and an Autopilot profile to apply the settings to registered devices. An enrollment status profile is also recommended to ensure settings are pushed down during OOBE setup when users first start the device. This guide explains how to configure the DFCI environment and manage UEFI configuration settings for targeted Surface devices.
+
+## Create DFCI profile
+
+Before configuring DFCI policy settings, first create a DFCI profile and assign it to the Azure AD security group that contains your target devices.
+
+1. Sign into your tenant at devicemanagement.microsoft.com.
+2. In the Microsoft Endpoint Manager Admin Center, select **Devices > Configuration profiles > Create profile** and enter a name; for example, **DFCI Configuration Policy.**
+3. Select **Windows 10 and later** for platform type.
+4. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 1 on this page or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile.
+
+ 
+
+5. Click **OK** and then select **Create**.
+6. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**.
+
+ 
+
+## Create Autopilot profile
+
+1. In Endpoint Manager at devicemanagement.microsoft.com, select **devices > Windows enrollment** and scroll down to **Deployment profiles**.
+2. Select **Create profile** and enter a name; for example, **My Autopilot profile**, and select **Next**.
+3. Select the following settings:
+
+ - Deployment mode: **User-Driven**.
+ - Join type: Azure **AD joined**.
+
+4. Leave the remaining default settings unchanged and select **Next**, as shown in the following figure.
+
+ 
+
+5. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**.
+6. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group.
+
+## Configure Enrollment Status Page
+
+To ensure that devices apply the DFCI configuration during OOBE before users sign in, you need to configure enrollment status.
+
+For more information, refer to [Set up an enrollment status page](https://docs.microsoft.com/intune/enrollment/windows-enrollment-status).
+
+
+## Configure DFCI settings on Surface devices
+
+DFCI includes a streamlined set of UEFI configuration policies that provide an extra level of security by locking down devices at the hardware level. DFCI is designed to be used in conjunction with mobile device management settings at the software level. Note that DFCI settings only affect hardware components built into Surface devices and do not extend to attached peripherals such as USB webcams. (However, you can use Device restriction policies in Intune to turn off access to attached peripherals at the software level).
+
+You configure DFCI policy settings by editing the DFCI profile from Endpoint Manager, as shown in the figure below.
+
+- In Endpoint Manager at devicemanagement.microsoft.com, select **Devices > Windows > Configuration Profiles > “DFCI profile name” > Properties > Settings**.
+
+ 
+
+### Block user access to UEFI settings
+
+For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in Table 1, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.**
+The rest of the DFCI settings enable you to turn off functionality that would otherwise be available to users. For example, if you need to protect sensitive information in highly secure areas, you can disable the camera, and if you don’t want users booting from USB drives, you can disable that also.
+
+### Table 1. DFCI scenarios
+
+| Device management goal | Configuration steps |
+| --------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| Block local users from changing UEFI settings | Under **Security Features > Allow local user to change UEFI settings**, select **None**. |
+| Disable cameras | Under **Built in Hardware > Cameras**, select **Disabled**. |
+| Disable Microphones and speakers | Under **Built in Hardware > Microphones and speakers**, select **Disabled**. |
+| Disable radios (Bluetooth, Wi-Fi) | Under **Built in Hardware > Radios (Bluetooth, Wi-Fi, etc…)**, select **Disabled**. |
+| Disable Boot from external media (USB, SD) | Under **Built in Hardware > Boot Options > Boot from external media (USB, SD)**, select **Disabled**. |
+
+> [!CAUTION]
+> The **Disable radios (Bluetooth, Wi-Fi)** setting should only be used on devices that have a wired Ethernet connection.
+
+> [!NOTE]
+> DFCI in Intune includes two settings that do not currently apply to Surface devices: (1) CPU and IO virtualization and (2) Disable Boot from network adapters.
+
+Intune provides Scope tags to delegate administrative rights and Applicability Rules to manage device types. For more information about policy management support and full details on all DFCI settings, refer to [Microsoft Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows).
+
+## Register devices in Autopilot
+
+As stated above, DFCI can only be applied on devices registered in Windows Autopilot by your reseller or distributor and is only supported, at this time, on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For security reasons, it’s not possible to “self-provision” your devices into Autopilot.
+
+## Manually Sync Autopilot devices
+
+Although Intune policy settings typically get applied almost immediately, there may be a delay of 10 minutes before the settings take effect on targeted devices. In rare circumstances, delays of up to 8 hours are possible. To ensure settings apply as soon as possible, (such as in test scenarios), you can manually sync the target devices.
+
+- In Endpoint Manager at devicemanagement.microsoft.com, go to **Devices > Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**.
+
+ For more information, refer to [Sync your Windows device manually](https://docs.microsoft.com/intune-user-help/sync-your-device-manually-windows).
+
+> [!NOTE]
+> When adjusting settings directly in UEFI, you need to ensure the device fully restarts to the standard Windows login.
+
+## Verifying UEFI settings on DFCI-managed devices
+
+In a test environment, you can verify settings in the Surface UEFI interface.
+
+1. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time.
+2. Select **Devices**. The UEFI menu will reflect configured settings, as shown in the following figure.
+
+ 
+
+ Note how:
+
+ - The settings are greyed out because **Allow local user to change UEFI setting** is set to None.
+ - Audio is set to off because **Microphones and speakers** are set to **Disabled**.
+
+## Removing DFCI policy settings
+
+When you create a DFCI profile, all configured settings will remain in effect across all devices within the profile’s scope of management. You can only remove DFCI policy settings by editing the DFCI profile directly.
+
+If the original DFCI profile has been deleted, you can remove policy settings by creating a new profile and then editing the settings, as appropriate.
+
+## Removing DFCI management
+
+**To remove DFCI management and return device to factory new state:**
+
+1. Retire the device from Intune:
+ 1. In Endpoint Manager at devicemanagement.microsoft.com, choose **Groups > All Devices**. Select the devices you want to retire, and then choose **Retire/Wipe.** To learn more refer to [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/remote-actions/devices-wipe).
+2. Delete the Autopilot registration from Intune:
+ 1. Choose **Device enrollment > Windows enrollment > Devices**.
+ 2. Under Windows Autopilot devices, choose the devices you want to delete, and then choose **Delete**.
+3. Connect device to wired internet with Surface-branded ethernet adapter. Restart device and open the UEFI menu (press and hold the volume-up button while also pressing and releasing the power button).
+4. Select **Management > Configure > Refresh from Network** and then choose **Opt-out.**
+
+To keep managing the device with Intune, but without DFCI management, self-register the device to Autopilot and enroll it to Intune. DFCI will not be applied to self-registered devices.
+
+## Learn more
+- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333)
+[Windows Autopilot](https://www.microsoft.com/microsoft-365/windows/windows-autopilot)
+- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
+- [Use DFCI profiles on Windows devices in Microsoft Intune](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)
diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md
index 0457612090..26e145c547 100644
--- a/devices/surface/surface-pro-arm-app-management.md
+++ b/devices/surface/surface-pro-arm-app-management.md
@@ -8,7 +8,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 10/03/2019
+ms.date: 11/20/2019
ms.reviewer: jessko
manager: dansimp
ms.audience: itpro
@@ -28,6 +28,7 @@ Surface Pro X is designed almost exclusively for a modern, cloud-based environme
For the best experience, deploy Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to:
- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
+- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot)
Autopilot deployment has several advantages: It allows you to use the factory provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Office Pro Plus.
@@ -35,7 +36,7 @@ Organizations already using modern management, security, and productivity soluti
## Image-based deployment considerations
-Surface Pro X will be released without a standard Windows .ISO deployment image, which means it’s not supported on the Microsoft Deployment Toolkit (MDT) or operating system deployment methods using System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager) currently do not support Surface Pro X for operating system deployment. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
## Managing Surface Pro X devices
@@ -47,7 +48,7 @@ For more information about setting up Intune, refer to the [Intune documentation
### Co-management
-Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client.
+Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
### Third party MDM solutions
@@ -61,12 +62,19 @@ Some third-party antivirus software cannot be installed on a Windows 10 PC runni
## Servicing Surface Pro X
-Outside of personal devices that rely on Windows Update, servicing devices in most corporate environments requires downloading and managing the deployment of .MSI files to update target devices. Refer to the following documentation, which will be updated later to include guidance for servicing Surface Pro X:
+Surface Pro X supports Windows 10, version 1903 and later. As an ARM-based device, it has specific requirements for maintaining the latest drivers and firmware.
-- [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+Surface Pro X was designed to use Windows Update to simplify the process of keeping drivers and firmware up to date for both home users and small business users. Use the default settings to receive Automatic updates. To verify:
-> [!NOTE]
-> Surface Pro X supports Windows 10, version 1903 and later.
+1. Go to **Start** > **Settings > Update & Security > Windows Update** > **Advanced Options.**
+2. Under **Choose how updates are installed,** select **Automatic (recommended)**.
+
+### Recommendations for commercial customers
+
+- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
+- If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645).
+- For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+- Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
## Running apps on Surface Pro X
@@ -119,7 +127,7 @@ The following tables show the availability of selected key features on Surface P
| Support for Network Boot (PXE) | Yes | Yes | |
| Windows Configuration Designer | Yes | No | Not recommended for Surface Pro X. |
| WinPE | Yes | Yes | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. |
-| SCCM: Operating System Deployment (OSD) | Yes | No | Not supported on Surface Pro X. |
+| Endpoint Configuration Manager: Operating System Deployment (OSD) | Yes | No | Not supported on Surface Pro X. |
| MDT | Yes | No | Not supported on Surface Pro X. |
@@ -128,7 +136,7 @@ The following tables show the availability of selected key features on Surface P
| Intune | Yes | Yes | Manage LTE with eSIM profiles. |
| Windows Autopilot | Yes | Yes | |
| Azure AD (co-management) | Yes | Yes | Ability to join Surface Pro X to Azure AD or Active Directory (Hybrid Azure AD Join). |
-| SCCM | Yes | Yes | |
+| Endpoint Configuration Manager | Yes | Yes | |
| Power on When AC Restore | Yes | Yes | |
| Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | |
| Surface Dock Firmware Update | Yes | Yes | |
@@ -146,13 +154,12 @@ The following tables show the availability of selected key features on Surface P
| Conditional Access | Yes | Yes | |
| Secure Boot | Yes | Yes | |
| Windows Information Protection | Yes | Yes | |
-| Surface Data Eraser (SDE) | Yes | Yes | |
-
+| Surface Data Eraser (SDE) | Yes | Yes |
## FAQ
-### Will an OS image be available at launch?
+### Can I deploy Surface Pro X with MDT or Endpoint Configuration Manager?
-No. Surface Pro X will be released without a standard Windows .ISO deployment image, which means it’s not supported on the Microsoft Deployment Toolkit (MDT) or operating system deployment methods using System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+The Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager currently do not support Surface Pro X for operating system deployment.Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
### How can I deploy Surface Pro X?
@@ -164,4 +171,4 @@ Yes.
### Is Intune required to manage Surface Pro X?
-Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client.
+Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md
index 8418efebd7..baa547d04b 100644
--- a/devices/surface/surface-pro-arm-app-performance.md
+++ b/devices/surface/surface-pro-arm-app-performance.md
@@ -1,5 +1,5 @@
---
-title: Windows 10 ARM-based PC app compatibility
+title: Surface Pro X app compatibility
description: This article provides introductory app compatibility information for Surface Pro X ARM-based PCs.
ms.prod: w10
ms.localizationpriority: medium
@@ -13,7 +13,7 @@ ms.reviewer: jessko
manager: dansimp
ms.audience: itpro
---
-# Windows 10 ARM-based PC app compatibility
+# Surface Pro X app compatibility
Applications run differently on ARM-based Windows 10 PCs such as Surface Pro X. Limitations include the following:
diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md
index 6b6e75f7d4..cb201c332e 100644
--- a/devices/surface/surface-system-sku-reference.md
+++ b/devices/surface/surface-system-sku-reference.md
@@ -9,9 +9,11 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 03/20/2019
+ms.date: 10/31/2019
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# System SKU reference
@@ -22,6 +24,9 @@ System Model and System SKU are variables that are stored in the System Manageme
| Device | System Model | System SKU |
| ---------- | ----------- | -------------- |
+| AMD Surface Laptop 3 | Surface 3 | Surface_Laptop_3_1873 |
+| Surface Laptop 3 | Surface 3 | Surface_Laptop_3_1867:1868 |
+| Surface Laptop 3 | Surface 3 | Surface_3
| Surface 3 WiFI | Surface 3 | Surface_3 |
| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 |
| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 |
@@ -39,6 +44,11 @@ System Model and System SKU are variables that are stored in the System Manageme
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
+| Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 |
+| Surface Pro X | Surface Pro X | Surface_Pro_X_1876 |
+| Surface Laptop 3 13" Intel | Surface Laptop 3 | Surface_Laptop_3_1867:1868 |
+| Surface Laptop 3 15" Intel | Surface Laptop 3 | Surface_Laptop_3_1872 |
+| Surface Laptop 3 15" AMD | Surface Laptop 3 | Surface_Laptop_3_1873 |
## Examples
diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md
index 42d9e3a2c5..6e225137c2 100644
--- a/devices/surface/surface-wireless-connect.md
+++ b/devices/surface/surface-wireless-connect.md
@@ -6,16 +6,15 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: dansimp
ms.audience: itpro
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
-ms.date: 08/15/2019
+ms.date: 10/31/2019
ms.reviewer: tokatz
manager: dansimp
---
# Optimize Wi-Fi connectivity for Surface devices
-## Introduction
To stay connected with all-day battery life, Surface devices implement wireless connectivity settings that balance performance and power conservation. Outside of the most demanding mobility scenarios, users can maintain sufficient wireless connectivity without modifying default network adapter or related settings.
@@ -27,12 +26,12 @@ This document assumes you have successfully deployed a wireless network that sup
## Configuring access points for optimal roaming capabilities
-If you’re managing a wireless network that’s typically accessed by many different types of client devices, it’s recommended to enable specific protocols on access points (APs) in your WLAN, as described in [Fast Roaming with 802.11k, 802.11v, and 802.11r](https://docs.microsoft.com/en-us/windows-hardware/drivers/network/fast-roaming-with-802-11k--802-11v--and-802-11r). Surface devices can take advantage of the following wireless protocols:
+If you’re managing a wireless network that’s typically accessed by many different types of client devices, it’s recommended to enable specific protocols on access points (APs) in your WLAN, as described in [Fast Roaming with 802.11k, 802.11v, and 802.11r](https://docs.microsoft.com/windows-hardware/drivers/network/fast-roaming-with-802-11k--802-11v--and-802-11r). Surface devices can take advantage of the following wireless protocols:
- **802.11r.** “**Fast BSS Transition”** accelerates connecting to new wireless access points by reducing the number of frames required before your device can access another AP as you move around with your device.
- **802.11k.** **“Neighbor Reports”** provides devices with information on current conditions at neighboring access points. It can help your Surface device choose the best AP using criteria other than signal strength such as AP utilization.
-Surface Go devices can also use 802.11v “BSS Transition Management Frames,” which functions much like 802.11k in providing information on nearby candidate APs.
+Specific Surface devices can also use 802.11v “BSS Transition Management Frames,” which functions much like 802.11k in providing information on nearby candidate APs. These include Surface Go, Surface Pro 7, Surface Pro X, and Surface Laptop 3.
## Managing user settings
diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md
index edcfcdf120..39b70f6006 100644
--- a/devices/surface/unenroll-surface-devices-from-semm.md
+++ b/devices/surface/unenroll-surface-devices-from-semm.md
@@ -12,6 +12,8 @@ ms.topic: article
ms.date: 01/06/2017
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Unenroll Surface devices from SEMM
diff --git a/devices/surface/update.md b/devices/surface/update.md
deleted file mode 100644
index 121bf7a6e7..0000000000
--- a/devices/surface/update.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Surface firmware and driver updates (Surface)
-description: Find out how to download and manage the latest firmware and driver updates for your Surface device.
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.date: 11/13/2018
-ms.reviewer:
-manager: dansimp
----
-
-# Surface firmware and driver updates
-
-Find out how to download and manage the latest firmware and driver updates for your Surface device.
-
-## In this section
-
-| Topic | Description |
-| --- | --- |
-| [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.|
-| [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Find links to manually deploy firmware and drivers, outside of Windows Update. |
-| [Surface Dock Firmware Update](surface-dock-firmware-update.md)| See how you can update Surface Dock firmware automatically.|
-|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically. |
diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
index fc560e5345..ac6102c2ef 100644
--- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
+++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
@@ -9,7 +9,9 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
ms.reviewer:
manager: dansimp
---
@@ -17,11 +19,24 @@ manager: dansimp
# Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit
#### Applies to
-* Surface Pro 3
-* Surface 3
-* Surface Pro 2
-* Surface Pro
-* Windows 10
+- Surface Pro 6
+- Surface Laptop 2
+- Surface Go
+- Surface Go with LTE
+- Surface Book 2
+- Surface Pro with LTE Advanced (Model 1807)
+- Surface Pro (Model 1796)
+- Surface Laptop
+- Surface Studio
+- Surface Studio 2
+- Surface Book
+- Surface Pro 4
+- Surface 3 LTE
+- Surface 3
+- Surface Pro 3
+- Surface Pro 2
+- Surface Pro
+- Windows 10
In addition to the traditional deployment method of reimaging devices, administrators that want to upgrade Surface devices that are running Windows 8.1 or Windows 10 have the option of deploying upgrades. By performing an upgrade deployment, Windows 10 can be applied to devices without removing users, apps, or configuration. The users of the deployed devices can simply continue using the devices with the same apps and settings that they used prior to the upgrade. The process described in this article shows how to perform a Windows 10 upgrade deployment to Surface devices.
@@ -37,6 +52,9 @@ For versions of Windows prior to Windows 10, if you wanted to install a new vers
Introduced with Windows 10 and MDT 2013 Update 1, you can use the upgrade installation path directly with Microsoft deployment technologies such as the Microsoft Deployment Toolkit (MDT). With an upgrade deployment you can use the same deployment technologies and process, but you can preserve users settings, and applications of the existing environment on the device.
+> [!NOTE]
+> MDT is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
## Deployment tools and resources
Performing an upgrade deployment of Windows 10 requires the same tools and resources that are required for a traditional reimaging deployment. You can read about the tools required, including detailed explanations and installation instructions, in [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md). To proceed with the upgrade deployment described in this article, you will need the following tools installed and configured:
diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
index 0432c65257..09000265e6 100644
--- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
+++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
@@ -1,6 +1,6 @@
---
-title: Use System Center Configuration Manager to manage devices with SEMM (Surface)
-description: Find out how to use Microsoft Surface UEFI Manager to perform SEMM management with System Center Configuration Manager.
+title: Use Microsoft Endpoint Configuration Manager to manage devices with SEMM (Surface)
+description: Learn how to manage Microsoft Surface Enterprise Management Mode (SEMM) with Endpoint Configuration Manager.
keywords: enroll, update, scripts, settings
ms.prod: w10
ms.mktglfcycl: manage
@@ -9,23 +9,25 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 02/01/2017
+ms.date: 11/22/2019
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
-# Use System Center Configuration Manager to manage devices with SEMM
+# Use Microsoft Endpoint Configuration Manager to manage devices with SEMM
-The Surface Enterprise Management Mode (SEMM) feature of Surface UEFI devices allows administrators to both manage and secure the configuration of Surface UEFI settings. For most organizations, this process is accomplished by creating Windows Installer (.msi) packages with the Microsoft Surface UEFI Configurator tool. These packages are then run or deployed to the client Surface devices to enroll the devices in SEMM and to update the Surface UEFI settings configuration.
+The Microsoft Surface Enterprise Management Mode (SEMM) feature of Surface UEFI devices lets administrators manage and help secure the configuration of Surface UEFI settings. For most organizations, this process is accomplished by creating Windows Installer (.msi) packages with the Microsoft Surface UEFI Configurator tool. These packages are then run or deployed to the client Surface devices to enroll the devices in SEMM and to update the Surface UEFI settings configuration.
-For organizations with System Center Configuration Manager, there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool.
+For organizations with Endpoint Configuration Manager (formerly known as System Center Configuration Manager or SCCM), there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool.
->[!Note]
->Although the process described in this article may work with earlier versions of System Center Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of System Center Configuration Manager.
+> [!Note]
+> Although the process described in this article may work with earlier versions of Endpoint Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of Endpoint Configuration Manager.
#### Prerequisites
-Before you begin the process outlined in this article, it is expected that you are familiar with the following technologies and tools:
+Before you begin the process outlined in this article, familiarize yourself with the following technologies and tools:
* [Surface UEFI](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings)
* [Surface Enterprise Management Mode (SEMM)](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode)
@@ -50,60 +52,60 @@ After Microsoft Surface UEFI Manager is installed on the client Surface device,
Deployment of Microsoft Surface UEFI Manager is a typical application deployment. The Microsoft Surface UEFI Manager installer file is a standard Windows Installer file that you can install with the [standard quiet option](https://msdn.microsoft.com/library/windows/desktop/aa367988).
-The command to install Microsoft Surface UEFI Manager is:
+The command to install Microsoft Surface UEFI Manager is as follows.
`msiexec /i "SurfaceUEFIManagerSetup.msi" /q`
-The command to uninstall Microsoft Surface UEFI Manager is:
+The command to uninstall Microsoft Surface UEFI Manager is as follows.
`msiexec /x {541DA890-1AEB-446D-B3FD-D5B3BB18F9AF} /q`
To create a new application and deploy it to a collection that contains your Surface devices, perform the following steps:
-1. Open Configuration Manager Console from the Start screen or Start menu.
-2. Click **Software Library** in the bottom left corner of the window.
-3. Expand the Application Management node of the Software Library, and then click **Applications**.
-4. Click the **Create Application** button under the **Home** tab at the top of the window. This starts the Create Application Wizard.
+1. Open Configuration Manager Console from the **Start** screen or **Start** menu.
+2. Select **Software Library** in the bottom left corner of the window.
+3. Expand the **Application Management** node of the Software Library, and then select **Applications**.
+4. Select the **Create Application** button under the **Home** tab at the top of the window. This starts the Create Application Wizard.
5. The Create Application Wizard presents a series of steps:
- * **General** – The **Automatically detect information about this application from installation files** option is selected by default. In the **Type** field, **Windows Installer (*.msi file)** is also selected by default. Click **Browse** to navigate to and select **SurfaceUEFIManagerSetup.msi**, and then click **Next**.
+ * **General** – The **Automatically detect information about this application from installation files** option is selected by default. In the **Type** field, **Windows Installer (.msi file)** is also selected by default. Select **Browse** to navigate to and select **SurfaceUEFIManagerSetup.msi**, and then select **Next**.
- >[!Note]
- >The location of SurfaceUEFIManagerSetup.msi must be on a network share and located in a folder that contains no other files. A local file location cannot be used.
+ > [!Note]
+ > The location of SurfaceUEFIManagerSetup.msi must be on a network share and located in a folder that contains no other files. A local file location cannot be used.
- * **Import Information** – The Create Application Wizard will parse the .msi file and read the **Application Name** and **Product Code**. SurfaceUEFIManagerSetup.msi should be listed as the only file under the line **Content Files**, as shown in Figure 1. Click **Next** to proceed.
+ * **Import Information** – The Create Application Wizard will parse the .msi file and read the **Application Name** and **Product Code**. SurfaceUEFIManagerSetup.msi should be listed as the only file under the line **Content Files**, as shown in Figure 1. Select **Next** to proceed.
*Figure 1. Information from Microsoft Surface UEFI Manager setup is automatically parsed*
- * **General Information** – You can modify the name of the application and information about the publisher and version, or add comments on this page. The installation command for Microsoft Surface UEFI Manager is displayed in the Installation Program field. The default installation behavior of Install for system will allow Microsoft Surface UEFI Manager to install the required assemblies for SEMM even if a user is not logged on to the Surface device. Click Next to proceed.
- * **Summary** – The information that was parsed in the **Import Information** step and your selections from the **General Information** step is displayed on this page. Click **Next** to confirm your selections and create the application.
+ * **General Information** – You can modify the name of the application and information about the publisher and version, or add comments on this page. The installation command for Microsoft Surface UEFI Manager is displayed in the Installation Program field. The default installation behavior of Install for system will allow Microsoft Surface UEFI Manager to install the required assemblies for SEMM even if a user is not logged on to the Surface device. Select **Next** to proceed.
+ * **Summary** – The information that was parsed in the **Import Information** step and your selections from the **General Information** step is displayed on this page. Select **Next** to confirm your selections and create the application.
* **Progress** – Displays a progress bar and status as the application is imported and added to the Software Library.
- * **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Click **Close** to finish the Create Application Wizard.
+ * **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Select **Close** to finish the Create Application Wizard.
-After the application is created in Configuration Manager, you can distribute it to your distribution points and deploy it to the collections including your Surface devices. This application will not install or enable SEMM on the Surface device – it only provides the assemblies required for SEMM to be enabled via PowerShell script.
+After the application is created in Configuration Manager, you can distribute it to your distribution points and deploy it to the collections including your Surface devices. This application will not install or enable SEMM on the Surface device. It only provides the assemblies required for SEMM to be enabled using the PowerShell script.
If you do not want to install the Microsoft Surface UEFI Manager assemblies on devices that will not be managed with SEMM, you can configure Microsoft Surface UEFI Manager as a dependency of the SEMM Configuration Manager scripts. This scenario is covered in the [Deploy SEMM Configuration Manager Scripts](#deploy-semm-configuration-manager-scripts) section later in this article.
## Create or modify the SEMM Configuration Manager scripts
-After the required assemblies have been installed on the devices, the process of enrolling the devices in SEMM and configuring Surface UEFI is done with PowerShell scripts and deployed as a script application with Configuration Manager. These scripts can be modified to fit the needs of your organization and environment. For example, you can create multiple configurations for managed Surface devices in different departments or roles. You can download samples of the scripts for SEMM and Configuration Manager at the link in the [Prerequisites](#prerequisites) section at the beginning of this article.
+After the required assemblies have been installed on the devices, the process of enrolling the devices in SEMM and configuring Surface UEFI is done with PowerShell scripts and deployed as a script application with Configuration Manager. These scripts can be modified to fit the needs of your organization and environment. For example, you can create multiple configurations for managed Surface devices in different departments or roles. You can download samples of the scripts for SEMM and Configuration Manager from the link in the [Prerequisites](#prerequisites) section at the beginning of this article.
-There are two primary scripts you will need to perform a SEMM deployment with Configuration Manager:
+There are two primary scripts you will need in order to perform a SEMM deployment with Configuration Manager:
-* **ConfigureSEMM.ps1** – Use this script to create configuration packages for your Surface devices with your desired Surface UEFI settings, to apply the specified settings to a Surface device, to enroll the device in SEMM, and to set a registry key used to identify the enrollment of the device in SEMM.
+* **ConfigureSEMM.ps1** – Use this script to create configuration packages for your Surface devices with your desired Surface UEFI settings to apply the specified settings to a Surface device, to enroll the device in SEMM, and to set a registry key used to identify the enrollment of the device in SEMM.
* **ResetSEMM.ps1** – Use this script to reset SEMM on a Surface device, which unenrolls it from SEMM and removes the control over Surface UEFI settings.
The sample scripts include examples of how to set Surface UEFI settings and how to control permissions to those settings. These settings can be modified to secure Surface UEFI and set Surface UEFI settings according to the needs of your environment. The following sections of this article explain the ConfigureSEMM.ps1 script and explore the modifications you need to make to the script to fit your requirements.
->[!NOTE]
->The SEMM Configuration Manager scripts and the exported SEMM certificate file (.pfx) should be placed in the same folder with no other files before they are added to Configuration Manager.
+> [!NOTE]
+> The SEMM Configuration Manager scripts and the exported SEMM certificate file (.pfx) should be placed in the same folder with no other files before they are added to Configuration Manager.
### Specify certificate and package names
-The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates SurfaceUEFIManager version, the names for the SEMM configuration package and SEMM reset package. The certificate name and SurfaceUEFIManager version are specified on lines 56 through 73 in the ConfigureSEMM.ps1 script:
+The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates SurfaceUEFIManager version, and the names for the SEMM configuration package and SEMM reset package. The certificate name and SurfaceUEFIManager version are specified on lines 56 through 73 in the ConfigureSEMM.ps1 script.
```
56 $WorkingDirPath = split-path -parent $MyInvocation.MyCommand.Definition
@@ -126,14 +128,14 @@ The first region of the script that you need to modify is the portion that speci
73 $password = "1234"
```
-Replace the **FabrikamSEMMSample.pfx** value for the **$certName** variable with the name of your SEMM Certificate file on line 58. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory.
+Replace the **FabrikamSEMMSample.pfx** value for the **$certName** variable with the name of your SEMM Certificate file on line 58. The script will create a working directory (named Config) in the folder where your scripts are located, and then copies the certificate file to this working directory.
Owner package and reset package will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
-On line 73, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text.
+On line 73, replace the value of the **$password** variable, from **1234** to the password for your certificate file. If a password is not required, delete the **1234** text.
->[!Note]
->The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 150-155, to accomplish this:
+> [!Note]
+> The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 150-155, to accomplish this.
```
150 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
@@ -146,20 +148,20 @@ On line 73, replace the value of the **$password** variable, from 1234, to the p
Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
-1. Right-click the .pfx file, and then click **Open**.
+1. Right-click the .pfx file, and then select **Open**.
2. Expand the folder in the navigation pane.
-3. Click **Certificates**.
-4. Right-click your certificate in the main pane, and then click **Open**.
-5. Click the **Details** tab.
+3. Select **Certificates**.
+4. Right-click your certificate in the main pane, and then select **Open**.
+5. Select the **Details** tab.
6. **All** or **Properties Only** must be selected in the **Show** drop-down menu.
7. Select the field **Thumbprint**.
->[!NOTE]
->The SEMM certificate name and password must also be entered in this section of the ResetSEMM.ps1 script to enable Configuration Manager to remove SEMM from the device with the uninstall action.
+> [!NOTE]
+> The SEMM certificate name and password must also be entered in this section of the ResetSEMM.ps1 script to enable Configuration Manager to remove SEMM from the device with the uninstall action.
### Configure permissions
-The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 210 in the sample script with the comment **# Configure Permissions** and continues to line 247. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras:
+The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 210 in the sample script with the comment **# Configure Permissions** and continues to line 247. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras.
```
210 # Configure Permissions
@@ -211,7 +213,7 @@ You can find information about the available settings names and IDs for Surface
### Configure settings
-The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 291 through line 335 in the sample script. The region appears as follows:
+The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 291 through line 335 in the sample script. The region appears as follows.
```
291 # Configure Settings
@@ -269,14 +271,14 @@ You can find information about the available settings names and IDs for Surface
### Settings registry key
-To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes registry keys that can be used to identify enrolled systems as having been installed with the SEMM configuration script. These keys can be found at the following location:
+To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes registry keys that can be used to identify enrolled systems as having been installed with the SEMM configuration script. These keys can be found at the following location.
`HKLM\SOFTWARE\Microsoft\Surface\SEMM`
-The following code fragment, found on lines 380-477, is used to write these registry keys:
+The following code fragment, found on lines 380-477, is used to write these registry keys.
```
-380 # For SCCM or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry:
+380 # For Endpoint Configuration Manager or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry:
381 $UTCDate = (Get-Date).ToUniversalTime().ToString()
382 $certIssuer = $certPrint.Issuer
383 $certSubject = $certPrint.Subject
@@ -382,7 +384,7 @@ To configure Surface UEFI settings or permissions for Surface UEFI settings, you
The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
-The following tables show the available settings for Surface Pro 4 and Surface Book:
+The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7, Surface Book, Surface Laptop 3, and Surface Go.
*Table 1. Surface UEFI settings for Surface Pro 4*
@@ -441,11 +443,11 @@ After your scripts are prepared to configure and enable SEMM on the client devic
* ResetSEMM.ps1
* Your SEMM certificate (for example SEMMCertificate.pfx)
-The SEMM Configuration Manager scripts will be added to Configuration Manager as a script application. The command to install SEMM with ConfigureSEMM.ps1 is:
+The SEMM Configuration Manager scripts will be added to Configuration Manager as a script application. The command to install SEMM with ConfigureSEMM.ps1 is as follows.
`Powershell.exe -file ".\ConfigureSEMM.ps1"`
-The command to uninstall SEMM with ResetSEMM.ps1 is:
+The command to uninstall SEMM with ResetSEMM.ps1 is as follows.
`Powershell.exe -file ".\ResetSEMM.ps1"`
@@ -455,82 +457,82 @@ To add the SEMM Configuration Manager scripts to Configuration Manager as an app
2. Proceed through The Create Application Wizard as follows:
- - **General** – Select **Manually specify the application information**, and then click **Next**.
+ - **General** – Select **Manually specify the application information**, and then select **Next**.
- - **General Information** – Enter a name for the application (for example SEMM) and any other information you want such as publisher, version, or comments on this page. Click **Next** to proceed.
+ - **General Information** – Enter a name for the application (for example SEMM) and any other information you want such as publisher, version, or comments on this page. Select **Next** to proceed.
- - **Application Catalog** – The fields on this page can be left with their default values. Click **Next**.
+ - **Application Catalog** – The fields on this page can be left with their default values. Select **Next**.
- - **Deployment Types** – Click **Add** to start the Create Deployment Type Wizard.
+ - **Deployment Types** – Select **Add** to start the Create Deployment Type Wizard.
- Proceed through the steps of the Create Deployment Type Wizard, as follows:
- * **General** – Click **Script Installer** from the **Type** drop-down menu. The **Manually specify the deployment type information** option will automatically be selected. Click **Next** to proceed.
- * **General Information** – Enter a name for the deployment type (for example SEMM Configuration Scripts), and then click **Next** to continue.
- * **Content** – Click **Browse** next to the **Content Location** field, and then click the folder where your SEMM Configuration Manager scripts are located. In the **Installation Program** field, type the [installation command](#deploy-semm-configuration-manager-scripts) found earlier in this article. In the **Uninstall Program** field, enter the [uninstallation command](#deploy-semm-configuration-manager-scripts) found earlier in this article (shown in Figure 2). Click **Next** to move to the next page.
+ * **General** – Select **Script Installer** from the **Type** drop-down menu. The **Manually specify the deployment type information** option will automatically be selected. Select **Next** to proceed.
+ * **General Information** – Enter a name for the deployment type (for example SEMM Configuration Scripts), and then select **Next** to continue.
+ * **Content** – Select **Browse** next to the **Content Location** field, and then select the folder where your SEMM Configuration Manager scripts are located. In the **Installation Program** field, type the [installation command](#deploy-semm-configuration-manager-scripts) found earlier in this article. In the **Uninstall Program** field, enter the [uninstallation command](#deploy-semm-configuration-manager-scripts) found earlier in this article (shown in Figure 2). Select **Next** to move to the next page.
*Figure 2. Set the SEMM Configuration Manager scripts as the install and uninstall commands*
- * **Detection Method** – Click **Add Clause** to add the SEMM Configuration Manager script registry key detection rule. The **Detection Rule** window is displayed, as shown in Figure 3. Use the following settings:
+ * **Detection Method** – Select **Add Clause** to add the SEMM Configuration Manager script registry key detection rule. The **Detection Rule** window is displayed, as shown in Figure 3. Use the following settings:
- - Click **Registry** from the **Setting Type** drop-down menu.
- - Click **HKEY_LOCAL_MACHINE** from the **Hive** drop-down menu.
+ - Select **Registry** from the **Setting Type** drop-down menu.
+ - Select **HKEY_LOCAL_MACHINE** from the **Hive** drop-down menu.
- Enter **SOFTWARE\Microsoft\Surface\SEMM** in the **Key** field.
- Enter **Enabled_Version1000** in the **Value** field.
- - Click **String** from the **Data Type** drop-down menu.
- - Click the **This registry setting must satisfy the following rule to indicate the presence of this application** button.
+ - Select **String** from the **Data Type** drop-down menu.
+ - Select the **This registry setting must satisfy the following rule to indicate the presence of this application** button.
- Enter **1** in the **Value** field.
- - Click **OK** to close the **Detection Rule** window.
+ - Select **OK** to close the **Detection Rule** window.
*Figure 3. Use a registry key to identify devices enrolled in SEMM*
- * Click **Next** to proceed to the next page.
+ * Select **Next** to proceed to the next page.
- * **User Experience** – Click **Install for system** from the **Installation Behavior** drop-down menu. If you want your users to record and enter the certificate thumbprint themselves, leave the logon requirement set to **Only when a user is logged on**. If you want your administrators to enter the thumbprint for users and the users do not need to see the thumbprint, click **Whether or not a user is logged on** from the **Logon Requirement** drop-down menu.
+ * **User Experience** – Select **Install for system** from the **Installation Behavior** drop-down menu. If you want your users to record and enter the certificate thumbprint themselves, leave the logon requirement set to **Only when a user is logged on**. If you want your administrators to enter the thumbprint for users and the users do not need to see the thumbprint, select **Whether or not a user is logged on** from the **Logon Requirement** drop-down menu.
- * **Requirements** – The ConfigureSEMM.ps1 script automatically verifies that the device is a Surface device before attempting to enable SEMM. However, if you intend to deploy this script application to a collection with devices other than those to be managed with SEMM, you could add requirements here to ensure this application would run only on Surface devices or devices you intend to manage with SEMM. Click **Next** to continue.
+ * **Requirements** – The ConfigureSEMM.ps1 script automatically verifies that the device is a Surface device before attempting to enable SEMM. However, if you intend to deploy this script application to a collection with devices other than those to be managed with SEMM, you could add requirements here to ensure this application would run only on Surface devices or devices you intend to manage with SEMM. Select **Next** to continue.
- * **Dependencies** – Click **Add** to open the **Add Dependency** window.
+ * **Dependencies** – Select **Add** to open the **Add Dependency** window.
- * Click **Add** to open the **Specify Required Application** window.
+ * Select **Add** to open the **Specify Required Application** window.
- Enter a name for the SEMM dependencies in the **Dependency Group Name** field (for example, *SEMM Assemblies*).
- - Click **Microsoft Surface UEFI Manager** from the list of **Available Applications** and the MSI deployment type, and then click **OK** to close the **Specify Required Application** window.
+ - Select **Microsoft Surface UEFI Manager** from the list of **Available Applications** and the MSI deployment type, and then select **OK** to close the **Specify Required Application** window.
- * Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Click **OK** to close the **Add Dependency** window.
+ * Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Select **OK** to close the **Add Dependency** window.
- * Click **Next** to proceed.
+ * Select **Next** to proceed.
- * **Summary** – The information you have entered throughout the Create Deployment Type wizard is displayed on this page. Click **Next** to confirm your selections.
+ * **Summary** – The information you have entered throughout the Create Deployment Type wizard is displayed on this page. Select **Next** to confirm your selections.
* **Progress** – A progress bar and status as the deployment type is added for the SEMM script application is displayed on this page.
- * **Completion** – Confirmation of the deployment type creation is displayed when the process is complete. Click **Close** to finish the Create Deployment Type Wizard.
+ * **Completion** – Confirmation of the deployment type creation is displayed when the process is complete. Select **Close** to finish the Create Deployment Type Wizard.
- - **Summary** – The information that you entered throughout the Create Application Wizard is displayed. Click **Next** to create the application.
+ - **Summary** – The information that you entered throughout the Create Application Wizard is displayed. Select **Next** to create the application.
- **Progress** – A progress bar and status as the application is added to the Software Library is displayed on this page.
- - **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Click **Close** to finish the Create Application Wizard.
+ - **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Select **Close** to finish the Create Application Wizard.
After the script application is available in the Software Library of Configuration Manager, you can distribute and deploy SEMM using the scripts you prepared to devices or collections. If you have configured the Microsoft Surface UEFI Manager assemblies as a dependency that will be automatically installed, you can deploy SEMM in a single step. If you have not configured the assemblies as a dependency, they must be installed on the devices you intend to manage before you enable SEMM.
When you deploy SEMM using this script application and with a configuration that is visible to the end user, the PowerShell script will start and the thumbprint for the certificate will be displayed by the PowerShell window. You can have your users record this thumbprint and enter it when prompted by Surface UEFI after the device reboots.
-Alternatively, you can configure the application installation to reboot automatically and to install invisibly to the user – in this scenario, a technician will be required to enter the thumbprint on each device as it reboots. Any technician with access to the certificate file can read the thumbprint by viewing the certificate with CertMgr. Instructions for viewing the thumbprint with CertMgr are in the [Create or modify the SEMM Configuration Manager scripts](#create-or-modify-the-semm-configuration-manager-scripts) section of this article.
+Alternatively, you can configure the application installation to reboot automatically and to install invisibly to the user. In this scenario, a technician will be required to enter the thumbprint on each device as it reboots. Any technician with access to the certificate file can read the thumbprint by viewing the certificate with CertMgr. Instructions for viewing the thumbprint with CertMgr are in the [Create or modify the SEMM Configuration Manager scripts](#create-or-modify-the-semm-configuration-manager-scripts) section of this article.
Removal of SEMM from a device deployed with Configuration Manager using these scripts is as easy as uninstalling the application with Configuration Manager. This action starts the ResetSEMM.ps1 script and properly unenrolls the device with the same certificate file that was used during the deployment of SEMM.
> [!NOTE]
> Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
>
-> We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that – just like the certificate itself – this universal reset package can be used to unenroll any of your organization’s Surface devices from SEMM.
+> We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that, just like the certificate itself, this universal reset package can be used to unenroll any of your organization’s Surface devices from SEMM.
>
-> When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package – the device will prompt for the certificate thumbprint before ownership is taken.
+> When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package. The device will prompt for the certificate thumbprint before ownership is taken.
>
> For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.
diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md
index 52e96859b3..20ad4f6903 100644
--- a/devices/surface/using-the-sda-deployment-share.md
+++ b/devices/surface/using-the-sda-deployment-share.md
@@ -9,7 +9,9 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
ms.reviewer:
manager: dansimp
---
@@ -20,6 +22,9 @@ With Microsoft Surface Deployment Accelerator (SDA), you can quickly and easily
For more information about SDA and information on how to download SDA, see [Microsoft Surface Deployment Accelerator (SDA)](https://technet.microsoft.com/itpro/surface/microsoft-surface-deployment-accelerator).
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
+
Using SDA provides these primary benefits:
* With SDA, you can create a ready-to-deploy environment that can deploy to target devices as fast as your download speeds allow. The wizard experience enables you to check a few boxes and then the automated process builds your deployment environment for you.
diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md
index ddc39aa7c2..00ad750ca8 100644
--- a/devices/surface/wake-on-lan-for-surface-devices.md
+++ b/devices/surface/wake-on-lan-for-surface-devices.md
@@ -6,12 +6,14 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
+ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 01/03/2018
-ms.reviewer:
+ms.date: 12/30/2019
+ms.reviewer: scottmca
manager: dansimp
+ms.audience: itpro
---
# Wake On LAN for Surface devices
@@ -41,6 +43,9 @@ The following devices are supported for WOL:
* Surface Laptop 2
* Surface Go
* Surface Go with LTE Advanced
+* Surface Studio 2 (see Surface Studio 2 instructions below)
+* Surface Pro 7
+* Surface Laptop 3
## WOL driver
@@ -57,6 +62,26 @@ To extract the contents of SurfaceWOL.msi, use the MSIExec administrative instal
`msiexec /a surfacewol.msi targetdir=C:\WOL /qn`
+## Surface Studio 2 instructions
+
+To enable WOL on Surface Studio 2, you must use the following procedure
+
+1. Create the following registry keys:
+
+ ```console
+ ; Set CONNECTIVITYINSTANDBY to 1:
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\F15576E8-98B7-4186-B944-EAFA664402D9]
+ "Attributes"=dword:00000001
+ ; Set EnforceDisconnectedStandby to 0 and AllowSystemRequiredPowerRequests to 1:
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power]
+ "EnforceDisconnectedStandby"=dword:00000000
+ "AllowSystemRequiredPowerRequests"=dword:00000001
+ ```
+
+2. Run the following command
+
+ ```powercfg /SETACVALUEINDEX SCHEME_BALANCED SUB_NONE CONNECTIVITYINSTANDBY 1```
+
## Using Surface WOL
The Surface WOL driver conforms to the WOL standard, whereby the device is woken by a special network communication known as a magic packet. The magic packet consists of 6 bytes of 255 (or FF in hexadecimal) followed by 16 repetitions of the target computer’s MAC address. You can read more about the magic packet and the WOL standard on [Wikipedia](https://wikipedia.org/wiki/Wake-on-LAN#Magic_packet).
diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md
index aee66dbdb7..36283c8d84 100644
--- a/devices/surface/windows-autopilot-and-surface-devices.md
+++ b/devices/surface/windows-autopilot-and-surface-devices.md
@@ -1,5 +1,5 @@
---
-title: Windows Autopilot and Surface Devices (Surface)
+title: Windows Autopilot and Surface devices
ms.reviewer:
manager: dansimp
description: Find out about Windows Autopilot deployment options for Surface devices.
@@ -11,26 +11,48 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 11/26/2019
---
# Windows Autopilot and Surface devices
-Windows Autopilot is a cloud-based deployment technology available in Windows 10. Using Windows Autopilot, you can remotely deploy and configure devices in a truly zero-touch process right out of the box. Windows Autopilot registered devices are identified over the internet at first boot using a unique device signature, known as the hardware hash, and automatically enrolled and configured using modern management solutions such as Azure Active Directory (AAD) and Mobile Device Management (MDM).
+Windows Autopilot is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot to remotely deploy and configure devices in a zero-touch process right out of the box.
-With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process can eliminate need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution.
+Windows Autopilot-registered devices are identified over the Internet at first startup through a unique device signature that's called a *hardware hash*. They're automatically enrolled and configured by using modern management solutions such as Azure Active Directory (Azure AD) and mobile device management.
-In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library. For information about licensing and other prerequisites, see [Windows Autopilot requirements](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements).
+You can register Surface devices at the time of purchase from a Surface partner that's enabled for Windows Autopilot. These partners can ship new devices directly to your users. The devices will be automatically enrolled and configured when they are first turned on. This process eliminates reimaging during deployment, which lets you implement new, agile methods of device management and distribution.
-### Windows version considerations
-Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale. All new Surface devices ship with Windows 10 Version 1709 or above.
+## Modern management
+Autopilot is the recommended deployment option for Surface devices, including Surface Pro 7, Surface Laptop 3, and Surface Pro X, which is specifically designed for deployment through Autopilot.
+
+ It's best to enroll your Surface devices with the help of a Microsoft Cloud Solution Provider. This step allows you to manage UEFI firmware settings on Surface directly from Intune. It eliminates the need to physically touch devices for certificate management. See [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md) for details.
+
+## Windows version considerations
+Broad deployment of Surface devices through Windows Autopilot, including enrollment by Surface partners at the time of purchase, requires Windows 10 Version 1709 (Fall Creators Update) or later.
+
+These Windows versions support a 4,000-byte (4k) hash value that uniquely identifies devices for Windows Autopilot, which is necessary for deployments at scale. All new Surface devices, including Surface Pro 7, Surface Pro X, and Surface Laptop 3, ship with Windows 10 Version 1903 or later.
## Surface partners enabled for Windows Autopilot
-Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organization’s behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management.
-When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include:
+Select Surface partners can enroll Surface devices in Windows Autopilot for you at the time of purchase. They can also ship enrolled devices directly to your users. The devices can be configured entirely through a zero-touch process by using Windows Autopilot, Azure AD, and mobile device management.
+Surface partners that are enabled for Windows Autopilot include:
+
+- [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp)
- [Atea](https://www.atea.com/)
+- [Bechtle](https://www.bechtle.com/de-en)
+- [Cancom](https://www.cancom.de/)
+- [CDW](https://www.cdw.com/)
+- [Computacenter](https://www.computacenter.com/uk)
- [Connection](https://www.connection.com/brand/microsoft/microsoft-surface)
- [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)
- [SHI](https://www.shi.com/Surface)
+- [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/)
+- [Techdata](https://www.techdata.com/)
+## Learn more
+For more information about Windows Autopilot, see:
+- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot)
+- [Windows Autopilot requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements)
\ No newline at end of file
diff --git a/education/developers.yml b/education/developers.yml
new file mode 100644
index 0000000000..9e21b6d27f
--- /dev/null
+++ b/education/developers.yml
@@ -0,0 +1,33 @@
+### YamlMime:Hub
+
+title: Microsoft 365 Education Documentation for developers
+summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
+
+metadata:
+ title: Microsoft 365 Education Documentation for developers
+ description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
+ ms.service: help
+ ms.topic: hub-page
+ author: LaurenMoynihan
+ ms.author: v-lamoyn
+ ms.date: 10/24/2019
+
+additionalContent:
+ sections:
+ - items:
+ # Card
+ - title: UWP apps for education
+ summary: Learn how to write universal apps for education.
+ url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/
+ # Card
+ - title: Take a test API
+ summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
+ url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/take-a-test-api
+ # Card
+ - title: Office Education Dev center
+ summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
+ url: https://dev.office.com/industry-verticals/edu
+ # Card
+ - title: Data Streamer
+ summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
+ url: https://docs.microsoft.com/en-us/microsoft-365/education/data-streamer
\ No newline at end of file
diff --git a/education/docfx.json b/education/docfx.json
index 15587928ef..809a2da28f 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -32,19 +32,28 @@
"audience": "ITPro",
"breadcrumb_path": "/education/breadcrumb/toc.json",
"ms.date": "05/09/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_system": "None",
+ "hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.education",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ]
},
"externalReference": [],
"template": "op.html",
"dest": "education",
"markdownEngineName": "markdig"
- }
+}
}
diff --git a/education/images/EDU-Apps-Mgmt.svg b/education/images/EDU-Apps-Mgmt.svg
new file mode 100644
index 0000000000..862f0e12ff
--- /dev/null
+++ b/education/images/EDU-Apps-Mgmt.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Deploy.svg b/education/images/EDU-Deploy.svg
new file mode 100644
index 0000000000..1a0d67fd67
--- /dev/null
+++ b/education/images/EDU-Deploy.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Device-Mgmt.svg b/education/images/EDU-Device-Mgmt.svg
new file mode 100644
index 0000000000..92fb95141f
--- /dev/null
+++ b/education/images/EDU-Device-Mgmt.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Education.svg b/education/images/EDU-Education.svg
new file mode 100644
index 0000000000..146dd00257
--- /dev/null
+++ b/education/images/EDU-Education.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-FindHelp.svg b/education/images/EDU-FindHelp.svg
new file mode 100644
index 0000000000..fea3109134
--- /dev/null
+++ b/education/images/EDU-FindHelp.svg
@@ -0,0 +1,32 @@
+
+
+
diff --git a/education/images/EDU-ITJourney.svg b/education/images/EDU-ITJourney.svg
new file mode 100644
index 0000000000..e42fe12104
--- /dev/null
+++ b/education/images/EDU-ITJourney.svg
@@ -0,0 +1,31 @@
+
+
+
diff --git a/education/images/EDU-Lockbox.svg b/education/images/EDU-Lockbox.svg
new file mode 100644
index 0000000000..8133127433
--- /dev/null
+++ b/education/images/EDU-Lockbox.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Tasks.svg b/education/images/EDU-Tasks.svg
new file mode 100644
index 0000000000..f1339ea705
--- /dev/null
+++ b/education/images/EDU-Tasks.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Teachers.svg b/education/images/EDU-Teachers.svg
new file mode 100644
index 0000000000..4cdb2b3e7d
--- /dev/null
+++ b/education/images/EDU-Teachers.svg
@@ -0,0 +1,27 @@
+
+
+
diff --git a/education/images/EDUAdmins.svg b/education/images/EDUAdmins.svg
new file mode 100644
index 0000000000..d512fb942f
--- /dev/null
+++ b/education/images/EDUAdmins.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDUDevelopers.svg b/education/images/EDUDevelopers.svg
new file mode 100644
index 0000000000..900159699a
--- /dev/null
+++ b/education/images/EDUDevelopers.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDUPartners.svg b/education/images/EDUPartners.svg
new file mode 100644
index 0000000000..01b80c9a42
--- /dev/null
+++ b/education/images/EDUPartners.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/index.md b/education/index.md
deleted file mode 100644
index c36a33ee36..0000000000
--- a/education/index.md
+++ /dev/null
@@ -1,253 +0,0 @@
----
-layout: HubPage
-hide_bc: true
-title: Microsoft 365 Education documentation and resources | Microsoft Docs
-description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
-author: dansimp
-ms.topic: hub-page
-ms.author: dansimp
-ms.collection: ITAdminEDU
-ms.date: 10/30/2017
-ms.prod: w10
----
-
Get started with deploying and managing a full cloud IT solution for your school, and follow the links for in-depth information about the technologies and features.
diff --git a/education/index.yml b/education/index.yml
new file mode 100644
index 0000000000..80796a921a
--- /dev/null
+++ b/education/index.yml
@@ -0,0 +1,35 @@
+### YamlMime:Hub
+
+title: Microsoft 365 Education Documentation
+summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education.
+
+metadata:
+ title: Microsoft 365 Education Documentation
+ description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
+ ms.service: help
+ ms.topic: hub-page
+ author: LaurenMoynihan
+ ms.author: v-lamoyn
+ ms.date: 10/24/2019
+
+productDirectory:
+ items:
+ # Card
+ - title: IT Admins
+ # imageSrc should be square in ratio with no whitespace
+ imageSrc: ./images/EDUAdmins.svg
+ links:
+ - url: itadmins.yml
+ text: Get started with deploying and managing a full cloud IT solution for your school.
+ # Card
+ - title: Developers
+ imageSrc: ./images/EDUDevelopers.svg
+ links:
+ - url: developers.yml
+ text: Looking for information about developing solutions on Microsoft Education products? Start here.
+ # Card
+ - title: Partners
+ imageSrc: ./images/EDUPartners.svg
+ links:
+ - url: partners.yml
+ text: Looking for resources available to Microsoft Education partners? Start here.
\ No newline at end of file
diff --git a/education/itadmins.yml b/education/itadmins.yml
new file mode 100644
index 0000000000..4aa321c59c
--- /dev/null
+++ b/education/itadmins.yml
@@ -0,0 +1,120 @@
+### YamlMime:Hub
+
+title: Microsoft 365 Education Documentation for IT admins
+summary: Microsoft 365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
+
+metadata:
+ title: Microsoft 365 Education Documentation for IT admins
+ description: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
+ ms.service: help
+ ms.topic: hub-page
+ author: LaurenMoynihan
+ ms.author: v-lamoyn
+ ms.date: 10/24/2019
+
+productDirectory:
+ summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments.
+ items:
+ # Card
+ - title: Phase 1 - Cloud deployment
+ imageSrc: ./images/EDU-Deploy.svg
+ links:
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/create-your-office-365-tenant
+ text: 1. Create your Office 365 tenant
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/secure-and-configure-your-network
+ text: 2. Secure and configure your network
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/aad-connect-and-adfs
+ text: 3. Sync your active directory
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/school-data-sync
+ text: 4. Sync you SIS using School Data Sync
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/license-users
+ text: 5. License users
+ # Card
+ - title: Phase 2 - Device management
+ imageSrc: ./images/EDU-Device-Mgmt.svg
+ links:
+ - url: https://docs.microsoft.com/en-us/education/windows/
+ text: 1. Get started with Windows 10 for Education
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/set-up-windows-10-education-devices
+ text: 2. Set up Windows 10 devices
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/intune-for-education
+ text: 3. Get started with Intune for Education
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/use-intune-for-education
+ text: 4. Use Intune to manage groups, apps, and settings
+ - url: https://docs.microsoft.com/en-us/intune/enrollment/enrollment-autopilot
+ text: 5. Enroll devices using Windows Autopilot
+ # Card
+ - title: Phase 3 - Apps management
+ imageSrc: ./images/EDU-Apps-Mgmt.svg
+ links:
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/configure-admin-settings
+ text: 1. Configure admin settings
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/set-up-teams-for-education
+ text: 2. Set up Teams for Education
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-office-365
+ text: 3. Set up Office 365
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/microsoft-store-for-education
+ text: 4. Install apps from Microsoft Store for Education
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/minecraft-for-education
+ text: 5. Install Minecraft - Education Edition
+ # Card
+ - title: Complete your deployment
+ # imageSrc should be square in ratio with no whitespace
+ imageSrc: ./images/EDU-Tasks.svg
+ links:
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-exchange-online
+ text: Deploy Exchange Online
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive
+ text: Deploy SharePoint Online and OneDrive
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-exchange-server-hybrid
+ text: Deploy Exchange Server hybrid
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-sharepoint-server-hybrid
+ text: Deploy SharePoint Server Hybrid
+ # Card
+ - title: Security & compliance
+ imageSrc: ./images/EDU-Lockbox.svg
+ links:
+ - url: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-checklist-p2
+ text: AAD feature deployment guide
+ - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423
+ text: Azure information protection deployment acceleration guide
+ - url: https://docs.microsoft.com/en-us/cloud-app-security/getting-started-with-cloud-app-security
+ text: Microsoft Cloud app security
+ - url: https://docs.microsoft.com/microsoft-365/compliance/create-test-tune-dlp-policy
+ text: Office 365 data loss prevention
+ - url: https://docs.microsoft.com/microsoft-365/compliance/
+ text: Office 365 advanced compliance
+ - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
+ text: Deploying Lockbox
+ # Card
+ - title: Analytics & insights
+ imageSrc: ./images/EDU-Education.svg
+ links:
+ - url: https://docs.microsoft.com/en-us/power-bi/service-admin-administering-power-bi-in-your-organization
+ text: Power BI for IT admins
+ - url: https://docs.microsoft.com/en-us/dynamics365/#pivot=get-started
+ text: Dynamics 365
+ # Card
+ - title: Find deployment help
+ imageSrc: ./images/EDU-FindHelp.svg
+ links:
+ - url: https://docs.microsoft.com/microsoft-365/education/deploy/find-deployment-help
+ text: IT admin help
+ - url: https://social.technet.microsoft.com/forums/en-us/home
+ text: TechNet
+ # Card
+ - title: Check out our education journey
+ imageSrc: ./images/EDU-ITJourney.svg
+ links:
+ - url: https://edujourney.microsoft.com/k-12/
+ text: K-12
+ - url: https://edujourney.microsoft.com/hed/
+ text: Higher education
+ # Card
+ - title: Additional support resources
+ imageSrc: ./images/EDU-Teachers.svg
+ links:
+ - url: https://support.office.com/en-us/education
+ text: Education help center
+ - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921
+ text: Teacher training packs
\ No newline at end of file
diff --git a/education/partners.yml b/education/partners.yml
new file mode 100644
index 0000000000..42925925f4
--- /dev/null
+++ b/education/partners.yml
@@ -0,0 +1,33 @@
+### YamlMime:Hub
+
+title: Microsoft 365 Education Documentation for partners
+summary: Looking for resources available to Microsoft Education partners? Start here.
+
+metadata:
+ title: Microsoft 365 Education Documentation for partners
+ description: Looking for resources available to Microsoft Education partners? Start here.
+ ms.service: help
+ ms.topic: hub-page
+ author: LaurenMoynihan
+ ms.author: v-lamoyn
+ ms.date: 10/24/2019
+
+additionalContent:
+ sections:
+ - items:
+ # Card
+ - title: Microsoft Partner Network
+ summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness.
+ url: https://partner.microsoft.com/solutions/education
+ # Card
+ - title: Authorized Education Partner (AEP) program
+ summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs).
+ url: https://www.mepn.com/
+ # Card
+ - title: Authorized Education Partner Directory
+ summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs.
+ url: https://www.mepn.com/MEPN/AEPSearch.aspx
+ # Card
+ - title: Education Partner community Yammer group
+ summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.
+ url: https://www.yammer.com/mepn/
\ No newline at end of file
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index 43b68e46ad..35146fcace 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -1617,7 +1617,7 @@ As a final quality control step, verify the device configuration to ensure that
* The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
* Windows Update is active and current with software updates.
* Windows Defender is active and current with malware Security intelligence.
-* The SmartScreen Filter is active.
+* Windows Defender SmartScreen is active.
* All Microsoft Store apps are properly installed and updated.
* All Windows desktop apps are properly installed and updated.
* Printers are properly configured.
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index 3cfeafb6d3..5fd1f4093a 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -1096,7 +1096,7 @@ As a final quality control step, verify the device configuration to ensure that
- The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
- Windows Update is active and current with software updates.
- Windows Defender is active and current with malware Security intelligence.
-- The SmartScreen Filter is active.
+- Windows Defender SmartScreen is active.
- All Microsoft Store apps are properly installed and updated.
- All Windows desktop apps are properly installed and updated.
- Printers are properly configured.
diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md
index 3832e088c4..bd78561b83 100644
--- a/mdop/agpm/index.md
+++ b/mdop/agpm/index.md
@@ -19,7 +19,7 @@ Microsoft Advanced Group Policy Management (AGPM) extends the capabilities of th
## AGPM Version Information
-[AGPM 4.0 SP3](agpm-40-sp3-navengl.md) supports Windows 10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
+[AGPM 4.0 SP3](agpm-40-sp3-navengl.md) supports Windows 10, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
[AGPM 4.0 SP2](agpm-40-sp2-navengl.md) supports Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md
index c19488dbb0..0275e8dc91 100644
--- a/mdop/agpm/troubleshooting-agpm40-upgrades.md
+++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md
@@ -39,3 +39,18 @@ This section lists common issues that you may encounter when you upgrade your Ad
- Install the required hotfix.
- Connect to AGPM using an AGPM client to test that your difference reports are now functioning.
+
+## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3
+
+**Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs).
+
+**How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information.
+
+More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button.
+
+The download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) can be found [here](https://www.microsoft.com/download/details.aspx?id=54967).
+
+
+## Reference link
+https://support.microsoft.com/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp
+
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp3.md b/mdop/agpm/whats-new-in-agpm-40-sp3.md
index dbe0512e16..d60031b011 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp3.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp3.md
@@ -189,7 +189,7 @@ The following table describes the behavior of AGPM 4.0 SP3 Client and Server in
## How to Get MDOP Technologies
-AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
+AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP) since MDOP 2015. MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
## Related topics
diff --git a/mdop/appv-v5/TOC.md b/mdop/appv-v5/TOC.md
index db147e8a98..6f2058280a 100644
--- a/mdop/appv-v5/TOC.md
+++ b/mdop/appv-v5/TOC.md
@@ -62,7 +62,7 @@
##### [How to Create a Custom Configuration File by Using the App-V 5.1 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md)
##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console 5.1](how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md)
##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console 5.1](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md)
-##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console 5.1](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md)
+##### [Configure Applications and Default Virtual Application Extensions in Management Console](configure-applications-and-default-virtual-application-extensions-in-management-console.md)
#### [Managing Connection Groups 5.1](managing-connection-groups51.md)
##### [About the Connection Group Virtual Environment 5.1](about-the-connection-group-virtual-environment51.md)
##### [About the Connection Group File 5.1](about-the-connection-group-file51.md)
diff --git a/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md b/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
index d0bcc87058..50214f1054 100644
--- a/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
+++ b/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
@@ -10,7 +10,7 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 06/16/2016
+ms.date: 10/03/2016
---
@@ -54,7 +54,7 @@ The most common tasks that you can perform with the App-V 5.0 Management console
- [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md)
-- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md)
+- [Configure Applications and Default Virtual Application Extensions in Management Console](configure-applications-and-default-virtual-application-extensions-in-management-console.md)
The main elements of the App-V 5.0 Management Console are:
diff --git a/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md b/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
index 9431f2a486..26ff07008e 100644
--- a/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
+++ b/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
@@ -54,7 +54,7 @@ The most common tasks that you can perform with the App-V 5.1 Management console
- [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md)
-- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md)
+- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md)
The main elements of the App-V 5.1 Management Console are:
diff --git a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md b/mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md
similarity index 89%
rename from mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
rename to mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md
index 808352b5e4..c96dff8cbe 100644
--- a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
+++ b/mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md
@@ -1,5 +1,5 @@
---
-title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
+title: Configure Applications and Default Virtual Application Extensions in Management Console
description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
author: dansimp
ms.assetid: 1e1941d3-fb22-4077-8ec6-7a0cb80335d8
@@ -10,14 +10,12 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 03/16/2017
+ms.date: 09/26/2019
---
+# Configure Applications and Default Virtual Application Extensions in Management Console
-# How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
-
-
-Use the following procedure to view and configure default package extensions.
+Use the following procedure to *view* and *configure* default package extensions.
**To view and configure default virtual application extensions**
diff --git a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
index fda09c81df..56bd58a27e 100644
--- a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
+++ b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
@@ -20,7 +20,7 @@ ms.date: 06/16/2016
After you have properly deployed the Microsoft Application Virtualization (App-V) 5.0 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
**Note**
-For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
index 4dbf7f3b64..f66484192f 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
@@ -224,7 +224,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
```xml
-
+
diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
index c290148b0d..76656d39e1 100644
--- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
+++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
@@ -1,3 +1,4 @@
+---
ms.reviewer:
title: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User
description: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User
diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
index c265b6155e..0345a45113 100644
--- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
+++ b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
@@ -1,3 +1,4 @@
+---
ms.reviewer:
title: How to Use an App-V 4.6 Application From an App-V 5.0 Application
description: How to Use an App-V 4.6 Application From an App-V 5.0 Application
diff --git a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
index 6346265cf1..7089ba0bff 100644
--- a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
@@ -49,7 +49,7 @@ The following items are required or recommended for creating the DaRT recovery i
Windows Debugging Tools for your platform
-
Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: Download and Install Debugging Tools for Windows.
+
Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: Download and Install Debugging Tools for Windows.
Optional: Windows symbols files for use with Crash Analyzer
@@ -62,7 +62,6 @@ The following items are required or recommended for creating the DaRT recovery i
## Related topics
-
[Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md)
@@ -72,4 +71,3 @@ The following items are required or recommended for creating the DaRT recovery i
-
diff --git a/mdop/dart-v8/TOC.md b/mdop/dart-v8/TOC.md
index e6b9c3194c..b2c907364b 100644
--- a/mdop/dart-v8/TOC.md
+++ b/mdop/dart-v8/TOC.md
@@ -39,5 +39,5 @@
#### [How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md)
## [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md)
## [Technical Reference for DaRT 8.0](technical-reference-for-dart-80-new-ia.md)
-### [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md)
+### [Use Windows Defender Offline (WDO) for malware protection, not DaRT ](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md)
diff --git a/mdop/dart-v8/index.md b/mdop/dart-v8/index.md
index bcee6aaf64..d51694005d 100644
--- a/mdop/dart-v8/index.md
+++ b/mdop/dart-v8/index.md
@@ -7,7 +7,7 @@ ms.pagetype: mdop
ms.mktglfcycl: support
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 10/03/2017
---
@@ -38,7 +38,7 @@ DaRT 8.0 is an important part of the Microsoft Desktop Optimization Pack (MDOP),
[Technical Reference for DaRT 8.0](technical-reference-for-dart-80-new-ia.md)
-[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md)
+[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md)
[Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md)
@@ -54,7 +54,7 @@ View updated product information and known issues for DaRT 8.0.
Learn about the latest MDOP information and resources.
[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com), or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
diff --git a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
index 0733bc4bef..ec7b892511 100644
--- a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
+++ b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
@@ -10,7 +10,7 @@ ms.pagetype: mdop
ms.mktglfcycl: support
ms.sitesec: library
ms.prod: w10
-ms.date: 06/16/2016
+ms.date: 10/03/2016
---
@@ -48,7 +48,7 @@ For more information about **Crash Analyzer**, see [Diagnosing System Failures w
### Defender
**Important**
-Environments with the DaRT Defender deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. For more information, see [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md).
+Environments with the DaRT Defender deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. For more information, see [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md).
diff --git a/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md b/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md
index da7f794b85..6fefab5848 100644
--- a/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md
+++ b/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md
@@ -10,7 +10,7 @@ ms.pagetype: mdop
ms.mktglfcycl: support
ms.sitesec: library
ms.prod: w10
-ms.date: 06/16/2016
+ms.date: 10/03/2016
---
@@ -22,7 +22,7 @@ This section includes technical reference information about Microsoft Diagnostic
## Technical reference
-- [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md)
+[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md)
Environments with the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection.
diff --git a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md b/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md
similarity index 87%
rename from mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
rename to mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md
index fe85973fc6..6265073d6b 100644
--- a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
+++ b/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md
@@ -1,5 +1,5 @@
---
-title: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection
+title: Use Windows Defender Offline (WDO) for malware protection not DaRT
description: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection
author: dansimp
ms.assetid: 59678283-4b44-4d02-ba8f-0e7315efd5d1
@@ -10,12 +10,12 @@ ms.pagetype: mdop
ms.mktglfcycl: support
ms.sitesec: library
ms.prod: w10
-ms.date: 08/30/2016
+ms.date: 09/25/2019
---
-
-# Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection
-
+
+# Use Windows Defender Offline (WDO) for malware protection, not DaRT.
Environments that have the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. This applies to all currently supported versions of DaRT. These versions include DaRT 7, DaRT 8, and DaRT 8.1, together with their service packs.
diff --git a/mdop/docfx.json b/mdop/docfx.json
index 252c242145..e6f79ff24a 100644
--- a/mdop/docfx.json
+++ b/mdop/docfx.json
@@ -41,11 +41,22 @@
"depot_name": "Win.mdop",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ],
+ "titleSuffix": "Microsoft Desktop Optimization Pack"
},
"externalReference": [],
"template": "op.html",
"dest": "mdop",
"markdownEngineName": "markdig"
- }
+ }
}
diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md
index f42751d4d1..7d1f4c4060 100644
--- a/mdop/mbam-v1/getting-started-with-mbam-10.md
+++ b/mdop/mbam-v1/getting-started-with-mbam-10.md
@@ -13,9 +13,12 @@ ms.prod: w10
ms.date: 08/30/2016
---
-
# Getting Started with MBAM 1.0
+> **IMPORTANT**
+> MBAM 1.0 will reach end of support on September 14, 2021.
+> See our [lifecycle page](https://support.microsoft.com/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%201.0) for more information. We recommend [migrating to MBAM 2.5](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions) or another supported version of MBAM, or migrating your BitLocker management to [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager).
+
Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership.
diff --git a/mdop/mbam-v2/TOC.md b/mdop/mbam-v2/TOC.md
index ee098e3a8b..4bb822bfb4 100644
--- a/mdop/mbam-v2/TOC.md
+++ b/mdop/mbam-v2/TOC.md
@@ -36,8 +36,8 @@
## [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md)
### [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)
#### [Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md)
-#### [Planning to Deploy MBAM with Configuration Manager [2 [MBAM_2](planning-to-deploy-mbam-with-configuration-manager-2.md)
-#### [Deploying MBAM with Configuration Manager [MBAM2 [MBAM_2](deploying-mbam-with-configuration-manager-mbam2.md)
+#### [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md)
+#### [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md)
##### [How to Create or Edit the mof Files](how-to-create-or-edit-the-mof-files.md)
###### [Edit the Configuration.mof File](edit-the-configurationmof-file.md)
###### [Create or Edit the Sms_def.mof File](create-or-edit-the-sms-defmof-file.md)
diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md
index 8d746d6841..a921105176 100644
--- a/mdop/mbam-v25/deploy-mbam.md
+++ b/mdop/mbam-v25/deploy-mbam.md
@@ -1,13 +1,14 @@
---
title: Deploying MBAM 2.5 in a stand-alone configuration
description: Introducing how to deploy MBAM 2.5 in a stand-alone configuration.
-author: delhan
+author: Deland-Han
ms.reviewer: dcscontentpm
manager: dansimp
ms.author: delhan
ms.sitesec: library
ms.prod: w10
ms.date: 09/16/2019
+manager: dcscontentpm
---
# Deploying MBAM 2.5 in a standalone configuration
@@ -110,7 +111,7 @@ Choose a server that meets the hardware configuration as explained in the [MBAM
.NET Framework Environment
Configuration APIs
-For the self-service portal to work, you should also [download and install ASP.NET MVC 4.0](http://go.microsoft.com/fwlink/?linkid=392271).
+For the self-service portal to work, you should also [download and install ASP.NET MVC 4.0](https://go.microsoft.com/fwlink/?linkid=392271).
The next step is to create the required MBAM users and groups in Active Directory.
@@ -553,7 +554,7 @@ Now that you have finished the deployment activity, you should review the follow
* If a certificate is used, the certificate must have both FQDN and NetBIOS names entered into the **Subject Alternative Name** field for all IIS servers in the load balance group and also as the Friendly Name (for example: bitlocker.corp.net). Otherwise, the certificate will be reported as not trusted by the browser when you browse load-balanced addresses.
-For more information, see [IIS Network Load Balancing](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-high-availability#a-href-idbkmk-load-balanceaiis-network-load-balancing) and [Registering SPNs for the application pool account](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/planning-how-to-secure-the-mbam-websites#registering-spns-for-the-application-pool-account).
+For more information, see [IIS Network Load Balancing](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-high-availability#a-href-idbkmk-load-balanceaiis-network-load-balancing) and [Registering SPNs for the application pool account](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-how-to-secure-the-mbam-websites#registering-spns-for-the-application-pool-account).
### How to configure a certificate
@@ -589,6 +590,6 @@ For more information, see [MBAM Setup fails with “Register SPN Deferred” err
You'll see multiple OS options in the MBAM root node for GPO after you update the ADMX templates to their latest versions. For example, Windows 7, Windows 8.1, and Windows 10, version 1511 and later versions.
For more information about how to update the ADMX templates, see the following articles:
-* [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates)
-* [Planning for MBAM 2.5 Group Policy Requirements](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-group-policy-requirements)
+* [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates)
+* [Planning for MBAM 2.5 Group Policy Requirements](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-group-policy-requirements)
* [Microsoft Desktop Optimization Pack Group Policy Administrative Templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531)
diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md
index d58974a50e..d8e8d0fc89 100644
--- a/mdop/mbam-v25/troubleshooting-mbam-installation.md
+++ b/mdop/mbam-v25/troubleshooting-mbam-installation.md
@@ -1,13 +1,14 @@
---
title: Troubleshooting MBAM 2.5 installation problems
description: Introducing how to troubleshoot MBAM 2.5 installation problems.
-author: delhan
+author: Deland-Han
ms.reviewer: dcscontentpm
manager: dansimp
ms.author: delhan
ms.sitesec: library
ms.prod: w10
ms.date: 09/16/2019
+manager: dcscontentpm
---
# Troubleshooting MBAM 2.5 installation problems
@@ -386,7 +387,7 @@ Basic checks:
* If the communication between client and server is secure, make sure that you are using a valid SSL certificate.
-* Verify network connectivity between the web server and the database server to which the data is sent for insertion. You can check database connectivity from the web server to the database server by using ODBC Data Source Administrator. Detailed SQL Server connection troubleshooting information is available in [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx).
+* Verify network connectivity between the web server and the database server to which the data is sent for insertion. You can check database connectivity from the web server to the database server by using ODBC Data Source Administrator. Detailed SQL Server connection troubleshooting information is available in [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx).
#### Troubleshooting the connectivity issue
@@ -528,11 +529,11 @@ The web service may not connect to the database server because of a permissions
* These groups do not have the required permissions on the database.
-You will notice permissions-related errors in the Application logs on the MBAM administration and monitoring server if any of the previous conditions are true. In that case, you should manually add the NT Authority\Network Service account and MBAM administration server’s computer account and grant them a server-wide public role on the SQL database server that is using SQL Server Management Studio (http://msdn.microsoft.com/en-us/library/aa337562.aspx).
+You will notice permissions-related errors in the Application logs on the MBAM administration and monitoring server if any of the previous conditions are true. In that case, you should manually add the NT Authority\Network Service account and MBAM administration server’s computer account and grant them a server-wide public role on the SQL database server that is using SQL Server Management Studio (https://msdn.microsoft.com/library/aa337562.aspx).
#### Review the web service logs
-If no events are logged in the Application logs on the MBAM administration server, it’s time to review the web service logs (.svclog) of the MBAM web service that is hosted on the MBAM administration and monitoring server. You will have to use the Service Trace Viewer Tool (SvcTraceViewer.exe) http://msdn.microsoft.com/en-us/library/ms732023.aspx to view the log file.
+If no events are logged in the Application logs on the MBAM administration server, it’s time to review the web service logs (.svclog) of the MBAM web service that is hosted on the MBAM administration and monitoring server. You will have to use the Service Trace Viewer Tool (SvcTraceViewer.exe) https://msdn.microsoft.com/library/ms732023.aspx to view the log file.
You should primarily investigate the service trace logs of RecoveryandHardwareService and ComplianceStatusService. By default, web service logs are located in the C:\inetpub\Microsoft BitLocker Management Solution\Logs folder. There, each service writes its .svclog file under its own folder.
diff --git a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md
index c9f0e46454..153757ee67 100644
--- a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md
+++ b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md
@@ -12,7 +12,7 @@ ms.localizationpriority: Normal
# Upgrade from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update
-This article provides step-by-step instructions to upgrade Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 to MBAM 2.5 Service Pack 1 (SP1) together with the Microsoft Desktop Optimization Pack (MDOP) July 2018 servicing update in a standalone configuration.
+This article provides step-by-step instructions to upgrade Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 to MBAM 2.5 Service Pack 1 (SP1) together with the [Microsoft Desktop Optimization Pack (MDOP) May 2019 servicing update](https://support.microsoft.com/help/4505175/may-2019-servicing-release-for-microsoft-desktop-optimization-pack) in a standalone configuration.
In this guide, we will use a two-server configuration. One server will be a database server that's running Microsoft SQL Server 2016. This server will host the MBAM databases and reports. The other server will be a Windows Server 2012 R2 web server. This server will host "Administration and Monitoring" and "Self-Service Portal."
diff --git a/smb/docfx.json b/smb/docfx.json
index f4e4a7783a..a5644a3f2b 100644
--- a/smb/docfx.json
+++ b/smb/docfx.json
@@ -30,19 +30,29 @@
"externalReference": [],
"globalMetadata": {
"breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_system": "None",
+ "hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "TechNet.smb",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ],
+ "titleSuffix": "Windows for Small to Midsize Business"
},
"fileMetadata": {},
"template": [],
"dest": "smb",
"markdownEngineName": "markdig"
- }
+ }
}
diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md
index ecc4e1f38e..b9df263894 100644
--- a/store-for-business/billing-understand-your-invoice-msfb.md
+++ b/store-for-business/billing-understand-your-invoice-msfb.md
@@ -26,7 +26,6 @@ Invoices are your bill from Microsoft. A few things to note:
- **Billing profile** - Billing profiles are created during your purchase. Invoices are created for each billing profile. Billing profiles let you customize what products are purchased, how you pay for them, and who can make purchases. For more information, see [Understand billing profiles](billing-profile.md)
- **Items included** - Your invoice includes total charges for all first and third-party software and hardware products purchased under a Microsoft Customer Agreement. That includes items purchased from Microsoft Store for Business and Azure Marketplace.
- **Charges** - Your invoice provides information about products purchased and their related charges and taxes. Purchases are aggregated to provide a concise view of your bill.
-- **International customers** - Charges on invoices for international customers are converted to their local currencies. Exchange rate information is listed at the bottom of the invoice.
## Online invoice
For Store for Business customers, invoices are also available online. A few things to note:
@@ -107,9 +106,6 @@ At the bottom of the invoice, there are instructions for paying your bill. You c
### Publisher information
If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice.
-### Exchange rate
-If prices were converted to your local currency, the exchange rates are listed in this section at the bottom of the invoice. All Azure charges are priced in USD and third-party services are priced in the seller's currency.
-
## Next steps
If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](https://docs.microsoft.com/azure/billing/billing-understand-your-invoice-mca).
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index 2825ff309d..2a30faf3ef 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -40,19 +40,28 @@
"searchScope": [
"Store"
],
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_system": "None",
+ "hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.store-for-business",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ]
},
"fileMetadata": {},
"template": [],
"dest": "store-for-business",
"markdownEngineName": "markdig"
- }
+ }
}
diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md
index 0159084242..68548aeb8b 100644
--- a/store-for-business/sign-up-microsoft-store-for-business-overview.md
+++ b/store-for-business/sign-up-microsoft-store-for-business-overview.md
@@ -12,7 +12,7 @@ author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.localizationpriority: medium
-ms.date: 10/13/2017
+ms.date: 10/03/2019
---
# Sign up and get started
@@ -29,10 +29,10 @@ IT admins can sign up for Microsoft Store for Business and Education, and get st
| Topic | Description |
| ----- | ----------- |
| [Microsoft Store for Business and Education overview](windows-store-for-business-overview.md) | Learn about Microsoft Store for Business. |
-| [Prerequisites for Microsoft Store for Business and Education](prerequisites-windows-store-for-business.md) | There are a few prerequisites for using Microsoft Store for Business and Education. |
-| [Sign up for Microsoft Store for Business or Microsoft Store for Education](sign-up-windows-store-for-business.md) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. |
-| [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-windows-store-for-business.md) | The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
-| [Settings reference: Microsoft Store for Business and Education](settings-reference-windows-store-for-business.md) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |
+| [Prerequisites for Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) | There are a few prerequisites for using Microsoft Store for Business and Education.](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) |
+| [Sign up for Microsoft Store for Business or Microsoft Store for Education](https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. |
+| [Roles and permissions in Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/roles-and-permissions-microsoft-store-for-business)| The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
+| [Settings reference: Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/settings-reference-microsoft-store-for-business) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |
diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
index e2ed065b74..55dcc71e05 100644
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@@ -1,5 +1,5 @@
---
-title: How to Allow Only Administrators to Enable Connection Groups (Windows 10)
+title: Only Allow Admins to Enable Connection Groups (Windows 10)
description: How to Allow Only Administrators to Enable Connection Groups
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
index b6d62b3219..5ba6786e15 100644
--- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -1,5 +1,5 @@
---
-title: How to apply the deployment configuration file by using Windows PowerShell (Windows 10)
+title: Apply deployment config file via Windows PowerShell (Windows 10)
description: How to apply the deployment configuration file by using Windows PowerShell for Windows 10.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index 6e88aa4a89..3acd5f85db 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -1,5 +1,5 @@
---
-title: Automatically clean up unpublished packages on the App-V client (Windows 10)
+title: Auto-remove unpublished packages on App-V client (Windows 10)
description: How to automatically clean up any unpublished packages on your App-V client devices.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 87ee2f267a..7209027bb8 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -1,5 +1,5 @@
---
-title: How to Install the Publishing Server on a Remote Computer (Windows 10)
+title: Install the Publishing Server on a Remote Computer (Windows 10)
description: How to Install the App-V Publishing Server on a Remote Computer
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/change-history-for-application-management.md b/windows/application-management/change-history-for-application-management.md
index b7fda33af3..fdb6834a7a 100644
--- a/windows/application-management/change-history-for-application-management.md
+++ b/windows/application-management/change-history-for-application-management.md
@@ -1,13 +1,13 @@
---
title: Change history for Application management in Windows 10 (Windows 10)
-description: This topic lists changes to documentation for configuring Windows 10.
+description: View changes to documentation for application management in Windows 10.
keywords:
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: msfttracyp
+author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 10/24/2017
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index ee08c91bcf..09bd474c3e 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -36,15 +36,14 @@
"audience": "ITPro",
"ms.topic": "article",
"ms.author": "elizapo",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_system": "None",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-app-management",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "titleSuffix": "Windows Application Management"
},
"fileMetadata": {},
"template": [],
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index a9bdc7b123..dc56d686c7 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -1,5 +1,5 @@
---
-author: msfttracyp
+author: dansimp
title: Remove background task resource restrictions
description: Allow enterprise background tasks unrestricted access to computer resources.
ms.author: dansimp
@@ -8,7 +8,6 @@ ms.reviewer:
manager: dansimp
ms.topic: article
ms.prod: w10
-ms.technology: uwp
keywords: windows 10, uwp, enterprise, background task, resources
---
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 74edf682a0..205e2c3711 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: medium
-author: msfttracyp
+author: dansimp
ms.author: dansimp
ms.topic: article
---
@@ -33,7 +33,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
- a. Download the FOD .cab file for [Windows 10, version 1903](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
+ a. Download the FOD .cab file for [Windows 10, version 1903](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
>[!NOTE]
>You must download the FOD .cab file that matches your operating system version.
diff --git a/windows/client-management/TOC.md b/windows/client-management/TOC.md
index 05d41bdfa9..cb93e0fb3b 100644
--- a/windows/client-management/TOC.md
+++ b/windows/client-management/TOC.md
@@ -4,6 +4,7 @@
## [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md)
## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)
## [New policies for Windows 10](new-policies-for-windows-10.md)
+## [Windows 10 default media removal policy](change-default-removal-policy-external-storage-media.md)
## [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md)
## [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md)
## [What version of Windows am I running](windows-version-search.md)
@@ -30,5 +31,6 @@
#### [Advanced troubleshooting for Windows-based computer freeze](troubleshoot-windows-freeze.md)
#### [Advanced troubleshooting for stop error or blue screen error](troubleshoot-stop-errors.md)
#### [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md)
+#### [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
## [Mobile device management for solution providers](mdm/index.md)
## [Change history for Client management](change-history-for-client-management.md)
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 84c3b8c3d2..35c0f225b0 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -4,11 +4,11 @@ description: Administrative Tools is a folder in Control Panel that contains too
ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8
ms.reviewer:
manager: dansimp
-ms.author: tracyp
+ms.author: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: msfttracyp
+author: dansimp
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index 878b065aa7..267386adc6 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -5,9 +5,9 @@ manager: dansimp
description: Learn how 802.1X Authentication works
keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi
ms.prod: w10
-ms.mktglfcycl:
+ms.mktglfcycl:
ms.sitesec: library
-author: msfttracyp
+author: dansimp
ms.localizationpriority: medium
ms.author: tracyp
ms.topic: troubleshooting
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index 5f1c4ea9c9..5986263a1e 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -1,11 +1,11 @@
---
title: Advanced troubleshooting for Windows boot problems
-description: Learn how to troubleshoot when Windows is unable to boot
+description: Learn how to troubleshoot when Windows is unable to boot
ms.prod: w10
ms.sitesec: library
-author: msfttracyp
+author: dansimp
ms.localizationpriority: medium
-ms.author: tracyp
+ms.author: dansimp
ms.date: 11/16/2018
ms.reviewer:
manager: dansimp
@@ -220,7 +220,6 @@ If Windows cannot load the system registry hive into memory, you must restore th
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
-
## Kernel Phase
If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following:
@@ -228,8 +227,9 @@ If the system gets stuck during the kernel phase, you experience multiple sympto
- A Stop error appears after the splash screen (Windows Logo screen).
- Specific error code is displayed.
- For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
- (To troubleshoot the 0x0000007B error, see [Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)](https://internal.support.services.microsoft.com/help/4343769/troubleshooting-guide-for-windows-boot-problems#0x7bstoperror))
+ For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
+ - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](https://docs.microsoft.com/windows/client-management/troubleshoot-inaccessible-boot-device)
+ - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
@@ -307,9 +307,7 @@ To troubleshoot this Stop error, follow these steps to filter the drivers:
For additional troubleshooting steps, see the following articles:
-- [Troubleshooting a Stop 0x7B in Windows](https://blogs.technet.microsoft.com/askcore/2013/08/05/troubleshooting-a-stop-0x7b-in-windows/)
-
-- [Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows XP](https://internal.support.services.microsoft.com/help/324103).
+- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](https://docs.microsoft.com/windows/client-management/troubleshoot-inaccessible-boot-device)
To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
@@ -358,17 +356,15 @@ If the computer does not start, follow these steps:
12. Try to start the computer.
-If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following Knowledge Base article:
+If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following articles:
-- [969028](https://support.microsoft.com/help/969028) How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2
+- [Generate a kernel or complete crash dump](https://docs.microsoft.com/windows/client-management/generate-kernel-or-complete-crash-dump)
-For more information about page file problems in Windows 10 or Windows Server 2016, see the following Knowledge Base article:
-
-- [4133658](https://support.microsoft.com/help/4133658) Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows
+For more information about page file problems in Windows 10 or Windows Server 2016, see the following:
+- [Introduction to page files](https://docs.microsoft.com/windows/client-management/introduction-page-file)
For more information about Stop errors, see the following Knowledge Base article:
-
-- [3106831](https://support.microsoft.com/help/3106831) Troubleshooting Stop error problems for IT Pros
+- [Advanced troubleshooting for Stop error or blue screen error issue](https://docs.microsoft.com/windows/client-management/troubleshoot-stop-errors)
If the dump file shows an error that is related to a driver (for example, windows\system32\drivers\stcvsm.sys is missing or corrupted), follow these guidelines:
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
index dbd429f2e5..c04dae805a 100644
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
@@ -5,11 +5,11 @@ manager: dansimp
description: Learn how troubleshooting of establishing Wi-Fi connections
keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi
ms.prod: w10
-ms.mktglfcycl:
+ms.mktglfcycl:
ms.sitesec: library
-author: msfttracyp
+author: dansimp
ms.localizationpriority: medium
-ms.author: tracyp
+ms.author: dansimp
ms.topic: troubleshooting
---
@@ -92,7 +92,7 @@ The following is a high-level view of the main wifi components in Windows.
- Scanning for wireless networks in range
- Managing connectivity of wireless networks
The Media Specific Module (MSM) handles security aspects of connection being established.
-
The Native Wifi stack consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.
+
The Native WiFi stack consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.
Third-party wireless miniport drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.
diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md
new file mode 100644
index 0000000000..5de58be176
--- /dev/null
+++ b/windows/client-management/change-default-removal-policy-external-storage-media.md
@@ -0,0 +1,50 @@
+---
+title: Windows 10 default media removal policy
+description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal."
+ms.prod: w10
+author: Teresa-Motiv
+ms.author: v-tea
+ms.date: 12/13/2019
+ms.prod: w10
+ms.topic: article
+ms.custom:
+- CI 111493
+- CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+manager: kaushika
+---
+
+# Change in default removal policy for external storage media in Windows 10, version 1809
+
+Windows defines two main policies, **Quick removal** and **Better performance**, that control how the system interacts with external storage devices such as USB thumb drives or Thunderbolt-enabled external drives. Beginning in Windows 10 version 1809, the default policy is **Quick removal**.
+
+In earlier versions of Windows, the default policy was **Better performance**.
+
+You can change the policy setting for each external device, and the policy that you set remains in effect if you disconnect the device and then connect it again to the same computer port.
+
+## More information
+
+You can use the storage device policy setting to change the manner in which Windows manages storage devices to better meet your needs. The policy settings have the following effects:
+
+* **Quick removal**: This policy manages storage operations in a manner that keeps the device ready to remove at any time. You can remove the device without using the Safely Remove Hardware process. However, to do this, Windows cannot cache disk write operations. This may degrade system performance.
+* **Better performance**: This policy manages storage operations in a manner that improves system performance. When this policy is in effect, Windows can cache write operations to the external device. However, you must use the Safely Remove Hardware process to remove the external drive. The Safely Remove Hardware process protects the integrity of data on the device by making sure that all cached operations finish.
+ > [!IMPORTANT]
+ > If you use the **Better performance** policy, you must use the Safely Remove Hardware process to remove the device. If you remove or disconnect the device without following the safe removal instructions, you risk losing data.
+
+ > [!NOTE]
+ > If you select **Better performance**, we recommend that you also select **Enable write caching on the device**.
+
+To change the policy for an external storage device:
+
+1. Connect the device to the computer.
+2. Right-click **Start**, then select **File Explorer**.
+3. In File Explorer, identify the letter or label that is associated with the device (for example, **USB Drive (D:)**).
+4. Right-click **Start**, then select **Disk Management**.
+5. In the lower section of the Disk Management window, right-click the label of the device, and then select **Properties**.
+
+ 
+
+6. Select **Policies**, and then select the policy you want to use.
+
+ 
diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md
index 771366616a..8265dd9abc 100644
--- a/windows/client-management/change-history-for-client-management.md
+++ b/windows/client-management/change-history-for-client-management.md
@@ -1,15 +1,15 @@
---
title: Change history for Client management (Windows 10)
-description: This topic lists changes to documentation for configuring Windows 10.
+description: View changes to documentation for client management in Windows 10.
keywords:
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: msfttracyp
-ms.author: tracyp
-ms.date: 12/06/2018
+author: dansimp
+ms.author: dansimp
+ms.date: 12/27/2019
ms.reviewer:
manager: dansimp
ms.topic: article
@@ -19,6 +19,13 @@ ms.topic: article
This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile.
+## December 2019
+
+New or changed topic | Description
+--- | ---
+[Change in default removal policy for external storage media in Windows 10, version 1809](change-default-removal-policy-external-storage-media.md) | New
+[Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md) | New
+
## December 2018
New or changed topic | Description
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index e1365a820c..a7c0f2f152 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -32,7 +32,8 @@ From its release, Windows 10 has supported remote connections to PCs that are jo
## Set up
- Both PCs (local and remote) must be running Windows 10, version 1607 (or later). Remote connection to an Azure AD-joined PC that is running earlier versions of Windows 10 is not supported.
-- Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC that you are using to connect to the remote PC.
+- Your local PC (where you are connecting from) must be either Azure AD joined or Hybrid Azure AD joined. Remote connection to an Azure AD joined PC from an unjoined device or a non-Windows 10 device is not supported.
+Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC that you are using to connect to the remote PC.
- On the PC that you want to connect to:
1. Open system properties for the remote PC.
2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
@@ -45,15 +46,22 @@ From its release, Windows 10 has supported remote connections to PCs that are jo
>
>`net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"`, where *FirstnameLastname* is the name of the user profile in C:\Users\, which is created based on DisplayName attribute in Azure AD.
>
+ > This command only works for AADJ device users already added to any of the local groups (administrators).
+ > Otherwise this command throws the below error. For example:
+ > for cloud only user: "There is no such global user or group : *name*"
+ > for synced user: "There is no such global user or group : *name*"
+ >
>In Windows 10, version 1709, the user does not have to sign in to the remote device first.
>
>In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
- >[!TIP]
- >When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+ > [!TIP]
+ > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+> [!Note]
+> If you cannot connect using Remote Desktop Connection 6.0, then you must turn off new features of RDP 6.0 and revert back to RDP 5.0 by changing a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
## Supported configurations
@@ -81,7 +89,8 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC
- Password
- Windows Hello for Business, with or without an MDM subscription.
-
+> [!NOTE]
+> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
## Related topics
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index d687294412..ffd1c9d266 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -44,7 +44,8 @@
"depot_name": "MSDN.win-client-management",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "titleSuffix": "Windows Client Management"
},
"fileMetadata": {},
"template": [],
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index 894ed853fc..6601e238eb 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -103,9 +103,9 @@ To do this, follow these steps:
### Use the keyboard
-[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
+[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
### Use Debugger
-[Forcing a System Crash from the Debugger](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)
+[Forcing a System Crash from the Debugger](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)
diff --git a/windows/client-management/images/change-def-rem-policy-1.png b/windows/client-management/images/change-def-rem-policy-1.png
new file mode 100644
index 0000000000..4d99854104
Binary files /dev/null and b/windows/client-management/images/change-def-rem-policy-1.png differ
diff --git a/windows/client-management/images/change-def-rem-policy-2.png b/windows/client-management/images/change-def-rem-policy-2.png
new file mode 100644
index 0000000000..d05d5dd16f
Binary files /dev/null and b/windows/client-management/images/change-def-rem-policy-2.png differ
diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md
index e0d86a8a23..dbcd186131 100644
--- a/windows/client-management/img-boot-sequence.md
+++ b/windows/client-management/img-boot-sequence.md
@@ -1,6 +1,6 @@
---
-description: A full-sized view of the boot sequence flowchart.
title: Boot sequence flowchart
+description: A full-sized view of the boot sequence flowchart.
ms.date: 11/16/2018
ms.reviewer:
manager: dansimp
@@ -10,8 +10,8 @@ ms.topic: article
ms.prod: w10
---
+# Boot sequence flowchart
+
Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
-
-
diff --git a/windows/client-management/index.md b/windows/client-management/index.md
index ff70171304..3838366e1a 100644
--- a/windows/client-management/index.md
+++ b/windows/client-management/index.md
@@ -23,6 +23,7 @@ Learn about the administrative tools, tasks and best practices for managing Wind
|[Connect to remote Azure Active Directory-joined PCs](connect-to-remote-aadj-pc.md)| Instructions for connecting to a remote PC joined to Azure Active Directory (Azure AD)|
|[Join Windows 10 Mobile to Azure AD](join-windows-10-mobile-to-azure-active-directory.md)| Describes the considerations and options for using Windows 10 Mobile with Azure AD in your organization.|
|[New policies for Windows 10](new-policies-for-windows-10.md)| Listing of new group policy settings available in Windows 10|
+|[Windows 10 default media removal policy](change-default-removal-policy-external-storage-media.md) |In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal." |
|[Group policies for enterprise and education editions](group-policies-for-enterprise-and-education-editions.md)| Listing of all group policy settings that apply specifically to Windows 10 Enterprise and Education editions|
| [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md) | Starting in Windows 10, version 1703, you can now manage the pages that are shown in the Settings app by using Group Policy. |
|[Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)| Instructions for resetting a Windows 10 Mobile device using either *factory* or *'wipe and persist'* reset options|
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
index 662ae5f90e..cee81bcd72 100644
--- a/windows/client-management/introduction-page-file.md
+++ b/windows/client-management/introduction-page-file.md
@@ -8,7 +8,7 @@ author: Deland-Han
ms.localizationpriority: medium
ms.author: delhan
ms.reviewer: greglin
-manager: willchen
+manager: dcscontentpm
---
# Introduction to page files
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index ef2bf77cba..97ea145013 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -12,13 +12,13 @@ ms.author: dansimp
ms.topic: article
---
+# Manage the Settings app with Group Policy
+
+
**Applies to**
- Windows 10, Windows Server 2016
-
-# Manage the Settings app with Group Policy
-
You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update.
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index b2e9438fba..9d7b5546ff 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -31,6 +31,7 @@ When the server that stores the mandatory profile is unavailable, such as when t
User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile.
+
## Profile extension for each Windows version
The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version.
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index c90eee3566..9241a7fdf7 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -159,7 +159,15 @@
#### [Personalization DDF file](personalization-ddf.md)
### [Policy CSP](policy-configuration-service-provider.md)
#### [Policy DDF file](policy-ddf-file.md)
-#### [ApplicationRestrictions XSD](applicationrestrictions-xsd.md)
+#### [Policies supported by Group Policy](policies-supported-by-group-policy.md)
+#### [ADMX-backed policies](policies-admx-backed.md)
+#### [Policies supported by HoloLens 2](policies-supported-by-hololens2.md)
+#### [Policies supported by HoloLens (1st gen) Commercial Suite](policies-supported-by-hololens-1st-gen-commercial-suite.md)
+#### [Policies supported by HoloLens (1st gen) Development Edition](policies-supported-by-hololens-1st-gen-development-edition.md)
+#### [Policies supported by Windows 10 IoT Enterprise](policies-supported-by-iot-enterprise.md)
+#### [Policies supported by Windows 10 IoT Core](policies-supported-by-iot-core.md)
+#### [Policies supported by Microsoft Surface Hub](policies-supported-by-surface-hub.md)
+#### [Policies that can be set using Exchange Active Sync (EAS)](policies-that-can-be-set-using-eas.md)
#### [AboveLock](policy-csp-abovelock.md)
#### [Accounts](policy-csp-accounts.md)
#### [ActiveXControls](policy-csp-activexcontrols.md)
@@ -229,7 +237,6 @@
#### [Security](policy-csp-security.md)
#### [ServiceControlManager](policy-csp-servicecontrolmanager.md)
#### [Settings](policy-csp-settings.md)
-#### [SmartScreen](policy-csp-smartscreen.md)
#### [Speech](policy-csp-speech.md)
#### [Start](policy-csp-start.md)
#### [Storage](policy-csp-storage.md)
@@ -245,6 +252,7 @@
#### [Wifi](policy-csp-wifi.md)
#### [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md)
#### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)
+#### [WindowsDefenderSmartScreen](policy-csp-smartscreen.md)
#### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
#### [WindowsLogon](policy-csp-windowslogon.md)
#### [WindowsPowerShell](policy-csp-windowspowershell.md)
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index 294043dca3..04edf1f24d 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -1,6 +1,6 @@
---
title: AccountManagement CSP
-description: Used to configure settings in the Account Manager service
+description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -31,7 +31,7 @@ Root node for the AccountManagement configuration service provider.
Interior node.
**UserProfileManagement/EnableProfileManager**
-Enable profile lifetime mangement for shared or communal device scenarios. Default value is false.
+Enable profile lifetime management for shared or communal device scenarios. Default value is false.
Supported operations are Add, Get,Replace, and Delete. Value type is bool.
diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md
index 6f6df91fe0..35fd257acb 100644
--- a/windows/client-management/mdm/accountmanagement-ddf.md
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@@ -1,6 +1,6 @@
---
title: AccountManagement DDF file
-description: Used to configure settings in the Account Manager service
+description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index a0cc7de5dd..d6d6a9fc16 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -1,6 +1,6 @@
---
title: Accounts CSP
-description: The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and joint it to a local user group.
+description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, as well as create local Windows accounts & joint them to a group.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
index 0815b489ba..c4a1538d53 100644
--- a/windows/client-management/mdm/accounts-ddf-file.md
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Accounts DDF file
-description: XML file containing the device description framework
+description: XML file containing the device description framework for the Accounts configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index 0cd8b04e7c..f6d3ef7a2f 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -1,6 +1,6 @@
---
-title: ApplicationControl CSP
-description: ApplicationControl CSP
+title: ApplicationControl CSP DDF
+description: View the OMA DM device description framework (DDF) for the ApplicationControl configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 7dc2e66ea2..5a4fd15cf0 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -1,6 +1,6 @@
---
title: ApplicationControl CSP
-description: ApplicationControl CSP
+description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -11,7 +11,7 @@ ms.date: 05/21/2019
# ApplicationControl CSP
-Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
+Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using AppLocker CSP’s CodeIntegrity node can now be deployed using ApplicationControl CSP URI. Although WDAC policy deployment via AppLocker CSP will continue to be supported, all new feature work will be done in ApplicationControl CSP only.
ApplicationControl CSP was added in Windows 10, version 1903.
@@ -40,7 +40,7 @@ This node is the policy binary itself, which is encoded as base64.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
-Value type is b64. Supported value is any well-formed WDAC policy, i.e. the base64-encoded content output by the ConvertFrom-CIPolicy cmdlet.
+Value type is b64. Supported value is a binary file, converted from the policy XML file by the ConvertFrom-CIPolicy cmdlet.
Default value is empty.
@@ -117,18 +117,8 @@ Value type is char.
To use ApplicationControl CSP, you must:
- Know a generated policy’s GUID, which can be found in the policy xml as ``.
- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
-- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool.
-Here is a sample certutil invocation:
-```
-certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
-```
-An alternative to using certutil would be to use the following PowerShell invocation:
-```
-[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path ))
-```
-If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI
-functionality to apply the Code Integrity policy.
+If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy via uploading the binary file.
### Deploy policies
To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below.
@@ -233,4 +223,4 @@ The following is an example of Delete command:
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/applicationrestrictions-xsd.md b/windows/client-management/mdm/applicationrestrictions-xsd.md
deleted file mode 100644
index a088806e23..0000000000
--- a/windows/client-management/mdm/applicationrestrictions-xsd.md
+++ /dev/null
@@ -1,129 +0,0 @@
----
-title: ApplicationRestrictions XSD
-description: Here's the XSD for the ApplicationManagement/ApplicationRestrictions policy.
-ms.assetid: A5AA2B59-3736-473E-8F70-A90FD61EE426
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: lomayor
-ms.date: 06/26/2017
----
-
-# ApplicationRestrictions XSD
-
-
-Here's the XSD for the ApplicationManagement/ApplicationRestrictions policy.
-
-```xml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- GUID must use lowercase letters
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 79251bed03..5f163fa7a7 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -9,7 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: lomayor
-ms.date: 07/25/2019
+ms.date: 11/19/2019
---
# AppLocker CSP
@@ -21,10 +21,10 @@ The following diagram shows the AppLocker configuration service provider in tree
-**./Vendor/MSFT/AppLocker**
+**./Vendor/MSFT/AppLocker**
Defines the root node for the AppLocker configuration service provider.
-**ApplicationLaunchRestrictions**
+**AppLocker/ApplicationLaunchRestrictions**
Defines restrictions for applications.
> [!NOTE]
@@ -40,7 +40,133 @@ Additional information:
- [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps.
- [Whitelist example](#whitelist-examples) - example for Windows 10 Mobile that denies all apps except the ones listed.
-**EnterpriseDataProtection**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_**
+Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
+Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE**
+Defines restrictions for launching executable applications.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy**
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode**
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/NonInteractiveProcessEnforcement**
+The data type is a string.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI**
+Defines restrictions for executing Windows Installer files.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/Policy**
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode**
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script**
+Defines restrictions for running scripts.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/Policy**
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode**
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps**
+Defines restrictions for running apps from the Microsoft Store.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/Policy**
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode**
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL**
+Defines restrictions for processing DLL files.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/Policy**
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode**
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/NonInteractiveProcessEnforcement**
+The data type is a string.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity**
+This node is only supported on the desktop.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy**
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is Base64.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+> [!NOTE]
+> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP.
+
+**AppLocker/EnterpriseDataProtection**
Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.
@@ -61,115 +187,35 @@ Additional information:
- [Recommended deny list for Windows Information Protection](#recommended-deny-list-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
-Each of the previously listed nodes contains a **Grouping** node.
+**AppLocker/EnterpriseDataProtection/_Grouping_**
+Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
+Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
-
-
-
-
-
-
-
-
Term
-
Description
-
-
-
-
-
Grouping
-
Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
-
Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
-
Supported operations are Get, Add, Delete, and Replace.
-
-
-
+Supported operations are Get, Add, Delete, and Replace.
+**AppLocker/EnterpriseDataProtection/_Grouping_/EXE**
+Defines restrictions for launching executable applications.
+Supported operations are Get, Add, Delete, and Replace.
-In addition, each **Grouping** node contains one or more of the following nodes:
+**AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy**
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
-
-
-
-
-
-
-
-
Term
-
Description
-
-
-
-
-
EXE
-
Defines restrictions for launching executable applications.
-
Supported operations are Get, Add, Delete, and Replace.
-
-
-
MSI
-
Defines restrictions for executing Windows Installer files.
-
Supported operations are Get, Add, Delete, and Replace.
-
-
-
Script
-
Defines restrictions for running scripts.
-
Supported operations are Get, Add, Delete, and Replace.
-
-
-
StoreApps
-
Defines restrictions for running apps from the Microsoft Store.
-
Supported operations are Get, Add, Delete, and Replace.
-
-
-
DLL
-
Defines restrictions for processing DLL files.
-
Supported operations are Get, Add, Delete, and Replace.
-
-
-
CodeIntegrity
-
This node is only supported on the desktop. Supported operations are Get, Add, Delete, and Replace.
-
-
-
+Data type is string.
+Supported operations are Get, Add, Delete, and Replace.
+**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps**
+Defines restrictions for running apps from the Microsoft Store.
-Each of the previous nodes contains one or more of the following leaf nodes:
+Supported operations are Get, Add, Delete, and Replace.
-
-
-
-
-
-
-
-
Term
-
Description
-
-
-
-
-
Policy
-
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
-
For nodes, other than CodeIntegrity, policy leaf data type is string. Supported operations are Get, Add, Delete, and Replace.
-
For CodeIntegrity/Policy, data type is Base64. Supported operations are Get, Add, Delete, and Replace.
-
-
-
EnforcementMode
-
The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
-
The data type is a string. Supported operations are Get, Add, Delete, and Replace.
-
-
-
NonInteractiveProcessEnforcement
-
The data type is a string.
-
Supported operations are Add, Delete, Get, and Replace.
-
-
-
+**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps/Policy**
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
-> [!NOTE]
-> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP.
+Data type is string.
+Supported operations are Get, Add, Delete, and Replace.
## Find publisher and product name of apps
@@ -239,7 +285,6 @@ The following table show the mapping of information to the AppLocker publisher r
-
Here is an example AppLocker publisher rule:
``` syntax
@@ -319,7 +364,7 @@ Result
windowsPhoneLegacyId
Same value maps to the ProductName and Publisher name
This value will only be present if there is a XAP package associated with the app in the Store.
-
If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and anothe one using the windowsPhoneLegacyId value.
+
If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.
@@ -668,12 +713,12 @@ The following list shows the apps that may be included in the inbox.
Microsoft.MSPodcast
-
Posdcast downloads
+
Podcast downloads
063773e7-f26f-4a92-81f0-aa71a1161e30
-
Powerpoint
+
PowerPoint
b50483c4-8046-4e1b-81ba-590b24935798
Microsoft.Office.PowerPoint
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 5d09981ed6..82139a98a6 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,12 +6,16 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: lomayor
-ms.date: 08/05/2019
+ms.localizationpriority: medium
+ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
---
# BitLocker CSP
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro.
> [!NOTE]
@@ -25,7 +29,7 @@ For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation
The following diagram shows the BitLocker configuration service provider in tree format.
-
+
**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider.
@@ -57,7 +61,7 @@ Allows the administrator to require storage card encryption on the device. This
Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
- 0 (default) – Storage cards do not need to be encrypted.
-- 1 – Require Storage cards to be encrypted.
+- 1 – Require storage cards to be encrypted.
Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
@@ -125,10 +129,10 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix
The following list shows the supported values:
-- 0 (default) – Disable. If the policy setting is not set or is set to 0, the device's enforcement status will not be checked. The policy will not enforce encryption and it will not decrypt encrypted volumes.
-- 1 – Enable. The device's enforcement status will be checked. Setting this policy to 1 will trigger encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
+- 0 (default) — Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes.
+- 1 – Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
-If you want to disable this policy use the following SyncML:
+If you want to disable this policy, use the following SyncML:
```xml
@@ -151,7 +155,7 @@ If you want to disable this policy use the following SyncML:
**EncryptionMethodByDriveType**
-Allows you to set the default encrytion method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
+Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
Home
@@ -520,7 +524,8 @@ Set "OSActiveDirectoryBackup_Name" (Save BitLocker recovery informatio
Set the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
-> [!Note] > If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
+> [!Note]
+> If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.
@@ -532,26 +537,18 @@ Sample value for this node to enable this policy is:
```
-The possible values for 'xx' are:
-
-
true = Explicitly allow
-
false = Policy not set
-
-
+The possible values for 'xx' are:
+- true = Explicitly allow
+- false = Policy not set
-The possible values for 'yy' are:
-
-
2 = Allowed
-
1 = Required
-
0 = Disallowed
-
+The possible values for 'yy' are:
+- 2 = Allowed
+- 1 = Required
+- 0 = Disallowed
-The possible values for 'zz' are:
-
-
2 = Store recovery passwords only
-
1 = Store recovery passwords and key packages
-
-
+The possible values for 'zz' are:
+- 2 = Store recovery passwords only
+- 1 = Store recovery passwords and key packages
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
@@ -896,6 +893,161 @@ If you want to disable this policy use the following SyncML:
```
+
+**ConfigureRecoveryPasswordRotation**
+This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is int. Supported operations are Add, Delete, Get, and Replace.
+
+Supported values are:
+- 0 – Refresh off (default)
+- 1 – Refresh on for Azure AD-joined devices
+- 2 – Refresh on for both Azure AD-joined and hybrid-joined devices
+
+**RotateRecoveryPasswords**
+This setting refreshes all recovery passwords for OS and fixed drives (removable drives are not included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. In case of errors, an error code will be returned so that server can take appropriate action to remediate.
+
+The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure.
+
+Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client will not retry, but if needed, the server can re-issue the execute request.
+
+Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh.
+
+Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices cannot refresh recovery passwords if they are only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account.
+
+Each server-side recovery key rotation is represented by a request ID. The server can query the following nodes to make sure it reads status/result for same rotation request.
+- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
+- RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
+
+**Status**
+Interior node. Supported operation is Get.
+
+**Status/DeviceEncryptionStatus**
+This node reports compliance state of device encryption on the system.
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+Supported values:
+- 0 - Indicates that the device is compliant.
+- Any other value represents a non-compliant device.
+
+Value type is int. Supported operation is Get.
+
+**Status/RotateRecoveryPasswordsStatus**
+This node reports the status of RotateRecoveryPasswords request.
+
+Status code can be one of the following:
+
+- 2 – Not started
+- 1 - Pending
+- 0 - Pass
+- Any other code - Failure HRESULT
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is int. Supported operation is Get.
+
+**Status/RotateRecoveryPasswordsRequestID**
+This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
+This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is string. Supported operation is Get.
+
### SyncML example
The following example is provided to show proper format and should not be taken as a recommendation.
@@ -1058,4 +1210,4 @@ The following example is provided to show proper format and should not be taken
-```
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index 1fed0144fa..19421997ba 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -6,7 +6,8 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: lomayor
-ms.date: 06/29/2018
+ms.localizationpriority: medium
+ms.date: 09/30/2019
ms.reviewer:
manager: dansimp
---
@@ -20,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **BitLock
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the current version Windows 10, version 1809.
+The XML below is the current version for this CSP.
```xml
@@ -46,7 +47,7 @@ The XML below is the current version Windows 10, version 1809.
- com.microsoft/3.0/MDM/BitLocker
+ com.microsoft/5.0/MDM/BitLocker
@@ -736,6 +737,206 @@ The XML below is the current version Windows 10, version 1809.
+
+
+ ConfigureRecoveryPasswordRotation
+
+
+
+
+
+
+
+ Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
+ When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when
+ Active Directory back up for recovery password is configured to required.
+ For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
+ For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
+
+ Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
+ 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
+ 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
+
+ If you want to disable this policy use the following SyncML:
+
+
+ 112
+
+
+ ./Device/Vendor/MSFT/BitLocker/ConfigureRecoveryPasswordRotation
+
+
+ int
+
+ 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+
+
+
+ RotateRecoveryPasswords
+
+
+
+
+ Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device.
+ This policy is Execute type and rotates all numeric passwords when issued from MDM tools.
+
+The policy only comes into effect when Active Directory backup for a recovery password is configured to "required."
+ * For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives."
+ *For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives."
+
+ Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes:
+
+* status\RotateRecoveryPasswordsStatus
+ * status\RotateRecoveryPasswordsRequestID
+
+
+
+Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\
+
+
+ 113
+
+
+ ./Device/Vendor/MSFT/BitLocker/RotateRecoveryPasswords
+
+
+ chr
+
+ <RequestID/>
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Status
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ DeviceEncryptionStatus
+
+
+
+
+ This node reports compliance state of device encryption on the system.
+ Value '0' means the device is compliant. Any other value represents a non-compliant device.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ RotateRecoveryPasswordsStatus
+
+
+
+
+ This Node reports the status of RotateRecoveryPasswords request.
+ Status code can be one of the following:
+ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ RotateRecoveryPasswordsRequestID
+
+
+
+
+ This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
+ This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus
+ To ensure the status is correctly matched to the request ID.
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
```
diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
index d17799b5a8..c5b559cf50 100644
--- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
@@ -36,8 +36,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
> - Bulk-join is not supported in Azure Active Directory Join.
> - Bulk enrollment does not work in Intune standalone environment.
> - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console.
-
-
+> - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
## What you need
@@ -169,4 +168,3 @@ Here are links to step-by-step provisioning topics in Technet.
-
diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md
index ae68a73283..9a2630fdb4 100644
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@@ -1,6 +1,6 @@
---
title: CertificateStore DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML.
ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md
index 5b7d432911..c70da05dae 100644
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@@ -1,6 +1,6 @@
---
title: CleanPC CSP
-description: The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703.
+description: The CleanPC configuration service provider (CSP) allows you to remove user-installed and pre-installed applications, with the option to persist user data.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 922ed015a1..68141ff2a5 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2699,8 +2699,8 @@ Additional lists:
## CSP DDF files download
You can download the DDF files for various CSPs from the links below:
-- [Download all the DDF files for Windows 10, version 1903](http://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
-- [Download all the DDF files for Windows 10, version 1809](http://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 744a4be799..746d5b282e 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -9,7 +9,8 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 07/19/2018
+ms.localizationpriority: medium
+ms.date: 10/21/2019
---
# Defender CSP
@@ -138,7 +139,7 @@ The following list shows the supported values:
- 2 = Manual steps required
- 3 = Full scan required
- 4 = Reboot required
-- 5 = Remediated with non critical failures
+- 5 = Remediated with noncritical failures
- 6 = Quarantined
- 7 = Removed
- 8 = Cleaned
@@ -243,7 +244,7 @@ The following list shows the supported values:
- 2 = Pending reboot
- 4 = Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan)
- 8 = Pending offline scan
-- 16 = Pending critical failure (Windows Defender has failed critically and an Adminsitrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender)
+- 16 = Pending critical failure (Windows Defender has failed critically and an Administrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender)
Supported operation is Get.
@@ -352,6 +353,53 @@ The data type is a string.
Supported operation is Get.
+**Health/TamperProtectionEnabled**
+Indicates whether the Windows Defender tamper protection feature is enabled.
+
+The data type is a boolean.
+
+Supported operation is Get.
+
+**Health/IsVirtualMachine**
+Indicates whether the device is a virtual machine.
+
+The data type is a string.
+
+Supported operation is Get.
+
+**Configuration**
+An interior node to group Windows Defender configuration information.
+
+Supported operation is Get.
+
+**Configuration/TamperProtection**
+Tamper protection helps protect important security features from unwanted changes and interference. This includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions.
+
+Send off blob to device to reset tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune.
+
+The data type is a Signed blob.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Intune tamper protection setting UX supports three states:
+- Not configured (default): Does not have any impact on the default state of the device.
+- Enabled: Enables the tamper protection feature.
+- Disabled: Turns off the tamper protection feature.
+
+When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
+
+**Configuration/EnableFileHashComputation**
+Enables or disables file hash computation feature.
+When this feature is enabled Windows defender will compute hashes for files it scans.
+
+The data type is a integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:
+- 1 – Enable.
+- 0 (default) – Disable.
+
**Scan**
Node that can be used to start a Windows Defender scan on a device.
@@ -374,5 +422,4 @@ Supported operations are Get and Execute.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index fb7628c241..e5c1dcd59e 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -9,7 +9,8 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 07/12/2018
+ms.localizationpriority: medium
+ms.date: 10/21/2019
---
# Defender DDF file
@@ -19,7 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Defende
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is for Windows 10, version 1809.
+The XML below is the current version for this CSP.
```xml
@@ -628,6 +629,112 @@ The XML below is for Windows 10, version 1809.
+
+ TamperProtectionEnabled
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IsVirtualMachine
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Configuration
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ TamperProtection
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EnableFileHashComputation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ Scan
diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md
index 13a78b2032..eb09896b90 100644
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@@ -1,6 +1,6 @@
---
title: Mobile device management MDM for device updates
-description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology.
+description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777
ms.reviewer:
manager: dansimp
@@ -90,7 +90,7 @@ The response of the GetUpdateData call returns an array of ServerSyncUpdateData
- **Language** – The language code identifier (LCID). For example, en or es.
- **Title** – Title of the update. For example, “Windows SharePoint Services 3.0 Service Pack 3 x64 Edition (KB2526305)”
- **Description** – Description of the update. For example, “Windows SharePoint Services 3.0 Service Pack 3 (KB2526305) provides the latest updates to Windows SharePoint Services 3.0. After you install this item, you may have to restart your computer. After you have installed this item, it cannot be removed.”
-- **KBArticleID** – The KB article number for this update that has details regarding the particular update. For example, .
+- **KBArticleID** – The KB article number for this update that has details regarding the particular update. For example, .
## Recommended Flow for Using the Server-Server Sync Protocol
@@ -635,7 +635,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
> [!Important]
-> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Enterprise.
+> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Enterprise.
Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index 724027f5f0..3bf0368ffd 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -1,6 +1,6 @@
---
title: DeviceManageability CSP
-description: The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
+description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device.
ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 2191e66e9c..06e4d21323 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -1,6 +1,6 @@
---
title: DeviceStatus CSP
-description: The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies.
+description: The DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index 5c2dcefdc4..db52ac149a 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -1,6 +1,6 @@
---
title: Diagnose MDM failures in Windows 10
-description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs.
+description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server.
ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9
ms.reviewer:
manager: dansimp
@@ -118,7 +118,7 @@ Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medi
**To collect logs manually**
-1. Download and install the [Field Medic]( http://go.microsoft.com/fwlink/p/?LinkId=718232) app from the store.
+1. Download and install the [Field Medic]( https://go.microsoft.com/fwlink/p/?LinkId=718232) app from the store.
2. Open the Field Medic app and then click on **Advanced**.
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 6b3a628eb7..2e5300fe0d 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -9,797 +9,211 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 08/05/2019
+ms.date: 11/19/2019
---
# DiagnosticLog CSP
+The DiagnosticLog configuration service provider (CSP) provides the following feature areas:
+- [DiagnosticArchive area](#diagnosticarchive-area). Capture and upload event logs, log files, and registry values for troubleshooting.
+- [Policy area](#policy-area). Configure Windows event log policies, such as maximum log size.
+- [EtwLog area](#etwlog-area). Control ETW trace sessions.
+- [DeviceStateData area](#devicestatedata-area). Provide additional device information.
+- [FileDownload area](#filedownload-area). Pull trace and state data directly from the device.
-The DiagnosticLog configuration service provider (CSP) is used in the following scenarios:
-- [Controlling ETW trace sessions](#diagnosticlog-csp-for-controlling-etw-trace-sessions)
-- [Triggering devices to upload existing event logs, log files, and registry values to cloud storage](#diagnosticlog-csp-for-triggering-devices-to-upload-files-to-cloud)
-
-## DiagnosticLog CSP for controlling ETW trace sessions
-The DiagnosticLog CSP is used for generating and collecting diagnostic information from the device: Event Tracing for Windows (ETW) log files and current MDM configured state of the device.
-
-DiagnosticLog CSP supports the following type of event tracing:
-
-- Collector-based tracing
-- Channel-based tracing
-
-### Collector-based tracing
-
-This type of event tracing simultaneously collects event data from a collection of registered ETW providers.
-
-An event collector is a container of registered ETW providers. Users can add or delete a collector node and register or unregister multiple providers in this collector.
-
-The ***CollectorName*** must be unique within the CSP and must not be a valid event channel name or a provider GUID.
-
-The DiagnosticLog CSP maintains a log file for each collector node and the log file is overwritten if a start command is triggered again on the same collector node.
-
-For each collector node, the user can:
-
-- Start or stop the session with all registered and enabled providers
-- Query session status
-- Change trace log file mode
-- Change trace log file size limit
-
-The configurations log file mode and log file size limit does not take effect while trace session is in progress. These are applied when user stops the current session and then starts it again for this collector.
-
-For each registered provider in this collector, the user can:
-
-- Specify keywords to filter events from this provider
-- Change trace level to filter events from this provider
-- Enable or disable the provider in the trace session
-
-The changes on **State**, **Keywords** and **TraceLevel** takes effect immediately while trace session is in progress.
-
-> [!Note]
-> Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode.
-
- ### Channel-based tracing
-
-The type of event tracing exports event data from a specific channel. This is only supported on the desktop.
-
-Users can add or delete a channel node using the full name, such as Microsoft-Windows-AppModel-Runtime/Admin.
-
-The DiagnosticLog CSP maintains a log file for each channel node and the log file is overwritten if a start command is triggered again on the same channel node.
-
-For each channel node, the user can:
-
-- Export channel event data into a log file (.evtx)
-- Enable or disable the channel from Event Log service to allow or disallow event data being written into the channel
-- Specify an XPath query to filter events while exporting the channel event data
-
-For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md).
-
-Here are the links to the DDFs:
-
-- [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2)
-- [DiagnosticLog CSP version 1.3](diagnosticlog-ddf.md#version-1-3)
+The following are the links to different versions of the DiagnosticLog CSP DDF files:
- [DiagnosticLog CSP version 1.4](diagnosticlog-ddf.md#version-1-4)
+- [DiagnosticLog CSP version 1.3](diagnosticlog-ddf.md#version-1-3)
+- [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2)
+
The following diagram shows the DiagnosticLog CSP in tree format.
-
**./Vendor/MSFT/DiagnosticLog**
The root node for the DiagnosticLog CSP.
-To gather diagnostics using this CSP:
+Rest of the nodes in the DiagnosticLog CSP are described within their respective feature area sections.
-1. Specify a *CollectorName* for the container of the target ETW providers.
-2. (Optional) Set logging and log file parameters using the following options:
+## DiagnosticArchive area
- - TraceLogFileMode
- - LogFileSizeLimitMB
+The DiagnosticArchive functionality within the DiagnosticLog CSP is used to trigger devices to gather troubleshooting data into a zip archive file and upload that archive to cloud storage. DiagnosticArchive is designed for ad-hoc troubleshooting scenarios, such as an IT admin investigating an app installation failure using a collection of event log events, registry values, and app or OS log files.
-3. Indicate one or more target ETW providers by supplying its *ProviderGUID* to the Add operation of EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*.
-4. (Optional) Set logging and log file parameters using the following options:
- - TraceLevel
- - Keywords
-5. Start logging using **TraceControl** EXECUTE command “START”.
-6. Perform actions on the target device that will generate activity in the log files.
-7. Stop logging using **TraceControl** EXECUTE command “STOP”.
-8. Collect the log file located in the `%temp%` folder using the method described in [Reading a log file](#reading-a-log-file).
+> [!Note]
+> DiagnosticArchive is a "break glass" backstop option for device troubleshooting. Diagnostic data such as log files can grow to many gigabytes. Gathering, transferring, and storing large amounts of data may burden the user's device, the network and cloud storage. Management servers invoking DiagnosticArchive must take care to minimize data gathering frequency and scope.
-**EtwLog**
-Node to contain the Error Tracing for Windows log.
+The following section describes the nodes for the DiagnosticArchive functionality.
+
+**DiagnosticArchive**
+Added in version 1.4 of the CSP in Windows 10, version 1903. Root node for the DiagnosticArchive functionality.
The supported operation is Get.
-**EtwLog/Collectors**
-Interior node to contain dynamic child interior nodes for active providers.
+**DiagnosticArchive/ArchiveDefinition**
+Added in version 1.4 of the CSP in Windows 10, version 1903.
+
+The supported operations are Add and Execute.
+
+The data type is string.
+
+Expected value:
+Set and Execute are functionality equivalent, and each accepts an XML snippet (as a string) describing what data to gather and where to upload it.
+
+The following is an example of the XML. This example instructs the CSP to gather:
+- All the keys and values under a registry path
+- All the *.etl files in a folder
+- The output of two commands
+- Additional files created by one of the commands
+- All the Application event log events.
+
+The results are zipped and uploaded to the specified SasUrl. The filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip".
+
+``` xml
+
+ server generated guid value such as f1e20cb4-9789-4f6b-8f6a-766989764c6d
+ server generated url where the HTTP PUT will be accepted
+ HKLM\Software\Policies
+ %ProgramData%\Microsoft\DiagnosticLogCSP\Collectors\*.etl
+ %windir%\system32\ipconfig.exe /all
+ %windir%\system32\mdmdiagnosticstool.exe -out %ProgramData%\temp\
+ %ProgramData%\temp\*.*
+ Application
+
+
+```
+The XML should include the following elements within the `Collection` element:
+
+**ID**
+The ID value is a server-generated GUID string that identifies this data-gathering request. To avoid accidental repetition of data gathering, the CSP ignores subsequent Set or Execute invocations with the same ID value.
+
+**SasUrl**
+The SasUrl value is the target URI to which the CSP uploads the results zip file. It is the responsibility of the management server to provision storage in such a way that the server accepts the HTTP PUT to this URL. For example, the device management service could:
+- Provision cloud storage, such as an Azure blob storage container or other storage managed by the device management server
+- Generate a dynamic https SAS token URL representing the storage location (and which is understood by the server to allow a one-time upload or time-limited uploads)
+- Pass this value to the CSP as the SasUrl value.
+
+Assuming a case where the management server's customer (such as an IT admin) is meant to access the data, the management server would also expose the stored data through its user interface or APIs.
+
+**One or more data gathering directives, which may include any of the following:**
+
+- **RegistryKey**
+ - Exports all of the key names and values under a given path (recursive).
+ - Expected input value: Registry path such as "HKLM\Software\Policies".
+ - Output format: Creates a .reg file, similar to the output of reg.exe EXPORT command.
+ - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, registry paths are restricted to those under HKLM and HKCR.
+
+- **Events**
+ - Exports all events from the named Windows event log.
+ - Expected input value: A named event log channel such as "Application" or "Microsoft-Windows-DeviceGuard/Operational".
+ - Output format: Creates a .evtx file.
+
+- **Commands**
+ - This directive type allows the execution of specific commands such as ipconfig.exe. Note that DiagnosticArchive and the Commands directives are not a general-purpose scripting platform. These commands are allowed in the DiagnosticArchive context to handle cases where critical device information may not be available through existing log files.
+ - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`.
+ - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter.
+ - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed:
+ - %windir%\\system32\\certutil.exe
+ - %windir%\\system32\\dxdiag.exe
+ - %windir%\\system32\\gpresult.exe
+ - %windir%\\system32\\msinfo32.exe
+ - %windir%\\system32\\netsh.exe
+ - %windir%\\system32\\nltest.exe
+ - %windir%\\system32\\ping.exe
+ - %windir%\\system32\\powercfg.exe
+ - %windir%\\system32\\w32tm.exe
+ - %windir%\\system32\\wpr.exe
+ - %windir%\\system32\\dsregcmd.exe
+ - %windir%\\system32\\dispdiag.exe
+ - %windir%\\system32\\ipconfig.exe
+ - %windir%\\system32\\logman.exe
+ - %windir%\\system32\\tracelog.exe
+ - %programfiles%\\windows defender\\mpcmdrun.exe
+ - %windir%\\system32\\MdmDiagnosticsTool.exe
+ - %windir%\\system32\\pnputil.exe
+
+- **FoldersFiles**
+ - Captures log files from a given path (without recursion).
+ - Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log".
+ - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed:
+ - %PROGRAMFILES%
+ - %PROGRAMDATA%
+ - %PUBLIC%
+ - %WINDIR%
+ - %TEMP%
+ - %TMP%
+ - Additionally, only files with the following extensions are captured:
+ - .log
+ - .txt
+ - .dmp
+ - .cab
+ - .zip
+ - .xml
+ - .html
+ - .evtx
+ - .etl
+
+**DiagnosticArchive/ArchiveResults**
+Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.
The supported operation is Get.
-**EtwLog/Collectors/***CollectorName*
-Dynamic nodes to represent active collector configuration.
+The data type is string.
-Supported operations are Add, Delete, and Get.
+A Get to the above URI will return the results of the data gathering for the last diagnostics request. For the example above it returns:
-Add a collector
-
-```xml
-
-
-
-
+``` xml
+
+
+
+ 1
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement
-
-
- node
-
-
-
-
-
-
-```
-
-Delete a collector
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement
-
-
-
-
-
-
-```
-
-**EtwLog/Collectors/*CollectorName*/TraceStatus**
-Specifies whether the current logging status is running.
-
-The data type is an integer.
-
-The supported operation is Get.
-
-The following table represents the possible values:
-
-| Value | Description |
-|-------|-------------|
-| 0 | Stopped |
-| 1 | Started |
-
-**EtwLog/Collectors/*CollectorName*/TraceLogFileMode**
-Specifies the log file logging mode.
-
-The data type is an integer.
-
-Supported operations are Get and Replace.
-
-The following table lists the possible values:
-
-| Value | Description |
-|-------|--------------------|
-| EVENT_TRACE_FILE_MODE_SEQUENTIAL (0x00000001) | Writes events to a log file sequentially; stops when the file reaches its maximum size. |
-| EVENT_TRACE_FILE_MODE_CIRCULAR (0x00000002) | Writes events to a log file. After the file reaches the maximum size, the oldest events are replaced with incoming events. |
-
-**EtwLog/Collectors/*CollectorName*/TraceControl**
-Specifies the logging and report action state.
-
-The data type is a string.
-
-The following table lists the possible values:
-
-| Value | Description |
-|-------|--------------------|
-| START | Start log tracing. |
-| STOP | Stop log tracing |
-
-The supported operation is Execute.
-
-After you have added a logging task, you can start a trace by running an Execute command on this node with the value START.
-
-To stop the trace, running an execute command on this node with the value STOP.
-
-Start collector trace logging
-
-```xml
-
-
-
-
+ 1
+ 0
+ SyncHdr
+ 200
+
+ 2
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/TraceControl
-
-
- chr
-
- START
-
-
-
-
+ 1
+ 1
+ Get
+ 200
+
+
+ 3
+ 1
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/DiagnosticArchive/ArchiveResults
+
+
+
+ f1e20cb4-9789-4f6b-8f6a-766989764c6d
+ HKLM\Software\Policies
+ C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\*.etl
+ %windir%\system32\ipconfig.exe /all
+ %windir%\system32\mdmdiagnosticstool.exe -out c:\ProgramData\temp\
+ c:\ProgramData\temp\*.*
+ Application
+
+
+
+
+
+
```
-Stop collector trace logging
+Each data gathering node is annotated with the HRESULT of the action and the collection is also annotated with an overall HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed.
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/TraceControl
-
-
- chr
-
- STOP
-
-
-
-
-
-```
+The zip file which is created also contains a results.xml file whose contents align to the Data section in the SyncML for ArchiveResults. Accordingly, an IT admin using the zip file for troubleshooting can determine the order and success of each directive without needing a permanent record of the SyncML value for DiagnosticArchive/ArchiveResults.
-**EtwLog/Collectors/*CollectorName*/LogFileSizeLimitMB**
-Sets the log file size limit, in MB.
-The data type is an integer.
+## Policy area
-Valid values are 1-2048. The default value is 4.
+The Policy functionality within the DiagnosticLog CSP configures Windows event log policies, such as maximum log size.
-Supported operations are Get and Replace.
-
-**EtwLog/Collectors/*CollectorName*/Providers**
-Interior node to contain dynamic child interior nodes for active providers.
-
-The supported operation is Get.
-
-**EtwLog/Collectors/*CollectorName*/Providers/***ProviderGUID*
-Dynamic nodes to represent active provider configuration per provider GUID.
-
-> **Note** Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode.
-
-Supported operations are Add, Delete, and Get.
-
-Add a provider
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b
-
-
- node
-
-
-
-
-
-
-```
-
-Delete a provider
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b
-
-
-
-
-
-
-```
-
-**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel**
-Specifies the level of detail included in the trace log.
-
-The data type is an integer.
-
-Supported operations are Get and Replace.
-
-The following table lists the possible values:
-
-| Value | Description |
-|-------|--------------------|
-| 1 – TRACE_LEVEL_CRITICAL | Abnormal exit or termination events |
-| 2 – TRACE_LEVEL_ERROR | Severe error events |
-| 3 – TRACE_LEVEL_WARNING | Warning events such as allocation failures |
-| 4 – TRACE_LEVEL_INFORMATION | Non-error events, such as entry or exit events |
-| 5 – TRACE_LEVEL_VERBOSE | Detailed information |
-
-Set provider **TraceLevel**
-
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b/TraceLevel
-
-
- int
-
- 1
-
-
-
-
-
-```
-
-**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords**
-Specifies the provider keywords to be used as MatchAnyKeyword for this provider.
-
-The data type is a string.
-
-Supported operations are Get and Replace.
-
-Default value is 0 meaning no keyword.
-
-Get provider **Keywords**
-
-```xml
-
-
-
- 1
-
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b/Keywords
-
-
-
-
-
-
-
-```
-
-Set provider **Keywords**
-
-```xml
-
-
-
- 4
-
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b/Keywords
-
-
-
- chr
- text/plain
-
- 12345678FFFFFFFF
-
-
-
-
-
-```
-
-**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State**
-Specifies if this provider is enabled in the trace session.
-
-The data type is a boolean.
-
-Supported operations are Get and Replace. This change will be effective during active trace session.
-
-The following table lists the possible values:
-| Value | Description |
-|-------|--------------------|
-| TRUE | Provider is enabled in the trace session. This is the default. |
-| FALSE | Provider is disabled in the trace session. |
-
-Set provider **State**
-
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b/State
-
-
- bool
-
- false
-
-
-
-
-
-```
-
-**EtwLog/Channels**
-Interior node to contain dynamic child interior nodes for registered channels.
-
-The supported operation is Get.
-
-**EtwLog/Channels/***ChannelName*
-Dynamic nodes to represent a registered channel. The node name must be a valid Windows event log channel name, such as "Microsoft-Client-Licensing-Platform%2FAdmin"
-
-Supported operations are Add, Delete, and Get.
-
-Add a channel
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin
-
-
- node
-
-
-
-
-
-
-```
-
-Delete a channel
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin
-
-
-
-
-
-
-```
-
-**EtwLog/Channels/*ChannelName*/Export**
-Node to trigger the command to export channel event data into the log file.
-
-The supported operation is Execute.
-
-Export channel event data
-
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin/Export
-
-
-
-
-
-
-```
-
-**EtwLog/Channels/*ChannelName*/Filter**
-Specifies the XPath query string to filter the events while exporting.
-
-The data type is a string.
-
-Supported operations are Get and Replace.
-
-Default value is empty string.
-
-Get channel **Filter**
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin/Filter
-
-
-
-
-
-
-```
-
-**EtwLog/Channels/*ChannelName*/State**
-Specifies if the Channel is enabled or disabled.
-
-The data type is a boolean.
-
-Supported operations are Get and Replace.
-
-The following table lists the possible values:
-
-| Value | Description |
-|-------|--------------------|
-| TRUE | Channel is enabled. |
-| FALSE | Channel is disabled. |
-
-Get channel **State**
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin/State
-
-
-
-
-
-
-```
-
-Set channel **State**
-
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin/State
-
-
- bool
-
- false
-
-
-
-
-
-```
-
-**DeviceStateData**
-Added in version 1.3 of the CSP in Windows 10, version 1607. Node for all types of device state data that are exposed.
-
-**DeviceStateData/MdmConfiguration**
-Added in version 1.3 of the CSP in Windows 10, version 1607. Triggers the snapping of device management state data with SNAP.
-
-The supported value is Execute.
-
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/DiagnosticLog/DeviceStateData/MdmConfiguration
-
-
- chr
-
- SNAP
-
-
-
-
-
-```
-
-**FileDownload**
-Node to contain child nodes for log file transportation protocols and corresponding actions.
-
-**FileDownload/DMChannel**
-Node to contain child nodes using DM channel for transport protocol.
-
-**FileDownload/DMChannel/***FileContext*
-Dynamic interior nodes that represents per log file context.
-
-**FileDownload/DMChannel/*FileContext*/BlockSizeKB**
-Sets the log read buffer, in KB.
-
-The data type is an integer.
-
-Valid values are 1-16. The default value is 4.
-
-Supported operations are Get and Replace.
-
-Set **BlockSizeKB**
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockSizeKB
-
-
- int
-
- 1
-
-
-
-
-
-```
-
-Get **BlockSizeKB**
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockSizeKB
-
-
-
-
-
-
-```
-
-**FileDownload/DMChannel/*FileContext*/BlockCount**
-Represents the total read block count for the log file.
-
-The data type is an integer.
-
-The only supported operation is Get.
-
-Get **BlockCount**
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockCount
-
-
-
-
-
-
-```
-
-**FileDownload/DMChannel/*FileContext*/BlockIndexToRead**
-Represents the read block start location.
-
-The data type is an integer.
-
-Supported operations are Get and Replace.
-
-Set **BlockIndexToRead** at 0
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockIndexToRead
-
-
- int
-
- 0
-
-
-
-
-
-```
-
-Set **BlockIndexToRead** at 1
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockIndexToRead
-
-
- int
-
- 1
-
-
-
-
-
-```
-
-**FileDownload/DMChannel/*FileContext*/BlockData**
-The data type is Base64.
-
-The only supported operation is Get.
-
-Get **BlockData**
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockData
-
-
-
-
-
-
-```
-
-**FileDownload/DMChannel/*FileContext*/DataBlocks**
-Node to transfer the selected log file block to the DM server.
-
-**FileDownload/DMChannel/*FileContext*/DataBlocks/***BlockNumber*
-The data type is Base64.
-
-The supported operation is Get.
+The following section describes the nodes for the Policy functionality.
**Policy**
Added in version 1.4 of the CSP in Windows 10, version 1903. Root node to control settings for channels in Event Log.
@@ -979,7 +393,7 @@ The data type is string.
Default string is as follows:
-https://docs.microsoft.com/en-us/windows/desktop/WES/eventmanifestschema-channeltype-complextype.
+https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype.
Add **SDDL**
``` xml
@@ -1268,110 +682,798 @@ Replace **Enabled**
```
-## DiagnosticLog CSP for triggering devices to upload files to cloud
-The DiagnosticLog CSP is used for triggering devices to upload existing event logs, log files, and registry values to cloud storage. The following section describes the nodes for the DiagnosticArchive functionality.
+## EtwLog area
-**DiagnosticArchive**
-Added in version 1.4 of the CSP in Windows 10, version 1903. Root note for the DiagnosticArchive functionality.
+The Event Tracing for Windows (ETW) log feature of the DiagnosticLog CSP is used to control the following types of event tracing:
+- [Collector-based tracing](#collector-based-tracing)
+- [Channel-based tracing](#channel-based-tracing)
+
+The ETW log feature is designed for advanced usage, and assumes developers' familiarity with ETW. For more information, see [About Event Tracing](https://docs.microsoft.com/windows/win32/etw/about-event-tracing).
+
+### Collector-based tracing
+
+This type of event tracing collects event data from a collection of registered ETW providers.
+
+An event collector is a container of registered ETW providers. Users can add or delete a collector node and register or unregister multiple providers in this collector.
+
+The ***CollectorName*** must be unique within the CSP and must not be a valid event channel name or a provider GUID.
+
+The DiagnosticLog CSP maintains a log file for each collector node and the log file is overwritten if a start command is triggered again on the same collector node.
+
+For each collector node, the user can:
+
+- Start or stop the session with all registered and enabled providers
+- Query session status
+- Change trace log file mode
+- Change trace log file size limit
+
+The configurations log file mode and log file size limit does not take effect while trace session is in progress. These are applied when user stops the current session and then starts it again for this collector.
+
+For each registered provider in this collector, the user can:
+
+- Specify keywords to filter events from this provider
+- Change trace level to filter events from this provider
+- Enable or disable the provider in the trace session
+
+The changes on **State**, **Keywords**, and **TraceLevel** takes effect immediately while trace session is in progress.
+
+> [!Note]
+> Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode.
+
+ ### Channel-based tracing
+
+The type of event tracing exports event data from a specific channel. This is only supported on the desktop.
+
+Users can add or delete a channel node using the full name, such as Microsoft-Windows-AppModel-Runtime/Admin.
+
+The DiagnosticLog CSP maintains a log file for each channel node and the log file is overwritten if a start command is triggered again on the same channel node.
+
+For each channel node, the user can:
+
+- Export channel event data into a log file (.evtx)
+- Enable or disable the channel from Event Log service to allow or disallow event data being written into the channel
+- Specify an XPath query to filter events while exporting the channel event data
+
+For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md).
+
+To gather diagnostics using this CSP:
+
+1. Specify a *CollectorName* for the container of the target ETW providers.
+2. (Optional) Set logging and log file parameters using the following options:
+
+ - TraceLogFileMode
+ - LogFileSizeLimitMB
+
+3. Indicate one or more target ETW providers by supplying its *ProviderGUID* to the Add operation of EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*.
+4. (Optional) Set logging and log file parameters using the following options:
+ - TraceLevel
+ - Keywords
+5. Start logging using **TraceControl** EXECUTE command “START”.
+6. Perform actions on the target device that will generate activity in the log files.
+7. Stop logging using **TraceControl** EXECUTE command “STOP”.
+8. Collect the log file located in the `%temp%` folder using the method described in [Reading a log file](#reading-a-log-file).
+
+The following section describes the nodes for EtwLog functionality.
+
+**EtwLog**
+Node to contain the Error Tracing for Windows log.
The supported operation is Get.
-**DiagnosticArchive/ArchiveDefinition**
-Added in version 1.4 of the CSP in Windows 10, version 1903.
-
-The supported operations are Add and Execute.
-
-The data type is string.
-
-Expected value:
-Set and Execute are functionality equivalent, and each accepts an XML snippet (as a string) describing what data to gather and where to upload it when done. This XML defines what should be collected and compressed into a zip file to be uploaded to Azure blog storage.
-
-The following is an example of the XML. This example instructs that a zip file be created containing the output from a dump of the specified registry key, all the files in a folder, the output of two commands, all the files in another folder, the output of a command, all the Application events, two sets of files, and another command output. All of this will be uploaded to the blob storage URL as specified in the tags and must be in the noted format with the container and the key in the URL. The administrator can retrieve this URL from Azure. The file uploaded will be in the format DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip.
-
-``` xml
-
- f1e20cb4-9789-4f6b-8f6a-766989764c6d
- {web address}/{container}{key}
- HKLM\Software\Policies
- C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\*.etl
- %windir%\system32\ipconfig.exe /all
- %windir%\system32\mdmdiagnosticstool.exe -out c:\ProgramData\temp\
- c:\ProgramData\temp\*.*
- %windir%\system32\ping.exe -n 50 localhost
- Application
- %ProgramData%\Microsoft\DiagnosticLogCSP\Collectors\*.etl
- %SystemRoot%\System32\LogFiles\wmi\*.etl.*
-
- %windir%\system32\pnputil.exe /enum-drivers
-
-
-```
-Where:
-
-- ID is a unique GUID value that defines this particular run of the DiagnosticLog CSP.
-- There can be multiple RegistryKey, FolderFiles, Command, and Events elements, which extract or execute and collect the output from the action specified.
-- SasUrl is generated from the Azure Blob Storage UX in Azure such that it will allow write access to the blob to upload the zip file created by all the actions specified.
-
-**DiagnosticArchive/ArchiveResults**
-Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.
+**EtwLog/Collectors**
+Interior node to contain dynamic child interior nodes for active providers.
The supported operation is Get.
-The data type is string.
+**EtwLog/Collectors/***CollectorName*
+Dynamic nodes to represent active collector configuration.
-A Get to the above URI will return the results of the gathering of data for the last diagnostics request. For the example above it returns:
+Supported operations are Add, Delete, and Get.
-``` xml
-
-
-
-
+Add a collector
+
+```xml
+
+
+
+ 1
- 1
- 0
- SyncHdr
- 200
-
-
- 2
- 1
- 1
- Get
- 200
-
-
- 3
- 1
- 1
-
-
- ./Vendor/MSFT/DiagnosticLog/DiagnosticArchive/ArchiveResults
-
-
-
- f1e20cb4-9789-4f6b-8f6a-766989764c6d
- HKLM\Software\Policies
- C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\*.etl
- %windir%\system32\ipconfig.exe /all
- %windir%\system32\mdmdiagnosticstool.exe -out c:\ProgramData\temp\
- c:\ProgramData\temp\*.*
- %windir%\system32\ping.exe -n 50 localhost
- Application
- %ProgramData%\Microsoft\DiagnosticLogCSP\Collectors\*.etl
- %SystemRoot%\System32\LogFiles\wmi\*.etl.*
- %windir%\system32\pnputil.exe /enum-drivers
-
-
-
-
-
-
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement
+
+
+ node
+
+
+
+
+
```
-> [!Note]
-> Each data gathering node is annotated with the HRESULT of the option and the collection is also annotated with an HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed.
-## Reading a log file
+Delete a collector
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement
+
+
+
+
+
+
+```
+
+**EtwLog/Collectors/*CollectorName*/TraceStatus**
+Specifies whether the current logging status is running.
+
+The data type is an integer.
+
+The supported operation is Get.
+
+The following table represents the possible values:
+
+| Value | Description |
+|-------|-------------|
+| 0 | Stopped |
+| 1 | Started |
+
+**EtwLog/Collectors/*CollectorName*/TraceLogFileMode**
+Specifies the log file logging mode.
+
+The data type is an integer.
+
+Supported operations are Get and Replace.
+
+The following table lists the possible values:
+
+| Value | Description |
+|-------|--------------------|
+| EVENT_TRACE_FILE_MODE_SEQUENTIAL (0x00000001) | Writes events to a log file sequentially; stops when the file reaches its maximum size. |
+| EVENT_TRACE_FILE_MODE_CIRCULAR (0x00000002) | Writes events to a log file. After the file reaches the maximum size, the oldest events are replaced with incoming events. |
+
+**EtwLog/Collectors/*CollectorName*/TraceControl**
+Specifies the logging and report action state.
+
+The data type is a string.
+
+The following table lists the possible values:
+
+| Value | Description |
+|-------|--------------------|
+| START | Start log tracing. |
+| STOP | Stop log tracing |
+
+The supported operation is Execute.
+
+After you have added a logging task, you can start a trace by running an Execute command on this node with the value START.
+
+To stop the trace, running an execute command on this node with the value STOP.
+
+Start collector trace logging
+
+```xml
+
+
+
+
+ 2
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/TraceControl
+
+
+ chr
+
+ START
+
+
+
+
+
+```
+
+Stop collector trace logging
+
+```xml
+
+
+
+
+ 2
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/TraceControl
+
+
+ chr
+
+ STOP
+
+
+
+
+
+```
+
+**EtwLog/Collectors/*CollectorName*/LogFileSizeLimitMB**
+Sets the log file size limit, in MB.
+
+The data type is an integer.
+
+Valid values are 1-2048. The default value is 4.
+
+Supported operations are Get and Replace.
+
+**EtwLog/Collectors/*CollectorName*/Providers**
+Interior node to contain dynamic child interior nodes for active providers.
+
+The supported operation is Get.
+
+**EtwLog/Collectors/*CollectorName*/Providers/***ProviderGUID*
+Dynamic nodes to represent active provider configuration per provider GUID.
+
+> [!Note]
+> Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode.
+
+Supported operations are Add, Delete, and Get.
+
+Add a provider
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b
+
+
+ node
+
+
+
+
+
+
+```
+
+Delete a provider
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b
+
+
+
+
+
+
+```
+
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel**
+Specifies the level of detail included in the trace log.
+
+The data type is an integer.
+
+Supported operations are Get and Replace.
+
+The following table lists the possible values:
+
+| Value | Description |
+|-------|--------------------|
+| 1 – TRACE_LEVEL_CRITICAL | Abnormal exit or termination events |
+| 2 – TRACE_LEVEL_ERROR | Severe error events |
+| 3 – TRACE_LEVEL_WARNING | Warning events such as allocation failures |
+| 4 – TRACE_LEVEL_INFORMATION | Non-error events, such as entry or exit events |
+| 5 – TRACE_LEVEL_VERBOSE | Detailed information |
+
+Set provider **TraceLevel**
+
+```xml
+
+
+
+
+ 2
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b/TraceLevel
+
+
+ int
+
+ 1
+
+
+
+
+
+```
+
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords**
+Specifies the provider keywords to be used as MatchAnyKeyword for this provider.
+
+The data type is a string.
+
+Supported operations are Get and Replace.
+
+Default value is 0 meaning no keyword.
+
+Get provider **Keywords**
+
+```xml
+
+
+
+ 1
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b/Keywords
+
+
+
+
+
+
+
+```
+
+Set provider **Keywords**
+
+```xml
+
+
+
+ 4
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b/Keywords
+
+
+
+ chr
+ text/plain
+
+ 12345678FFFFFFFF
+
+
+
+
+
+```
+
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State**
+Specifies if this provider is enabled in the trace session.
+
+The data type is a boolean.
+
+Supported operations are Get and Replace. This change will be effective during active trace session.
+
+The following table lists the possible values:
+
+| Value | Description |
+|-------|--------------------|
+| TRUE | Provider is enabled in the trace session. This is the default. |
+| FALSE | Provider is disabled in the trace session. |
+
+Set provider **State**
+
+```xml
+
+
+
+
+ 2
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/DeviceManagement/Providers/3da494e4-0fe2-415C-b895-fb5265c5c83b/State
+
+
+ bool
+
+ false
+
+
+
+
+
+```
+
+**EtwLog/Channels**
+Interior node to contain dynamic child interior nodes for registered channels.
+
+The supported operation is Get.
+
+**EtwLog/Channels/***ChannelName*
+Dynamic nodes to represent a registered channel. The node name must be a valid Windows event log channel name, such as "Microsoft-Client-Licensing-Platform%2FAdmin"
+
+Supported operations are Add, Delete, and Get.
+
+Add a channel
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin
+
+
+ node
+
+
+
+
+
+
+```
+
+Delete a channel
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin
+
+
+
+
+
+
+```
+
+**EtwLog/Channels/*ChannelName*/Export**
+Node to trigger the command to export channel event data into the log file.
+
+The supported operation is Execute.
+
+Export channel event data
+
+```xml
+
+
+
+
+ 2
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin/Export
+
+
+
+
+
+
+```
+
+**EtwLog/Channels/*ChannelName*/Filter**
+Specifies the XPath query string to filter the events while exporting.
+
+The data type is a string.
+
+Supported operations are Get and Replace.
+
+Default value is empty string.
+
+Get channel **Filter**
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin/Filter
+
+
+
+
+
+
+```
+
+**EtwLog/Channels/*ChannelName*/State**
+Specifies if the Channel is enabled or disabled.
+
+The data type is a boolean.
+
+Supported operations are Get and Replace.
+
+The following table lists the possible values:
+
+| Value | Description |
+|-------|--------------------|
+| TRUE | Channel is enabled. |
+| FALSE | Channel is disabled. |
+
+Get channel **State**
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin/State
+
+
+
+
+
+
+```
+
+Set channel **State**
+
+```xml
+
+
+
+
+ 2
+
+
+ ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Microsoft-Client-Licensing-Platform%2FAdmin/State
+
+
+ bool
+
+ false
+
+
+
+
+
+```
+
+## DeviceStateData area
+
+The DeviceStateData functionality within the DiagnosticLog CSP provides additional device information.
+
+The following section describes the nodes for the DeviceStateData functionality.
+
+**DeviceStateData**
+Added in version 1.3 of the CSP in Windows 10, version 1607. Node for all types of device state data that are exposed.
+
+**DeviceStateData/MdmConfiguration**
+Added in version 1.3 of the CSP in Windows 10, version 1607. Triggers the snapping of device management state data with SNAP.
+
+The supported value is Execute.
+
+```xml
+
+
+
+
+ 2
+
+
+ ./Vendor/MSFT/DiagnosticLog/DeviceStateData/MdmConfiguration
+
+
+ chr
+
+ SNAP
+
+
+
+
+
+```
+
+## FileDownload area
+The FileDownload feature of the DiagnosticLog CSP enables a management server to pull data directly from the device. In the FileDownload context the client and server roles are conceptually reversed, with the management server acting as a client to download the data from the managed device.
+
+### Comparing FileDownload and DiagnosticArchive
+Both the FileDownload and DiagnosticArchive features can be used to get data from the device to the management server, but they are optimized for different workflows.
+
+- FileDownload enables the management server to directly pull byte-level trace data from the managed device. The data transfer takes place through the existing OMA-DM/SyncML context. It is typically used together with the EtwLogs feature as part of an advanced monitoring or diagnostic flow. FileDownlod requires granular orchestration by the management server, but avoids the need for dedicated cloud storage.
+- DiagnosticArchive allows the management server to give the CSP a full set of instructions as single command. Based on those instructions the CSP orchestrates the work client-side to package the requested diagnostic files into a zip archive and upload that archive to cloud storage. The data transfer happens outside of the OMA-DM session, via an HTTP PUT.
+
+The following section describes the nodes for the FileDownload functionality.
+
+**FileDownload**
+Node to contain child nodes for log file transportation protocols and corresponding actions.
+
+**FileDownload/DMChannel**
+Node to contain child nodes using DM channel for transport protocol.
+
+**FileDownload/DMChannel/***FileContext*
+Dynamic interior nodes that represents per log file context.
+
+**FileDownload/DMChannel/*FileContext*/BlockSizeKB**
+Sets the log read buffer, in KB.
+
+The data type is an integer.
+
+Valid values are 1-16. The default value is 4.
+
+Supported operations are Get and Replace.
+
+Set **BlockSizeKB**
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockSizeKB
+
+
+ int
+
+ 1
+
+
+
+
+
+```
+
+Get **BlockSizeKB**
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockSizeKB
+
+
+
+
+
+
+```
+
+**FileDownload/DMChannel/*FileContext*/BlockCount**
+Represents the total read block count for the log file.
+
+The data type is an integer.
+
+The only supported operation is Get.
+
+Get **BlockCount**
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockCount
+
+
+
+
+
+
+```
+
+**FileDownload/DMChannel/*FileContext*/BlockIndexToRead**
+Represents the read block start location.
+
+The data type is an integer.
+
+Supported operations are Get and Replace.
+
+Set **BlockIndexToRead** at 0
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockIndexToRead
+
+
+ int
+
+ 0
+
+
+
+
+
+```
+
+Set **BlockIndexToRead** at 1
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockIndexToRead
+
+
+ int
+
+ 1
+
+
+
+
+
+```
+
+**FileDownload/DMChannel/*FileContext*/BlockData**
+The data type is Base64.
+
+The only supported operation is Get.
+
+Get **BlockData**
+
+```xml
+
+
+
+
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel/DeviceManagement/BlockData
+
+
+
+
+
+
+```
+
+**FileDownload/DMChannel/*FileContext*/DataBlocks**
+Node to transfer the selected log file block to the DM server.
+
+**FileDownload/DMChannel/*FileContext*/DataBlocks/***BlockNumber*
+The data type is Base64.
+
+The supported operation is Get.
+
+### Reading a log file
To read a log file:
1. Enumerate log file under **./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel**.
2. Select a log file in the Enumeration result.
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index ec63a3f303..c4591652a5 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -2030,7 +2030,7 @@ The content below are the latest versions of the DDF files:
- SDDL String controlling access to the channel. Default: https://docs.microsoft.com/en-us/windows/desktop/WES/eventmanifestschema-channeltype-complextype
+ SDDL String controlling access to the channel. Default: https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 7946edba39..4767766c8c 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -1,6 +1,6 @@
---
title: DMClient CSP
-description: The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment.
+description: Understand how the DMClient configuration service provider works. It is used to specify enterprise-specific mobile device management configuration settings.
ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 03e82dc9e8..f687502610 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -1,6 +1,6 @@
---
title: EAP configuration
-description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10.
+description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, plus info about EAP certificate filtering in Windows 10.
ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 548a34e79e..384babdddb 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 11/01/2017
ms.reviewer:
manager: dansimp
@@ -32,9 +33,9 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
## Enable a policy
> [!NOTE]
-> See [Understanding ADMX-backed policies](https://docs.microsoft.com/en-us/windows/client-management/mdm/understanding-admx-backed-policies).
+> See [Understanding ADMX-backed policies](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
-1. Find the policy from the list [ADMX-backed policies](policy-configuration-service-provider.md#admx-backed-policies). You need the following information listed in the policy description.
+1. Find the policy from the list [ADMX-backed policies](policies-admx-backed.md). You need the following information listed in the policy description.
- GP English name
- GP name
- GP ADMX file name
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 849b1c551d..ac08247a1f 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -116,6 +116,9 @@ Requirements:
> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have the Windows 10, version 1903 feature update installed.
The default behavior for older releases is to revert to **User Credential**.
+> [!NOTE]
+> Device credential group policy setting is not supported for enrolling into Microsoft Intune.
+
When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index 429bf2fe21..e70eed0ce5 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -1,6 +1,6 @@
---
-title: EnrollmentStatusTracking CSP
-description: EnrollmentStatusTracking CSP
+title: EnrollmentStatusTracking DDF
+description: View the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index 080db28b5c..6faa0a9b38 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -1,6 +1,6 @@
---
title: EnrollmentStatusTracking CSP
-description: EnrollmentStatusTracking CSP
+description: Learn how to perform a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -11,7 +11,6 @@ ms.date: 05/21/2019
# EnrollmentStatusTracking CSP
-
During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status).
ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. See [DMClient CSP](dmclient-csp.md) for more information.
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index 3e69ceaa92..70759a6c03 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseDataProtection CSP
-description: The EnterpriseDataProtection configuration service provider (CSP) is used to configure Windows Information Protection (WIP) (formerly known as Enterprise Data Protection) specific settings.
+description: The EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings.
ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3
ms.reviewer:
manager: dansimp
@@ -249,7 +249,7 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG {
Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from MAM to MDM. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after upgrade. This is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
- 0 - Don't revoke keys
-- 1 (dafault) - Revoke keys
+- 1 (default) - Revoke keys
Supported operations are Add, Get, Replace and Delete. Value type is integer.
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index 97c5865d7e..f52b397125 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseDesktopAppManagement CSP
-description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications.
+description: The EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications.
ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 044b5dd851..a24f114581 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -504,7 +504,7 @@ Supported operation is Get.
-**AppInstallation/*PackageFamilyName*/LastErrorDescription**
+**AppInstallation/*PackageFamilyName*/LastErrorDesc**
Required. Description of last error relating to the app installation.
Supported operation is Get.
diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md
index 9ab64f1f8b..18a0174509 100644
--- a/windows/client-management/mdm/get-product-details.md
+++ b/windows/client-management/mdm/get-product-details.md
@@ -1,6 +1,6 @@
---
title: Get product details
-description: The Get product details operation retrieves the product information from the Micosoft Store for Business for a specific application.
+description: The Get product details operation retrieves the product information from the Microsoft Store for Business for a specific application.
ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286
ms.reviewer:
manager: dansimp
@@ -14,7 +14,7 @@ ms.date: 09/18/2017
# Get product details
-The **Get product details** operation retrieves the product information from the Micosoft Store for Business for a specific application.
+The **Get product details** operation retrieves the product information from the Microsoft Store for Business for a specific application.
## Request
diff --git a/windows/client-management/mdm/images/custom-profile-prevent-device-instance-ids.png b/windows/client-management/mdm/images/custom-profile-prevent-device-instance-ids.png
new file mode 100644
index 0000000000..226f4850aa
Binary files /dev/null and b/windows/client-management/mdm/images/custom-profile-prevent-device-instance-ids.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png b/windows/client-management/mdm/images/provisioning-csp-bitlocker.png
index d3d33ff9f6..63ccb6fc89 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png and b/windows/client-management/mdm/images/provisioning-csp-bitlocker.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png
index c4a743deeb..793b1568ff 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-defender.png and b/windows/client-management/mdm/images/provisioning-csp-defender.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png b/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png
index 9829586338..a12415ae84 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png and b/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png differ
diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
index a3dc006fc8..481d57ea45 100644
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@@ -1,6 +1,6 @@
---
-title: Implement server-side support for mobile application management on Windows
-description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP).
+title: Provide server-side support for mobile app management on Windows
+description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
index 682ae5b63d..44d416b67a 100644
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@@ -1,6 +1,6 @@
---
title: Mobile device management
-description: Windows 10 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices.
+description: Windows 10 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
MS-HAID:
- 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
- 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
@@ -10,7 +10,6 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
-ms.date: 01/25/2019
---
# Mobile device management
@@ -34,7 +33,7 @@ With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM secur
The MDM security baseline includes policies that cover the following areas:
-- Microsoft inbox security technology (not deprecated) such as Bitlocker, Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
+- Microsoft inbox security technology (not deprecated) such as Bitlocker, Windows Defender Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
- Restricting remote access to devices
- Setting credential requirements for passwords and PINs
- Restricting use of legacy technology
@@ -42,14 +41,16 @@ The MDM security baseline includes policies that cover the following areas:
- And much more
For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see:
+
+- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
-
+
## Learn about migrating to MDM
When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://aka.ms/mmat/) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy settings in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf).
diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md
index 24cf91748a..2e34159750 100644
--- a/windows/client-management/mdm/multisim-ddf.md
+++ b/windows/client-management/mdm/multisim-ddf.md
@@ -1,6 +1,6 @@
---
title: MultiSIM DDF file
-description: XML file containing the device description framework
+description: XML file containing the device description framework for the MultiSIM configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index 8d7aa80999..c82e246263 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -84,7 +84,7 @@ Valid values:
The data type is integer. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
-# Configuration Example
+## Configuration Example
These generic code portions for the options **ProxySettingsPerUser**, **Autodetect**, and **SetupScriptURL** can be used for a specific operation, for example Replace. Only enter the portion of code needed in the **Replace** section.
```xml
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 7ee6042e75..7535a3ce20 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -1,6 +1,6 @@
---
title: NetworkQoSPolicy DDF
-description: This topic shows the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML
ms.assetid:
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 3d60ebdc20..b1c7501096 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1,6 +1,6 @@
---
title: What's new in MDM enrollment and management
-description: This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
+description: Discover what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
MS-HAID:
- 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
- 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
@@ -12,6 +12,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 07/01/2019
---
@@ -20,9 +21,10 @@ ms.date: 07/01/2019
This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
-For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
+For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
- **What’s new in MDM for Windows 10 versions**
+ - [What’s new in MDM for Windows 10, version 1909](#whats-new-in-mdm-for-windows-10-version-1909)
- [What’s new in MDM for Windows 10, version 1903](#whats-new-in-mdm-for-windows-10-version-1903)
- [What’s new in MDM for Windows 10, version 1809](#whats-new-in-mdm-for-windows-10-version-1809)
- [What’s new in MDM for Windows 10, version 1803](#whats-new-in-mdm-for-windows-10-version-1803)
@@ -56,6 +58,9 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What is dmwappushsvc?](#what-is-dmwappushsvc)
- **Change history in MDM documentation**
+ - [January 2020](#january-2020)
+ - [November 2019](#november-2019)
+ - [October 2019](#october-2019)
- [September 2019](#september-2019)
- [August 2019](#august-2019)
- [July 2019](#july-2019)
@@ -81,6 +86,27 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [September 2017](#september-2017)
- [August 2017](#august-2017)
+## What’s new in MDM for Windows 10, version 1909
+
Added the following new nodes in Windows 10, version 1909:
+ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.
+
+
+
+
## What’s new in MDM for Windows 10, version 1903
@@ -141,7 +167,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
Added the following new nodes: Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.
Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
@@ -627,7 +657,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
@@ -1906,11 +1936,31 @@ How do I turn if off? | The service can be stopped from the "Services" console o
## Change history in MDM documentation
+### January 2020
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP - Defender](policy-csp-defender.md)|Added descriptions for supported actions for Defender/ThreatSeverityDefaultAction.|
+
+
+### November 2019
+
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.|
+|[DiagnosticLog CSP](diagnosticlog-csp.md)|Added substantial updates to this CSP doc.|
+
+### October 2019
+
+|New or updated topic | Description|
+|--- | ---|
+|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes: ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.|
+|[Defender CSP](defender-csp.md)|Added the following new nodes: Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.|
+
### September 2019
|New or updated topic | Description|
|--- | ---|
-|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node: IsStub|
+|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node: IsStub.|
|[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.|
|[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies: DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.|
@@ -1929,7 +1979,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
|[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903: SecurityKey, SecurityKey/UseSecurityKeyForSignin|
|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies: LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
-|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported: Create a custom configuration service provider Design a custom configuration service provider IConfigServiceProvider2 IConfigServiceProvider2::ConfigManagerNotification IConfigServiceProvider2::GetNode ICSPNode ICSPNode::Add ICSPNode::Clear ICSPNode::Copy ICSPNode::DeleteChild ICSPNode::DeleteProperty ICSPNode::Execute ICSPNode::GetChildNodeNames ICSPNode::GetProperty ICSPNode::GetPropertyIdentifiers ICSPNode::GetValue ICSPNode::Move ICSPNode::SetProperty ICSPNode::SetValue ICSPNodeTransactioning ICSPValidate Samples for writing a custom configuration service provider|
+|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported: Create a custom configuration service provider Design a custom configuration service provider IConfigServiceProvider2 IConfigServiceProvider2::ConfigManagerNotification IConfigServiceProvider2::GetNode ICSPNode ICSPNode::Add ICSPNode::Clear ICSPNode::Copy ICSPNode::DeleteChild ICSPNode::DeleteProperty ICSPNode::Execute ICSPNode::GetChildNodeNames ICSPNode::GetProperty ICSPNode::GetPropertyIdentifiers ICSPNode::GetValue ICSPNode::Move ICSPNode::SetProperty ICSPNode::SetValue ICSPNodeTransactioning ICSPValidate Samples for writing a custom configuration service provider.|
### June 2019
@@ -2377,7 +2427,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
Added a new section:
-
Policies supported by GP - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
+
Policies supported by Group Policy - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
@@ -3264,7 +3202,7 @@ The following diagram shows the Policy configuration service provider in tree fo
-### SmartScreen policies
+### Windows Defender SmartScreen policies
@@ -3597,9 +3535,6 @@ The following diagram shows the Policy configuration service provider in tree fo
### TimeLanguageSettings policies
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-Specifies whether to allow Action Center notifications above the device lock screen.
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 - Not allowed.
-- 1 (default) - Allowed.
-
-
-
-
-**AboveLock/AllowCortanaAboveLock**
@@ -135,14 +63,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
1
-
-
-
Mobile Enterprise
-
1
-
@@ -209,14 +129,6 @@ The following list shows the supported values:
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Specifies whether app store is allowed at the device.
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed.
-- 1 (default) – Allowed.
-
-
-
-
-
-
-
-**ApplicationManagement/ApplicationRestrictions**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
-
-
-An XML blob that specifies the application restrictions company want to put to the device. It could be an app allow list, app disallow list, allowed publisher IDs, and so on. For a list of Windows apps and product IDs, see [inbox apps](applocker-csp.md#inboxappsandcomponents). For more information about the XML, see the [ApplicationRestrictions XSD](applicationrestrictions-xsd.md).
-
-> [!NOTE]
-> When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps.
->
-> Here's additional guidance for the upgrade process:
->
-> - Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents).
-> - Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows Phone 8.1 publisher if you are using it.
-> - In the SyncML, you must use lowercase product ID.
-> - Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error.
-> - You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents).
-
-
-An application that is running may not be immediately terminated.
-
-Value type is chr.
-
-Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies.
-
-
-
-
-
-
**ApplicationManagement/DisableStoreOriginatedApps**
@@ -637,14 +443,6 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -711,14 +509,6 @@ The following list shows the supported values:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -790,14 +580,6 @@ For this policy to work, the Windows apps need to declare in their manifest that
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -869,14 +651,6 @@ This setting supports a range of values between 0 and 1.
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -949,14 +723,6 @@ This setting supports a range of values between 0 and 1.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1027,14 +793,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1103,14 +861,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1179,14 +929,6 @@ The following list shows the supported values:
@@ -106,14 +99,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index c7c9ba66ef..adce29e627 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -139,14 +140,6 @@ manager: dansimp
@@ -143,14 +136,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -213,14 +198,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
1
-
-
-
Mobile Enterprise
-
1
-
@@ -279,14 +256,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -345,14 +314,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -408,14 +369,6 @@ If this policy is not set or it is deleted, the default local radio name is used
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 952c02bc75..64a83cf92a 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -9,14 +9,19 @@ ms.author: dansimp
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
---
# Policy CSP - Browser
-
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
## Browser policies
@@ -27,9 +32,6 @@ manager: dansimp
@@ -363,79 +346,6 @@ To verify AllowAutofill is set to 0 (not allowed):
-
-**Browser/AllowBrowser**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
-
-The device allows Microsoft Edge on Windows 10 Mobile by default. With this policy, you can disable the Microsoft Edge tile, and when clicking the tile, a message opens indicating that the administrator disabled Internet browsing.
-
-
-
-
-
-Supported values:
-
-- 0 – Prevented/not allowed.
-- 1 (default) – Allowed.
-
-Most restricted value: 0
-
-
-
-
-
**Browser/AllowConfigurationUpdateForBooksLibrary**
@@ -465,14 +375,6 @@ Most restricted value: 0
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -542,14 +444,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -629,14 +523,6 @@ To verify AllowCookies is set to 0 (not allowed):
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -708,14 +594,6 @@ Most restricted value: 0
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -794,14 +672,6 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -871,14 +741,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -948,14 +810,6 @@ Supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1028,14 +882,6 @@ Most restricted value: 1
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1113,14 +959,6 @@ Most restricted value: 0
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1190,14 +1028,6 @@ Most restricted value: 0
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -1271,14 +1101,6 @@ Most restricted value: 0
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1357,14 +1179,6 @@ To verify AllowPasswordManager is set to 0 (not allowed):
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1443,14 +1257,6 @@ To verify AllowPopups is set to 0 (not allowed):
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1529,14 +1335,6 @@ Most restricted value: 0
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1614,14 +1412,6 @@ Most restricted value: 0
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1699,14 +1489,6 @@ Most restricted value: 0
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -1782,14 +1564,6 @@ Most restricted value: 0
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1860,14 +1634,6 @@ Most restricted value: 0
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1945,14 +1711,6 @@ Most restricted value: 0
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1994,7 +1752,7 @@ Most restricted value: 1
To verify AllowSmartScreen is set to 0 (not allowed):
1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.
+2. Verify that the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.
@@ -2030,14 +1788,6 @@ To verify AllowSmartScreen is set to 0 (not allowed):
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2114,14 +1864,6 @@ Most restricted value: 1
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2198,14 +1940,6 @@ Supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2278,14 +2012,6 @@ Most restricted value: 0
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -2366,14 +2092,6 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-Enter a URL in string format for the site you want to load when Microsoft Edge for Windows 10 Mobile opens for the first time, for example, contoso.com.
-
-
-
-
-
-
**Browser/HomePages**
@@ -3353,14 +2928,6 @@ Enter a URL in string format for the site you want to load when Microsoft Edge f
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3446,14 +3013,6 @@ Supported values:
Education
3
-
-
Mobile
-
3
-
-
-
Mobile Enterprise
-
3
-
@@ -3525,14 +3084,6 @@ Most restricted value: 1
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3602,14 +3153,6 @@ Most restricted value: 1
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3685,14 +3228,6 @@ Most restricted value: 1
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -3763,14 +3298,6 @@ Most restricted value: 1
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -3841,14 +3368,6 @@ Most restricted value: 1
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3917,14 +3436,6 @@ Most restricted value: 1
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3994,14 +3505,6 @@ Most restricted value: 1
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4077,14 +3580,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4156,14 +3651,6 @@ Most restricted value: 1
Education
3
-
-
Mobile
-
3
-
-
-
Mobile Enterprise
-
3
-
@@ -4242,14 +3729,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4324,14 +3803,6 @@ Most restricted value: 0
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -4410,14 +3881,6 @@ Most restricted value: 1
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4493,14 +3956,6 @@ Supported values:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4575,14 +4030,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4656,14 +4103,6 @@ Most restricted value: 0
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4747,14 +4186,6 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
@@ -174,14 +164,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -241,14 +223,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -328,14 +302,6 @@ To validate on mobile devices, do the following:
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -368,78 +334,6 @@ The following list shows the supported values:
-
-**Connectivity/AllowNFC**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-Allows or disallows near field communication (NFC) on the device.
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 – Do not allow NFC capabilities.
-- 1 (default) – Allow NFC capabilities.
-
-
-
-
-
-
**Connectivity/AllowPhonePCLinking**
@@ -469,14 +363,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -552,14 +438,6 @@ Device that has previously opt-in to MMX will also stop showing on the device li
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -576,8 +454,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
+> Currently, this policy is supported only in HoloLens 2, Hololens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition.
Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging.
@@ -626,14 +503,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -694,14 +563,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -762,14 +623,6 @@ The following list shows the supported values:
@@ -107,8 +100,8 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the
- \
- \
-For the list MDM-GP mapping list, see [Policies supported by GP
-](policy-configuration-service-provider.md#policies-supported-by-gp).
+For the list MDM-GP mapping list, see [Policies supported by Group Policy
+](policies-supported-by-group-policy.md).
The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**.
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 6f9bacca01..a246711f54 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -64,14 +65,6 @@ manager: dansimp
@@ -256,14 +249,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -334,14 +319,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -413,14 +390,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -491,14 +460,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -569,14 +530,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -647,14 +600,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -725,14 +670,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -795,14 +732,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -873,14 +802,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -951,14 +872,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1029,14 +942,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1099,14 +1004,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1177,14 +1074,6 @@ The following list shows the supported values:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1251,14 +1140,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1327,14 +1208,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1406,14 +1279,6 @@ Valid values: 0–100
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1496,14 +1361,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1584,14 +1441,6 @@ The following list shows the supported values:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1662,14 +1511,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1733,14 +1574,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1804,14 +1637,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1883,14 +1708,6 @@ Valid values: 0–90
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1971,14 +1788,6 @@ ADMX Info:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2059,14 +1868,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2138,14 +1939,6 @@ The following list shows the supported values:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2224,14 +2017,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2309,14 +2094,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2381,14 +2158,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2453,14 +2222,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2531,14 +2292,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2602,14 +2355,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2685,14 +2430,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2764,14 +2501,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2849,14 +2578,6 @@ Valid values: 0–1380
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2938,14 +2659,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3023,14 +2736,6 @@ Valid values: 0–1380.
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3115,14 +2820,6 @@ ADMX Info:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3202,14 +2899,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3285,14 +2974,6 @@ Valid values: 0–24.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3366,14 +3047,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3395,7 +3068,7 @@ The following list shows the supported values:
Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take.
-This value is a list of threat severity level IDs and corresponding actions, separated by a| using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3
+This value is a list of threat severity level IDs and corresponding actions, separated by a | using the format "*threat level*=*action*|*threat level*=*action*". For example, "1=6|2=2|4=10|5=3".
The following list shows the supported values for threat severity levels:
@@ -3406,12 +3079,12 @@ The following list shows the supported values for threat severity levels:
The following list shows the supported values for possible actions:
-- 1 – Clean
-- 2 – Quarantine
-- 3 – Remove
-- 6 – Allow
-- 8 – User defined
-- 10 – Block
+- 1 – Clean. Service tries to recover files and try to disinfect.
+- 2 – Quarantine. Moves files to quarantine.
+- 3 – Remove. Removes files from system.
+- 6 – Allow. Allows file/does none of the above actions.
+- 8 – User defined. Requires user to make a decision on which action to take.
+- 10 – Block. Blocks file execution.
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index f1cad52c4e..8a8184ba9a 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -136,14 +137,6 @@ manager: dansimp
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -210,14 +203,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -289,14 +274,6 @@ The following list shows the supported values:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -366,14 +343,6 @@ ADMX Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -436,14 +405,6 @@ ADMX Info:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -517,14 +478,6 @@ Supported values: 0 - one month (in seconds)
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -596,14 +549,6 @@ Supported values: 0 - one month (in seconds)
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -678,14 +623,6 @@ The following list shows the supported values as number of seconds:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -761,14 +698,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -836,14 +765,6 @@ ADMX Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -859,7 +780,7 @@ ADMX Info:
-Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix
+Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
When set, the Group ID will be assigned automatically from the selected source.
@@ -869,6 +790,8 @@ The options set in this policy only apply to Group (2) download mode. If Group (
For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.
+Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5.
+
ADMX Info:
@@ -886,6 +809,7 @@ The following list shows the supported values:
- 2 - Authenticated domain SID
- 3 - DHCP user option
- 4 - DNS suffix
+- 5 - AAD
@@ -921,14 +845,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -995,14 +911,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1069,14 +977,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1143,14 +1043,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1217,14 +1109,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1291,14 +1175,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1364,14 +1240,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1441,14 +1309,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1515,14 +1375,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1589,14 +1441,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1663,14 +1507,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1739,14 +1575,6 @@ ADMX Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1822,14 +1650,6 @@ This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryopt
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1892,14 +1712,6 @@ ADMX Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1969,14 +1781,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2051,14 +1855,6 @@ This policy allows an IT Admin to define the following:
@@ -203,14 +196,6 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -318,14 +303,6 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -449,14 +426,6 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -536,14 +505,6 @@ ADMX Info:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -656,14 +617,6 @@ You can also block installation by using a custom profile in Intune.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -781,14 +734,6 @@ For example, this custom profile blocks installation and usage of USB devices wi
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -832,7 +777,7 @@ ADMX Info:
-To enable this policy, use the following SyncML.
+To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with device instance IDs of USB\VID_1F75 and USB\VID_0781. To configure multiple classes, use `` as a delimiter.
``` xml
@@ -860,6 +805,25 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
<<< Section end 2018/11/15 12:26:41.751
<<< [Exit status: SUCCESS]
```
+
+You can also block installation and usage of prohibited peripherals by using a custom profile in Intune.
+
+For example, this custom profile prevents installation of devices with matching device instance IDs.
+
+
+
+To prevent installation of devices with matching device instance IDs by using custom profile in Intune:
+1. Locate the device instance ID.
+2. Replace `&` in the device instance IDs with `&`.
+For example:
+Replace
+```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0```
+with
+```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0```
+ > [!Note]
+ > Do not use spaces in the value.
+3. Replace the device instance IDs with `&` into the sample SyncML. Add the SyncML into the Intune custom device configuration profile.
+
@@ -897,14 +861,6 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
@@ -133,13 +114,12 @@ manager: dansimp
> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+> Currently, this policy is supported only in HoloLens 2, Hololens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition.
-
Specifies whether the user must input a PIN or password when the device resumes from an idle state.
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
@@ -153,82 +133,6 @@ The following list shows the supported values:
-
-**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-> [!IMPORTANT]
-> If this policy is set to 1 (Allowed), the value set by **DeviceLock/ScreenTimeOutWhileLocked** is ignored. To ensure enterprise control over the screen timeout, set this policy to 0 (Not allowed) and use **DeviceLock/ScreenTimeOutWhileLocked** to set the screen timeout period.
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Not allowed.
-- 1 – Allowed.
-
-
-
-
-
-
**DeviceLock/AllowSimpleDevicePassword**
@@ -258,14 +162,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -331,14 +227,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -410,14 +298,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -517,14 +397,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -592,14 +464,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -667,14 +531,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -703,71 +559,6 @@ Value type is a string, which is the full image filepath and filename.
-
-**DeviceLock/EnforceLockScreenProvider**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
1
-
-
-
Mobile Enterprise
-
1
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider.
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for mobile devices.
-
-
-Value type is a string, which is the AppID.
-
-
-
-
-
-
**DeviceLock/MaxDevicePasswordFailedAttempts**
@@ -797,14 +588,6 @@ Value type is a string, which is the AppID.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -879,14 +662,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -926,75 +701,6 @@ The following list shows the supported values:
-
-**DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-
-
-The following list shows the supported values:
-
-- An integer X where 0 <= X <= 999.
-- 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
-
-
-
-
-
-
**DeviceLock/MinDevicePasswordComplexCharacters**
@@ -1024,14 +730,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1154,14 +852,6 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1199,6 +889,29 @@ The following list shows the supported values:
- The default value is 4 for mobile devices and desktop devices.
+
+The following example shows how to set the minimum password length to 4 characters.
+
+```xml
+
+
+
+ $CmdID$
+
+
+ ./Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordLength
+
+
+ int
+
+ 4
+
+
+
+
+
+```
+
@@ -1232,14 +945,6 @@ The following list shows the supported values:
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-Allows an enterprise to set the duration in seconds for the screen timeout while on the lock screen of Windows 10 Mobile devices.
-
-Minimum supported value is 10.
-
-Maximum supported value is 1800.
-
-The default value is 10.
-
-Most restricted value is 0.
-
-
-
-
-
Footnotes:
- 1 - Added in Windows 10, version 1607.
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index ac06feca25..5379d5fbac 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -70,14 +71,6 @@ manager: dansimp
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -138,14 +131,6 @@ ADMX Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -226,14 +211,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -294,14 +271,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -377,14 +346,6 @@ To validate on Desktop, do the following:
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-Specifies whether copy and paste is allowed.
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed.
-- 1 (default) – Allowed.
-
-
-
-
-
-
**Experience/AllowCortana**
@@ -291,14 +198,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -367,14 +266,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -437,14 +328,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -515,14 +398,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -558,76 +433,6 @@ The following list shows the supported values:
-
-**Experience/AllowSIMErrorDialogPromptWhenNoSIM**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-Specifies whether to display dialog prompt when no SIM card is detected.
-
-
-
-The following list shows the supported values:
-
-- 0 – SIM card dialog prompt is not displayed.
-- 1 (default) – SIM card dialog prompt is displayed.
-
-
-
-
-
-
**Experience/AllowSaveAsOfOfficeFiles**
@@ -641,78 +446,6 @@ This policy is deprecated.
-
-**Experience/AllowScreenCapture**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-Specifies whether screen capture is allowed.
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed.
-- 1 (default) – Allowed.
-
-
-
-
-
-
**Experience/AllowSharingOfOfficeFiles**
@@ -753,14 +486,6 @@ This policy is deprecated.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -819,14 +544,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -873,76 +590,6 @@ The following list shows the supported values:
-
-**Experience/AllowTaskSwitcher**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-Allows or disallows task switching on the device.
-
-
-
-The following list shows the supported values:
-
-- 0 – Task switching not allowed.
-- 1 (default) – Task switching allowed.
-
-
-
-
-
-
**Experience/AllowThirdPartySuggestionsInWindowsSpotlight**
@@ -972,14 +619,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1021,78 +660,6 @@ The following list shows the supported values:
-
-**Experience/AllowVoiceRecording**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-Specifies whether voice recording is allowed for apps.
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed.
-- 1 (default) – Allowed.
-
-
-
-
-
-
**Experience/AllowWindowsConsumerFeatures**
@@ -1122,14 +689,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1203,14 +762,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1283,14 +834,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1362,14 +905,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1440,14 +975,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1520,14 +1047,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1594,14 +1113,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1673,14 +1184,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
1
-
-
-
Mobile Enterprise
-
1
-
@@ -1751,14 +1254,6 @@ The following list shows the supported values:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1853,14 +1348,6 @@ _**Turn syncing off by default but don’t disable**_
@@ -2623,7 +2448,7 @@ ADMX Info:
Value and index pairs in the SyncML example:
- http://adfs.contoso.org 1
-- http://microsoft.com 2
+- https://microsoft.com 2
@@ -2659,14 +2484,6 @@ Value and index pairs in the SyncML example:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2740,14 +2557,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2821,14 +2630,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2906,14 +2707,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2991,14 +2784,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3076,14 +2861,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3157,14 +2934,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3238,14 +3007,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3321,14 +3082,6 @@ ADMX Info:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3411,14 +3164,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3492,14 +3237,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3516,11 +3253,11 @@ ADMX Info:
-This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious.
+This policy setting determines whether the user can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen prevents the user from browsing to or downloading from sites that are known to host malicious content. Windows Defender SmartScreen also prevents the execution of files that are known to be malicious.
-If you enable this policy setting, SmartScreen Filter warnings block the user.
+If you enable this policy setting, Windows Defender SmartScreen warnings block the user.
-If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
+If you disable or do not configure this policy setting, the user can bypass Windows Defender SmartScreen warnings.
> [!TIP]
@@ -3571,14 +3308,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3595,11 +3324,11 @@ ADMX Info:
-This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet.
+This policy setting determines whether the user can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen warns the user about executable files that Internet Explorer users do not commonly download from the Internet.
-If you enable this policy setting, SmartScreen Filter warnings block the user.
+If you enable this policy setting, Windows Defender SmartScreen warnings block the user.
-If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
+If you disable or do not configure this policy setting, the user can bypass Windows Defender SmartScreen warnings.
> [!TIP]
@@ -3650,14 +3379,6 @@ ADMX Info:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3740,14 +3461,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3819,14 +3532,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3898,14 +3603,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3979,14 +3676,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4062,14 +3751,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4141,14 +3822,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4222,14 +3895,6 @@ ADMX Info:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4312,14 +3977,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4395,14 +4052,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4478,14 +4127,6 @@ ADMX Info:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4570,14 +4211,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4648,14 +4281,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4727,14 +4352,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4810,14 +4427,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4893,14 +4502,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4972,14 +4573,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5051,14 +4644,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5132,14 +4717,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5211,14 +4788,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5291,14 +4860,6 @@ ADMX Info:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5383,14 +4944,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5466,14 +5019,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5550,14 +5095,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5634,14 +5171,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5715,14 +5244,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5800,14 +5321,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5881,14 +5394,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -5962,14 +5467,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6043,14 +5540,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6124,14 +5613,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6203,14 +5684,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6286,14 +5759,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6367,14 +5832,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6448,14 +5905,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6529,14 +5978,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6610,14 +6051,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6691,14 +6124,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6770,14 +6195,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6849,14 +6266,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -6930,14 +6339,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7011,14 +6412,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7092,14 +6485,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7116,13 +6501,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -7175,14 +6560,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7254,14 +6631,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7335,14 +6704,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7418,14 +6779,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7499,14 +6852,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7580,14 +6925,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7661,14 +6998,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7740,14 +7069,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7823,14 +7144,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7906,14 +7219,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -7987,14 +7292,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8068,14 +7365,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8149,14 +7438,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8232,14 +7513,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
1
-
-
-
Mobile Enterprise
-
1
-
@@ -8281,14 +7554,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8368,14 +7633,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8449,14 +7706,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8538,14 +7787,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8619,14 +7860,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8700,14 +7933,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8781,14 +8006,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8862,14 +8079,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -8943,14 +8152,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9024,14 +8225,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9103,14 +8296,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9184,14 +8369,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9265,14 +8442,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9346,14 +8515,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9427,14 +8588,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9451,13 +8604,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -9510,14 +8663,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9591,14 +8736,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9672,14 +8809,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9755,14 +8884,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9842,14 +8963,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -9923,14 +9036,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10004,14 +9109,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10085,14 +9182,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10164,14 +9253,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10245,14 +9326,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10326,14 +9399,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10407,14 +9472,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10488,14 +9545,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10512,13 +9561,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -10571,14 +9620,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10652,14 +9693,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10733,14 +9766,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10816,14 +9841,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10903,14 +9920,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -10984,14 +9993,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11065,14 +10066,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11146,14 +10139,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11225,14 +10210,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11306,14 +10283,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11387,14 +10356,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11468,14 +10429,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11549,14 +10502,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11573,13 +10518,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -11632,14 +10577,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11713,14 +10650,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11796,14 +10725,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11883,14 +10804,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -11964,14 +10877,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12051,14 +10956,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12132,14 +11029,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12213,14 +11102,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12292,14 +11173,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12373,14 +11246,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12454,14 +11319,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12535,14 +11392,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12616,14 +11465,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12640,13 +11481,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -12699,14 +11540,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12780,14 +11613,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12863,14 +11688,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -12944,14 +11761,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13025,14 +11834,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13106,14 +11907,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13185,14 +11978,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13266,14 +12051,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13347,14 +12124,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13428,14 +12197,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13509,14 +12270,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13533,13 +12286,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -13592,14 +12345,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13673,14 +12418,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13756,14 +12493,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13843,14 +12572,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -13924,14 +12645,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14005,14 +12718,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14086,14 +12791,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14165,14 +12862,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14246,14 +12935,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14327,14 +13008,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14408,14 +13081,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14489,14 +13154,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14513,13 +13170,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -14572,14 +13229,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14653,14 +13302,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14736,14 +13377,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14823,14 +13456,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14904,14 +13529,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -14985,14 +13602,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15066,14 +13675,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15145,14 +13746,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15226,14 +13819,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15307,14 +13892,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15388,14 +13965,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15469,14 +14038,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15493,13 +14054,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -15552,14 +14113,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15633,14 +14186,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15716,14 +14261,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15803,14 +14340,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15884,14 +14413,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -15965,14 +14486,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16046,14 +14559,6 @@ ADMX Info:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16139,14 +14644,6 @@ Supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16220,14 +14717,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16244,11 +14733,11 @@ ADMX Info:
-This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.
+This policy setting prevents the user from managing Windows Defender SmartScreen, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.
-If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.
+If you enable this policy setting, the user is not prompted to turn on Windows Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.
-If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.
+If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on Windows Defender SmartScreen during the first-run experience.
> [!TIP]
@@ -16299,14 +14788,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16378,14 +14859,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16459,14 +14932,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16540,14 +15005,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16621,14 +15078,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16702,14 +15151,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16783,14 +15224,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16864,14 +15297,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -16945,14 +15370,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17024,14 +15441,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17105,14 +15514,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17188,14 +15589,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17269,14 +15662,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17350,14 +15735,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17431,14 +15808,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17512,14 +15881,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17593,14 +15954,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17674,14 +16027,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17755,14 +16100,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17834,14 +16171,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17913,14 +16242,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -17994,14 +16315,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18075,14 +16388,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18156,14 +16461,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18180,13 +16477,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -18239,14 +16536,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18318,14 +16607,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18399,14 +16680,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18482,14 +16755,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18563,14 +16828,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18644,14 +16901,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18725,14 +16974,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18804,14 +17045,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18887,14 +17120,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -18970,14 +17195,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19051,14 +17268,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19132,14 +17341,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19215,14 +17416,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19302,14 +17495,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19383,14 +17568,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19472,14 +17649,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19553,14 +17722,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19636,14 +17797,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19717,14 +17870,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19800,14 +17945,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19883,14 +18020,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -19964,14 +18093,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20045,14 +18166,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20126,14 +18239,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20207,14 +18312,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20286,14 +18383,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20368,14 +18457,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20447,14 +18528,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20528,14 +18601,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20609,14 +18674,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20688,14 +18745,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20769,14 +18818,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20850,14 +18891,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -20931,14 +18964,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -21012,14 +19037,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -21036,13 +19053,13 @@ ADMX Info:
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
@@ -21095,14 +19112,6 @@ ADMX Info:
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 3536f9af1f..83b8e5e9a2 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -79,14 +80,6 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -141,14 +134,6 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -203,14 +188,6 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -265,14 +242,6 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -324,14 +293,6 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -386,14 +347,6 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -448,14 +401,6 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation but
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-Added in Windows 10, version 1703. Enables or disables the MMS send/receive functionality on the device. For enterprises, this policy can be used to disable MMS on devices as part of the auditing or management requirement.
-
-
-
-The following list shows the supported values:
-
-- 0 - Disabled.
-- 1 (default) - Enabled.
-
-
-
-
@@ -133,14 +59,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
1
-
-
-
Mobile Enterprise
-
1
-
@@ -178,74 +96,6 @@ The following list shows the supported values:
-
-**Messaging/AllowRCS**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-Added in Windows 10, version 1703. Enables or disables the RCS send/receive functionality on the device. For enterprises, this policy can be used to disable RCS on devices as part of the auditing or management requirement.
-
-
-
-The following list shows the supported values:
-
-- 0 - Disabled.
-- 1 (default) - Enabled.
-
-
-
-
-
Footnotes:
- 1 - Added in Windows 10, version 1607.
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 191d19d39c..598cad17d2 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -73,14 +74,6 @@ manager: dansimp
@@ -175,14 +165,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -249,14 +231,6 @@ The following list shows the supported values:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -329,14 +303,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -409,14 +375,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -496,14 +454,6 @@ This policy has been deprecated.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -573,14 +523,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -632,14 +574,6 @@ Allow Windows indexer. Value type is integer.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -709,14 +643,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -783,14 +709,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -861,14 +779,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -940,14 +850,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1018,14 +920,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1063,78 +957,6 @@ The following list shows the supported values:
-
-**Search/SafeSearchPermissions**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. Desktop users should use Search/DoNotUseWebResults.
-
-
-Specifies what level of safe search (filtering adult content) is required.
-
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 – Strict, highest filtering against adult content.
-- 1 (default) – Moderate filtering against adult content (valid search results will not be filtered).
-
-
-
-
-
Footnotes:
- 1 - Added in Windows 10, version 1607.
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 2719df8815..0a4dcd146d 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -29,15 +30,9 @@ manager: dansimp
@@ -159,14 +146,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -196,78 +175,6 @@ The following list shows the supported values:
-
-**Security/AllowManualRootCertificateInstallation**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-Specifies whether the user is allowed to manually install root and intermediate CA certificates.
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed.
-- 1 (default) – Allowed.
-
-
-
-
-
-
**Security/AllowRemoveProvisioningPackage**
@@ -297,14 +204,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -334,76 +233,6 @@ The following list shows the supported values:
-
-**Security/AntiTheftMode**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-Allows or disallow Anti Theft Mode on the device.
-
-
-
-The following list shows the supported values:
-
-- 0 – Don't allow Anti Theft Mode.
-- 1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent).
-
-
-
-
-
-
**Security/ClearTPMIfNotReady**
@@ -433,14 +262,6 @@ The following list shows the supported values:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -510,14 +331,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -580,14 +393,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -652,14 +457,6 @@ The following list shows the supported values:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -749,14 +546,6 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -821,14 +610,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -887,14 +668,6 @@ The following list shows the supported values:
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index e999e67da7..7786a5eb5c 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -162,14 +163,6 @@ Added in Windows 10, version 1803. Placeholder only. Do not use in production e
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -234,14 +227,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -304,14 +289,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -376,14 +353,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -449,14 +418,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -521,14 +482,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -593,14 +546,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -665,14 +610,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -757,14 +694,6 @@ This policy has been deprecated.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -837,14 +766,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -908,14 +829,6 @@ This setting supports a range of values between 0 and 1.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -979,14 +892,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1050,14 +955,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1121,14 +1018,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1193,14 +1082,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1263,14 +1144,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1333,14 +1206,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1403,14 +1268,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1470,14 +1327,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1537,14 +1386,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1604,14 +1445,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1671,14 +1504,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1738,14 +1563,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1805,14 +1622,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1872,14 +1681,6 @@ The following list shows the supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 611cb5cf8e..ffc5c62bec 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,11 +1,12 @@
---
title: Policy CSP - TimeLanguageSettings
-description: Policy CSP - TimeLanguageSettings
+description: Learn which TimeLanguageSettings policies are supported for your edition of Windows.
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -21,81 +22,12 @@ manager: dansimp
## TimeLanguageSettings policies
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Allows for the configuration of the default clock setting to be the 24 hour format. If set to 0 (zero), the device uses the default clock as prescribed by the current locale setting.
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Current locale setting.
-- 1 – Set 24 hour clock.
-
-
-
-
@@ -127,14 +59,6 @@ The following list shows the supported values:
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 6458e458b5..9d98a92f10 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,15 +6,14 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 09/27/2019
+ms.localizationpriority: medium
+ms.date: 10/04/2019
ms.reviewer:
manager: dansimp
---
# Policy CSP - Update
-
-
> [!NOTE]
> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
@@ -238,14 +237,6 @@ manager: dansimp
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
1
-
@@ -313,14 +304,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -385,14 +368,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
1
-
@@ -460,14 +435,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -548,14 +515,6 @@ The following list shows the supported values:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -626,14 +585,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -701,14 +652,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -771,14 +714,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -852,14 +787,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -936,14 +863,6 @@ ADMX Info:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1020,14 +939,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -1094,14 +1005,6 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -1169,14 +1072,6 @@ The following list shows the supported values:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1253,14 +1148,6 @@ Supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
1
-
@@ -1331,14 +1218,6 @@ The following list shows the supported values:
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1410,14 +1289,6 @@ Default value is 7.
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1488,14 +1359,6 @@ Default value is 7.
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1566,14 +1429,6 @@ Default value is 2.
Education
6
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1646,14 +1501,6 @@ Supported values:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1705,14 +1552,6 @@ Added in Windows 10, version 1803. Enable IT admin to configure feature update u
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1780,14 +1619,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
1
-
@@ -1850,14 +1681,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2009,14 +1832,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2087,14 +1902,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -2155,14 +1962,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2235,14 +2034,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -2321,14 +2112,6 @@ ADMX Info:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2402,14 +2185,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -2481,14 +2256,6 @@ ADMX Info:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2560,14 +2327,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -2639,14 +2398,6 @@ ADMX Info:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2718,14 +2469,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2795,14 +2538,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2873,14 +2608,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -2952,14 +2679,6 @@ To validate this policy:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -3031,14 +2750,6 @@ To validate this policy:
Education
3
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -3107,14 +2818,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3189,14 +2892,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3267,14 +2962,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -3337,14 +3024,6 @@ ADMX Info:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
1
-
@@ -3412,14 +3091,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -3493,14 +3164,6 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3570,14 +3233,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3642,14 +3297,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -3716,14 +3363,6 @@ Supported values are 15, 30, or 60 (minutes).
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -3794,14 +3433,6 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -3879,14 +3510,6 @@ The following list shows the supported values:
Education
3
-
-
Mobile
-
3
-
-
-
Mobile Enterprise
-
-
@@ -3951,14 +3574,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
3
-
-
-
Mobile Enterprise
-
-
@@ -4023,14 +3638,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
3
-
-
-
Mobile Enterprise
-
-
@@ -4095,14 +3702,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
3
-
-
-
Mobile Enterprise
-
-
@@ -4167,14 +3766,6 @@ ADMX Info:
Education
3
-
-
Mobile
-
3
-
-
-
Mobile Enterprise
-
-
@@ -4239,14 +3830,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4319,14 +3902,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -4394,14 +3969,6 @@ The following list shows the supported values:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4461,14 +4028,6 @@ ADMX Info:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4528,14 +4087,6 @@ ADMX Info:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
2
-
@@ -4604,14 +4155,6 @@ The following list shows the supported values:
Education
5
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4689,14 +4232,6 @@ ADMX Info:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4713,7 +4248,7 @@ ADMX Info:
> [!IMPORTANT]
-> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
+> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Mobile.
Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
@@ -4789,14 +4324,6 @@ Example
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -4846,6 +4373,5 @@ Footnotes:
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
- 6 - Added in Windows 10, version 1903.
-
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index ac7ded0237..c485382b9e 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -206,14 +207,6 @@ For example, the following syntax grants user rights to Authenticated Users and
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -271,14 +264,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -336,14 +321,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -401,14 +378,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -466,14 +435,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -531,14 +492,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -596,14 +549,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -661,14 +606,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -726,14 +663,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -791,14 +720,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -856,14 +777,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -921,14 +834,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -986,14 +891,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1051,14 +948,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1116,14 +1005,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1181,14 +1062,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1246,14 +1119,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1311,14 +1176,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1380,14 +1237,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1445,14 +1294,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1510,14 +1351,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1575,14 +1408,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1640,14 +1465,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1705,14 +1522,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1770,14 +1579,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1835,14 +1636,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1900,14 +1693,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -1965,14 +1750,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -2030,14 +1807,6 @@ GP Info:
Education
4
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index cec40575e4..dbae4b5780 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
@@ -89,14 +90,6 @@ This policy has been deprecated.
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -165,14 +158,6 @@ The following list shows the supported values:
Education
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -241,14 +226,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -312,14 +289,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -380,14 +349,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -446,14 +407,6 @@ The following list shows the supported values:
@@ -145,14 +138,6 @@ The following list shows the supported values:
Education
3
-
-
Mobile
-
3
-
-
-
Mobile Enterprise
-
3
-
@@ -211,14 +196,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -277,14 +254,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -343,14 +312,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -421,14 +382,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
2
-
-
-
Mobile Enterprise
-
2
-
@@ -487,14 +440,6 @@ The following list shows the supported values:
Education
2
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
@@ -553,14 +498,6 @@ The following list shows the supported values:
Education
1
-
-
Mobile
-
-
-
-
Mobile Enterprise
-
-
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 86b57361ab..a5298bf190 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -9,6 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 05/21/2019
---
@@ -19,10 +20,10 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy*
You can view various Policy DDF files by clicking the following links:
-- [View the Policy DDF file for Windows 10, version 1903](http://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
-- [View the Policy DDF file for Windows 10, version 1809](http://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
+- [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
+- [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
- [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
-- [View the Policy DDF file for Windows 10, version 1803 release C](http://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
+- [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
- [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 9711b4b2a4..70668fa9de 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -38,9 +38,11 @@ The following diagram shows the Reboot configuration service provider management
The supported operation is Get.
**Schedule/Single**
-
This node will execute a reboot at a scheduled date and time. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required.
+
This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required.
Example to configure: 2018-10-25T18:00:00
+Setting a null (empty) date will delete the existing schedule. In accordance with the ISO 8601 format, the date and time representation needs to be 0000-00-00T00:00:00.
+
The supported operations are Get, Add, Replace, and Delete.
**Schedule/DailyRecurrent**
@@ -53,13 +55,3 @@ Example to configure: 2018-10-25T18:00:00
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
index 0f8b376074..cfa669f4e5 100644
--- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
@@ -1,6 +1,6 @@
---
title: Register your free Azure Active Directory subscription
-description: If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Azure AD.
+description: Paid subscribers to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, have a free subscription to Azure AD.
ms.assetid: 97DCD303-BB11-4AFF-84FE-B7F14CDF64F7
ms.reviewer:
manager: dansimp
@@ -29,21 +29,11 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
-3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
+3. On the **Admin center** page, under Admin Centers on the left, click **Azure Active Directory**. This will take you to the Azure Active Directory portal.
- 
+ 
-4. On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**.
- 
-
-5. It may take a few minutes to process the request.
-
- 
-
-6. You will see a welcome page when the process completes.
-
- 
diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md
index 41ad075f64..5b16192077 100644
--- a/windows/client-management/mdm/reporting-ddf-file.md
+++ b/windows/client-management/mdm/reporting-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Reporting DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the Reporting configuration service provider. This CSP was added in Windows 10, version 1511. Support for desktop security auditing was added for the desktop in Windows 10, version 1607.
+description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider.
ms.assetid: 7A5B79DB-9571-4F7C-ABED-D79CD08C1E35
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index f294bbb8a3..383470060b 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -1,6 +1,6 @@
---
title: SecureAssessment DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML
ms.assetid: 68D17F2A-FAEA-4608-8727-DBEC1D7BE48A
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index 041b690a01..ad901702a5 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -1,6 +1,6 @@
---
title: TenantLockdown DDF file
-description: XML file containing the device description framework
+description: XML file containing the device description framework for the TenantLockdown configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index ff3e25edce..c26f13353d 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -20,7 +20,7 @@ The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmwa
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
> [!NOTE]
-> The production UEFI CSP is present in 1809, but it depends upon the Device Firmware Configuration Interface (DFCI) and UEFI firmware to comply with this interface. The specification for this interface and compatible firmware is not yet available.
+> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
The following diagram shows the UEFI CSP in tree format.
@@ -70,7 +70,7 @@ Apply a permissions information package to UEFI. Input is the signed package in
Value type is Base64. Supported operation is Replace.
**Permissions/Result**
-Retrieves the binary result package of the previous Permissions/Apply operation. This binary package contains XML describing the action taken for each individual permission.
+Retrieves the binary result package of the previous Permissions/Apply operation. This binary package contains XML describing the action taken for each individual permission.
Supported operation is Get.
@@ -109,17 +109,17 @@ Supported operation is Get.
Node for settings permission operations. Alternate endpoint for sending a second permission package without an OS restart.
**Permissions2/Apply**
-Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two permissions information packages in the same session.
+Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two permissions information packages in the same session.
Value type is Base64. Supported operation is Replace.
**Permissions2/Result**
-Retrieves the binary result package from the previous Permissions2/Apply operation. This binary package contains XML describing the action taken for each individual permission.
+Retrieves the binary result package from the previous Permissions2/Apply operation. This binary package contains XML describing the action taken for each individual permission.
Supported operation is Get.
**Settings2**
-Nodefor device settings operations. Alternate endpoint for sending a second settings package without an OS restart.
+Node for device settings operations. Alternate endpoint for sending a second settings package without an OS restart.
**Settings2/Apply**
Apply a settings information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two settings information packages in the same session.
@@ -130,3 +130,8 @@ Value type is Base64. Supported operation is Replace.
Retrieves the binary result package of previous Settings2/Apply operation. This binary package contains XML describing the action taken for each individual setting.
Supported operation is Get.
+
+
+## Related topics
+
+[UEFI DDF file](./uefi-ddf.md)
diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md
index f9ff52da32..ae0b5e11c1 100644
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@@ -1,6 +1,6 @@
---
title: UnifiedWriteFilter CSP
-description: The UnifiedWriteFilter (UWF) configuration service provider enables the IT administrator to remotely manage the UWF to help protect physical storage media including any writable storage type.
+description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media.
ms.assetid: F4716AC6-0AA5-4A67-AECE-E0F200BA95EB
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
index cb2908dda2..7b4f4424be 100644
--- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
@@ -25,7 +25,13 @@ manager: dansimp
## Overview
-Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies.
+Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies.
+
+NOTE: Starting from the following Windows 10 version Replace command is supported
+- Windows 10, version 1903 with KB4512941 and KB4517211 installed
+- Windows 10, version 1809 with KB4512534 and KB installed
+- Windows 10, version 1803 with KB4512509 and KB installed
+- Windows 10, version 1709 with KB4516071 and KB installed
When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
@@ -48,6 +54,8 @@ When the ADMX policies are imported, the registry keys to which each policy is w
- software\microsoft\exchange\
- software\policies\microsoft\vba\security\
- software\microsoft\onedrive
+- software\Microsoft\Edge
+- Software\Microsoft\EdgeUpdate\
> [!Warning]
> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
index e86a9edcc0..ce4b0b3bf3 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -1,6 +1,6 @@
---
title: Win32CompatibilityAppraiser DDF file
-description: XML file containing the device description framework
+description: XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
index 75f0d91a1b..a8be6bba9c 100644
--- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
@@ -1,6 +1,6 @@
---
title: Enterprise settings, policies, and app management
-description: The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax.
+description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow.
MS-HAID:
- 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management'
- 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings'
diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
index a42d7ec535..c4710fae63 100644
--- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
+++ b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
@@ -1,6 +1,6 @@
---
title: WindowsSecurityAuditing DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider. This CSP was added in Windows 10, version 1511.
+description: View the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider.
ms.assetid: B1F9A5FA-185B-48C6-A7F4-0F0F23B971F0
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index c5727c4674..92f6496c2d 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -1,6 +1,6 @@
---
title: WiredNetwork CSP
-description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet.
+description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP. Learn how it works.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
index b6fb182eae..914c39c364 100644
--- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
@@ -296,21 +296,13 @@ For links to these classes, see [**MDM Bridge WMI Provider**](https://msdn.micro
[**Win32\_UninterruptiblePowerSupply**](https://msdn.microsoft.com/library/windows/hardware/aa394503) |
[**Win32\_USBController**](https://msdn.microsoft.com/library/windows/hardware/aa394504) |
[**Win32\_UTCTime**](https://msdn.microsoft.com/library/windows/hardware/aa394510) | 
-[**Win32\_VideoController**](https://msdn.microsoft.com/library/windows/hardware/aa394505) |
+[**Win32\_VideoController**](https://docs.microsoft.com/windows/win32/cimwin32prov/win32-videocontroller) |
**Win32\_WindowsUpdateAgentVersion** |
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-10/10/2016
-
-
-
-
+## Related Links
+[CIM Video Controller](https://docs.microsoft.com/windows/win32/cimwin32prov/cim-videocontroller)
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index da9546ba23..da5cc3e5c8 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -23,7 +23,7 @@ ms.topic: reference
- Windows 10
- Windows 10 Mobile
-Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/details.aspx?id=56121).
+Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/100591).
## New Group Policy settings in Windows 10, version 1809
@@ -497,4 +497,3 @@ No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId=
-
diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md
index 04dcbbafc9..28f7edaab0 100644
--- a/windows/client-management/system-failure-recovery-options.md
+++ b/windows/client-management/system-failure-recovery-options.md
@@ -202,4 +202,4 @@ To view system failure and recovery settings for your local computer, type **wmi
## References
-[Varieties of Kernel-Mode Dump Files](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)
+[Varieties of Kernel-Mode Dump Files](https://docs.microsoft.com/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)
diff --git a/windows/client-management/troubleshoot-event-id-41-restart.md b/windows/client-management/troubleshoot-event-id-41-restart.md
new file mode 100644
index 0000000000..b774919abf
--- /dev/null
+++ b/windows/client-management/troubleshoot-event-id-41-restart.md
@@ -0,0 +1,121 @@
+---
+title: Advanced troubleshooting for Event ID 41 - "The system has rebooted without cleanly shutting down first"
+description: Describes the circumstances that cause a computer to generate Event ID 41, and provides guidance for troubleshooting the issue
+author: Teresa-Motiv
+ms.author: v-tea
+ms.date: 12/27/2019
+ms.prod: w10
+ms.topic: article
+ms.custom:
+- CI 111437
+- CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+keywords: event id 41, reboot, restart, stop error, bug check code
+manager: kaushika
+
+---
+
+# Advanced troubleshooting for Event ID 41: "The system has rebooted without cleanly shutting down first"
+
+> **Home users**
+> This article is intended for use by support agents and IT professionals. If you're looking for more information about blue screen error messages, please visit [Troubleshoot blue screen errors](https://support.microsoft.com/help/14238/windows-10-troubleshoot-blue-screen-errors).
+
+The preferred way to shut down Windows is to select **Start**, and then select an option to turn off or shut down the computer. When you use this standard method, the operating system closes all files and notifies the running services and applications so that they can write any unsaved data to disk and flush any active caches.
+
+If your computer shuts down unexpectedly, Windows logs Event ID 41 the next time that the computer starts. The event text resembles the following:
+
+> Event ID: 41
+> Description: The system has rebooted without cleanly shutting down first.
+
+This event indicates that some unexpected activity prevented Windows from shutting down correctly. Such a shutdown might be caused by an interruption in the power supply or by a Stop error. If feasible, Windows records any error codes as it shuts down. During the [kernel phase](advanced-troubleshooting-boot-problems.md#kernel-phase) of the next Windows startup, Windows checks for these codes and includes any existing codes in the event data of Event ID 41.
+
+> EventData
+> BugcheckCode 159
+> BugcheckParameter1 0x3
+> BugcheckParameter2 0xfffffa80029c5060
+> BugcheckParameter3 0xfffff8000403d518
+> BugcheckParameter4 0xfffffa800208c010
+> SleepInProgress false
+> PowerButtonTimestamp 0Converts to 0x9f (0x3, 0xfffffa80029c5060, 0xfffff8000403d518, 0xfffffa800208c010)
+
+## How to use Event ID 41 when you troubleshoot an unexpected shutdown or restart
+
+By itself, Event ID 41 might not contain sufficient information to explicitly define what occurred. Typically, you have to also consider what was occurring at the time of the unexpected shutdown (for example, the power supply failed). Use the information in this article to identify a troubleshooting approach that is appropriate for your circumstances:
+
+- [Scenario 1](#scen1): The computer restarts because of a Stop error, and Event ID 41 contains a Stop error (bug check) code
+- [Scenario 2](#scen2): The computer restarts because you pressed and held the power button
+- [Scenario 3](#scen3): The computer is unresponsive or randomly restarts, and Event ID 41 is not logged or the Event ID 41 entry lists error code values of zero
+
+### Scenario 1: The computer restarts because of a Stop error, and Event ID 41 contains a Stop error (bug check) code
+
+When a computer shuts down or restarts because of a Stop error, Windows includes the Stop error data in Event ID 41 as part of the additional event data. This information includes the Stop error code (also called a bug check code), as shown in the following example:
+
+> EventData
+> BugcheckCode 159
+> BugcheckParameter1 0x3
+> BugcheckParameter2 0xfffffa80029c5060
+> BugcheckParameter3 0xfffff8000403d518
+> BugcheckParameter4 0xfffffa800208c010
+
+> [!NOTE]
+> Event ID 41 includes the bug check code in decimal format. Most documentation that describes bug check codes refers to the codes as hexadecimal values instead of decimal values. To convert decimal to hexadecimal, follow these steps:
+>
+> 1. Select **Start**, type **calc** in the **Search** box, and then select **Calculator**.
+> 1. In the **Calculator** window, select **View** > **Programmer**.
+> 1. On the left side of calculator, verify that **Dec** is highlighted.
+> 1. Use the keyboard to enter the decimal value of the bug check code.
+> 1. On the left side of the calculator, select **Hex**.
+> The value that the calculator displays is now the hexadecimal code.
+>
+> When you convert a bug check code to hexadecimal format, verify that the “0x” designation is followed by eight digits (that is, the part of the code after the “x” includes enough zeros to fill out eight digits). For example, 0x9F is typically documented as 0x0000009f, and 0xA is documented as 0x0000000A. In the case of the example event data in this article, "159" converts to 0x0000009f.
+
+After you identify the hexadecimal value, use the following references to continue troubleshooting:
+
+- [Advanced troubleshooting for Stop error or blue screen error issue](troubleshoot-stop-errors.md).
+- [Bug Check Code Reference](https://docs.microsoft.com/windows-hardware/drivers/debugger/bug-check-code-reference2). This page lists links to documentation for different bug check codes.
+- [How to Debug Kernel Mode Blue Screen Crashes (for beginners)](https://blogs.technet.microsoft.com/askcore/2008/10/31/how-to-debug-kernel-mode-blue-screen-crashes-for-beginners/).
+
+### Scenario 2: The computer restarts because you pressed and held the power button
+
+Because this method of restarting the computer interferes with the Windows shutdown operation, we recommend that you use this method only if you have no alternative. For example, you might have to use this approach if your computer is not responding. When you restart the computer by pressing and holding the power button, the computer logs an Event ID 41 that includes a non-zero value for the **PowerButtonTimestamp** entry.
+
+For help when troubleshooting an unresponsive computer, see [Windows Help](https://support.microsoft.com/hub/4338813/windows-help?os=windows-10). Consider searching for assistance by using keywords such as "hang," "responding," or "blank screen."
+
+### Scenario 3: The computer is unresponsive or randomly restarts, and Event ID 41 is not recorded or the Event ID 41 entry or lists error code values of zero
+
+This scenario includes the following circumstances:
+
+- You shut off power to an unresponsive computer, and then you restart the computer.
+ To verify that a computer is unresponsive, press the CAPS LOCK key on the keyboard. If the CAPS LOCK light on the keyboard does not change when you press the CAPS LOCK key, the computer might be completely unresponsive (also known as a *hard hang*).
+- The computer restarts, but it does not generate Event ID 41.
+- The computer restarts and generates Event ID 41, but the **BugcheckCode** and **PowerButtonTimestamp** values are zero.
+
+In such cases, something prevents Windows from generating error codes or from writing error codes to disk. Something might block write access to the disk (as in the case of an unresponsive computer) or the computer might shut down too quickly to write the error codes or even detect an error.
+
+The information in Event ID 41 provides some indication of where to start checking for problems:
+
+- **Event ID 41 is not recorded or the bug check code is zero**. This behavior might indicate a power supply problem. If the power to a computer is interrupted, the computer might shut down without generating a Stop error. If it does generate a Stop error, it might not finish writing the error codes to disk. The next time the computer starts, it might not log Event ID 41. Or, if it does, the bug check code is zero. Conditions such as the following might be the cause:
+ - In the case of a portable computer, the battery was removed or completely drained.
+ - In the case of a desktop computer, the computer was unplugged or experienced a power outage.
+ - The power supply is underpowered or faulty.
+
+- **The PowerButtonTimestamp value is zero**. This behavior might occur if you disconnected the power to a computer that was not responding to input. Conditions such as the following might be the cause:
+ - A Windows process blocked write access to the disk, and you shut down the computer by pressing and holding the power button for at least four seconds.
+ - You disconnected the power to an unresponsive computer.
+
+Typically, the symptoms described in this scenario indicate a hardware problem. To help isolate the problem, do the following:
+
+- **Disable overclocking**. If the computer has overclocking enabled, disable it. Verify that the issue occurs when the system runs at the correct speed.
+- **Check the memory**. Use a memory checker to determine the memory health and configuration. Verify that all memory chips run at the same speed and that every chip is configured correctly in the system.
+- **Check the power supply**. Verify that the power supply has enough wattage to appropriately handle the installed devices. If you added memory, installed a newer processor, installed additional drives, or added external devices, such devices can require more energy than the current power supply can provide consistently. If the computer logged Event ID 41 because the power to the computer was interrupted, consider obtaining an uninterruptible power supply (UPS) such as a battery backup power supply.
+- **Check for overheating**. Examine the internal temperature of the hardware and check for any overheating components.
+
+If you perform these checks and still cannot isolate the problem, set the system to its default configuration and verify whether the issue still occurs.
+
+> [!NOTE]
+> If you see a Stop error message that includes a bug check code, but Event ID 41 does not include that code, change the restart behavior for the computer. To do this, follow these steps:
+>
+> 1. Right-click **My Computer**, then select **Properties** > **Advanced system settings** > **Advanced**.
+> 1. In the **Startup and Recovery** section, select **Settings**.
+> 1. Clear the **Automatically restart** check box.
diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md
index 27b46491dc..3acffc551f 100644
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@@ -1,5 +1,5 @@
---
-title: Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device
+title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device
description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device
ms.prod: w10
ms.mktglfcycl:
diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index 0c13fc8950..719976a254 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -22,9 +22,9 @@ ms.author: dansimp
A Stop error is displayed as a blue screen that contains the name of the faulty driver, such as any of the following example drivers:
-- atikmpag.sys
-- igdkmd64.sys
-- nvlddmkm.sys
+- `atikmpag.sys`
+- `igdkmd64.sys`
+- `nvlddmkm.sys`
There is no simple explanation for the cause of Stop errors (also known as blue screen errors or bug check errors). Many different factors can be involved. However, various studies indicate that Stop errors usually are not caused by Microsoft Windows components. Instead, these errors are generally related to malfunctioning hardware drivers or drivers that are installed by third-party software. This includes video cards, wireless network cards, security programs, and so on.
@@ -61,7 +61,7 @@ To troubleshoot Stop error messages, follow these general steps:
4. Run [Microsoft Safety Scanner](http://www.microsoft.com/security/scanner/en-us/default.aspx) or any other virus detection program that includes checks of the Master Boot Record for infections.
-5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10 to 15 percent free disk space.
+5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10–15 percent free disk space.
6. Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios:
@@ -90,12 +90,12 @@ To configure the system for memory dump files, follow these steps:
5. Stop and disable Automatic System Restart Services (ASR) to prevent dump files from being written.
6. If the server is virtualized, disable auto reboot after the memory dump file is created. This lets you take a snapshot of the server in-state and also if the problem recurs.
-The memory dump file is saved at the following locations.
+The memory dump file is saved at the following locations:
| Dump file type | Location |
|----------------|----------|
-|(none) | %SystemRoot%\MEMORY.DMP (inactive, or greyed out) |
-|Small memory dump file (256kb) | %SystemRoot%\Minidump |
+|(none) | %SystemRoot%\MEMORY.DMP (inactive, or grayed out) |
+|Small memory dump file (256 kb) | %SystemRoot%\Minidump |
|Kernel memory dump file | %SystemRoot%\MEMORY.DMP |
| Complete memory dump file | %SystemRoot%\MEMORY.DMP |
| Automatic memory dump file | %SystemRoot%\MEMORY.DMP |
@@ -118,7 +118,7 @@ More information on how to use Dumpchk.exe to check your dump files:
### Memory dump analysis
-Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in a variety of symptoms.
+Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in various symptoms.
When a Stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the Stop error again. If you can replicate the problem, you can usually determine the cause.
@@ -138,8 +138,8 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols
1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. See the steps [here](troubleshoot-windows-freeze.md#method-1-memory-dump) for more information.
2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer.
-3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk).
-4. Start the install and choose **Debugging Tools for Windows**. This will install the WinDbg tool.
+3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk).
+4. Start the install and choose **Debugging Tools for Windows**. This installs the WinDbg tool.
5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.
a. If the computer is connected to the Internet, enter the [Microsoft public symbol server](https://docs.microsoft.com/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.
b. If the computer is not connected to the Internet, you must specify a local [symbol path](https://docs.microsoft.com/windows-hardware/drivers/debugger/symbol-path).
@@ -149,7 +149,7 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols
8. A detailed bugcheck analysis will appear. See the example below.
9. Scroll down to the section where it says **STACK_TEXT**. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL.
-10. See [Using the !analyze Exension](https://docs.microsoft.com/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output.
+10. See [Using the !analyze Extension](https://docs.microsoft.com/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output.
There are many possible causes of a bugcheck and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:
@@ -213,7 +213,7 @@ Use the following guidelines when you use Driver Verifier:
- Test any “suspicious” drivers (drivers that were recently updated or that are known to be problematic).
- If you continue to experience non-analyzable crashes, try enabling verification on all third-party and unsigned drivers.
-- Enable concurrent verification on groups of 10 to 20 drivers.
+- Enable concurrent verification on groups of 10–20 drivers.
- Additionally, if the computer cannot boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. This is because the tool cannot run in Safe mode.
For more information, see [Driver Verifier](https://docs.microsoft.com/windows-hardware/drivers/devtest/driver-verifier).
@@ -233,13 +233,13 @@ SYSTEM_SERVICE_EXCEPTION Stop error code c000021a {Fatal System Error} The W
NTFS_FILE_SYSTEM Stop error code 0x000000024 | This Stop error is commonly caused by corruption in the NTFS file system or bad blocks (sectors) on the hard disk. Corrupted drivers for hard disks (SATA or IDE) can also adversely affect the system's ability to read and write to disk. Run any hardware diagnostics that are provided by the manufacturer of the storage subsystem. Use the scan disk tool to verify that there are no file system errors. To do this, right-click the drive that you want to scan, select Properties, select Tools, and then select the Check now button.We also suggest that you update the NTFS file system driver (Ntfs.sys), and apply the latest cumulative updates for the current operating system that is experiencing the problem.
KMODE_EXCEPTION_NOT_HANDLED Stop error code 0x0000001E | If a driver is identified in the Stop error message, disable or remove that driver. Disable or remove any drivers or services that were recently added.
If the error occurs during the startup sequence, and the system partition is formatted by using the NTFS file system, you might be able to use Safe mode to disable the driver in Device Manager. To do this, follow these steps:
Go to **Settings > Update & security > Recovery**. Under **Advanced startup**, select **Restart now**. After your PC restarts to the **Choose an option** screen, select **Troubleshoot > Advanced options > Startup Settings > Restart**. After the computer restarts, you'll see a list of options. Press **4** or **F4** to start the computer in Safe mode. Or, if you intend to use the Internet while in Safe mode, press **5** or **F5** for the Safe Mode with Networking option.
DPC_WATCHDOG_VIOLATION Stop error code 0x00000133 | This Stop error code is caused by a faulty driver that does not complete its work within the allotted time frame in certain conditions. To enable us to help mitigate this error, collect the memory dump file from the system, and then use the Windows Debugger to find the faulty driver. If a driver is identified in the Stop error message, disable the driver to isolate the problem. Check with the manufacturer for driver updates. Check the system log in Event Viewer for additional error messages that might help identify the device or driver that is causing Stop error 0x133. Verify that any new hardware that is installed is compatible with the installed version of Windows. For example, you can get information about required hardware at Windows 10 Specifications. If Windows Debugger is installed, and you have access to public symbols, you can load the c:\windows\memory.dmp file into the Debugger, and then refer to [Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012](https://blogs.msdn.microsoft.com/ntdebugging/2012/12/07/determining-the-source-of-bug-check-0x133-dpc_watchdog_violation-errors-on-windows-server-2012/) to find the problematic driver from the memory dump.
-USER_MODE_HEALTH_MONITOR Stop error code 0x0000009E | This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Therefore, Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components. This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process.Try to update the component or process that is indicated in the event logs. You should see the following event recorded: Event ID: 4870 Source: Microsoft-Windows-FailoverClustering Description: User mode health monitoring has detected that the system is not being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. Recovery action will be taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang. For more information, see ["Why is my Failover Clustering node blue screening with a Stop 0x0000009E?"](https://blogs.technet.microsoft.com/askcore/2009/06/12/why-is-my-failover-clustering-node-blue-screening-with-a-stop-0x0000009e) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw).
+USER_MODE_HEALTH_MONITOR Stop error code 0x0000009E | This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Therefore, Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components. This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process. Try to update the component or process that is indicated in the event logs. You should see the following event recorded: Event ID: 4870 Source: Microsoft-Windows-FailoverClustering Description: User mode health monitoring has detected that the system is not being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. Recovery action is taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang. For more information, see ["Why is my Failover Clustering node blue screening with a Stop 0x0000009E?"](https://blogs.technet.microsoft.com/askcore/2009/06/12/why-is-my-failover-clustering-node-blue-screening-with-a-stop-0x0000009e) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw).
## Debugging examples
### Example 1
-This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver). The **IMAGE_NAME** will tell you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
+This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver). The **IMAGE_NAME** tells you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
```
2: kd> !analyze -v
@@ -391,7 +391,7 @@ ANALYSIS_SESSION_ELAPSED_TIME: 8377
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_ndis!ndisqueueioworkitem
FAILURE_ID_HASH: {10686423-afa1-4852-ad1b-9324ac44ac96}
-FAILURE_ID_REPORT_LINK: http://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96
+FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96
Followup: ndiscore
---------
```
@@ -564,7 +564,7 @@ ANALYSIS_SESSION_ELAPSED_TIME: 162bd
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_r_invalid_wwanusbmp!unknown_function
FAILURE_ID_HASH: {31e4d053-0758-e43a-06a7-55f69b072cb3}
-FAILURE_ID_REPORT_LINK: http://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3
+FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3
Followup: MachineOwner
---------
diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md
index cff5317a5f..fe6e32ce59 100644
--- a/windows/client-management/troubleshoot-tcpip-connectivity.md
+++ b/windows/client-management/troubleshoot-tcpip-connectivity.md
@@ -89,7 +89,7 @@ The application which is causing the reset (identified by port numbers) should b
>The above information is about resets from a TCP standpoint and not UDP. UDP is a connectionless protocol and the packets are sent unreliably. You would not see retransmission or resets when using UDP as a transport protocol. However, UDP makes use of ICMP as a error reporting protocol. When you have the UDP packet sent out on a port and the destination does not have port listed, you will see the destination sending out **ICMP Destination host unreachable: Port unreachable** message immediately after the UDP packet
-```typescript
+```
10.10.10.1 10.10.10.2 UDP UDP:SrcPort=49875,DstPort=3343
10.10.10.2 10.10.10.1 ICMP ICMP:Destination Unreachable Message, Port Unreachable,10.10.10.2:3343
@@ -98,7 +98,7 @@ The application which is causing the reset (identified by port numbers) should b
During the course of troubleshooting connectivity issue, you might also see in the network trace that a machine receives packets but does not respond to. In such cases, there could be a drop at the server level. You should enable firewall auditing on the machine to understand if the local firewall is dropping the packet.
-```typescript
+```
auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /failure:enable
```
diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md
index 70bda5a8f5..308677bcef 100644
--- a/windows/client-management/troubleshoot-windows-startup.md
+++ b/windows/client-management/troubleshoot-windows-startup.md
@@ -46,8 +46,8 @@ To understand the underlying cause of Windows startup problems, it's important t
These articles will walk you through the resources you need to troubleshoot Windows startup issues:
-- [Advanced troubleshooting for Windows boot problems](https://docs.microsoft.com/en-us/windows/client-management/advanced-troubleshooting-boot-problems)
+- [Advanced troubleshooting for Windows boot problems](https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-boot-problems)
-- [Advanced troubleshooting for Stop error or blue screen error](https://docs.microsoft.com/en-us/windows/client-management/troubleshoot-stop-errors)
+- [Advanced troubleshooting for Stop error or blue screen error](https://docs.microsoft.com/windows/client-management/troubleshoot-stop-errors)
-- [Advanced troubleshooting for Windows-based computer freeze issues](https://docs.microsoft.com/en-us/windows/client-management/troubleshoot-windows-freeze)
+- [Advanced troubleshooting for Windows-based computer freeze issues](https://docs.microsoft.com/windows/client-management/troubleshoot-windows-freeze)
diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md
index da7f583966..47a439de72 100644
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ b/windows/client-management/windows-10-mobile-and-mdm.md
@@ -634,12 +634,12 @@ The following settings for Microsoft Edge on Windows 10 Mobile can be managed.
- **Allow InPrivate** Whether users can use InPrivate browsing
- **Allow Password Manager** Whether users can use Password Manager to save and manage passwords locally
- **Allow Search Suggestions in Address Bar** Whether search suggestions are shown in the address bar
-- **Allow SmartScreen** Whether SmartScreen Filter is enabled
+- **Allow Windows Defender SmartScreen** Whether Windows Defender SmartScreen is enabled
- **Cookies** Whether cookies are allowed
- **Favorites** Configure Favorite URLs
- **First Run URL** The URL to open when a user launches Microsoft Edge for the first time
-- **Prevent SmartScreen Prompt Override** Whether users can override the SmartScreen warnings for URLs
-- **Prevent Smart Screen Prompt Override for Files** Whether users can override the SmartScreen warnings for files
+- **Prevent Windows Defender SmartScreen Prompt Override** Whether users can override the Windows Defender SmartScreen warnings for URLs
+- **Prevent Smart Screen Prompt Override for Files** Whether users can override the Windows Defender SmartScreen warnings for files
## Manage
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index 7d787f544d..8c30018235 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -1,99 +1,134 @@
---
-title: Top support solutions for Windows 10
-ms.reviewer:
+title: Troubleshooting Windows 10
+description: Get links to troubleshooting articles for Windows 10 issues
+ms.reviewer: kaushika
manager: dansimp
-description: Get links to solutions for Windows 10 issues
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.author: dansimp
-author: dansimp
+ms.author: kaushika
+author: kaushika-msft
ms.localizationpriority: medium
ms.topic: troubleshooting
---
-# Troubleshoot Windows 10 clients
+# Troubleshoot Windows 10 client
-This section contains advanced troubleshooting topics and links to help you resolve issues with Windows 10 clients. Additional topics will be added as they become available.
+Microsoft regularly releases both updates for Windows Server. To ensure your servers can receive future updates, including security updates, it's important to keep your servers updated. Check out - [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history) for a complete list of released updates.
-## Troubleshooting support topics
+This section contains advanced troubleshooting topics and links to help you resolve issues with Windows 10 in an enterprise or IT pro environment. Additional topics will be added as they become available.
-- [Advanced troubleshooting for Windows networking](troubleshoot-networking.md)
- - [Advanced troubleshooting wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
- - [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md)
- - [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md)
- - [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md)
- - [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
- - [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
- - [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md)
- - [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
-- [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md)
- - [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
- - [Advanced troubleshooting for Windows-based computer issues](troubleshoot-windows-freeze.md)
- - [Advanced troubleshooting for stop errors or blue screen errors](troubleshoot-stop-errors.md)
- - [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md)
+## Troubleshoot 802.1x Authentication
+- [Advanced Troubleshooting 802.1X Authentication](https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-802-authentication)
+- [Data collection for troubleshooting 802.1X authentication](https://docs.microsoft.com/windows/client-management/data-collection-for-802-authentication)
-## Windows 10 update history
+## Troubleshoot BitLocker
+- [Guidelines for troubleshooting BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/troubleshoot-bitlocker)
+- [BitLocker cannot encrypt a drive: known issues](https://docs.microsoft.com/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues)
+- [Enforcing BitLocker policies by using Intune: known issues](https://docs.microsoft.com/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues)
+- [BitLocker Network Unlock: known issues](https://docs.microsoft.com/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues)
+- [BitLocker recovery: known issues](https://docs.microsoft.com/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues)
+- [BitLocker configuration: known issues](https://docs.microsoft.com/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues)
+- [BitLocker cannot encrypt a drive: known TPM issues](https://docs.microsoft.com/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues)
+- [BitLocker and TPM: other known issues](https://docs.microsoft.com/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues)
+- [Decode Measured Boot logs to track PCR changes](https://docs.microsoft.com/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs)
+- [BitLocker frequently asked questions (FAQ)](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions)
-Microsoft regularly releases both updates and solutions for Windows 10. To ensure your computers can receive future updates, including security updates, it's important to keep them updated. Check out the following links for a complete list of released updates:
+## Troubleshoot Bugcheck and Stop errors
+- [Introduction to the page file](https://docs.microsoft.com/windows/client-management/introduction-page-file)
+- [How to determine the appropriate page file size for 64-bit versions of Windows](https://docs.microsoft.com/windows/client-management/determine-appropriate-page-file-size)
+- [Configure system failure and recovery options in Windows](https://docs.microsoft.com/windows/client-management/system-failure-recovery-options)
+- [Generate a kernel or complete crash dump](https://docs.microsoft.com/windows/client-management/generate-kernel-or-complete-crash-dump)
+- [Advanced troubleshooting for Stop error or blue screen error issue](https://docs.microsoft.com/windows/client-management/troubleshoot-stop-errors)
+- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](https://docs.microsoft.com/windows/client-management/troubleshoot-inaccessible-boot-device)
+- [Blue Screen Data - Windows drivers](https://docs.microsoft.com/windows-hardware/drivers/debugger/blue-screen-data)
+- [Bug Check Code Reference - Windows drivers](https://docs.microsoft.com/windows-hardware/drivers/debugger/bug-check-code-reference2)
-- [Windows 10 version 1809 update history](https://support.microsoft.com/help/4464619)
-- [Windows 10 version 1803 update history](https://support.microsoft.com/help/4099479)
-- [Windows 10 version 1709 update history](https://support.microsoft.com/help/4043454)
-- [Windows 10 Version 1703 update history](https://support.microsoft.com/help/4018124)
-- [Windows 10 Version 1607 update history](https://support.microsoft.com/help/4000825)
-- [Windows 10 Version 1511 update history](https://support.microsoft.com/help/4000824)
+## Troubleshoot Credential Guard
+- [Windows Defender Credential Guard - Known issues (Windows 10)](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-known-issues)
+
+## Troubleshoot Disks
+- [MBR2GPT](https://docs.microsoft.com/windows/deployment/mbr-to-gpt)
+- [Windows and GPT FAQ](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-and-gpt-faq)
+
+## Troubleshoot Kiosk mode
+- [Troubleshoot kiosk mode issues](https://docs.microsoft.com/windows/configuration/kiosk-troubleshoot)
+
+## Troubleshoot No Boot
+- [Advanced troubleshooting for Windows boot problems](https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-boot-problems)
+
+## Troubleshoot Push Button Reset
+- [Push-button reset frequently-asked questions (FAQ)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/pbr-faq)
+- [Push-button reset frequently-asked questions (FAQ)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/pbr-validation)
+- [Recovery components](https://docs.microsoft.com/windows-hardware/manufacture/desktop/recovery-strategy-for-common-customizations)
+
+### Troubleshoot Power Management
+- [Modern Standby FAQs](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-faqs)
-These are the top Microsoft Support solutions for the most common issues experienced when using Windows 10 in an enterprise or IT pro environment. The links below include links to KB articles, updates, and library articles.
+## Troubleshoot Secure Boot
+- [Secure Boot isn't configured correctly: troubleshooting](https://docs.microsoft.com/windows-hardware/manufacture/desktop/secure-boot-isnt-configured-correctly-troubleshooting)
-## Solutions related to installing Windows Updates
-- [How does Windows Update work](https://docs.microsoft.com/windows/deployment/update/how-windows-update-works)
+## Troubleshoot Setup and Install
+- [Deployment Troubleshooting and Log Files](https://docs.microsoft.com/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files)
+
+
+## Troubleshoot Start Menu
+- [Troubleshoot Start menu errors](https://docs.microsoft.com/windows/configuration/start-layout-troubleshoot)
+
+
+## Troubleshoot Subscription Activation
+- [Deploy Windows 10 Enterprise licenses](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses)
+
+## Troubleshoot System Hang
+- [Advanced troubleshooting for Windows-based computer freeze issues](https://docs.microsoft.com/windows/client-management/troubleshoot-windows-freeze)
+
+## Troubleshoot TCP/IP Communication
+- [Collect data using Network Monitor](https://docs.microsoft.com/windows/client-management/troubleshoot-tcpip-netmon)
+- [Troubleshoot TCP/IP connectivity](https://docs.microsoft.com/windows/client-management/troubleshoot-tcpip-connectivity)
+- [Troubleshoot port exhaustion issues](https://docs.microsoft.com/windows/client-management/troubleshoot-tcpip-port-exhaust)
+- [Troubleshoot Remote Procedure Call (RPC) errors](https://docs.microsoft.com/windows/client-management/troubleshoot-tcpip-rpc-errors)
+
+## Troubleshoot User State Migration Toolkit (USMT)
+- [Common Issues](https://docs.microsoft.com/windows/deployment/usmt/usmt-common-issues)
+- [Frequently Asked Questions](https://docs.microsoft.com/windows/deployment/usmt/usmt-faq)
+- [Log Files](https://docs.microsoft.com/windows/deployment/usmt/usmt-log-files)
+- [Return Codes](https://docs.microsoft.com/windows/deployment/usmt/usmt-return-codes)
+
+## Troubleshoot Windows Hello for Business (WHFB)
+- [Windows Hello for Business Frequently Asked Questions](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-faq)
+- [Windows Hello errors during PIN creation (Windows 10)](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation)
+- [Event ID 300 - Windows Hello successfully created (Windows 10)](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-event-300)
+
+
+## Troubleshoot Windows Analytics
+- [Frequently asked questions and troubleshooting Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-faq-troubleshooting)
+
+## Troubleshoot Windows Update
+- [How Windows Update works](https://docs.microsoft.com/windows/deployment/update/how-windows-update-works)
- [Windows Update log files](https://docs.microsoft.com/windows/deployment/update/windows-update-logs)
- [Windows Update troubleshooting](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting)
- [Windows Update common errors and mitigation](https://docs.microsoft.com/windows/deployment/update/windows-update-errors)
-- [Windows Update - additional resources](https://docs.microsoft.com/windows/deployment/update/windows-update-resources)
+- [Windows Update - Additional resources](https://docs.microsoft.com/windows/deployment/update/windows-update-resources)
+- [Get started with Windows Update](https://docs.microsoft.com/windows/deployment/update/windows-update-overview)
+- [Servicing stack updates](https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates)
-## Solutions related to installing or upgrading Windows
+## Troubleshoot Windows Upgrade
+- [Quick fixes - Windows IT Pro](https://docs.microsoft.com/windows/deployment/upgrade/quick-fixes)
+- [SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag)
+- [Troubleshoot Windows 10 upgrade errors - Windows IT Pro](https://docs.microsoft.com/windows/deployment/upgrade/troubleshoot-upgrade-errors)
+- [Windows error reporting - Windows IT Pro](https://docs.microsoft.com/windows/deployment/upgrade/windows-error-reporting)
+- [Upgrade error codes - Windows IT Pro](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-codes)
+- [Log files - Windows IT Pro](https://docs.microsoft.com/windows/deployment/upgrade/log-files)
+- [Resolution procedures - Windows IT Pro](https://docs.microsoft.com/windows/deployment/upgrade/resolution-procedures)
-- [Quick Fixes](https://docs.microsoft.com/windows/deployment/upgrade/quick-fixes)
-- [Troubleshooting upgrade errors](https://docs.microsoft.com/windows/deployment/upgrade/troubleshoot-upgrade-errors)
-- [Resolution procedures](https://docs.microsoft.com/windows/deployment/upgrade/resolution-procedures)
-- [0xc1800118 error when you push Windows 10 Version 1607 by using WSUS](https://support.microsoft.com/en-in/help/3194588/0xc1800118-error-when-you-push-windows-10-version-1607-by-using-wsus)
-- [0xC1900101 error when Windows 10 upgrade fails after the second system restart](https://support.microsoft.com/en-in/help/3208485/0xc1900101-error-when-windows-10-upgrade-fails-after-the-second-system)
+## Troubleshoot Windows Recovery (WinRE)
+- [Windows RE troubleshooting features](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-re-troubleshooting-features)
-## Solutions related to BitLocker
+## Troubleshoot Wireless Connection
+- [Advanced Troubleshooting Wireless Network Connectivity](https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-wireless-network-connectivity)
-- [BitLocker recovery guide](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan)
-- [BitLocker: How to enable Network Unlock](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock)
-- [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker)
-- [BitLocker Group Policy settings](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings)
+## Other Resources
-## Solutions related to Bugchecks or Stop Errors
-- [Troubleshooting Stop error problems for IT Pros](https://support.microsoft.com/help/3106831/troubleshooting-stop-error-problems-for-it-pros)
-- [How to use Windows Recovery Environment (WinRE) to troubleshoot common startup issues](https://support.microsoft.com/help/4026030/how-to-use-windows-recovery-environment-winre-to-troubleshoot-common-s)
-- [How to troubleshoot Windows-based computer freeze issues](https://support.microsoft.com/help/3118553/how-to-troubleshoot-windows-based-computer-freeze-issues)
-- [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](https://support.microsoft.com/help/4133658)
-
-
-## Solutions related to Windows Boot issues
-- [Troubleshooting Windows boot problems for IT Pros](https://support.microsoft.com/help/4343769)
-- [How to use Windows Recovery Environment (WinRE) to troubleshoot common startup issues](https://support.microsoft.com/help/4026030/how-to-use-windows-recovery-environment-winre-to-troubleshoot-common-s)
-
-
-## Solutions related to configuring or managing the Start menu
-- [Manage Windows 10 Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies)
-- [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout)
-- [Changes to Group Policy settings for Windows 10 Start](/windows/configuration/changes-to-start-policies-in-windows-10)
-- [Preinstalled system applications and Start menu may not work when you upgrade to Windows 10, Version 1511](https://support.microsoft.com/help/3152599)
-- [Start menu shortcuts aren't immediately accessible in Windows Server 2016](https://support.microsoft.com/help/3198613)
-- [Troubleshoot problems opening the Start menu or Cortana](https://support.microsoft.com/help/12385/windows-10-troubleshoot-problems-opening-start-menu-cortana)
-- [Modern apps are blocked by security software when you start the applications on Windows 10 Version 1607](https://support.microsoft.com/help/4016973/modern-apps-are-blocked-by-security-software-when-you-start-the-applic)
-
-## Solutions related to wireless networking and 802.1X authentication
-- [Advanced Troubleshooting Wireless Network](Connectivity]https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-wireless-network-connectivity)
-- [Advanced Troubleshooting 802.1x Authentication](https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-802-authentication)
-- [Troubleshooting Windows 802.11 Wireless Connections](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-vista/cc766215(v=ws.10))
-- [Troubleshooting Windows Secure 802.3 Wired Connections](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-vista/cc749352(v%3dws.10))
-- [Windows 10 devices can't connect to an 802.1X environment](https://support.microsoft.com/kb/3121002)
+### [Troubleshooting Windows Server components](https://docs.microsoft.com/windows-server/troubleshoot/windows-server-support-solutions)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index cca3071cad..700b2a16cc 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -2,7 +2,7 @@
title: Change history for Configure Windows 10 (Windows 10)
ms.reviewer:
manager: dansimp
-description: This topic lists changes to documentation for configuring Windows 10.
+description: View changes to documentation for configuring Windows 10.
keywords:
ms.prod: w10
ms.mktglfcycl: manage
@@ -12,6 +12,7 @@ ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.topic: article
+ms.date: 10/03/2019
---
# Change history for Configure Windows 10
@@ -118,14 +119,14 @@ The following topics were moved into the [Privacy](/windows/privacy/index) libra
New or changed topic | Description
--- | ---
-[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints.
+[Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | Updated endpoints.
[Configure cellular settings for tablets and PCs](provisioning-apn.md) | Added instructions for confirming that the settings were applied.
## March 2018
New or changed topic | Description
--- | ---
-[Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Added events and fields that were added in the March update.
+[Windows 10, version 1709 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703) | Added events and fields that were added in the March update.
Set up a kiosk on Windows 10 Pro, Enterprise, or Education | Renamed it **Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education** and reorganized the information to make the choices clearer.
@@ -133,7 +134,7 @@ Set up a kiosk on Windows 10 Pro, Enterprise, or Education | Renamed it **Set up
New or changed topic | Description
--- | ---
-[Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Added events and fields that were added in the February update.
+[Windows 10, version 1709 basic diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703) | Added events and fields that were added in the February update.
[Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added steps for configuring a kiosk in Microsoft Intune.
[Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | Updated the instructions for applying a customized Start layout using Microsoft Intune.
@@ -144,9 +145,9 @@ New or changed topic | Description
[Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added videos demonstrating how to use Microsoft Intune and how to use provisioning packages to configure multi-app kiosks.
[ConnectivityProfiles](wcd/wcd-connectivityprofiles.md) | Added settings for VPN **Native** and **Third Party** profile types.
[Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) | Clarified that the TopMFUApps elements in layoutmodification.xml are not supported in Windows 10, version 1709.
-| [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) | New topic |
+| [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overviewd) | New topic |
[Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Added section for removing default apps from the taskbar.
-[Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md) | New topic for Windows 10, version 1709 that explains the purpose for connections to Microsoft services and how to manage them.
+[Manage Windows 10 connection endpoints](https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints) | New topic for Windows 10, version 1709 that explains the purpose for connections to Microsoft services and how to manage them.
[Configure Windows Spotlight on the lock screen](windows-spotlight.md) | Added section for resolution of custom lock screen images.
[Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Added section for automatic sign-in after restart on unmanaged devices.
@@ -155,7 +156,7 @@ New or changed topic | Description
New or changed topic | Description
--- | ---
-|[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)| Added events that were added in November. |
+|[Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703)| Added events that were added in November. |
[Create a provisioning package with multivariant settings](provisioning-packages/provisioning-multivariant.md) | Add support for desktop to [Conditions](provisioning-packages/provisioning-multivariant.md#conditions) table.
## October 2017
@@ -170,16 +171,16 @@ The topics in this library have been updated for Windows 10, version 1709 (also
- [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
- [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
-- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
-
+- [Windows 10, version 1709 basic diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709)
+- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)
+
## September 2017
|New or changed topic | Description|
|--- | ---|
-|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|New conceptual info about Windows 10 and the upcoming GDPR-compliance requirements.|
-|[Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added that Windows Spotlight can be managed by the Experience/AllowWindowsSpotlight MDM policy. |
+|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](https://docs.microsoft.com/windows/privacy/gdpr-win10-whitepaper)|New conceptual info about Windows 10 and the upcoming GDPR-compliance requirements.|
+|[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) | Added that Windows Spotlight can be managed by the Experience/AllowWindowsSpotlight MDM policy. |
@@ -194,12 +195,12 @@ The topics in this library have been updated for Windows 10, version 1709 (also
| New or changed topic | Description |
| --- | --- |
-|[Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data-1703.md)|Updated categories and included diagnostic data.|
+|[Windows 10, version 1703 Diagnostic Data](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703)|Updated categories and included diagnostic data.|
|[Add image for secondary tiles](start-secondary-tiles.md) | Added XML example for Edge secondary tiles and **ImportEdgeAssets** |
|[Customize and export Start layout](customize-and-export-start-layout.md) | Added explanation for tile behavior when the app is not installed |
|[Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access |
-|[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)|Updated several Appraiser events and added Census.Speech. |
-|[Manage connections from Windows operating system components to Microsoft-services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Updated Date & Time and Windows spotlight sections. |
+|[Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703)|Updated several Appraiser events and added Census.Speech. |
+|[Manage connections from Windows operating system components to Microsoft-services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) | Updated Date & Time and Windows spotlight sections. |
## June 2017
@@ -214,7 +215,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also
| New or changed topic | Description |
| --- | --- |
| [Configure cellular settings for tablets and PCs](provisioning-apn.md) | New |
-| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added MDM policies for privacy settings |
+| [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) | Added MDM policies for privacy settings |
## April 2017
@@ -232,5 +233,4 @@ The topics in this library have been updated for Windows 10, version 1703 (also
- [Use the Lockdown Designer app to create a Lockdown XML file](mobile-devices/mobile-lockdown-designer.md)
- [Add image for secondary tiles](start-secondary-tiles.md)
- [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)
-- [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
-- [Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data-1703.md)
+- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
index 095fa77861..250b7d99b0 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
@@ -1,6 +1,6 @@
---
title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization (Windows 10)
-description: How to set up Cortana to help your salespeople get proactive insights on important CRM activities, including sales leads, accounts, and opportunities; presenting the most relevant info at any given time.
+description: How to set up Cortana to give salespeople insights on important CRM activities, including sales leads, accounts, and opportunities.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
index 351942547a..3ec17f6e6c 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@@ -1,6 +1,6 @@
---
title: Set up and test Cortana with Office 365 in your organization (Windows 10)
-description: How to connect Cortana to Office 365 so your employees are notified about regular meetings, unusual events, such as meetings over lunch or during a typical commute time, and about early meetings, even setting an alarm so the employee isn’t late.
+description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index cca8151178..fb9e1c7935 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -2,7 +2,7 @@
title: Cortana integration in your business or enterprise (Windows 10)
ms.reviewer:
manager: dansimp
-description: The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
+description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 8c6f2186a3..0122fb2eb7 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -1,5 +1,5 @@
---
-title: Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization (Windows 10)
+title: Configure Cortana with Group Policy and MDM settings (Windows 10)
description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index a1dfe7d5c0..a7b6e72c12 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -1,5 +1,5 @@
---
-title: Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook (Windows 10)
+title: Sign-in to Azure AD and manage notebook with Cortana (Windows 10)
description: A test scenario walking you through signing in and managing the notebook.
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index 70a280cb22..c58d165771 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -1,5 +1,5 @@
---
-title: Test scenario 2 - Perform a quick search with Cortana at work (Windows 10)
+title: Perform a quick search with Cortana at work (Windows 10)
description: A test scenario about how to perform a quick search with Cortana at work.
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
index e82abbd92a..d072cdb5fa 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@@ -1,5 +1,5 @@
---
-title: Test scenario 3 - Set a reminder for a specific location using Cortana at work (Windows 10)
+title: Set a reminder for a location with Cortana at work (Windows 10)
description: A test scenario about how to set a location-based reminder using Cortana at work.
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index 3283f2d1ad..4ea208fcfd 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -1,5 +1,5 @@
---
-title: Test scenario 4 - Use Cortana at work to find your upcoming meetings (Windows 10)
+title: Use Cortana at work to find your upcoming meetings (Windows 10)
description: A test scenario about how to use Cortana at work to find your upcoming meetings.
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index 7fe284c023..f5efc05577 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -1,5 +1,5 @@
---
-title: Test scenario 5 - Use Cortana to send email to a co-worker (Windows 10)
+title: Use Cortana to send email to a co-worker (Windows 10)
description: A test scenario about how to use Cortana at work to send email to a co-worker.
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index 7d96f06030..f5ffb003b7 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -1,5 +1,5 @@
---
-title: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email (Windows 10)
+title: Review a reminder suggested by Cortana (Windows 10)
description: A test scenario about how to use Cortana with the Suggested reminders feature.
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
index 01f326616c..a00867e25b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@@ -1,5 +1,5 @@
---
-title: Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device (Windows 10)
+title: Help protect data with Cortana and WIP (Windows 10)
description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index 7ac4b1ff90..f13d6f81c8 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -93,7 +93,7 @@ When you have the Start layout that you want your users to see, use the [Export-
`Export-StartLayout –path .xml`
- On a device running Windows 10, version 1809, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:
+ On a device running Windows 10, version 1809 or higher, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:
```PowerShell
Export-StartLayout -UseDesktopApplicationID -Path layout.xml
@@ -191,7 +191,7 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
index bda947c233..047006fce2 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -1,5 +1,5 @@
---
-title: Customize Windows 10 Start and taskbar with mobile device management (MDM) (Windows 10)
+title: Alter Windows 10 Start and taskbar via mobile device management
description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and tasbkar layout to users.
ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4
ms.reviewer:
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index af378be469..ea2a557e39 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -35,15 +35,15 @@
"ms.technology": "windows",
"audience": "ITPro",
"ms.topic": "article",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_system": "None",
+ "hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-configuration",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "titleSuffix": "Configure Windows"
},
"fileMetadata": {},
"template": [],
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index a02ff6ba03..aaa526a014 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -97,6 +97,8 @@ In addition to the settings in the table, you may want to set up **automatic log
> [!TIP]
> You can also configure automatic sign-in [using the Autologon tool from Sysinternals](https://docs.microsoft.com/sysinternals/downloads/autologon).
+> [!NOTE]
+> If you are also using [Custom Logon](https://docs.microsoft.com/windows-hardware/customize/enterprise/custom-logon) with **HideAutoLogonUI** enabled, you might experience a black screen after a password expires. We recommend that you consider [setting the password to never expire](https://docs.microsoft.com/windows-hardware/customize/enterprise/troubleshooting-custom-logon#the-device-displays-a-black-screen-when-a-password-expiration-screen-is-displayed).
## Interactions and interoperability
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index cf28c53e4a..c9d6d3b2c0 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -255,7 +255,7 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
```
## [Preview] Global Profile Sample XML
-Global Profile is currently supported in Windows 10 Insider Preview (19H2, 20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
+Global Profile is currently supported in Windows 10 Insider Preview (20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in
```xml
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 37f72c354a..57629adbe8 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -29,7 +29,7 @@ The following table lists changes to multi-app kiosk in recent updates.
| New features and improvements | In update |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| - Configure [a single-app kiosk profile](#profile) in your XML file
- Assign [group accounts to a config profile](#config-for-group-accounts)
- Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 |
-| - Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)
- [Automatically launch an app](#allowedapps) when the user signs in
- Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809
**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `http://schemas.microsoft.com/AssignedAccess/201810/config`. |
+| - Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)
- [Automatically launch an app](#allowedapps) when the user signs in
- Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809
**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `https://schemas.microsoft.com/AssignedAccess/201810/config`. |
>[!WARNING]
>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](kiosk-policies.md) are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
@@ -88,8 +88,8 @@ You can start your file by pasting the following XML (or any other examples in t
```xml
@@ -199,8 +199,8 @@ The following example shows how to allow user access to the Downloads folder in
```xml
@@ -219,7 +219,7 @@ The following example shows how to allow user access to the Downloads folder in
```
-FileExplorerNamespaceRestriction has been extended in current Windows 10 Prerelease for finer granularity and easier use, see in the [Assigned access XML reference.](kiosk-xml.md) for full samples. The changes will allow IT Admin to configure if user can access Downloads folder, Removable drives, or no restriction at all by using certain new elements. Note that FileExplorerNamesapceRestrictions and AllowedNamespace:Downloads are available in namespace http://schemas.microsoft.com/AssignedAccess/201810/config, AllowRemovableDrives and NoRestriction are defined in a new namespace http://schemas.microsoft.com/AssignedAccess/2020/config.
+FileExplorerNamespaceRestriction has been extended in current Windows 10 Prerelease for finer granularity and easier use, see in the [Assigned access XML reference.](kiosk-xml.md) for full samples. The changes will allow IT Admin to configure if user can access Downloads folder, Removable drives, or no restriction at all by using certain new elements. Note that FileExplorerNamesapceRestrictions and AllowedNamespace:Downloads are available in namespace https://schemas.microsoft.com/AssignedAccess/201810/config, AllowRemovableDrives and NoRestriction are defined in a new namespace https://schemas.microsoft.com/AssignedAccess/2020/config.
* When FileExplorerNamespaceRestrictions node is not used, or used but left empty, user will not be able to access any folder in common dialog (e.g. Save As in Microsoft Edge browser).
* When Downloads is mentioned in allowed namespace, user will be able to access Downloads folder.
@@ -244,7 +244,7 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
```xml
-
+
@@ -411,7 +411,7 @@ Group accounts are specified using ``. Nested groups are not supporte
#### [Preview] Global Profile
-Global profile is added in curernt Windows 10 Prerelease. There are times when IT Admin wants to everyone who logging into a specific devices are assigned access users, even there is no dedicated profile for that user, or there are times that Assigned Access could not identify a profile for the user and a fallback profile is wished to use. Global Profile is designed for these scenarios.
+Global profile is added in current Windows 10 Prerelease. There are times when IT Admin wants to everyone who logging into a specific devices are assigned access users, even there is no dedicated profile for that user, or there are times that Assigned Access could not identify a profile for the user and a fallback profile is wished to use. Global Profile is designed for these scenarios.
Usage is demonstrated below, by using the new xml namespace and specify GlobalProfile from that namespace. When GlobalProfile is configured, a non-admin account logs in, if this user does not have designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, global profile will be applied for the user.
@@ -423,9 +423,9 @@ Note:
```xml
@@ -438,7 +438,7 @@ Note:
-
+
@@ -466,9 +466,7 @@ Note:
-
-
-
+
```
diff --git a/windows/configuration/mobile-devices/provisioning-configure-mobile.md b/windows/configuration/mobile-devices/provisioning-configure-mobile.md
index dabf9951dc..afb1fa0310 100644
--- a/windows/configuration/mobile-devices/provisioning-configure-mobile.md
+++ b/windows/configuration/mobile-devices/provisioning-configure-mobile.md
@@ -1,6 +1,6 @@
---
-title: Use Windows Configuration Designer to configure Windows 10 Mobile devices (Windows 10)
-description:
+title: Configure Windows 10 Mobile devices with Configuration Designer
+description: Use Windows Configuration Designer to configure Windows 10 Mobile devices
keywords: phone, handheld, lockdown, customize
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
index 4ea4c7f814..f1d9a178fc 100644
--- a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
+++ b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
@@ -1,5 +1,5 @@
---
-title: Settings and quick actions that can be locked down in Windows 10 Mobile (Windows 10)
+title: Lock down settings and quick actions in Windows 10 Mobile
description: This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile.
ms.assetid: 69E2F202-D32B-4FAC-A83D-C3051DF02185
ms.reviewer:
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index 107e1b4b1c..be16f1f393 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,5 +1,5 @@
---
-title: Introduction to configuration service providers (CSPs) for IT pros (Windows 10)
+title: Intro to configuration service providers for IT pros (Windows 10)
description: Configuration service providers (CSPs) expose device configuration settings in Windows 10.
ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
ms.reviewer:
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 876859b5a0..3f608dd8ee 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,6 +1,6 @@
---
title: Create a provisioning package (Windows 10)
-description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+description: Learn how to create a provisioning package for Windows 10. Provisioning packages let you quickly configure a device without having to install a new image.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index e8ebc96787..8e974645d5 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -1,5 +1,5 @@
---
-title: Settings changed when you uninstall a provisioning package (Windows 10)
+title: Uninstall a provisioning package - reverted settings (Windows 10)
description: This topic lists the settings that are reverted when you uninstall a provisioning package.
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 139dcce1bb..95cf9806b1 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -36,7 +36,7 @@ It is intended that shared PCs are joined to an Active Directory or Azure Active
When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows 10, version 1703, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days.
### Maintenance and sleep
-Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not is use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
+Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not in use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
While shared PC mode does not configure Windows Update itself, it is strongly recommended to configure Windows Update to automatically install updates and reboot (if necessary) during maintenance hours. This will help ensure the PC is always up to date and not interrupting users with updates.
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index e902d0cfe2..7741d3ba98 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -58,7 +58,7 @@ This procedure explains how to configure digital signage using Kiosk Browser on
- Enter a user name and password, and toggle **Auto sign-in** to **Yes**.
- Under **Configure the kiosk mode app**, enter the user name for the account that you're creating.
- For **App type**, select **Universal Windows App**.
- - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe`.
+ - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`.
11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**.
12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu.
- In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`.
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index 15ac23506b..0f0d1cd783 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -1,6 +1,6 @@
---
title: Configure access to Microsoft Store (Windows 10)
-description: IT Pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store.
+description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
ms.assetid: 7AA60D3D-2A69-45E7-AAB0-B8AFC29C2E97
ms.reviewer:
manager: dansimp
diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
index 191b74f140..3fe4ab887a 100644
--- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
@@ -1,5 +1,5 @@
---
-title: Managing the UE-V Service and Packages with Windows PowerShell and WMI
+title: Manage UE-V Service and Packages with Windows PowerShell and WMI
description: Managing the UE-V service and packages with Windows PowerShell and WMI
author: dansimp
ms.pagetype: mdop, virtualization
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 5ccfcbb449..62f3b52b5d 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -135,8 +135,8 @@ This section describes the **Policies** settings that you can configure in [prov
| [PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | X | X | X | | X |
| [PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | X | | | | |
| [PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | X | X | X | | X |
-| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. | X | X | X | | X |
-| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. | X | X | X | | X |
+| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | X | X | X | | X |
+| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | X | X | X | | X |
PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | X | | | | |
| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | X | | | | |
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | X | X | X | | X |
diff --git a/windows/configure/docfx.json b/windows/configure/docfx.json
index 564f47ae8b..3dcf319a94 100644
--- a/windows/configure/docfx.json
+++ b/windows/configure/docfx.json
@@ -30,6 +30,8 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
+ "feedback_system": "None",
+ "hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.windows-configure"
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 2ac2f8253f..2e88d65395 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -1,4 +1,5 @@
# [Deploy and update Windows 10](https://docs.microsoft.com/windows/deployment)
+## [Deployment process posters](windows-10-deployment-posters.md)
## [Deploy Windows 10 with Microsoft 365](deploy-m365.md)
## [What's new in Windows 10 deployment](deploy-whats-new.md)
## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
@@ -240,6 +241,16 @@
#### [Delivery Optimization reference](update/waas-delivery-optimization-reference.md)
#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)
#### [Whitepaper: Windows Updates using forward and reverse differentials](update/PSFxWhitepaper.md)
+### Monitor Windows Updates
+#### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
+#### [Get started with Update Compliance](update/update-compliance-get-started.md)
+#### [Use Update Compliance](update/update-compliance-using.md)
+##### [Need Attention! report](update/update-compliance-need-attention.md)
+##### [Security Update Status report](update/update-compliance-security-update-status.md)
+##### [Feature Update Status report](update/update-compliance-feature-update-status.md)
+##### [Windows Defender AV Status report](update/update-compliance-wd-av-status.md)
+##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md)
+##### [Update Compliance Perspectives](update/update-compliance-perspectives.md)
### Best practices
#### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
#### [Deploy feature updates during maintenance windows](update/feature-update-maintenance-window.md)
@@ -260,7 +271,6 @@
### [Manage device restarts after updates](update/waas-restart.md)
### [Manage additional Windows Update settings](update/waas-wu-settings.md)
### [Determine the source of Windows updates](update/windows-update-sources.md)
-
## Windows Analytics
### [Windows Analytics overview](update/windows-analytics-overview.md)
### [Windows Analytics in the Azure Portal](update/windows-analytics-azure-portal.md)
@@ -281,16 +291,6 @@
##### [Step 4: Monitor deployment](upgrade/upgrade-readiness-monitor-deployment.md)
##### [Additional insights](upgrade/upgrade-readiness-additional-insights.md)
##### [Targeting a new operating system version](upgrade/upgrade-readiness-target-new-OS.md)
-### Monitor Windows Updates
-#### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
-#### [Get started with Update Compliance](update/update-compliance-get-started.md)
-#### [Use Update Compliance](update/update-compliance-using.md)
-##### [Need Attention! report](update/update-compliance-need-attention.md)
-##### [Security Update Status report](update/update-compliance-security-update-status.md)
-##### [Feature Update Status report](update/update-compliance-feature-update-status.md)
-##### [Windows Defender AV Status report](update/update-compliance-wd-av-status.md)
-##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md)
-##### [Update Compliance Perspectives](update/update-compliance-perspectives.md)
### Device Health
#### [Device Health overview](update/device-health-monitor.md)
#### [Get started with Device Health](update/device-health-get-started.md)
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index 784c5a13fd..f9405d730e 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -7,10 +7,12 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
ms.reviewer:
manager: laurawi
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
ms.author: greglin
ms.topic: article
---
@@ -72,27 +74,27 @@ All four of the roles specified above can be hosted on the same computer or each
```
net use y: \\PXE-1\TFTPRoot
y:
- md boot
+ md Boot
```
6. Copy the PXE boot files from the mounted directory to the \boot folder. For example:
```
- copy c:\winpe_amd64\mount\windows\boot\pxe\*.* y:\boot
+ copy c:\winpe_amd64\mount\windows\boot\pxe\*.* y:\Boot
```
7. Copy the boot.sdi file to the PXE/TFTP server.
```
- copy C:\winpe_amd64\media\boot\boot.sdi y:\boot
+ copy C:\winpe_amd64\media\boot\boot.sdi y:\Boot
```
8. Copy the bootable Windows PE image (boot.wim) to the \boot folder.
```
- copy C:\winpe_amd64\media\sources\boot.wim y:\boot
+ copy C:\winpe_amd64\media\sources\boot.wim y:\Boot
```
9. (Optional) Copy true type fonts to the \boot folder
```
- copy C:\winpe_amd64\media\Boot\Fonts y:\boot\Fonts
+ copy C:\winpe_amd64\media\Boot\Fonts y:\Boot\Fonts
```
## Step 2: Configure boot settings and copy the BCD file
@@ -107,7 +109,7 @@ All four of the roles specified above can be hosted on the same computer or each
```
bcdedit /store c:\BCD /create {ramdiskoptions} /d "Ramdisk options"
bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdidevice boot
- bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdipath \boot\boot.sdi
+ bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdipath \Boot\boot.sdi
bcdedit /store c:\BCD /create /d "winpe boot image" /application osloader
```
The last command will return a GUID, for example:
@@ -119,9 +121,9 @@ All four of the roles specified above can be hosted on the same computer or each
3. Create a new boot application entry for the Windows PE image:
```
- bcdedit /store c:\BCD /set {GUID1} device ramdisk=[boot]\boot\boot.wim,{ramdiskoptions}
+ bcdedit /store c:\BCD /set {GUID1} device ramdisk=[boot]\Boot\boot.wim,{ramdiskoptions}
bcdedit /store c:\BCD /set {GUID1} path \windows\system32\winload.exe
- bcdedit /store c:\BCD /set {GUID1} osdevice ramdisk=[boot]\boot\boot.wim,{ramdiskoptions}
+ bcdedit /store c:\BCD /set {GUID1} osdevice ramdisk=[boot]\Boot\boot.wim,{ramdiskoptions}
bcdedit /store c:\BCD /set {GUID1} systemroot \windows
bcdedit /store c:\BCD /set {GUID1} detecthal Yes
bcdedit /store c:\BCD /set {GUID1} winpe Yes
@@ -136,7 +138,7 @@ All four of the roles specified above can be hosted on the same computer or each
5. Copy the BCD file to your TFTP server:
```
- copy c:\BCD \\PXE-1\TFTPRoot\boot\BCD
+ copy c:\BCD \\PXE-1\TFTPRoot\Boot\BCD
```
Your PXE/TFTP server is now configured. You can view the BCD settings that have been configured using the command bcdedit /store <BCD file location> /enum all. See the following example. Note: Your GUID will be different than the one shown below.
@@ -153,9 +155,9 @@ timeout 30
Windows Boot Loader
-------------------
identifier {a4f89c62-2142-11e6-80b6-00155da04110}
-device ramdisk=[boot]\boot\boot.wim,{ramdiskoptions}
+device ramdisk=[boot]\Boot\boot.wim,{ramdiskoptions}
description winpe boot image
-osdevice ramdisk=[boot]\boot\boot.wim,{ramdiskoptions}
+osdevice ramdisk=[boot]\Boot\boot.wim,{ramdiskoptions}
systemroot \Windows
detecthal Yes
winpe Yes
@@ -165,7 +167,7 @@ Setup Ramdisk Options
identifier {ramdiskoptions}
description ramdisk options
ramdisksdidevice boot
-ramdisksdipath \boot\boot.sdi
+ramdisksdipath \Boot\boot.sdi
```
>[!TIP]
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index c4c52097cc..cd4f1c3e5b 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -1,252 +1,248 @@
----
-title: Deploy Windows 10 Enterprise licenses
-ms.reviewer:
-manager: laurawi
-ms.audience: itpro
author: greg-lindsay
-description: Steps to deploy Windows 10 Enterprise licenses for Windows 10 Enterprise E3 or E5 Subscription Activation, or for Windows 10 Enterprise E3 in CSP
-keywords: upgrade, update, task sequence, deploy
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Deploy Windows 10 Enterprise licenses
-
-This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD).
-
->[!NOTE]
->* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
->* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
->* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
-
-## Firmware-embedded activation key
-
-To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt
-
-```
-(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey
-```
-
-If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device does not have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
-
-## Enabling Subscription Activation with an existing EA
-
-If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
-
-1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:
-2. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
-3. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
-4. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
-5. The admin can now assign subscription licenses to users.
-
->Use the following process if you need to update contact information and retrigger activation in order to resend the activation email:
-
-1. Sign in to the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-2. Click on **Subscriptions**.
-3. Click on **Online Services Agreement List**.
-4. Enter your agreement number, and then click **Search**.
-5. Click the **Service Name**.
-6. In the **Subscription Contact** section, click the name listed under **Last Name**.
-7. Update the contact information, then click **Update Contact Details**. This will trigger a new email.
-
-Also in this article:
-- [Explore the upgrade experience](#explore-the-upgrade-experience): How to upgrade devices using the deployed licenses.
-- [Troubleshoot the user experience](#troubleshoot-the-user-experience): Examples of some license activation issues that can be encountered, and how to resolve them.
-
-## Active Directory synchronization with Azure AD
-
-You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
-
-You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
-
-**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
-
-
-
-**Figure 1. On-premises AD DS integrated with Azure AD**
-
-For more information about integrating on-premises AD DS domains with Azure AD, see the following resources:
-
-- [Integrating your on-premises identities with Azure Active Directory](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/)
-- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
-
->[!NOTE]
->If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
-
-## Preparing for deployment: reviewing requirements
-
-Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
-
-## Assigning licenses to users
-
-Upon acquisition of Windows 10 subscription has been completed (Windows 10 Business, E3 or E5), customers will receive an email that will provide guidance on how to use Windows as an online service:
-
-
-
-The following methods are available to assign licenses:
-
-1. When you have the required Azure AD subscription, [group-based licensing](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-whatis-azure-portal) is the preferred method to assign Enterprise E3 or E5 licenses to users.
-2. You can sign in to portal.office.com and manually assign licenses:
-
- 
-
-3. You can assign licenses by uploading a spreadsheet.
-4. A per-user [PowerShell scripted method](https://social.technet.microsoft.com/wiki/contents/articles/15905.how-to-use-powershell-to-automatically-assign-licenses-to-your-office-365-users.aspx) of assigning licenses is available.
-5. Organizations can use synchronized [AD groups](https://ronnydejong.com/2015/03/04/assign-ems-licenses-based-on-local-active-directory-group-membership/) to automatically assign licenses.
-
-## Explore the upgrade experience
-
-Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10 Enterprise. What will the users experience? How will they upgrade their devices?
-
-### Step 1: Join Windows 10 Pro devices to Azure AD
-
-Users can join a Windows 10 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703.
-
-**To join a device to Azure AD the first time the device is started**
-
-1. During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then click **Next**, as illustrated in **Figure 2**.
-
-
-
- **Figure 2. The “Who owns this PC?” page in initial Windows 10 setup**
-
-2. On the **Choose how you’ll connect** page, select **Join Azure AD**, and then click **Next**, as illustrated in **Figure 3**.
-
-
-
- **Figure 3. The “Choose how you’ll connect” page in initial Windows 10 setup**
-
-3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 4**.
-
-
-
- **Figure 4. The “Let’s get you signed in” page in initial Windows 10 setup**
-
-Now the device is Azure AD joined to the company’s subscription.
-
-**To join a device to Azure AD when the device already has Windows 10 Pro, version 1703 installed and set up**
-
->[!IMPORTANT]
->Make sure that the user you're signing in with is **not** a BUILTIN/Administrator. That user cannot use the `+ Connect` button to join a work or school account.
-
-1. Go to **Settings > Accounts > Access work or school**, as illustrated in **Figure 5**.
-
-
-
- **Figure 5. Connect to work or school configuration in Settings**
-
-2. In **Set up a work or school account**, click **Join this device to Azure Active Directory**, as illustrated in **Figure 6**.
-
-
-
- **Figure 6. Set up a work or school account**
-
-3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 7**.
-
-
-
- **Figure 7. The “Let’s get you signed in” dialog box**
-
-Now the device is Azure AD joined to the company’s subscription.
-
-### Step 2: Pro edition activation
-
->[!IMPORTANT]
->If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
->If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**.
-
-
-
-Figure 7a - Windows 10 Pro activation in Settings
-
-Windows 10 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only).
-
-
-### Step 3: Sign in using Azure AD account
-
-Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
-
-
-
-**Figure 8. Sign in by using Azure AD account**
-
-### Step 4: Verify that Enterprise edition is enabled
-
-You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings > Update & Security > Activation**, as illustrated in **Figure 9**.
-
-
-
-
-**Figure 9 - Windows 10 Enterprise subscription in Settings**
-
-
-If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
-
->[!NOTE]
->If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
->Name: Windows(R), Professional edition
->Description: Windows(R) Operating System, RETAIL channel
->Partial Product Key: 3V66T
-
-## Virtual Desktop Access (VDA)
-
-Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx).
-
-Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Enterprise Subscription Activation](vda-subscription-activation.md).
-
-## Troubleshoot the user experience
-
-In some instances, users may experience problems with the Windows 10 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
-
-- The existing Windows 10 Pro, version 1703 or 1709 operating system is not activated. This problem does not apply to Windows 10, version 1803 or later.
-
-- The Windows 10 Enterprise E3 or E5 subscription has lapsed or has been removed.
-
-Use the following figures to help you troubleshoot when users experience these common problems:
-
-- [Figure 9](#win-10-activated-subscription-active) (above) illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active.
-
-- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro is not activated, but the Windows 10 Enterprise subscription is active.
-
-- [Figure 11](#subscription-not-active) (below) illustrates a device on which Windows 10 Pro is activated, but the Windows 10 Enterprise subscription is lapsed or removed.
-
-- [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed.
-
-
-
-
-Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings
-
-
-
-
-Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings
-
-
-
-
-Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings
-
-
-### Review requirements on devices
-
-Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
-
-**To determine if a device is Azure Active Directory joined:**
-
-1. Open a command prompt and type **dsregcmd /status**.
-
-2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
-
-**To determine the version of Windows 10:**
-
-- At a command prompt, type:
- **winver**
-
- A popup window will display the Windows 10 version number and detailed OS build information.
-
- If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal.
+---
+title: Deploy Windows 10 Enterprise licenses
+ms.reviewer:
+manager: laurawi
+ms.audience: itpro
+ms.author: greglin
+description: Steps to deploy Windows 10 Enterprise licenses for Windows 10 Enterprise E3 or E5 Subscription Activation, or for Windows 10 Enterprise E3 in CSP
+keywords: upgrade, update, task sequence, deploy
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: mdt
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Deploy Windows 10 Enterprise licenses
+
+This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD).
+
+>[!NOTE]
+>* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
+>* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
+>* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
+
+## Firmware-embedded activation key
+
+To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt
+
+```
+(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey
+```
+
+If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device does not have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
+
+## Enabling Subscription Activation with an existing EA
+
+If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
+
+1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:
+2. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
+3. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
+4. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
+5. The admin can now assign subscription licenses to users.
+
+>Use the following process if you need to update contact information and retrigger activation in order to resend the activation email:
+
+1. Sign in to the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
+2. Click on **Subscriptions**.
+3. Click on **Online Services Agreement List**.
+4. Enter your agreement number, and then click **Search**.
+5. Click the **Service Name**.
+6. In the **Subscription Contact** section, click the name listed under **Last Name**.
+7. Update the contact information, then click **Update Contact Details**. This will trigger a new email.
+
+Also in this article:
+- [Explore the upgrade experience](#explore-the-upgrade-experience): How to upgrade devices using the deployed licenses.
+- [Troubleshoot the user experience](#troubleshoot-the-user-experience): Examples of some license activation issues that can be encountered, and how to resolve them.
+
+## Active Directory synchronization with Azure AD
+
+You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
+
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+
+**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
+
+
+
+**Figure 1. On-premises AD DS integrated with Azure AD**
+
+For more information about integrating on-premises AD DS domains with Azure AD, see the following resources:
+
+- [Integrating your on-premises identities with Azure Active Directory](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/)
+- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
+
+>[!NOTE]
+>If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
+
+## Preparing for deployment: reviewing requirements
+
+Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
+
+## Assigning licenses to users
+
+Upon acquisition of Windows 10 subscription has been completed (Windows 10 Business, E3 or E5), customers will receive an email that will provide guidance on how to use Windows as an online service:
+
+
+
+The following methods are available to assign licenses:
+
+1. When you have the required Azure AD subscription, [group-based licensing](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-whatis-azure-portal) is the preferred method to assign Enterprise E3 or E5 licenses to users.
+2. You can sign in to portal.office.com and manually assign licenses:
+
+ 
+
+3. You can assign licenses by uploading a spreadsheet.
+4. A per-user [PowerShell scripted method](https://social.technet.microsoft.com/wiki/contents/articles/15905.how-to-use-powershell-to-automatically-assign-licenses-to-your-office-365-users.aspx) of assigning licenses is available.
+5. Organizations can use synchronized [AD groups](https://ronnydejong.com/2015/03/04/assign-ems-licenses-based-on-local-active-directory-group-membership/) to automatically assign licenses.
+
+## Explore the upgrade experience
+
+Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10 Enterprise. What will the users experience? How will they upgrade their devices?
+
+### Step 1: Join Windows 10 Pro devices to Azure AD
+
+Users can join a Windows 10 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703.
+
+**To join a device to Azure AD the first time the device is started**
+
+1. During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then click **Next**, as illustrated in **Figure 2**.
+
+
+
+ **Figure 2. The “Who owns this PC?” page in initial Windows 10 setup**
+
+2. On the **Choose how you’ll connect** page, select **Join Azure AD**, and then click **Next**, as illustrated in **Figure 3**.
+
+
+
+ **Figure 3. The “Choose how you’ll connect” page in initial Windows 10 setup**
+
+3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 4**.
+
+
+
+ **Figure 4. The “Let’s get you signed in” page in initial Windows 10 setup**
+
+Now the device is Azure AD joined to the company’s subscription.
+
+**To join a device to Azure AD when the device already has Windows 10 Pro, version 1703 installed and set up**
+
+>[!IMPORTANT]
+>Make sure that the user you're signing in with is **not** a BUILTIN/Administrator. That user cannot use the `+ Connect` button to join a work or school account.
+
+1. Go to **Settings > Accounts > Access work or school**, as illustrated in **Figure 5**.
+
+
+
+ **Figure 5. Connect to work or school configuration in Settings**
+
+2. In **Set up a work or school account**, click **Join this device to Azure Active Directory**, as illustrated in **Figure 6**.
+
+
+
+ **Figure 6. Set up a work or school account**
+
+3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 7**.
+
+
+
+ **Figure 7. The “Let’s get you signed in” dialog box**
+
+Now the device is Azure AD joined to the company’s subscription.
+
+### Step 2: Pro edition activation
+
+>[!IMPORTANT]
+>If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
+>If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**.
+
+
+
+ Figure 7a - Windows 10 Pro activation in Settings
+
+Windows 10 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only).
+
+
+### Step 3: Sign in using Azure AD account
+
+Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
+
+
+
+**Figure 8. Sign in by using Azure AD account**
+
+### Step 4: Verify that Enterprise edition is enabled
+
+You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings > Update & Security > Activation**, as illustrated in **Figure 9**.
+
+
+
+
+**Figure 9 - Windows 10 Enterprise subscription in Settings**
+
+
+If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
+
+>[!NOTE]
+>If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
+>Name: Windows(R), Professional edition
+>Description: Windows(R) Operating System, RETAIL channel
+>Partial Product Key: 3V66T
+
+## Virtual Desktop Access (VDA)
+
+Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx).
+
+Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Enterprise Subscription Activation](vda-subscription-activation.md).
+
+## Troubleshoot the user experience
+
+In some instances, users may experience problems with the Windows 10 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
+
+- The existing Windows 10 Pro, version 1703 or 1709 operating system is not activated. This problem does not apply to Windows 10, version 1803 or later.
+
+- The Windows 10 Enterprise E3 or E5 subscription has lapsed or has been removed.
+
+Use the following figures to help you troubleshoot when users experience these common problems:
+
+- [Figure 9](#win-10-activated-subscription-active) (see the section above) illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active.
+
+- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro is not activated, but the Windows 10 Enterprise subscription is active.
+
+
+
+ Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings
+
+- [Figure 11](#subscription-not-active) (below) illustrates a device on which Windows 10 Pro is activated, but the Windows 10 Enterprise subscription is lapsed or removed.
+
+
+
+ Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings
+
+- [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed.
+
+
+
+ Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings
+
+### Review requirements on devices
+
+Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
+
+**To determine if a device is Azure Active Directory joined:**
+
+1. Open a command prompt and type **dsregcmd /status**.
+2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
+
+**To determine the version of Windows 10:**
+
+At a command prompt, type: **winver**
+
+A popup window will display the Windows 10 version number and detailed OS build information.
+
+If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal.
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
index 3f8f818281..8741709766 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@@ -1,6 +1,6 @@
---
title: Configure MDT deployment share rules (Windows 10)
-description: In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine.
+description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine.
ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
ms.reviewer:
manager: laurawi
@@ -27,7 +27,7 @@ When using MDT, you can assign setting in three distinct ways:
- You can prompt the user or technician for information.
- You can have MDT generate the settings automatically.
-In order illustrate these three options, let's look at some sample configurations.
+In order to illustrate these three options, let's look at some sample configurations.
## Sample configurations
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
index 4f3771b9d5..2b89867e2e 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
@@ -1,50 +1,51 @@
----
-title: Configure MDT settings (Windows 10)
-description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization.
-ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: customize, customization, deploy, features, tools
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Configure MDT settings
-
-One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
-For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
-
-
-
-Figure 1. The machines used in this topic.
-
-## In this section
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
-
-## Related topics
-
-[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-
-[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-
-[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-
-[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
-
-[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-
-[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
+---
+title: Configure MDT settings (Windows 10)
+description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities. Learn how to customize your environment.
+ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: customize, customization, deploy, features, tools
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: mdt
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Configure MDT settings
+
+One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
+For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
+
+
+
+Figure 1. The machines used in this topic.
+
+## In this section
+
+- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
+- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
+- [Use web services in MDT](use-web-services-in-mdt.md)
+- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
+
+## Related topics
+
+[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
+
+[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
+
+[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
+
+[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
+
+[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
+
+[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
diff --git a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md
index a89f01eda9..9076a17339 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -1,190 +1,191 @@
----
-title: Create a task sequence with Configuration Manager and MDT (Windows 10)
-description: In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
-ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: deploy, upgrade, task sequence, install
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.pagetype: mdt
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Create a task sequence with Configuration Manager and MDT
-
-
-**Applies to**
-
-- Windows 10
-
-In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in System Center 2012 R2 Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
-
-For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard, both of which are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
-
-## Create a task sequence using the MDT Integration Wizard
-
-
-This section walks you through the process of creating a System Center 2012 R2 Configuration Manager task sequence for production use.
-
-1. On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
-
-2. On the **Choose Template** page, select the **Client Task Sequence** template and click **Next**.
-
-3. On the **General** page, assign the following settings and then click **Next**:
-
- * Task sequence name: Windows 10 Enterprise x64 RTM
-
- * Task sequence comments: Production image with Office 2013
-
-4. On the **Details** page, assign the following settings and then click **Next**:
-
- * Join a Domain
-
- * Domain: contoso.com
-
- * Account: CONTOSO\\CM\_JD
-
- * Password: Passw0rd!
-
- * Windows Settings
-
- * User name: Contoso
-
- * Organization name: Contoso
-
- * Product key: <blank>
-
-5. On the **Capture Settings** page, accept the default settings, and click **Next**.
-
-6. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then click **Next**.
-
-7. On the **MDT Package** page, select **Create a new Microsoft Deployment Toolkit Files package**, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\MDT\\MDT**. Then click **Next**.
-
-8. On the **MDT Details** page, assign the name **MDT** and click **Next**.
-
-9. On the **OS Image** page, browse and select the **Windows 10 Enterprise x64 RTM** package. Then click **Next**.
-
-10. On the **Deployment Method** page, accept the default settings and click **Next**.
-
-11. On the **Client Package** page, browse and select the **OSD / Configuration Manager Client** package. Then click **Next**.
-
-12. On the **USMT Package** page, browse and select **the OSD / Microsoft Corporation User State Migration Tool for Windows 8 10.0.10240.16384** package. Then click **Next**.
-
-13. On the **Settings Package** page, select the **Create a new settings package** option, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Settings\\Windows 10 x64 Settings**. Then click **Next**.
-
-14. On the **Settings Details** page, assign the name **Windows 10 x64 Settings** and click **Next**.
-
-15. On the **Sysprep Package** page, click **Next** twice.
-
-16. On the **Confirmation** page, click **Finish**.
-
-## Edit the task sequence
-
-
-After you create the task sequence, we recommend that you configure the task sequence for an optimal deployment experience. The configurations include enabling support for Unified Extensible Firmware Interface (UEFI), dynamic organizational unit (OU) allocation, computer replace scenarios, and more.
-
-1. On CM01, using the Configuration Manager Console, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM** task sequence, and select **Edit**.
-
-2. In the **Install** group, select the **Set Variable for Drive Letter** action and configure the following:
-
- * OSDPreserveDriveLetter: True
-
- >[!NOTE]
- >If you don't change this value, your Windows installation will end up in E:\\Windows.
-
-3. In the **Post Install** group, select **Apply Network Settings**, and configure the Domain OU value to use the **Contoso / Workstations** OU (browse for values).
-
-4. In the **Post Install** group, disable the **Auto Apply Drivers** action. (Disabling is done by selecting the action and, in the **Options** tab, selecting the **Disable this step** check box.)
-
-5. After the disabled **Post Install / Auto Apply Drivers** action, add a new group name: **Drivers**.
-
-6. After the **Post Install / Drivers** group, add an **Apply Driver Package** action with the following settings:
-
- * Name: HP EliteBook 8560w
-
- * Driver Package: Windows 10 x64 - HP EliteBook 8560w
-
- * Options: Task Sequence Variable: Model equals HP EliteBook 8560w
-
- >[!NOTE]
- >You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%'
-
- 
-
- *Figure 24. The driver package options*
-
-7. In the **State Restore / Install Applications** group, select the **Install Application** action.
-
-8. Select the **Install the following applications** option, and add the OSD / Adobe Reader XI - OSD Install application to the list.
-
- 
-
- *Figure 25. Add an application to the Configuration Manager task sequence*
-
-9. In the **State Restore** group, after the **Set Status 5** action, add a **Request State Store** action with the following settings:
-
- * Restore state from another computer
-
- * If computer account fails to connect to state store, use the Network Access account
-
- * Options: Continue on error
-
- * Options / Condition:
-
- * Task Sequence Variable
-
- * USMTLOCAL not equals True
-
-10. In the **State Restore** group, after the **Restore User State** action, add a **Release State Store** action with the following settings:
-
- * Options: Continue on error
-
- * Options / Condition:
-
- * Task Sequence Variable
-
- * USMTLOCAL not equals True
-
-11. Click **OK**.
-
->[!NOTE]
->The Request State Store and Release State Store actions need to be added for common computer replace scenarios.
-
-
-
-## Move the packages
-
-
-While creating the task sequence with the MDT wizard, a few operating system deployment packages were created. To move these packages to the OSD folder, take the following steps.
-
-1. On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Application Management**, and then select **Packages**.
-
-2. Select the **MDT** and **Windows 10 x64 Settings** packages, right-click and select **Move**.
-
-3. In the **Move Selected Items** dialog box, select the **OSD** folder, and click **OK**.
-
-## Related topics
-
-
-[Integrate Configuration Manager with MDT](integrate-configuration-manager-with-mdt.md)
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-[Create a custom Windows PE boot image with Configuration Manager](../deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-
-[Add a Windows 10 operating system image using Configuration Manager](../deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md)
-
-[Create an application to deploy with Windows 10 using Configuration Manager](../deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](../deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-
-[Deploy Windows 10 using PXE and Configuration Manager](../deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md)
-
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](../deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](../deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+---
+title: Create a task sequence with Configuration Manager (Windows 10)
+description: Create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
+ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: deploy, upgrade, task sequence, install
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.pagetype: mdt
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Create a task sequence with Configuration Manager and MDT
+
+
+**Applies to**
+
+- Windows 10
+
+In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in System Center 2012 R2 Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
+
+For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard, both of which are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+## Create a task sequence using the MDT Integration Wizard
+
+
+This section walks you through the process of creating a System Center 2012 R2 Configuration Manager task sequence for production use.
+
+1. On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
+
+2. On the **Choose Template** page, select the **Client Task Sequence** template and click **Next**.
+
+3. On the **General** page, assign the following settings and then click **Next**:
+
+ * Task sequence name: Windows 10 Enterprise x64 RTM
+
+ * Task sequence comments: Production image with Office 2013
+
+4. On the **Details** page, assign the following settings and then click **Next**:
+
+ * Join a Domain
+
+ * Domain: contoso.com
+
+ * Account: CONTOSO\\CM\_JD
+
+ * Password: Passw0rd!
+
+ * Windows Settings
+
+ * User name: Contoso
+
+ * Organization name: Contoso
+
+ * Product key: <blank>
+
+5. On the **Capture Settings** page, accept the default settings, and click **Next**.
+
+6. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then click **Next**.
+
+7. On the **MDT Package** page, select **Create a new Microsoft Deployment Toolkit Files package**, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\MDT\\MDT**. Then click **Next**.
+
+8. On the **MDT Details** page, assign the name **MDT** and click **Next**.
+
+9. On the **OS Image** page, browse and select the **Windows 10 Enterprise x64 RTM** package. Then click **Next**.
+
+10. On the **Deployment Method** page, accept the default settings and click **Next**.
+
+11. On the **Client Package** page, browse and select the **OSD / Configuration Manager Client** package. Then click **Next**.
+
+12. On the **USMT Package** page, browse and select **the OSD / Microsoft Corporation User State Migration Tool for Windows 8 10.0.10240.16384** package. Then click **Next**.
+
+13. On the **Settings Package** page, select the **Create a new settings package** option, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Settings\\Windows 10 x64 Settings**. Then click **Next**.
+
+14. On the **Settings Details** page, assign the name **Windows 10 x64 Settings** and click **Next**.
+
+15. On the **Sysprep Package** page, click **Next** twice.
+
+16. On the **Confirmation** page, click **Finish**.
+
+## Edit the task sequence
+
+
+After you create the task sequence, we recommend that you configure the task sequence for an optimal deployment experience. The configurations include enabling support for Unified Extensible Firmware Interface (UEFI), dynamic organizational unit (OU) allocation, computer replace scenarios, and more.
+
+1. On CM01, using the Configuration Manager Console, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM** task sequence, and select **Edit**.
+
+2. In the **Install** group, select the **Set Variable for Drive Letter** action and configure the following:
+
+ * OSDPreserveDriveLetter: True
+
+ >[!NOTE]
+ >If you don't change this value, your Windows installation will end up in E:\\Windows.
+
+3. In the **Post Install** group, select **Apply Network Settings**, and configure the Domain OU value to use the **Contoso / Workstations** OU (browse for values).
+
+4. In the **Post Install** group, disable the **Auto Apply Drivers** action. (Disabling is done by selecting the action and, in the **Options** tab, selecting the **Disable this step** check box.)
+
+5. After the disabled **Post Install / Auto Apply Drivers** action, add a new group name: **Drivers**.
+
+6. After the **Post Install / Drivers** group, add an **Apply Driver Package** action with the following settings:
+
+ * Name: HP EliteBook 8560w
+
+ * Driver Package: Windows 10 x64 - HP EliteBook 8560w
+
+ * Options: Task Sequence Variable: Model equals HP EliteBook 8560w
+
+ >[!NOTE]
+ >You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%'
+
+ 
+
+ *Figure 24. The driver package options*
+
+7. In the **State Restore / Install Applications** group, select the **Install Application** action.
+
+8. Select the **Install the following applications** option, and add the OSD / Adobe Reader XI - OSD Install application to the list.
+
+ 
+
+ *Figure 25. Add an application to the Configuration Manager task sequence*
+
+9. In the **State Restore** group, after the **Set Status 5** action, add a **Request State Store** action with the following settings:
+
+ * Restore state from another computer
+
+ * If computer account fails to connect to state store, use the Network Access account
+
+ * Options: Continue on error
+
+ * Options / Condition:
+
+ * Task Sequence Variable
+
+ * USMTLOCAL not equals True
+
+10. In the **State Restore** group, after the **Restore User State** action, add a **Release State Store** action with the following settings:
+
+ * Options: Continue on error
+
+ * Options / Condition:
+
+ * Task Sequence Variable
+
+ * USMTLOCAL not equals True
+
+11. Click **OK**.
+
+>[!NOTE]
+>The Request State Store and Release State Store actions need to be added for common computer replace scenarios.
+
+
+
+## Move the packages
+
+
+While creating the task sequence with the MDT wizard, a few operating system deployment packages were created. To move these packages to the OSD folder, take the following steps.
+
+1. On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Application Management**, and then select **Packages**.
+
+2. Select the **MDT** and **Windows 10 x64 Settings** packages, right-click and select **Move**.
+
+3. In the **Move Selected Items** dialog box, select the **OSD** folder, and click **OK**.
+
+## Related topics
+
+
+[Integrate Configuration Manager with MDT](integrate-configuration-manager-with-mdt.md)
+
+[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+
+[Create a custom Windows PE boot image with Configuration Manager](../deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+
+[Add a Windows 10 operating system image using Configuration Manager](../deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md)
+
+[Create an application to deploy with Windows 10 using Configuration Manager](../deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+
+[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](../deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
+
+[Deploy Windows 10 using PXE and Configuration Manager](../deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md)
+
+[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](../deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](../deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
diff --git a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md
index 6ebe0fe528..54b6e72815 100644
--- a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md
@@ -1,6 +1,6 @@
---
title: Integrate Configuration Manager with MDT (Windows 10)
-description: This topic will help you understand the benefits of integrating the Microsoft Deployment Toolkit with Microsoft System Center 2012 R2 Configuration Manager SP1 when you deploy a new or updated version of the Windows operating system.
+description: Understand the benefits of integrating the Microsoft Deployment Toolkit with Microsoft System Center 2012 R2 Configuration Manager SP1 when you deploy Windows.
ms.assetid: 3bd1cf92-81e5-48dc-b874-0f5d9472e5a5
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index 2e1b06b5f4..aa2e3ff40e 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -1,6 +1,6 @@
---
title: Prepare for deployment with MDT (Windows 10)
-description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
+description: Learn how to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index dee4dd39d2..f02158277d 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,6 +1,6 @@
---
title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
-description: A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10; however, because you are replacing a machine, you cannot store the backup on the old computer.
+description: Learn how to replace a Windows 7 device with a Windows 10 device. Although the process is similar to performing a refresh, you'll need to backup data externally
ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index 70a3a46434..b1a4515898 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -19,29 +19,34 @@ ms.topic: article
# Set up MDT for BitLocker
This topic will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
-- A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password. Technically, you also can use a USB stick to store the protector, but it's not a practical approach as the USB stick can be lost or stolen. We, therefore, recommend that you instead use a TPM chip and/or a password.
-- Multiple partitions on the hard drive.
+
+- A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password. Technically, you can also use a USB stick to store the protector, but it's not a practical approach as the USB stick can be lost or stolen. We, therefore, recommend that you instead use a TPM chip and/or a password.
+- Multiple partitions on the hard drive.
To configure your environment for BitLocker, you will need to do the following:
-1. Configure Active Directory for BitLocker.
-2. Download the various BitLocker scripts and tools.
-3. Configure the operating system deployment task sequence for BitLocker.
-4. Configure the rules (CustomSettings.ini) for BitLocker.
+1. Configure Active Directory for BitLocker.
+2. Download the various BitLocker scripts and tools.
+3. Configure the operating system deployment task sequence for BitLocker.
+4. Configure the rules (CustomSettings.ini) for BitLocker.
+
+> [!NOTE]
+> Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery password in Active Directory. For additional information about this feature, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://docs.microsoft.com/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds).
+If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
+
+> [!NOTE]
+> Backing up TMP to Active Directory was supported only on Windows 10 version 1507 and 1511.
->[!NOTE]
->Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
-
For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
-## Configure Active Directory for BitLocker
+## Configure Active Directory for BitLocker
To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we are running Windows Server 2012 R2, so you do not need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory.
->[!NOTE]
->Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory.
-
-In Windows Server 2012 R2 (as well as in Windows Server 2008 R2 and Windows Server 2012), you have access to the BitLocker Drive Encryption Administration Utilities features, which will help you manage BitLocker. When you install the features, the BitLocker Active Directory Recovery Password Viewer is included, and it extends Active Directory Users and Computers with BitLocker Recovery information.
+> [!NOTE]
+> Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory.
+
+In Windows Server version from 2008 R2 and later, you have access to the BitLocker Drive Encryption Administration Utilities features, which will help you manage BitLocker. When you install the features, the BitLocker Active Directory Recovery Password Viewer is included, and it extends Active Directory Users and Computers with BitLocker Recovery information.
@@ -51,16 +56,16 @@ Figure 2. The BitLocker Recovery information on a computer object in the contoso
The BitLocker Drive Encryption Administration Utilities are added as features via Server Manager (or Windows PowerShell):
-1. On DC01, log on as **CONTOSO\\Administrator**, and, using Server Manager, click **Add roles and features**.
-2. On the **Before you begin** page, click **Next**.
-3. On the **Select installation type** page, select **Role-based or feature-based installation**, and click **Next**.
-4. On the **Select destination server** page, select **DC01.contoso.com** and click **Next**.
-5. On the **Select server roles** page, click **Next**.
-6. On the **Select features** page, expand **Remote Server Administration Tools**, expand **Feature Administration Tools**, select the following features, and then click **Next**:
- 1. BitLocker Drive Encryption Administration Utilities
- 2. BitLocker Drive Encryption Tools
- 3. BitLocker Recovery Password Viewer
-7. On the **Confirm installation selections** page, click **Install** and then click **Close**.
+1. On DC01, log on as **CONTOSO\\Administrator**, and, using Server Manager, click **Add roles and features**.
+2. On the **Before you begin** page, click **Next**.
+3. On the **Select installation type** page, select **Role-based or feature-based installation**, and click **Next**.
+4. On the **Select destination server** page, select **DC01.contoso.com** and click **Next**.
+5. On the **Select server roles** page, click **Next**.
+6. On the **Select features** page, expand **Remote Server Administration Tools**, expand **Feature Administration Tools**, select the following features, and then click **Next**:
+ 1. BitLocker Drive Encryption Administration Utilities
+ 2. BitLocker Drive Encryption Tools
+ 3. BitLocker Recovery Password Viewer
+7. On the **Confirm installation selections** page, click **Install** and then click **Close**.
@@ -69,29 +74,30 @@ Figure 3. Selecting the BitLocker Drive Encryption Administration Utilities.
### Create the BitLocker Group Policy
Following these steps, you enable the backup of BitLocker and TPM recovery information to Active Directory. You also enable the policy for the TPM validation profile.
-1. On DC01, using Group Policy Management, right-click the **Contoso** organizational unit (OU), and select **Create a GPO in this domain, and Link it here**.
-2. Assign the name **BitLocker Policy** to the new Group Policy.
-3. Expand the **Contoso** OU, right-click the **BitLocker Policy**, and select **Edit**. Configure the following policy settings:
- Computer Configuration / Policies / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives
- 1. Enable the **Choose how BitLocker-protected operating system drives can be recovered** policy, and configure the following settings:
- 1. Allow data recovery agent (default)
- 2. Save BitLocker recovery information to Active Directory Domain Services (default)
- 3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives
- 2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy.
- 3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy.
- Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services
- 4. Enable the **Turn on TPM backup to Active Directory Domain Services** policy.
->[!NOTE]
->If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using.
-
+1. On DC01, using Group Policy Management, right-click the **Contoso** organizational unit (OU), and select **Create a GPO in this domain, and Link it here**.
+2. Assign the name **BitLocker Policy** to the new Group Policy.
+3. Expand the **Contoso** OU, right-click the **BitLocker Policy**, and select **Edit**. Configure the following policy settings:
+ Computer Configuration / Policies / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives
+ 1. Enable the **Choose how BitLocker-protected operating system drives can be recovered** policy, and configure the following settings:
+ 1. Allow data recovery agent (default)
+ 2. Save BitLocker recovery information to Active Directory Domain Services (default)
+ 3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives
+ 2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy.
+ 3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy.
+ Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services
+
+> [!NOTE]
+> If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using.
+
### Set permissions in Active Directory for BitLocker
In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://go.microsoft.com/fwlink/p/?LinkId=167133) from Microsoft to C:\\Setup\\Scripts on DC01.
-1. On DC01, start an elevated PowerShell prompt (run as Administrator).
-2. Configure the permissions by running the following command:
- ``` syntax
+1. On DC01, start an elevated PowerShell prompt (run as Administrator).
+2. Configure the permissions by running the following command:
+
+ ```dos
cscript C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs
```
@@ -99,26 +105,29 @@ In addition to the Group Policy created previously, you need to configure permis
Figure 4. Running the Add-TPMSelfWriteACE.vbs script on DC01.
-## Add BIOS configuration tools from Dell, HP, and Lenovo
+## Add BIOS configuration tools from Dell, HP, and Lenovo
If you want to automate enabling the TPM chip as part of the deployment process, you need to download the vendor tools and add them to your task sequences, either directly or in a script wrapper.
### Add tools from Dell
-The Dell tools are available via the Dell Client Configuration Toolkit (CCTK). The executable file from Dell is named cctk.exe. Here is a sample command to enable TPM and set a BIOS password using the cctk.exe tool:
-``` syntax
+The Dell tools are available via the Dell Client Configuration Toolkit (CCTK). The executable file from Dell is named *cctk.exe*. Here is a sample command to enable TPM and set a BIOS password using the cctk.exe tool:
+
+```dos
cctk.exe --tpm=on --valsetuppwd=Password1234
```
+
### Add tools from HP
The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
-``` syntax
+```dos
BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234
```
+
And the sample content of the TPMEnable.REPSET file:
-``` syntax
+```txt
English
Activate Embedded Security On Next Boot
*Enable
@@ -129,25 +138,30 @@ Allow user to reject
Embedded Security Device Availability
*Available
```
+
### Add tools from Lenovo
The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here is a sample command to enable TPM using the Lenovo tools:
-``` syntax
+
+```dos
cscript.exe SetConfig.vbs SecurityChip Active
```
-## Configure the Windows 10 task sequence to enable BitLocker
-When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549).
+## Configure the Windows 10 task sequence to enable BitLocker
+
+When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549).
In the following task sequence, we added five actions:
-- **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
-- **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf.
- **Note**
- It is common for organizations to wrap these tools in scripts to get additional logging and error handling.
-
-- **Restart computer.** Self-explanatory, reboots the computer.
-- **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time.
-- **Enable BitLocker.** Runs the built-in action to activate BitLocker.
+
+- **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
+- **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf.
+
+ > [!NOTE]
+ > It is common for organizations to wrap these tools in scripts to get additional logging and error handling.
+
+- **Restart computer.** Self-explanatory, reboots the computer.
+- **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time.
+- **Enable BitLocker.** Runs the built-in action to activate BitLocker.
## Related topics
diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
index 234a716425..e7cabd8fec 100644
--- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
@@ -1,177 +1,178 @@
----
-title: Use Orchestrator runbooks with MDT (Windows 10)
-description: This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
-ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: web services, database
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Use Orchestrator runbooks with MDT
-
-This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
-MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
-
-**Note**
-If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
-
-## Orchestrator terminology
-
-Before diving into the core details, here is a quick course in Orchestrator terminology:
-- **Orchestrator Server.** This is a server that executes runbooks.
-- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
-- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions.
-- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook.
-- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default.
-- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default.
-- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
-
-**Note**
-To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554).
-
-## Create a sample runbook
-
-This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01.
-
-1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS).
-2. In the **E:\\Logfile** folder, create the DeployLog.txt file.
- **Note**
- Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt.
-
- 
-
- Figure 23. The DeployLog.txt file.
-
-3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder.
-
- 
-
- Figure 24. Folder created in the Runbooks node.
-
-4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**.
-5. On the ribbon bar, click **Check Out**.
-6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**.
-7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane:
- 1. Runbook Control / Initialize Data
- 2. Text File Management / Append Line
-8. Connect **Initialize Data** to **Append Line**.
-
- 
-
- Figure 25. Activities added and connected.
-
-9. Right-click the **Initialize Data** activity, and select **Properties**
-10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**.
-
- 
-
- Figure 26. The Initialize Data Properties window.
-
-11. Right-click the **Append Line** activity, and select **Properties**.
-12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**.
-13. In the **File** encoding drop-down list, select **ASCII**.
-14. In the **Append** area, right-click inside the **Text** text box and select **Expand**.
-
- 
-
- Figure 27. Expanding the Text area.
-
-15. In the blank text box, right-click and select **Subscribe / Published Data**.
-
- 
-
- Figure 28. Subscribing to data.
-
-16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**.
-17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**.
-18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**.
-
- 
-
- Figure 29. The expanded text box after all subscriptions have been added.
-
-19. On the **Append Line Properties** page, click **Finish**.
- ## Test the demo MDT runbook
- After the runbook is created, you are ready to test it.
-20. On the ribbon bar, click **Runbook Tester**.
-21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**:
- - OSDComputerName: PC0010
-22. Verify that all activities are green (for additional information, see each target).
-23. Close the **Runbook Tester**.
-24. On the ribbon bar, click **Check In**.
-
-
-
-Figure 30. All tests completed.
-
-## Use the MDT demo runbook from MDT
-
-1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**.
-2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
- 1. Task sequence ID: OR001
- 2. Task sequence name: Orchestrator Sample
- 3. Task sequence comments: <blank>
- 4. Template: Custom Task Sequence
-3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab.
-4. Remove the default **Application Install** action.
-5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option.
-6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings:
- 1. Name: Set Task Sequence Variable
- 2. Task Sequence Variable: OSDComputerName
- 3. Value: %hostname%
-7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings:
- 1. Orchestrator Server: OR01.contoso.com
- 2. Use Browse to select **1.0 MDT / MDT Sample**.
-8. Click **OK**.
-
-
-
-Figure 31. The ready-made task sequence.
-
-## Run the orchestrator sample task sequence
-
-Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
-**Note**
-Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555).
-
-1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
-2. Using an elevated command prompt (run as Administrator), type the following command:
-
- ``` syntax
- cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
- ```
-3. Complete the Windows Deployment Wizard using the following information:
- 1. Task Sequence: Orchestrator Sample
- 2. Credentials:
- 1. User Name: MDT\_BA
- 2. Password: P@ssw0rd
- 3. Domain: CONTOSO
-4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated.
-
-
-
-Figure 32. The ready-made task sequence.
-
-## Related topics
-
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-
-[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-
-[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-
-[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-
-[Use web services in MDT](use-web-services-in-mdt.md)
+---
+title: Use Orchestrator runbooks with MDT (Windows 10)
+description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
+ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: web services, database
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: mdt
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Use Orchestrator runbooks with MDT
+
+This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
+MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
+
+**Note**
+If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
+
+## Orchestrator terminology
+
+Before diving into the core details, here is a quick course in Orchestrator terminology:
+- **Orchestrator Server.** This is a server that executes runbooks.
+- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
+- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions.
+- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook.
+- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default.
+- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default.
+- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
+
+**Note**
+To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554).
+
+## Create a sample runbook
+
+This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01.
+
+1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS).
+2. In the **E:\\Logfile** folder, create the DeployLog.txt file.
+ **Note**
+ Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt.
+
+ 
+
+ Figure 23. The DeployLog.txt file.
+
+3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder.
+
+ 
+
+ Figure 24. Folder created in the Runbooks node.
+
+4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**.
+5. On the ribbon bar, click **Check Out**.
+6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**.
+7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane:
+ 1. Runbook Control / Initialize Data
+ 2. Text File Management / Append Line
+8. Connect **Initialize Data** to **Append Line**.
+
+ 
+
+ Figure 25. Activities added and connected.
+
+9. Right-click the **Initialize Data** activity, and select **Properties**
+10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**.
+
+ 
+
+ Figure 26. The Initialize Data Properties window.
+
+11. Right-click the **Append Line** activity, and select **Properties**.
+12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**.
+13. In the **File** encoding drop-down list, select **ASCII**.
+14. In the **Append** area, right-click inside the **Text** text box and select **Expand**.
+
+ 
+
+ Figure 27. Expanding the Text area.
+
+15. In the blank text box, right-click and select **Subscribe / Published Data**.
+
+ 
+
+ Figure 28. Subscribing to data.
+
+16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**.
+17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**.
+18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**.
+
+ 
+
+ Figure 29. The expanded text box after all subscriptions have been added.
+
+19. On the **Append Line Properties** page, click **Finish**.
+ ## Test the demo MDT runbook
+ After the runbook is created, you are ready to test it.
+20. On the ribbon bar, click **Runbook Tester**.
+21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**:
+ - OSDComputerName: PC0010
+22. Verify that all activities are green (for additional information, see each target).
+23. Close the **Runbook Tester**.
+24. On the ribbon bar, click **Check In**.
+
+
+
+Figure 30. All tests completed.
+
+## Use the MDT demo runbook from MDT
+
+1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**.
+2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+ 1. Task sequence ID: OR001
+ 2. Task sequence name: Orchestrator Sample
+ 3. Task sequence comments: <blank>
+ 4. Template: Custom Task Sequence
+3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab.
+4. Remove the default **Application Install** action.
+5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option.
+6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings:
+ 1. Name: Set Task Sequence Variable
+ 2. Task Sequence Variable: OSDComputerName
+ 3. Value: %hostname%
+7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings:
+ 1. Orchestrator Server: OR01.contoso.com
+ 2. Use Browse to select **1.0 MDT / MDT Sample**.
+8. Click **OK**.
+
+
+
+Figure 31. The ready-made task sequence.
+
+## Run the orchestrator sample task sequence
+
+Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
+**Note**
+Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555).
+
+1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
+2. Using an elevated command prompt (run as Administrator), type the following command:
+
+ ``` syntax
+ cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
+ ```
+3. Complete the Windows Deployment Wizard using the following information:
+ 1. Task Sequence: Orchestrator Sample
+ 2. Credentials:
+ 1. User Name: MDT\_BA
+ 2. Password: P@ssw0rd
+ 3. Domain: CONTOSO
+4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated.
+
+
+
+Figure 32. The ready-made task sequence.
+
+## Related topics
+
+[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+
+[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+
+[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+
+[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+
+[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
+
+[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
+
+[Use web services in MDT](use-web-services-in-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index 895381896b..1ca54bbdb6 100644
--- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -1,96 +1,97 @@
----
-title: Use the MDT database to stage Windows 10 deployment information (Windows 10)
-description: This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini).
-ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.pagetype: mdt
-keywords: database, permissions, settings, configure, deploy
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Use the MDT database to stage Windows 10 deployment information
-
-This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). You can use this process, for example, to add the client machines you want to deploy, specify their computer names and IP addresses, indicate applications to be deployed, and determine many additional settings for the machines.
-
-## Database prerequisites
-
-MDT can use either SQL Server Express or full SQL Server, but since the deployment database isn't big, even in large enterprise environments, we recommend using the free SQL Server 2012 SP1 Express database in your environment.
-
->[!NOTE]
->Be sure to enable Named Pipes when configuring the SQL Server 2012 SP1 Express database. Although it is a legacy protocol, Named Pipes has proven to work well when connecting from Windows Preinstallation Environment (Windows PE) to the SQL Server database.
-
-## Create the deployment database
-
-The MDT database is by default created and managed from the Deployment Workbench. In these steps, we assume you have installed SQL Server 2012 SP1 Express on MDT01.
-
->[!NOTE]
->Since SQL Server 2012 SP1 Express runs by default on a separate instance (SQLEXPRESS), the SQL Server Browser service must be running, and the firewall configured to allow traffic to it. Port 1433 TCP and port 1434 UDP need to be opened for inbound traffic on MDT01.
-
-1. On MDT01, using Deployment Workbench, expand the MDT Production deployment share, expand **Advanced Configuration**, right-click **Database**, and select **New Database**.
-2. In the New DB Wizard, on the **SQL Server Details** page, enter the following settings and click **Next**:
- 1. SQL Server Name: MDT01
- 2. Instance: SQLEXPRESS
- 3. Port: <blank>
- 4. Network Library: Named Pipes
-3. On the **Database** page, select **Create a new database**; in the **Database** field, type **MDT** and click **Next**.
-4. On the **SQL Share** page, in the **SQL Share** field, type **Logs$** and click **Next**. Click **Next** again and then click **Finish**.
-
-
-
-Figure 8. The MDT database added to MDT01.
-
-## Configure database permissions
-
-After creating the database, you need to assign permissions to it. In MDT, the account you used to run the deployment is used to access the database. In this environment, the network access account is MDT\_BA.
-1. On MDT01, start SQL Server Management Studio.
-2. In the **Connect to Server** dialog box, in the **Server name** list, select **MDT01\\SQLEXPRESS** and click **Connect**.
-3. In the **Object Explorer** pane, expand the top-level **Security** node, right-click **Logins**, and select **New Login**.
-
- 
-
- Figure 9. The top-level Security node.
-
-4. On the **Login - New** page, next to the **Login** name field, click **Search**, and search for **CONTOSO\\MDT\_BA**. Then in the left pane, select **User Mapping**. Select the **MDT** database, and assign the following roles:
- 1. db\_datareader
- 2. public (default)
-5. Click **OK**, and close SQL Server Management Studio.
-
-
-
-Figure 10. Creating the login and settings permissions to the MDT database.
-
-## Create an entry in the database
-
-To start using the database, you add a computer entry and assign a description and computer name. Use the computer's MAC Address as the identifier.
-1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, expand **Advanced Configuration**, and expand **Database**.
-2. Right-click **Computers**, select **New**, and add a computer entry with the following settings:
- 1. Description: New York Site - PC00075
- 2. MacAddress: <PC00075 MAC Address in the 00:00:00:00:00:00 format>
- 3. Details Tab / OSDComputerName: PC00075
-
-
-
-Figure 11. Adding the PC00075 computer to the database.
-
-## Related topics
-
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-
-[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-
-[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-
-[Use web services in MDT](use-web-services-in-mdt.md)
-
-[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
+---
+title: Use MDT database to stage Windows 10 deployment info (Windows 10)
+description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database.
+ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.pagetype: mdt
+keywords: database, permissions, settings, configure, deploy
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Use the MDT database to stage Windows 10 deployment information
+
+This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). You can use this process, for example, to add the client machines you want to deploy, specify their computer names and IP addresses, indicate applications to be deployed, and determine many additional settings for the machines.
+
+## Database prerequisites
+
+MDT can use either SQL Server Express or full SQL Server, but since the deployment database isn't big, even in large enterprise environments, we recommend using the free SQL Server 2012 SP1 Express database in your environment.
+
+>[!NOTE]
+>Be sure to enable Named Pipes when configuring the SQL Server 2012 SP1 Express database. Although it is a legacy protocol, Named Pipes has proven to work well when connecting from Windows Preinstallation Environment (Windows PE) to the SQL Server database.
+
+## Create the deployment database
+
+The MDT database is by default created and managed from the Deployment Workbench. In these steps, we assume you have installed SQL Server 2012 SP1 Express on MDT01.
+
+>[!NOTE]
+>Since SQL Server 2012 SP1 Express runs by default on a separate instance (SQLEXPRESS), the SQL Server Browser service must be running, and the firewall configured to allow traffic to it. Port 1433 TCP and port 1434 UDP need to be opened for inbound traffic on MDT01.
+
+1. On MDT01, using Deployment Workbench, expand the MDT Production deployment share, expand **Advanced Configuration**, right-click **Database**, and select **New Database**.
+2. In the New DB Wizard, on the **SQL Server Details** page, enter the following settings and click **Next**:
+ 1. SQL Server Name: MDT01
+ 2. Instance: SQLEXPRESS
+ 3. Port: <blank>
+ 4. Network Library: Named Pipes
+3. On the **Database** page, select **Create a new database**; in the **Database** field, type **MDT** and click **Next**.
+4. On the **SQL Share** page, in the **SQL Share** field, type **Logs$** and click **Next**. Click **Next** again and then click **Finish**.
+
+
+
+Figure 8. The MDT database added to MDT01.
+
+## Configure database permissions
+
+After creating the database, you need to assign permissions to it. In MDT, the account you used to run the deployment is used to access the database. In this environment, the network access account is MDT\_BA.
+1. On MDT01, start SQL Server Management Studio.
+2. In the **Connect to Server** dialog box, in the **Server name** list, select **MDT01\\SQLEXPRESS** and click **Connect**.
+3. In the **Object Explorer** pane, expand the top-level **Security** node, right-click **Logins**, and select **New Login**.
+
+ 
+
+ Figure 9. The top-level Security node.
+
+4. On the **Login - New** page, next to the **Login** name field, click **Search**, and search for **CONTOSO\\MDT\_BA**. Then in the left pane, select **User Mapping**. Select the **MDT** database, and assign the following roles:
+ 1. db\_datareader
+ 2. public (default)
+5. Click **OK**, and close SQL Server Management Studio.
+
+
+
+Figure 10. Creating the login and settings permissions to the MDT database.
+
+## Create an entry in the database
+
+To start using the database, you add a computer entry and assign a description and computer name. Use the computer's MAC Address as the identifier.
+1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, expand **Advanced Configuration**, and expand **Database**.
+2. Right-click **Computers**, select **New**, and add a computer entry with the following settings:
+ 1. Description: New York Site - PC00075
+ 2. MacAddress: <PC00075 MAC Address in the 00:00:00:00:00:00 format>
+ 3. Details Tab / OSDComputerName: PC00075
+
+
+
+Figure 11. Adding the PC00075 computer to the database.
+
+## Related topics
+
+[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+
+[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+
+[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+
+[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+
+[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
+
+[Use web services in MDT](use-web-services-in-mdt.md)
+
+[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
index 4f7de42969..2d1cffeadc 100644
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@@ -1,6 +1,6 @@
---
title: Use web services in MDT (Windows 10)
-description: In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
+description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index ddc3a8a1da..19e35e39b3 100644
--- a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -1,110 +1,111 @@
----
-title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10)
-description: In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines.
-ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: deploy, task sequence
-ms.prod: w10
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 07/27/2017
-ms.topic: article
----
-
-# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
-
-
-**Applies to**
-
-- Windows 10 versions 1507, 1511
-
->[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
-
-In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
-
-For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
-
-## Add drivers for Windows PE
-
-
-This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the E:\\Sources\\OSD\\DriverSources\\WinPE x64 folder on CM01.
-
-1. On CM01, using the Configuration Manager Console, in the Software Library workspace, right-click the **Drivers** node and select **Import Driver**.
-
-2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**.
-
-3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**.
-
-4. On the **Select the packages to add the imported driver** page, click **Next**.
-
-5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice.
-
-
-
-*Figure 21. Add drivers to Windows PE*
-
->[!NOTE]
->The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two.
-
-
-## Add drivers for Windows 10
-
-
-This section illustrates how to add drivers for Windows 10 through an example in which you want to import Windows 10 drivers for the HP EliteBook 8560w model. For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the E:\\Sources\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w folder on CM01.
-
-1. On CM01, using the Configuration Manager Console, right-click the **Drivers** folder and select **Import Driver**.
-
-2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w** folder and click **Next**.
-
-3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**.
-
- 
-
- *Figure 22. Create driver categories*
-
-4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**:
-
- * Name: Windows 10 x64 - HP EliteBook 8560w
-
- * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w
-
- >[!NOTE]
- >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder.
-
-
-5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**.
-
- >[!NOTE]
- >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
-
- 
-
- *Figure 23. Drivers imported and a new driver package created*
-
-## Related topics
-
-
-[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
-
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-
-[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
-
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
-
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+---
+title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10)
+description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
+ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: deploy, task sequence
+ms.prod: w10
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 07/27/2017
+ms.topic: article
+---
+
+# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
+
+
+**Applies to**
+
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+
+In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
+
+For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+## Add drivers for Windows PE
+
+
+This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the E:\\Sources\\OSD\\DriverSources\\WinPE x64 folder on CM01.
+
+1. On CM01, using the Configuration Manager Console, in the Software Library workspace, right-click the **Drivers** node and select **Import Driver**.
+
+2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**.
+
+3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**.
+
+4. On the **Select the packages to add the imported driver** page, click **Next**.
+
+5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice.
+
+
+
+*Figure 21. Add drivers to Windows PE*
+
+>[!NOTE]
+>The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two.
+
+
+## Add drivers for Windows 10
+
+
+This section illustrates how to add drivers for Windows 10 through an example in which you want to import Windows 10 drivers for the HP EliteBook 8560w model. For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the E:\\Sources\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w folder on CM01.
+
+1. On CM01, using the Configuration Manager Console, right-click the **Drivers** folder and select **Import Driver**.
+
+2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w** folder and click **Next**.
+
+3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**.
+
+ 
+
+ *Figure 22. Create driver categories*
+
+4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**:
+
+ * Name: Windows 10 x64 - HP EliteBook 8560w
+
+ * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w
+
+ >[!NOTE]
+ >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder.
+
+
+5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**.
+
+ >[!NOTE]
+ >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
+
+ 
+
+ *Figure 23. Drivers imported and a new driver package created*
+
+## Related topics
+
+
+[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
+
+
+[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+
+[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+
+[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
+
+[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+
+[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
+
+[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
+
+[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
diff --git a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 34a005a021..975eb2a944 100644
--- a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,117 +1,118 @@
----
-title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
-ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: tool, customize, deploy, boot image
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Create a custom Windows PE boot image with Configuration Manager
-
-
-**Applies to**
-
-- Windows 10 versions 1507, 1511
-
->[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
-
-In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
-
-For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. Both are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
-
-## Add DaRT 10 files and prepare to brand the boot image
-
-
-The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. We assume you have downloaded Microsoft Desktop Optimization Pack (MDOP) 2015 and copied the x64 version of MSDaRT10.msi to the C:\\Setup\\DaRT 10 folder. We also assume you have created a custom background image and saved it in C:\\Setup\\Branding on CM01. In this section, we use a custom background image named ContosoBackground.bmp.
-
-1. Install DaRT 10 (C:\\Setup\\DaRT 10\\MSDaRT10.msi) using the default settings.
-
-2. Using File Explorer, navigate to the **C:\\Program Files\\Microsoft DaRT\\v10** folder.
-
-3. Copy the Toolsx64.cab file to the **C:\\Program Files\\Microsoft Deployment Toolkit\\Templates\\Distribution\\Tools\\x64** folder.
-
-4. Copy the Toolsx86.cab file to the **C:\\Program Files\\Microsoft Deployment Toolkit\\Templates\\Distribution\\Tools\\x86** folder.
-
-5. Using File Explorer, navigate to the **C:\\Setup** folder.
-
-6. Copy the **Branding** folder to **E:\\Sources\\OSD**.
-
-## Create a boot image for Configuration Manager using the MDT wizard
-
-
-By using the MDT wizard to create the boot image in Configuration Manager, you gain additional options for adding components and features to the boot image. In this section, you create a boot image for Configuration Manager using the MDT wizard.
-
-1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Boot Images**, and select **Create Boot Image using MDT**.
-
-2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**.
-
- >[!NOTE]
- >The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard.
-
-3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**.
-
-4. On the **Options** page, select the **x64** platform, and click **Next**.
-
-5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
-
- 
-
- Figure 15. Add the DaRT component to the Configuration Manager boot image.
-
-6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ ContosoBackground.bmp**. Then click **Next** twice.
-
- >[!NOTE]
- >It will take a few minutes to generate the boot image.
-
-7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
-
-8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
-
-9. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads STATMSG: ID=2301. You also can view Content Status in the Configuration Manager Console by selecting **the Zero Touch WinPE x86** boot image.
-
- 
-
- Figure 16. Content status for the Zero Touch WinPE x64 boot image
-
-10. Using the Configuration Manager Console, right-click the **Zero Touch WinPE x64** boot image and select **Properties**.
-
-11. In the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and click **OK**.
-
-12. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: Expanding PS10000B to E:\\RemoteInstall\\SMSImages.
-
-13. Review the **E:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS10000B) is from your new boot image with DaRT.
-
-## Related topics
-
-
-[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-
-[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
-
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
-
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-
-
-
-
+---
+title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
+description: Microsoft System Center 2012 R2 Configuration Manager can create custom Windows Preinstallation Environment (Windows PE) boot images with extra features.
+ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: tool, customize, deploy, boot image
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Create a custom Windows PE boot image with Configuration Manager
+
+
+**Applies to**
+
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+
+In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
+
+For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. Both are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+## Add DaRT 10 files and prepare to brand the boot image
+
+
+The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. We assume you have downloaded Microsoft Desktop Optimization Pack (MDOP) 2015 and copied the x64 version of MSDaRT10.msi to the C:\\Setup\\DaRT 10 folder. We also assume you have created a custom background image and saved it in C:\\Setup\\Branding on CM01. In this section, we use a custom background image named ContosoBackground.bmp.
+
+1. Install DaRT 10 (C:\\Setup\\DaRT 10\\MSDaRT10.msi) using the default settings.
+
+2. Using File Explorer, navigate to the **C:\\Program Files\\Microsoft DaRT\\v10** folder.
+
+3. Copy the Toolsx64.cab file to the **C:\\Program Files\\Microsoft Deployment Toolkit\\Templates\\Distribution\\Tools\\x64** folder.
+
+4. Copy the Toolsx86.cab file to the **C:\\Program Files\\Microsoft Deployment Toolkit\\Templates\\Distribution\\Tools\\x86** folder.
+
+5. Using File Explorer, navigate to the **C:\\Setup** folder.
+
+6. Copy the **Branding** folder to **E:\\Sources\\OSD**.
+
+## Create a boot image for Configuration Manager using the MDT wizard
+
+
+By using the MDT wizard to create the boot image in Configuration Manager, you gain additional options for adding components and features to the boot image. In this section, you create a boot image for Configuration Manager using the MDT wizard.
+
+1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Boot Images**, and select **Create Boot Image using MDT**.
+
+2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**.
+
+ >[!NOTE]
+ >The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard.
+
+3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**.
+
+4. On the **Options** page, select the **x64** platform, and click **Next**.
+
+5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
+
+ 
+
+ Figure 15. Add the DaRT component to the Configuration Manager boot image.
+
+6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ ContosoBackground.bmp**. Then click **Next** twice.
+
+ >[!NOTE]
+ >It will take a few minutes to generate the boot image.
+
+7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
+
+8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
+
+9. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads STATMSG: ID=2301. You also can view Content Status in the Configuration Manager Console by selecting **the Zero Touch WinPE x86** boot image.
+
+ 
+
+ Figure 16. Content status for the Zero Touch WinPE x64 boot image
+
+10. Using the Configuration Manager Console, right-click the **Zero Touch WinPE x64** boot image and select **Properties**.
+
+11. In the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and click **OK**.
+
+12. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: Expanding PS10000B to E:\\RemoteInstall\\SMSImages.
+
+13. Review the **E:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS10000B) is from your new boot image with DaRT.
+
+## Related topics
+
+
+[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
+
+[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+
+[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
+
+[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+
+[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
+
+[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
+
+[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
+
+[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+
+
+
diff --git a/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index e86096e831..19ffe1ae2a 100644
--- a/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -1,107 +1,108 @@
----
-title: Create an application to deploy with Windows 10 using Configuration Manager (Windows 10)
-description: Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
-ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: deployment, task sequence, custom, customize
-ms.prod: w10
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Create an application to deploy with Windows 10 using Configuration Manager
-
-
-**Applies to**
-
-- Windows 10 versions 1507, 1511
-
->[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
-
-Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in System Center 2012 R2 Configuration Manager that you later configure the task sequence to use.
-
-For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
-
->[!NOTE]
->Even though the new application model is fully supported to deploy via the task sequence, the most reliable way to deploy software via the task sequence is still the legacy packages, especially if you deploy many applications.
-
-## Example: Create the Adobe Reader XI application
-
-
-The following steps show you how to create the Adobe Reader XI application. This section assumes that you have downloaded the MSI version of Adobe Reader XI to the C:\\Setup\\Adobe Reader XI folder on CM01.
-
-1. On CM01, using File Explorer, copy the **C:\\Setup\\Adobe Reader XI** folder to the **E:\\Sources\\Software\\Adobe** folder.
-
-2. Using the Configuration Manager Console, in the Software Library workspace, expand **Application Management**.
-
-3. Right-click **Applications** and select **Folder / Create Folder**. Assign the name **OSD**.
-
-4. Right-click the **OSD** folder, and select **Create Application**.
-
-5. In the Create Application Wizard, on the **General** page, use the following settings:
-
- * Automatically detect information about this application from installation files
-
- * Type: Windows Installer (\*.msi file)
-
- * Location: \\\\CM01\\Sources$\\Software\\Adobe\\Adobe Reader XI
-
- * \\AdbeRdr11000\_en\_US.msi
-
- 
-
- *Figure 19. The Create Application Wizard*
-
-6. Click **Next**, and wait while Configuration Manager parses the MSI file.
-
-7. On the **Import Information** page, review the information and then click **Next**.
-
-8. On the **General Information** page, name the application Adobe Reader XI - OSD Install, click **Next** twice, and then click **Close**.
-
- >[!NOTE]
- >Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence.
-
- 
-
- *Figure 20. Add the "OSD Install" suffix to the application name*
-
-9. In the **Applications** node, select the Adobe Reader XI - OSD Install application, and click **Properties** on the ribbon bar.
-
-10. In the **General Information** tab, select the **Allow this application to be installed from the Install Application task sequence action without being deployed** check box, and click **OK**.
-
-## Related topics
-
-
-[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-
-[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
-
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
-
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-
-
-
-
-
-
-
-
-
+---
+title: Create an app to deploy with Windows 10 using Configuration Manager
+description: Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
+ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: deployment, task sequence, custom, customize
+ms.prod: w10
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Create an application to deploy with Windows 10 using Configuration Manager
+
+
+**Applies to**
+
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+
+Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in System Center 2012 R2 Configuration Manager that you later configure the task sequence to use.
+
+For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+>[!NOTE]
+>Even though the new application model is fully supported to deploy via the task sequence, the most reliable way to deploy software via the task sequence is still the legacy packages, especially if you deploy many applications.
+
+## Example: Create the Adobe Reader XI application
+
+
+The following steps show you how to create the Adobe Reader XI application. This section assumes that you have downloaded the MSI version of Adobe Reader XI to the C:\\Setup\\Adobe Reader XI folder on CM01.
+
+1. On CM01, using File Explorer, copy the **C:\\Setup\\Adobe Reader XI** folder to the **E:\\Sources\\Software\\Adobe** folder.
+
+2. Using the Configuration Manager Console, in the Software Library workspace, expand **Application Management**.
+
+3. Right-click **Applications** and select **Folder / Create Folder**. Assign the name **OSD**.
+
+4. Right-click the **OSD** folder, and select **Create Application**.
+
+5. In the Create Application Wizard, on the **General** page, use the following settings:
+
+ * Automatically detect information about this application from installation files
+
+ * Type: Windows Installer (\*.msi file)
+
+ * Location: \\\\CM01\\Sources$\\Software\\Adobe\\Adobe Reader XI
+
+ * \\AdbeRdr11000\_en\_US.msi
+
+ 
+
+ *Figure 19. The Create Application Wizard*
+
+6. Click **Next**, and wait while Configuration Manager parses the MSI file.
+
+7. On the **Import Information** page, review the information and then click **Next**.
+
+8. On the **General Information** page, name the application Adobe Reader XI - OSD Install, click **Next** twice, and then click **Close**.
+
+ >[!NOTE]
+ >Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence.
+
+ 
+
+ *Figure 20. Add the "OSD Install" suffix to the application name*
+
+9. In the **Applications** node, select the Adobe Reader XI - OSD Install application, and click **Properties** on the ribbon bar.
+
+10. In the **General Information** tab, select the **Allow this application to be installed from the Install Application task sequence action without being deployed** check box, and click **OK**.
+
+## Related topics
+
+
+[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
+
+[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+
+[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+
+[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
+
+[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
+
+[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
+
+[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
+
+[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 097ab5c60f..bad7159496 100644
--- a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -1,6 +1,6 @@
---
-title: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager (Windows 10)
-description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
+title: Finalize operating system configuration for Windows 10 deployment
+description: Follow this walk-through to finalize the configuration of your Windows 10 operating deployment.
ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md
index c0e59fd398..e09b542e0e 100644
--- a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md
@@ -1,88 +1,89 @@
----
-title: Monitor the Windows 10 deployment with Configuration Manager (Windows 10)
-description: In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench.
-ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: deploy, upgrade
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Monitor the Windows 10 deployment with Configuration Manager
-
-
-**Applies to**
-
-- Windows 10 versions 1507, 1511
-
->[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
-
-In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench. You will also use the Deployment Workbench to access the computer remotely via the Microsoft Diagnostics and Recovery Toolkit (DaRT) Remote Connection feature.
-
-For the purposes of this topic, we will use four machines: DC01, CM01, and PC0001. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0001 is a Unified Extensible Firmware Interface (UEFI) machine to which Windows 10 Enterprise has been deployed. DC01, CM01, and PC0001 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
-
-To monitor an operating system deployment conducted through System Center 2012 R2 Configuration Manager, you will use the Deployment Workbench in MDT as follows:
-
-1. On CM01, using the Deployment Workbench, expand **MDT Production**, and use the **Monitoring** node to view the deployment process (press **F5** to refresh).
-
- >[!NOTE]
- >It takes a little while for the task sequence to start reporting monitor information, so if PC0001 does not appear when you press F5 the first time, wait 20 seconds and try again.
-
- 
-
- *Figure 33. PC0001 being deployed by Configuration Manager*
-
-2. When you see the PC0001 entry, double-click **PC0001**, and then click **DaRT Remote Control** and review the **Remote Control** option.
-
-3. The task sequence will now run and do the following:
-
- * Install the Windows 10 operating system.
-
- * Install the Configuration Manager client and the client hotfix.
-
- * Join the machine to the domain.
-
- * Install the application added to the task sequence.
-
- >[!NOTE]
- >You also can use the built-in reports to get information about ongoing deployments. For example, a task sequence report gives you a quick overview of the task sequence progress.
-
-4. If time permits, allow the deployment of PC0001 to complete. Then log in as Administrator in the CONTOSO domain and verify that Adobe Reader XI was installed.
-
-## Related topics
-
-
-[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-
-[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
-
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-
-
-
-
-
-
-
-
-
+---
+title: Monitor the Windows 10 deployment with Configuration Manager
+description: Learn how to monitor a Windows 10 deployment with Configuration Manager. Use the Deployment Workbench to access the computer remotely.
+ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: deploy, upgrade
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Monitor the Windows 10 deployment with Configuration Manager
+
+
+**Applies to**
+
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+
+In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench. You will also use the Deployment Workbench to access the computer remotely via the Microsoft Diagnostics and Recovery Toolkit (DaRT) Remote Connection feature.
+
+For the purposes of this topic, we will use four machines: DC01, CM01, and PC0001. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0001 is a Unified Extensible Firmware Interface (UEFI) machine to which Windows 10 Enterprise has been deployed. DC01, CM01, and PC0001 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+To monitor an operating system deployment conducted through System Center 2012 R2 Configuration Manager, you will use the Deployment Workbench in MDT as follows:
+
+1. On CM01, using the Deployment Workbench, expand **MDT Production**, and use the **Monitoring** node to view the deployment process (press **F5** to refresh).
+
+ >[!NOTE]
+ >It takes a little while for the task sequence to start reporting monitor information, so if PC0001 does not appear when you press F5 the first time, wait 20 seconds and try again.
+
+ 
+
+ *Figure 33. PC0001 being deployed by Configuration Manager*
+
+2. When you see the PC0001 entry, double-click **PC0001**, and then click **DaRT Remote Control** and review the **Remote Control** option.
+
+3. The task sequence will now run and do the following:
+
+ * Install the Windows 10 operating system.
+
+ * Install the Configuration Manager client and the client hotfix.
+
+ * Join the machine to the domain.
+
+ * Install the application added to the task sequence.
+
+ >[!NOTE]
+ >You also can use the built-in reports to get information about ongoing deployments. For example, a task sequence report gives you a quick overview of the task sequence progress.
+
+4. If time permits, allow the deployment of PC0001 to complete. Then log in as Administrator in the CONTOSO domain and verify that Adobe Reader XI was installed.
+
+## Related topics
+
+
+[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
+
+[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+
+[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+
+[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
+
+[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+
+[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
+
+[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
+
+[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index d7435593a7..2951abbc45 100644
--- a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -1,6 +1,6 @@
---
title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10)
-description: This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
+description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 78e75ded51..f807d3f0e8 100644
--- a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -1,147 +1,148 @@
----
-title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
-description: This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2.
-ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: upgrade, install, installation, computer refresh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
-
-
-**Applies to**
-
-- Windows 10 versions 1507, 1511
-
->[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
-
-This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
-
-A computer refresh with System Center 2012 R2 Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager involves the following steps:
-
-1. Data and settings are backed up locally in a backup folder.
-
-2. The partition is wiped, except for the backup folder.
-
-3. The new operating system image is applied.
-
-4. Other applications are installed.
-
-5. Data and settings are restored.
-
-For the purposes of this topic, we will use three machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0003 is a machine with Windows 7 SP1, on which Windows 10 will be deployed. DC01, CM01, and PC003 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
-
-In this topic, we assume that you have a Windows 7 SP1 client named PC0003 with the Configuration Manager client installed.
-
-## Create a device collection and add the PC0003 computer
-
-
-1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
-
- * General
-
- * Name: Install Windows 10 Enterprise x64
-
- * Limited Collection: All Systems
-
- * Membership rules:
-
- * Direct rule
-
- * Resource Class: System Resource
-
- * Attribute Name: Name
-
- * Value: PC0003
-
- * Select **Resources**
-
- * Select **PC0003**
-
-2. Review the Install Windows 10 Enterprise x64 collection. Do not continue until you see the PC0003 machine in the collection.
-
- >[!NOTE]
- >It may take a short while for the collection to refresh; you can view progress via the Colleval.log file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership.
-
-
-
-## Create a new deployment
-
-
-Using the Configuration Manager console, in the Software Library workspace, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the following settings:
-
-- General
-
- - Collection: Install Windows 10 Enterprise x64
-
-- Deployment Settings
-
- - Purpose: Available
-
- - Make available to the following: Configuration Manager clients, media and PXE
-
- >[!NOTE]
- >It is not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point.
-
-
-
-- Scheduling
-
- - <default>
-
-- User Experience
-
- - <default>
-
-- Alerts
-
- - <default>
-
-- Distribution Points
-
- - <default>
-
-## Initiate a computer refresh
-
-
-Now you can start the computer refresh on PC0003.
-
-1. Using the Configuration Manager console, in the Asset and Compliance workspace, in the Install Windows 10 Enterprise x64 collection, right-click **PC0003** and select **Client Notification / Download Computer Policy**. Click **OK**.
-
- >[!NOTE]
- >The Client Notification feature is new in Configuration Manager.
-
-2. On PC0003, using the Software Center (begin using the Start screen, or click the **New software is available** balloon in the system tray), select the **Windows 10 Enterprise x64 RTM** deployment and click **INSTALL**.
-
-3. In the **Software Center** warning dialog box, click **INSTALL OPERATING SYSTEM**.
-
-## Related topics
-
-
-[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
-
-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-
-[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
-
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
-
-[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+---
+title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
+description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
+ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: upgrade, install, installation, computer refresh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
+
+
+**Applies to**
+
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+
+This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
+
+A computer refresh with System Center 2012 R2 Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager involves the following steps:
+
+1. Data and settings are backed up locally in a backup folder.
+
+2. The partition is wiped, except for the backup folder.
+
+3. The new operating system image is applied.
+
+4. Other applications are installed.
+
+5. Data and settings are restored.
+
+For the purposes of this topic, we will use three machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0003 is a machine with Windows 7 SP1, on which Windows 10 will be deployed. DC01, CM01, and PC003 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+In this topic, we assume that you have a Windows 7 SP1 client named PC0003 with the Configuration Manager client installed.
+
+## Create a device collection and add the PC0003 computer
+
+
+1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
+
+ * General
+
+ * Name: Install Windows 10 Enterprise x64
+
+ * Limited Collection: All Systems
+
+ * Membership rules:
+
+ * Direct rule
+
+ * Resource Class: System Resource
+
+ * Attribute Name: Name
+
+ * Value: PC0003
+
+ * Select **Resources**
+
+ * Select **PC0003**
+
+2. Review the Install Windows 10 Enterprise x64 collection. Do not continue until you see the PC0003 machine in the collection.
+
+ >[!NOTE]
+ >It may take a short while for the collection to refresh; you can view progress via the Colleval.log file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership.
+
+
+
+## Create a new deployment
+
+
+Using the Configuration Manager console, in the Software Library workspace, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the following settings:
+
+- General
+
+ - Collection: Install Windows 10 Enterprise x64
+
+- Deployment Settings
+
+ - Purpose: Available
+
+ - Make available to the following: Configuration Manager clients, media and PXE
+
+ >[!NOTE]
+ >It is not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point.
+
+
+
+- Scheduling
+
+ - <default>
+
+- User Experience
+
+ - <default>
+
+- Alerts
+
+ - <default>
+
+- Distribution Points
+
+ - <default>
+
+## Initiate a computer refresh
+
+
+Now you can start the computer refresh on PC0003.
+
+1. Using the Configuration Manager console, in the Asset and Compliance workspace, in the Install Windows 10 Enterprise x64 collection, right-click **PC0003** and select **Client Notification / Download Computer Policy**. Click **OK**.
+
+ >[!NOTE]
+ >The Client Notification feature is new in Configuration Manager.
+
+2. On PC0003, using the Software Center (begin using the Start screen, or click the **New software is available** balloon in the system tray), select the **Windows 10 Enterprise x64 RTM** deployment and click **INSTALL**.
+
+3. In the **Software Center** warning dialog box, click **INSTALL OPERATING SYSTEM**.
+
+## Related topics
+
+
+[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
+
+[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+
+[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+
+[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
+
+[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+
+[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
+
+[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
+
+[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
+
+[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index 90bcabb6d6..e9b3ec607d 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -4,13 +4,15 @@ description: Deploying Windows 10 for IT professionals.
ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
ms.reviewer:
manager: laurawi
-ms.audience: itpro
author: greg-lindsay
+ms.audience: itpro
+author: greg-lindsay
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
ms.date: 11/06/2018
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
ms.topic: article
---
@@ -35,7 +37,7 @@ Windows 10 upgrade options are discussed and information is provided about plann
## Related topics
-[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
+[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index cf43dc83df..d90a888be9 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -21,7 +21,9 @@
"files": [
"**/*.png",
"**/*.jpg",
- "**/*.gif"
+ "**/*.gif",
+ "**/*.pdf",
+ "**/*.vsdx"
],
"exclude": [
"**/obj/**",
@@ -45,7 +47,8 @@
"depot_name": "MSDN.win-development",
"folder_relative_path_in_docset": "./"
}
- }
+ },
+ "titleSuffix": "Windows Deployment"
},
"fileMetadata": {},
"template": [],
diff --git a/windows/deployment/images/sa-mfa1.png b/windows/deployment/images/sa-mfa1.png
new file mode 100644
index 0000000000..045e5a7794
Binary files /dev/null and b/windows/deployment/images/sa-mfa1.png differ
diff --git a/windows/deployment/images/sa-mfa2.png b/windows/deployment/images/sa-mfa2.png
new file mode 100644
index 0000000000..1964a7b263
Binary files /dev/null and b/windows/deployment/images/sa-mfa2.png differ
diff --git a/windows/deployment/images/sa-mfa3.png b/windows/deployment/images/sa-mfa3.png
new file mode 100644
index 0000000000..8987eac97b
Binary files /dev/null and b/windows/deployment/images/sa-mfa3.png differ
diff --git a/windows/deployment/media/Windows10AutopilotFlowchart.pdf b/windows/deployment/media/Windows10AutopilotFlowchart.pdf
new file mode 100644
index 0000000000..5ab6f1c52e
Binary files /dev/null and b/windows/deployment/media/Windows10AutopilotFlowchart.pdf differ
diff --git a/windows/deployment/media/Windows10Autopilotflowchart.vsdx b/windows/deployment/media/Windows10Autopilotflowchart.vsdx
new file mode 100644
index 0000000000..ef702ab66b
Binary files /dev/null and b/windows/deployment/media/Windows10Autopilotflowchart.vsdx differ
diff --git a/windows/deployment/media/Windows10DeploymentConfigManager.pdf b/windows/deployment/media/Windows10DeploymentConfigManager.pdf
new file mode 100644
index 0000000000..ac27941579
Binary files /dev/null and b/windows/deployment/media/Windows10DeploymentConfigManager.pdf differ
diff --git a/windows/deployment/media/Windows10DeploymentConfigManager.vsdx b/windows/deployment/media/Windows10DeploymentConfigManager.vsdx
new file mode 100644
index 0000000000..5c5328cb5f
Binary files /dev/null and b/windows/deployment/media/Windows10DeploymentConfigManager.vsdx differ
diff --git a/windows/deployment/media/windows10-autopilot-flowchart.png b/windows/deployment/media/windows10-autopilot-flowchart.png
new file mode 100644
index 0000000000..878c9d483d
Binary files /dev/null and b/windows/deployment/media/windows10-autopilot-flowchart.png differ
diff --git a/windows/deployment/media/windows10-deployment-config-manager.png b/windows/deployment/media/windows10-deployment-config-manager.png
new file mode 100644
index 0000000000..af6c8313e0
Binary files /dev/null and b/windows/deployment/media/windows10-deployment-config-manager.png differ
diff --git a/windows/deployment/planning/TOC.md b/windows/deployment/planning/TOC.md
index c9dd77d2d6..fc4cb8fefa 100644
--- a/windows/deployment/planning/TOC.md
+++ b/windows/deployment/planning/TOC.md
@@ -6,11 +6,8 @@
## Features removed or planned for replacement
### [Windows 10 features lifecycle](features-lifecycle.md)
-### [Windows 10, version 1903](windows-10-1903-removed-features.md)
-### [Windows 10, version 1809](windows-10-1809-removed-features.md)
-### [Windows 10, version 1803](windows-10-1803-removed-features.md)
-### [Windows 10, version 1709](windows-10-1709-removed-features.md)
-### [Windows 10, version 1703](windows-10-1703-removed-features.md)
+### [Features we're no longer developing](windows-10-deprecated-features.md)
+### [Features we removed](windows-10-removed-features.md)
## Application Compatibility Toolkit (ACT)
### [Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md)
diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md
index b40be1932a..fe7585f713 100644
--- a/windows/deployment/planning/act-technical-reference.md
+++ b/windows/deployment/planning/act-technical-reference.md
@@ -1,48 +1,49 @@
----
-title: Application Compatibility Toolkit (ACT) Technical Reference (Windows 10)
-description: The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system.
-ms.assetid: d90d38b2-2718-4481-90eb-4480719627ba
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Application Compatibility Toolkit (ACT) Technical Reference
-
-
-**Applies to**
-- Windows 10, version 1607
-
->[!IMPORTANT]
->We've replaced the majority of functionality included in the Application Compatibility Toolkit (ACT) with [Windows Analytics](../update/windows-analytics-overview.md), a solution in the Microsoft Operations Management Suite. Windows Analytics gives enterprises the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.
-
-Microsoft developed Windows Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Windows Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10.
-
-With Windows diagnostic data enabled, Windows Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
-
-Use Windows Analytics to get:
-- A visual workflow that guides you from pilot to production
-- Detailed computer and application inventory
-- Powerful computer level search and drill-downs
-- Guidance and insights into application and driver compatibility issues, with suggested fixes
-- Data driven application rationalization tools
-- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
-- Data export to commonly used software deployment tools, including System Center Configuration Manager
-
-The Windows Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
-
-At the same time, we've kept the Standard User Analyzer tool, which helps you test your apps and to monitor API calls for potential compatibility issues, and the Compatibility Administrator, which helps you to resolve potential compatibility issues.
-
-## In this section
-
-|Topic |Description |
-|------|------------|
-|[Standard User Analyzer (SUA) User's Guide](sua-users-guide.md) |The Standard User Analyzer (SUA) helps you test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows. |
-|[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) |The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. |
-|[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) |You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. |
+---
+title: Application Compatibility Toolkit (ACT) Technical Reference (Windows 10)
+description: The Microsoft Application Compatibility Toolkit (ACT) helps you see if the apps and devices in your org are compatible with different versions of Windows.
+ms.assetid: d90d38b2-2718-4481-90eb-4480719627ba
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Application Compatibility Toolkit (ACT) Technical Reference
+
+
+**Applies to**
+- Windows 10, version 1607
+
+>[!IMPORTANT]
+>We've replaced the majority of functionality included in the Application Compatibility Toolkit (ACT) with [Windows Analytics](../update/windows-analytics-overview.md), a solution in the Microsoft Operations Management Suite. Windows Analytics gives enterprises the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.
+
+Microsoft developed Windows Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Windows Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10.
+
+With Windows diagnostic data enabled, Windows Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
+
+Use Windows Analytics to get:
+- A visual workflow that guides you from pilot to production
+- Detailed computer and application inventory
+- Powerful computer level search and drill-downs
+- Guidance and insights into application and driver compatibility issues, with suggested fixes
+- Data driven application rationalization tools
+- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
+- Data export to commonly used software deployment tools, including System Center Configuration Manager
+
+The Windows Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
+
+At the same time, we've kept the Standard User Analyzer tool, which helps you test your apps and to monitor API calls for potential compatibility issues, and the Compatibility Administrator, which helps you to resolve potential compatibility issues.
+
+## In this section
+
+|Topic |Description |
+|------|------------|
+|[Standard User Analyzer (SUA) User's Guide](sua-users-guide.md) |The Standard User Analyzer (SUA) helps you test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows. |
+|[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) |The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. |
+|[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) |You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. |
diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
index 5222062842..5edd92497e 100644
--- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
+++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
@@ -1,100 +1,101 @@
----
-title: Applying Filters to Data in the SUA Tool (Windows 10)
-description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you.
-ms.assetid: 48c39919-3501-405d-bcf5-d2784cbb011f
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Applying Filters to Data in the SUA Tool
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you.
-
-**To apply filters to data in the SUA tool**
-
-1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
-
-2. After you finish testing, in the SUA tool, click a tab that shows issues that the SUA tool has found. All tabs except the **App Info** tab can show issues.
-
-3. On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands.
-
-
-
-
-
-
-
-
-
Options menu command
-
Description
-
-
-
-
-
Filter Noise
-
Filters noise from the issues.
-
This command is selected by default.
-
-
-
Load Noise Filter File
-
Opens the Open Noise Filter File dialog box, in which you can load an existing noise filter (.xml) file.
-
-
-
Export Noise Filter File
-
Opens the Save Noise Filter File dialog box, in which you can save filter settings as a noise filter (.xml) file.
-
-
-
Only Display Records with Application Name in StackTrace
-
Filters out records that do not have the application name in the stack trace.
-
However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.
-
-
-
Show More Details in StackTrace
-
Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.
-
-
-
Warn Before Deleting AppVerifier Logs
-
Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.
-
This command is selected by default.
-
-
-
Logging
-
Provides the following logging-related options:
-
-
Show or hide log errors.
-
Show or hide log warnings.
-
Show or hide log information.
-
-
To maintain a manageable file size, we recommend that you do not select the option to show informational messages.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+---
+title: Applying Filters to Data in the SUA Tool (Windows 10)
+description: Learn how to apply filters to results from the Standard User Analyzer (SUA) tool while testing your application.
+ms.assetid: 48c39919-3501-405d-bcf5-d2784cbb011f
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Applying Filters to Data in the SUA Tool
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you.
+
+**To apply filters to data in the SUA tool**
+
+1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
+
+2. After you finish testing, in the SUA tool, click a tab that shows issues that the SUA tool has found. All tabs except the **App Info** tab can show issues.
+
+3. On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands.
+
+
+
+
+
+
+
+
+
Options menu command
+
Description
+
+
+
+
+
Filter Noise
+
Filters noise from the issues.
+
This command is selected by default.
+
+
+
Load Noise Filter File
+
Opens the Open Noise Filter File dialog box, in which you can load an existing noise filter (.xml) file.
+
+
+
Export Noise Filter File
+
Opens the Save Noise Filter File dialog box, in which you can save filter settings as a noise filter (.xml) file.
+
+
+
Only Display Records with Application Name in StackTrace
+
Filters out records that do not have the application name in the stack trace.
+
However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.
+
+
+
Show More Details in StackTrace
+
Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.
+
+
+
Warn Before Deleting AppVerifier Logs
+
Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.
+
This command is selected by default.
+
+
+
Logging
+
Provides the following logging-related options:
+
+
Show or hide log errors.
+
Show or hide log warnings.
+
Show or hide log information.
+
+
To maintain a manageable file size, we recommend that you do not select the option to show informational messages.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
index bc1991c752..aa63171e92 100644
--- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
@@ -1,6 +1,6 @@
---
title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista (Windows 10)
-description: You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions.
+description: Find compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10.
ms.assetid: cd51c824-557f-462a-83bb-54b0771b7dff
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
index c434f06486..bb66b25095 100644
--- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
@@ -1,5 +1,5 @@
---
-title: Creating a Custom Compatibility Mode in Compatibility Administrator (Windows 10)
+title: Create a Custom Compatibility Mode (Windows 10)
description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues.
ms.assetid: 661a1c0d-267f-4a79-8445-62a9a98d09b0
ms.reviewer:
diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
index e4ebfef4e3..c35e379797 100644
--- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
@@ -1,6 +1,6 @@
---
-title: Creating an AppHelp Message in Compatibility Administrator (Windows 10)
-description: The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.
+title: Create AppHelp Message in Compatibility Administrator (Windows 10)
+description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system.
ms.assetid: 5c6e89f5-1942-4aa4-8439-ccf0ecd02848
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index 1e0d36aca0..a59b98bcff 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,39 +1,44 @@
----
-title: Windows 10 features lifecycle
-description: Learn about the lifecycle of Windows 10 features
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-manager: laurawi
-ms.author: greglin
-ms.topic: article
----
-# Windows 10 features lifecycle
-
-- Applies to: Windows 10
-
-Each release of Windows 10 contains many new and improved features. Occasionally we also remove features and functionality, usually because there is a better option.
-
-## Features removed or planned for replacement
-
-See the following for details about feature support for each release of Windows 10.
-
-[Windows 10, version 1903](windows-10-1903-removed-features.md)
-[Windows 10, version 1809](windows-10-1809-removed-features.md)
-[Windows 10, version 1803](windows-10-1803-removed-features.md)
-[Windows 10, version 1709](windows-10-1709-removed-features.md)
-[Windows 10, version 1703](windows-10-1703-removed-features.md)
-
-Also see: [Windows 10 release information](https://docs.microsoft.com/windows/release-information/)
-
-## Terminology
-
-The following terms can be used to describe the status that might be assigned to a feature during its lifecycle.
-
-- **Deprecation**: The stage of the product lifecycle when a feature or functionality is no longer in active development and may be removed in future releases of a product or online service.
-- **End of support**: The stage of the product lifecycle when support and servicing are no longer available for a product.
-- **Retirement**: The stage of the product lifecycle when an online service is shut down so that it is no longer available for use.
-- **Remove or retire a feature**: The stage of the product lifecycle when a feature or functionality is removed from an online service after it has been deprecated.
-- **Replace a feature**: The stage of the product lifecycle when a feature or functionality in an online service is replaced with a different feature or functionality.
+---
+title: Windows 10 features lifecycle
+description: Learn about the lifecycle of Windows 10 features
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+manager: laurawi
+ms.author: greglin
+ms.topic: article
+---
+# Windows 10 features lifecycle
+
+- Applies to: Windows 10
+
+Each release of Windows 10 contains many new and improved features. Occasionally we also remove features and functionality, usually because there is a better option.
+
+## Features no longer being developed
+
+The following topic lists features that are no longer being developed. These features might be removed in a future release.
+
+[Windows 10 features we’re no longer developing](windows-10-deprecated-features.md)
+
+## Features removed
+
+The following topic has details about features that have been removed from Windows 10.
+
+[Windows 10 features we removed](windows-10-removed-features.md)
+
+## Terminology
+
+The following terms can be used to describe the status that might be assigned to a feature during its lifecycle.
+
+- **Deprecation**: The stage of the product lifecycle when a feature or functionality is no longer in active development and may be removed in future releases of a product or online service.
+- **End of support**: The stage of the product lifecycle when support and servicing are no longer available for a product.
+- **Retirement**: The stage of the product lifecycle when an service is shut down so that it is no longer available for use.
+- **Remove or retire a feature**: The stage of the product lifecycle when a feature or functionality is removed from a service after it has been deprecated.
+- **Replace a feature**: The stage of the product lifecycle when a feature or functionality in a service is replaced with a different feature or functionality.
+
+## Also see
+
+[Windows 10 release information](https://docs.microsoft.com/windows/release-information/)
diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md
index 454580a0c1..6f28178063 100644
--- a/windows/deployment/planning/index.md
+++ b/windows/deployment/planning/index.md
@@ -1,6 +1,6 @@
---
title: Plan for Windows 10 deployment (Windows 10)
-description: Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date.
+description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date.
ms.assetid: 002F9B79-B50F-40C5-A7A5-0B4770E6EC15
keywords: deploy, upgrade, update, configure
ms.prod: w10
diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
index f8f502fe93..e066e2b214 100644
--- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
@@ -1,5 +1,5 @@
---
-title: Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator (Windows 10)
+title: Install/Uninstall Custom Databases (Windows 10)
description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases.
ms.assetid: 659c9d62-5f32-433d-94aa-12141c01368f
ms.reviewer:
diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
index 47e9283fef..3aac6db8f1 100644
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
@@ -1,66 +1,67 @@
----
-title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10)
-description: This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.
-ms.assetid: 9c2e9396-908e-4a36-ad67-2e40452ce017
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Managing Application-Compatibility Fixes and Custom Fix Databases
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.
-
-## In this section
-
-
-
As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.
After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:
This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.
-
-
-
-
-
-
-## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
-[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
+---
+title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10)
+description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases.
+ms.assetid: 9c2e9396-908e-4a36-ad67-2e40452ce017
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Managing Application-Compatibility Fixes and Custom Fix Databases
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.
+
+## In this section
+
+
+
As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.
After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:
This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.
+
+
+
+
+
+
+## Related topics
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
+
+[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
index 955117dcd6..f0e3ef4473 100644
--- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
@@ -1,6 +1,6 @@
---
title: Searching for Fixed Applications in Compatibility Administrator (Windows 10)
-description: With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages.
+description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages.
ms.assetid: 1051a2dc-0362-43a4-8ae8-07dae39b1cb8
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
index 5bc84062d1..6135a8daf8 100644
--- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
@@ -30,13 +30,8 @@ You can access the Query tool from within Compatibility Administrator. The Query
For information about the Search feature, see [Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md). However, the Query tool provides more detailed search criteria, including tabs that enable you to search the program properties, the compatibility fix properties, and the fix description. You can perform a search by using SQL SELECT and WHERE clauses, in addition to searching specific types of databases.
-<<<<<<< HEAD
> [!IMPORTANT]
> You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
-=======
->[!IMPORTANT]
->You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
->>>>>>> bfaab3359a63dde24e6d0dca11b841e045c481f6
## Querying by Using the Program Properties Tab
diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
index 7eeaf18a3f..905e495858 100644
--- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
@@ -1,86 +1,87 @@
----
-title: Security and data protection considerations for Windows To Go (Windows 10)
-description: One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
-ms.assetid: 5f27339f-6761-44f4-8c29-9a25cf8e75fe
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: mobile, device, USB, secure, BitLocker
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: mobility, security
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Security and data protection considerations for Windows To Go
-
-
-**Applies to**
-
-- Windows 10
-
->[!IMPORTANT]
->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
-
-## Backup and restore
-
-
-As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](https://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement.
-
-If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924).
-
-## BitLocker
-
-
-We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace, this helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
-
-You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
-
-**Tip**
-If the Windows To Go Creator wizard is not able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.md#wtg-faq-blfail)
-
-
-
-If you are using a host computer running Windows 7 that has BitLocker enabled, you should suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker is not suspended first, the next time the computer is started it will boot into recovery mode.
-
-## Disk discovery and data leakage
-
-
-We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an AutoPlay prompt will not be displayed to the user. This reduces the likelihood that an end-user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
-
-To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
-
-For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103).
-
-## Security certifications for Windows To Go
-
-
-Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for additional certifications by the solution provider that cover the solution provider’s specific hardware environment. For more details about Windows security certifications, see the following topics.
-
-- [Windows Platform Common Criteria Certification](https://go.microsoft.com/fwlink/p/?LinkId=619104)
-
-- [FIPS 140 Evaluation](https://go.microsoft.com/fwlink/p/?LinkId=619107)
-
-## Related topics
-
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
-
-
-
-
-
-
-
-
-
+---
+title: Security and data protection considerations for Windows To Go (Windows 10)
+description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure.
+ms.assetid: 5f27339f-6761-44f4-8c29-9a25cf8e75fe
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: mobile, device, USB, secure, BitLocker
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: mobility, security
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Security and data protection considerations for Windows To Go
+
+
+**Applies to**
+
+- Windows 10
+
+>[!IMPORTANT]
+>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
+
+One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
+
+## Backup and restore
+
+
+As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](https://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement.
+
+If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924).
+
+## BitLocker
+
+
+We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace, this helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
+
+You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
+
+**Tip**
+If the Windows To Go Creator wizard is not able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.md#wtg-faq-blfail)
+
+
+
+If you are using a host computer running Windows 7 that has BitLocker enabled, you should suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker is not suspended first, the next time the computer is started it will boot into recovery mode.
+
+## Disk discovery and data leakage
+
+
+We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an AutoPlay prompt will not be displayed to the user. This reduces the likelihood that an end-user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
+
+To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
+
+For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103).
+
+## Security certifications for Windows To Go
+
+
+Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for additional certifications by the solution provider that cover the solution provider’s specific hardware environment. For more details about Windows security certifications, see the following topics.
+
+- [Windows Platform Common Criteria Certification](https://go.microsoft.com/fwlink/p/?LinkId=619104)
+
+- [FIPS 140 Evaluation](https://go.microsoft.com/fwlink/p/?LinkId=619107)
+
+## Related topics
+
+
+[Windows To Go: feature overview](windows-to-go-overview.md)
+
+[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
+
+[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
+
+[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index e0adb30d1a..56143ee843 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -1,69 +1,70 @@
----
-title: SUA User's Guide (Windows 10)
-description: You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
-ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# SUA User's Guide
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
-
-You can use SUA in either of the following ways:
-
-- **Standard User Analyzer Wizard.** A wizard that guides you through a step-by-step process to locate and fix issues, without options for additional analysis.
-
-- **Standard User Analyzer Tool.** A full-function tool in which you can perform in-depth analysis and fix issues.
-
-## In this section
-
-
-
The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.
By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
-
-
-
-
-
-
-
-
-
-
-
+---
+title: SUA User's Guide (Windows 10)
+description: Standard User Analyzer (SUA) can test your apps and monitor API calls to detect compatibility issues related to Windows' User Account Control (UAC) feature.
+ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# SUA User's Guide
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
+
+You can use SUA in either of the following ways:
+
+- **Standard User Analyzer Wizard.** A wizard that guides you through a step-by-step process to locate and fix issues, without options for additional analysis.
+
+- **Standard User Analyzer Tool.** A full-function tool in which you can perform in-depth analysis and fix issues.
+
+## In this section
+
+
+
The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.
By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md
index 6782e5861f..c3c759c319 100644
--- a/windows/deployment/planning/testing-your-application-mitigation-packages.md
+++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md
@@ -1,6 +1,6 @@
---
title: Testing Your Application Mitigation Packages (Windows 10)
-description: This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.
+description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues.
ms.assetid: ae946f27-d377-4db9-b179-e8875d454ccf
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
index eb092034f3..649a832f90 100644
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@@ -1,113 +1,114 @@
----
-title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
-description: You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied.
-ms.assetid: c1945425-3f8d-4de8-9d2d-59f801f07034
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Using the Sdbinst.exe Command-Line Tool
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2016
-- Windows Server 2012
-- Windows Server 2008 R2
-
-You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
-
-After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
-
-## Command-Line Options for Deploying Customized Database Files
-
-Sample output from the command `Sdbinst.exe /?` in an elevated CMD window:
-
-```
-Microsoft Windows [Version 10.0.14393]
-(c) 2016 Microsoft Corporation. All rights reserved.
-
-C:\Windows\system32>Sdbinst.exe /?
-Usage: Sdbinst.exe [-?] [-q] [-u] [-g] [-p] [-n[:WIN32|WIN64]] myfile.sdb | {guid} | "name"
-
- -? - print this help text.
- -p - Allow SDBs containing patches.
- -q - Quiet mode: prompts are auto-accepted.
- -u - Uninstall.
- -g {guid} - GUID of file (uninstall only).
- -n "name" - Internal name of file (uninstall only).
-
-C:\Windows\system32>_
-```
-
-The command-line options use the following conventions:
-
-Sdbinst.exe \[-?\] \[-p\] \[-q\] \[-u\] \[-g\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\]
-
-The following table describes the available command-line options.
-
-
-
-
-
-
-
-
-
Option
-
Description
-
-
-
-
-
-?
-
Displays the Help for the Sdbinst.exe tool.
-
For example,
-
sdbinst.exe -?
-
-
-
-p
-
Allows SDBs installation with Patches
-
For example,
-
sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb
-
-
-
-q
-
Performs a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).
-
For example,
-
sdbinst.exe -q
-
-
-
-u filepath
-
Performs an uninstallation of the specified database.
-
For example,
-
sdbinst.exe -u C:\example.sdb
-
-
-
-g GUID
-
Specifies the customized database to uninstall by a globally unique identifier (GUID).
Specifies the customized database to uninstall by file name.
-
For example,
-
sdbinst.exe -n "My_Database"
-
-
-
-
-## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
+---
+title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
+description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command line options.
+ms.assetid: c1945425-3f8d-4de8-9d2d-59f801f07034
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Using the Sdbinst.exe Command-Line Tool
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2016
+- Windows Server 2012
+- Windows Server 2008 R2
+
+You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
+
+After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
+
+## Command-Line Options for Deploying Customized Database Files
+
+Sample output from the command `Sdbinst.exe /?` in an elevated CMD window:
+
+```
+Microsoft Windows [Version 10.0.14393]
+(c) 2016 Microsoft Corporation. All rights reserved.
+
+C:\Windows\system32>Sdbinst.exe /?
+Usage: Sdbinst.exe [-?] [-q] [-u] [-g] [-p] [-n[:WIN32|WIN64]] myfile.sdb | {guid} | "name"
+
+ -? - print this help text.
+ -p - Allow SDBs containing patches.
+ -q - Quiet mode: prompts are auto-accepted.
+ -u - Uninstall.
+ -g {guid} - GUID of file (uninstall only).
+ -n "name" - Internal name of file (uninstall only).
+
+C:\Windows\system32>_
+```
+
+The command-line options use the following conventions:
+
+Sdbinst.exe \[-?\] \[-p\] \[-q\] \[-u\] \[-g\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\]
+
+The following table describes the available command-line options.
+
+
+
+
+
+
+
+
+
Option
+
Description
+
+
+
+
+
-?
+
Displays the Help for the Sdbinst.exe tool.
+
For example,
+
sdbinst.exe -?
+
+
+
-p
+
Allows SDBs installation with Patches
+
For example,
+
sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb
+
+
+
-q
+
Performs a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).
+
For example,
+
sdbinst.exe -q
+
+
+
-u filepath
+
Performs an uninstallation of the specified database.
+
For example,
+
sdbinst.exe -u C:\example.sdb
+
+
+
-g GUID
+
Specifies the customized database to uninstall by a globally unique identifier (GUID).
Specifies the customized database to uninstall by file name.
+
For example,
+
sdbinst.exe -n "My_Database"
+
+
+
+
+## Related topics
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md
index 008d9e50a5..e1293703ac 100644
--- a/windows/deployment/planning/using-the-sua-tool.md
+++ b/windows/deployment/planning/using-the-sua-tool.md
@@ -1,92 +1,93 @@
----
-title: Using the SUA Tool (Windows 10)
-description: By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
-ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Using the SUA Tool
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
-
-The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md).
-
-In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®.
-
-In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues.
-
-## Testing an Application by Using the SUA Tool
-
-
-Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later.
-
-The following flowchart shows the process of using the SUA tool.
-
-
-
-**To collect UAC-related issues by using the SUA tool**
-
-1. Close any open instance of the SUA tool or SUA Wizard on your computer.
-
- If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues.
-
-2. Run the Standard User Analyzer.
-
-3. In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it.
-
-4. Clear the **Elevate** check box, and then click **Launch**.
-
- If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning.
-
-5. Exercise the aspects of the application for which you want to gather information about UAC issues.
-
-6. Exit the application.
-
-7. Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md).
-
-**To review and apply the recommended mitigations**
-
-1. In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**.
-
-2. Review the recommended compatibility fixes.
-
-3. Click **Apply**.
-
- The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked.
-
-## Related topics
-[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md)
-
-[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md)
-
-[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md)
-
-[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
-
-
-
-
-
-
-
-
-
+---
+title: Using the SUA Tool (Windows 10)
+description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
+ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Using the SUA Tool
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
+
+The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md).
+
+In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®.
+
+In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues.
+
+## Testing an Application by Using the SUA Tool
+
+
+Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later.
+
+The following flowchart shows the process of using the SUA tool.
+
+
+
+**To collect UAC-related issues by using the SUA tool**
+
+1. Close any open instance of the SUA tool or SUA Wizard on your computer.
+
+ If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues.
+
+2. Run the Standard User Analyzer.
+
+3. In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it.
+
+4. Clear the **Elevate** check box, and then click **Launch**.
+
+ If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning.
+
+5. Exercise the aspects of the application for which you want to gather information about UAC issues.
+
+6. Exit the application.
+
+7. Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md).
+
+**To review and apply the recommended mitigations**
+
+1. In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**.
+
+2. Review the recommended compatibility fixes.
+
+3. Click **Apply**.
+
+ The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked.
+
+## Related topics
+[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md)
+
+[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md)
+
+[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md)
+
+[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md
index 4070f56802..786d9d2fcf 100644
--- a/windows/deployment/planning/using-the-sua-wizard.md
+++ b/windows/deployment/planning/using-the-sua-wizard.md
@@ -1,90 +1,91 @@
----
-title: Using the SUA Wizard (Windows 10)
-description: The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.
-ms.assetid: 29d07074-3de7-4ace-9a54-678af7255d6c
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Using the SUA Wizard
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.
-
-For information about the SUA tool, see [Using the SUA Tool](using-the-sua-tool.md).
-
-## Testing an Application by Using the SUA Wizard
-
-
-You must install Application Verifier before you can use the SUA Wizard. If Application Verifier is not installed on the computer that is running the SUA Wizard, the SUA Wizard notifies you. You must also install the Microsoft® .NET Framework 3.5 or later before you can use the SUA Wizard.
-
-The following flowchart shows the process of using the SUA Wizard.
-
-
-
-**To test an application by using the SUA Wizard**
-
-1. On the computer where the SUA Wizard is installed, log on by using a non-administrator account.
-
-2. Run the Standard User Analyzer Wizard.
-
-3. Click **Browse for Application**, browse to the folder that contains the application that you want to test, and then double-click the executable file for the application.
-
-4. Click **Launch**.
-
- If you are prompted, elevate your permissions. The SUA Wizard may require elevation of permissions to correctly diagnose the application.
-
- If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning.
-
-5. In the application, exercise the functionality that you want to test.
-
-6. After you finish testing, exit the application.
-
- The SUA Wizard displays a message that asks whether the application ran without any issues.
-
-7. Click **No**.
-
- The SUA Wizard shows a list of potential remedies that you might use to fix the application.
-
-8. Select the fixes that you want to apply, and then click **Launch**.
-
- The application appears again, with the fixes applied.
-
-9. Test the application again, and after you finish testing, exit the application.
-
- The SUA Wizard displays a message that asks whether the application ran without any issues.
-
-10. If the application ran correctly, click **Yes**.
-
- The SUA Wizard closes the issue as resolved on the local computer.
-
- If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer additional remedies. If the additional remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for additional investigation, see [Using the SUA Tool](using-the-sua-tool.md).
-
-## Related topics
-[SUA User's Guide](sua-users-guide.md)
-
-
-
-
-
-
-
-
-
+---
+title: Using the SUA Wizard (Windows 10)
+description: The Standard User Analyzer (SUA) Wizard, although it does not offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues.
+ms.assetid: 29d07074-3de7-4ace-9a54-678af7255d6c
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Using the SUA Wizard
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.
+
+For information about the SUA tool, see [Using the SUA Tool](using-the-sua-tool.md).
+
+## Testing an Application by Using the SUA Wizard
+
+
+You must install Application Verifier before you can use the SUA Wizard. If Application Verifier is not installed on the computer that is running the SUA Wizard, the SUA Wizard notifies you. You must also install the Microsoft® .NET Framework 3.5 or later before you can use the SUA Wizard.
+
+The following flowchart shows the process of using the SUA Wizard.
+
+
+
+**To test an application by using the SUA Wizard**
+
+1. On the computer where the SUA Wizard is installed, log on by using a non-administrator account.
+
+2. Run the Standard User Analyzer Wizard.
+
+3. Click **Browse for Application**, browse to the folder that contains the application that you want to test, and then double-click the executable file for the application.
+
+4. Click **Launch**.
+
+ If you are prompted, elevate your permissions. The SUA Wizard may require elevation of permissions to correctly diagnose the application.
+
+ If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning.
+
+5. In the application, exercise the functionality that you want to test.
+
+6. After you finish testing, exit the application.
+
+ The SUA Wizard displays a message that asks whether the application ran without any issues.
+
+7. Click **No**.
+
+ The SUA Wizard shows a list of potential remedies that you might use to fix the application.
+
+8. Select the fixes that you want to apply, and then click **Launch**.
+
+ The application appears again, with the fixes applied.
+
+9. Test the application again, and after you finish testing, exit the application.
+
+ The SUA Wizard displays a message that asks whether the application ran without any issues.
+
+10. If the application ran correctly, click **Yes**.
+
+ The SUA Wizard closes the issue as resolved on the local computer.
+
+ If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer additional remedies. If the additional remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for additional investigation, see [Using the SUA Tool](using-the-sua-tool.md).
+
+## Related topics
+[SUA User's Guide](sua-users-guide.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
index 579f4b8bfa..67a11cd90f 100644
--- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
+++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
@@ -1,6 +1,6 @@
---
title: Viewing the Events Screen in Compatibility Administrator (Windows 10)
-description: The Events screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.
+description: You can use the Events screen to record and view activities in the Compatibility Administrator tool.
ms.assetid: f2b2ada4-1b7b-4558-989d-5b52b40454b3
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/planning/windows-10-1703-removed-features.md b/windows/deployment/planning/windows-10-1703-removed-features.md
deleted file mode 100644
index 24b5b1b1d9..0000000000
--- a/windows/deployment/planning/windows-10-1703-removed-features.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Windows 10, version 1703 removed features
-description: Learn about features that were removed in Windows 10, version 1703
-ms.prod: w10
-manager: laurawi
-ms.mktglfcycl: plan
-ms.localizationpriority: medium
-ms.sitesec: library
-author: greg-lindsay
-ms.topic: article
----
-# Features that are removed or deprecated in Windows 10, version 1703
-
-> Applies to: Windows 10, version 1703
-
-The following features and functionalities in the Windows 10 Creators Update edition (Windows 10, version 1703) have either been removed from the product in the current release (*Removed*) or are not in active development and are planned for potential removal in subsequent releases.
-
-This list is intended for IT professionals who are updating operating systems in a commercial environment. The plan and list are subject to change and may not include every deprecated feature or functionality. For more details about a listed feature or functionality and its replacement, see the documentation for that feature.
-
-| Feature | Removed | Not actively developed |
-|------------|---------|------------|
-|Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | | X |
-|Apps Corner| | X |
-|By default, Flash autorun in Edge is turned off. Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.)| X | |
-|Interactive Service Detection Service| X | |
-|Microsoft Paint for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization)| | |
-|NPN support in TLS (superseded by ALPN)| X | |
-|Reading List | | X |
-|Tile Data Layer | | X |
-|TLS DHE_DSS ciphers DisabledByDefault| | X |
-|Windows Information Protection "AllowUserDecryption" policy | X | |
-|WSUS for Windows Mobile, updates are being transitioned to the new Unified Update Platform (UUP) | X | |
-|TCPChimney | | X |
-|IPsec task offload| | X |
diff --git a/windows/deployment/planning/windows-10-1709-removed-features.md b/windows/deployment/planning/windows-10-1709-removed-features.md
deleted file mode 100644
index 5a745277d5..0000000000
--- a/windows/deployment/planning/windows-10-1709-removed-features.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Windows 10, version 1709 removed features
-description: Learn about features that will be removed in Windows 10, version 1709
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: ITPro
-author: greg-lindsay
-manager: laurawi
-ms.topic: article
----
-# Features that are removed or deprecated in Windows 10, version 1709
-
-> Applies to: Windows 10, version 1709
-
-The following features and functionalities in the Windows 10, version 1709 are either removed from the product in the current release (*Removed*) or are not in active development and might be removed in future releases.
-
-This list is intended to help customers consider these removals and deprecations for their own planning. The list is subject to change and may not include every deprecated feature or functionality.
-
-For more information about a listed feature or functionality and its replacement, see the documentation for that feature. You can also follow the provided links in this table to see additional resources.
-
-| Feature | Removed | Not actively developed |
--|-|-
-|**3D Builder app** No longer installed by default. Consider using Print 3D and Paint 3D in its place. However, 3D Builder is still available for download from the Windows Store. | X | |
-|**Apndatabase.xml** For more information about the replacement database, see the following Hardware Dev Center articles: [MO Process to update COSA](/windows-hardware/drivers/mobilebroadband/planning-your-apn-database-submission) [COSA FAQ](/windows-hardware/drivers/mobilebroadband/cosa---faq) | X | |
-|**Enhanced Mitigation Experience Toolkit (EMET)** Use will be blocked. Consider using [Exploit Protection](https://blogs.windows.com/windowsexperience/2017/06/28/announcing-windows-10-insider-preview-build-16232-pc-build-15228-mobile/#fMH3bUDAb5HEstZ5.97) as a replacement.| X | |
-|**IIS 6 Management Compatibility** We recommend that users use alternative scripting tools and a newer management console. | | X |
-|**IIS Digest Authentication** We recommend that users use alternative authentication methods.| | X |
-|**Microsoft Paint** Will be available through the Windows Store. Functionality integrated into Paint 3D.| | X |
-|**Outlook Express** Removing this non-functional legacy code.| X | |
-|**Reader app** Functionality to be integrated into Microsoft Edge.| X | |
-|**Reading List** Functionality to be integrated into Microsoft Edge.| X | |
-|**Resilient File System (ReFS)** Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. (added: August 17, 2017)| | X |
-|**RSA/AES Encryption for IIS** We recommend that users use CNG encryption provider.| | X |
-|**Screen saver functionality in Themes** Disabled in Themes (classified as **Removed** in this table). Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lockscreen features and policies are preferred. | X | X |
-|**Sync your settings** Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The "Sync your settings" options and the Enterprise State Roaming feature will continue to work. (updated: August 17, 2017) | | X |
-|**Syskey.exe** Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see the following Knowledge Base article: [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window)| X | |
-|**System Image Backup (SIB) Solution** We recommend that users use full-disk backup solutions from other vendors.| | X |
-|**TCP Offload Engine** Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see the following PFE Platform Blog article: [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| X ||
-|**Tile Data Layer** To be replaced by the Tile Store.| X ||
-|**TLS RC4 Ciphers** To be disabled by default. For more information, see the following Windows IT Center topic: [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)|| X|
-|**Trusted Platform Module (TPM) Owner Password Management** This legacy code to be removed.|| X |
-|**Trusted Platform Module (TPM): TPM.msc and TPM Remote Management** To be replaced by a new user interface in a future release.| | X |
-|**Trusted Platform Module (TPM) Remote Management** This legacy code to be removed in a future release.|| X |
-|**Windows Hello for Business deployment that uses System Center Configuration Manager** Windows Server 2016 Active Directory Federation Services – Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience.|| X |
-|**Windows PowerShell 2.0** Applications and components should be migrated to PowerShell 5.0+.| | X |
diff --git a/windows/deployment/planning/windows-10-1803-removed-features.md b/windows/deployment/planning/windows-10-1803-removed-features.md
deleted file mode 100644
index 651e7aa5a8..0000000000
--- a/windows/deployment/planning/windows-10-1803-removed-features.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: Windows 10, version 1803 - Features that have been removed
-description: Learn about features that will be removed or deprecated in Windows 10, version 1803, or a future release
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.date: 08/16/2018
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-# Features removed or planned for replacement starting with Windows 10, version 1803
-
-> Applies to: Windows 10, version 1803
-
-Each release of Windows 10 adds new features and functionality; we also occasionally remove features and functionality, usually because we've added a better option. Here are the details about the features and functionalities that we removed in Windows 10, version 1803 (also called Windows 10 April 2018 Update).
-
-> [!TIP]
-> - You can get early access to Windows 10 builds by joining the [Windows Insider program](https://insider.windows.com) - this is a great way to test feature changes.
-> - Have questions about other releases? Check out the information for [Windows 10, version 1703](windows-10-creators-update-deprecation.md), and [Windows 10, version 1709](windows-10-fall-creators-deprecation.md).
-
-**The list is subject to change and might not include every affected feature or functionality.**
-
-## Features we removed in this release
-
-We've removed the following features and functionalities from the installed product image in Windows 10, version 1803. Applications or code that depend on these features won't function in this release unless you use an alternate method.
-
-|Feature |Instead you can use...|
-|-----------|--------------------
-|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC or to stream music from OneDrive. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.|
-|People - Suggestions will no longer include unsaved contacts for non-Microsoft accounts|Manually save the contact details for people you send mail to or get mail from.|
-|Language control in the Control Panel| Use the Settings app to change your language settings.|
-|HomeGroup|We are removing [HomeGroup](https://support.microsoft.com/help/17145) but not your ability to share printers, files, and folders.
When you update to Windows 10, version 1803, you won't see HomeGroup in File Explorer, the Control Panel, or Troubleshoot (**Settings > Update & Security > Troubleshoot**). Any printers, files, and folders that you shared using HomeGroup **will continue to be shared**.
Instead of using HomeGroup, you can now share printers, files and folders by using features that are built into Windows 10: - [Share your network printer](https://www.bing.com/search?q=share+printer+windows+10) - [Share files in File Explorer](https://support.microsoft.com/help/4027674/windows-10-share-files-in-file-explorer) |
-|**Connect to suggested open hotspots** option in Wi-Fi settings |We previously [disabled the **Connect to suggested open hotspots** option](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) and are now removing it from the Wi-Fi settings page. You can manually connect to free wireless hotspots with **Network & Internet** settings, from the taskbar or Control Panel, or by using Wi-Fi Settings (for mobile devices).|
-|XPS Viewer|We're changing the way you get XPS Viewer. In Windows 10, version 1709 and earlier versions, the app is included in the installation image. If you have XPS Viewer and you update to Windows 10, version 1803, there's no action required. You'll still have XPS Viewer.
However, if you install Windows 10, version 1803, on a new device (or as a clean installation), you may need to [install XPS Viewer from **Apps and Features** in the Settings app](https://docs.microsoft.com/windows/application-management/add-apps-and-features) or through [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). If you had XPS Viewer in Windows 10, version 1709, but manually removed it before updating, you'll need to manually reinstall it.|
-
-
-## Features we’re no longer developing
-
-We are no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources.
-
-If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
-
-|Feature |Instead you can use...|
-|-----------|---------------------|
-|[Software Restriction Policies](https://docs.microsoft.com/windows-server/identity/software-restriction-policies/software-restriction-policies) in Group Policy|Instead of using the Software Restriction Policies through Group Policy, you can use [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/applocker/applocker-overview) or [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control) to control which apps users can access and what code can run in the kernel.|
-|[Offline symbol packages](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-symbols) (Debug symbol MSIs)|We're no longer making the symbol packages available as a downloadable MSI. Instead, the [Microsoft Symbol Server is moving to be an Azure-based symbol store](https://blogs.msdn.microsoft.com/windbg/2017/10/18/update-on-microsofts-symbol-server/). If you need the Windows symbols, connect to the Microsoft Symbol Server to cache your symbols locally or use a manifest file with SymChk.exe on a computer with internet access.|
-|Windows Help Viewer (WinHlp32.exe)|All Windows help information is [available online](https://support.microsoft.com/products/windows?os=windows-10). The Windows Help Viewer is no longer supported in Windows 10. If for any reason you see an error message about "help not supported," possibly when using a non-Microsoft application, read [this support article](https://support.microsoft.com/help/917607/error-opening-help-in-windows-based-programs-feature-not-included-or-h) for additional information and any next steps.|
-|Contacts feature in File Explorer|We're no longer developing the Contacts feature or the corresponding [Windows Contacts API](https://msdn.microsoft.com/library/ff800913.aspx). Instead, you can use the People app in Windows 10 to maintain your contacts.|
-|Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.|
-|IPv4/6 Transition Technologies (6to4, ISATAP, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.|
-|[Layered Service Providers](https://msdn.microsoft.com/library/windows/desktop/bb513664)|Layered Service Providers have been deprecated since Windows 8 and Windows Server 2012. Use the [Windows Filtering Platform](https://msdn.microsoft.com/library/windows/desktop/aa366510) instead. When you upgrade from an older version of Windows, any layered service providers you're using aren't migrated; you'll need to re-install them after upgrading.|
-|Business Scanning, also called Distributed Scan Management (DSM) **(Added 05/03/2018)**|The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.|
diff --git a/windows/deployment/planning/windows-10-1809-removed-features.md b/windows/deployment/planning/windows-10-1809-removed-features.md
deleted file mode 100644
index a538532b77..0000000000
--- a/windows/deployment/planning/windows-10-1809-removed-features.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: Windows 10, version 1809 - Features that have been removed
-description: Learn about features that will be removed or deprecated in Windows 10, version 1809, or a future release
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.date: 11/16/2018
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-# Features removed or planned for replacement starting with Windows 10, version 1809
-
-> Applies to: Windows 10, version 1809
-
-Each release of Windows 10 adds new features and functionality; we also occasionally remove features and functionality, usually because we've added a better option. Here are the details about the features and functionalities that we removed in Windows 10, version 1809.
-
-> [!TIP]
-> - You can get early access to Windows 10 builds by joining the [Windows Insider program](https://insider.windows.com) - this is a great way to test feature changes.
-> - Have questions about other releases? Check out the information for [Windows 10, version 1803](windows-10-1803-removed-features.md), [Windows 10, version 1709](windows-10-fall-creators-deprecation.md), and [Windows 10, version 1703](windows-10-creators-update-deprecation.md).
-
-**The list is subject to change and might not include every affected feature or functionality.**
-
-## Features we removed in this release
-
-We're removing the following features and functionalities from the installed product image in Windows 10, version 1809. Applications or code that depend on these features won't function in this release unless you use an alternate method.
-
-|Feature |Instead you can use...|
-|-----------|--------------------
-|Business Scanning, also called Distributed Scan Management (DSM)|We're removing this secure scanning and scanner management capability - there are no devices that support this feature.|
-|[FontSmoothing setting](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-visualeffects-fontsmoothing) in unattend.xml|The FontSmoothing setting let you specify the font antialiasing strategy to use across the system. We've changed Windows 10 to use [ClearType](https://docs.microsoft.com/typography/cleartype/) by default, so we're removing this setting as it is no longer necessary. If you include this setting in the unattend.xml file, it'll be ignored.|
-|Hologram app|We've replaced the Hologram app with the [Mixed Reality Viewer](https://support.microsoft.com/help/4041156/windows-10-mixed-reality-help). If you would like to create 3D word art, you can still do that in Paint 3D and view your art in VR or Hololens with the Mixed Reality Viewer.|
-|limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.|
-|Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.|
-|Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.|
-
-## Features we’re no longer developing
-
-We're no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources.
-
-If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
-
-|Feature |Instead you can use...|
-|-----------|---------------------|
-|Companion device dynamic lock APIS|The companion device framework (CDF) APIs enable wearables and other devices to unlock a PC. In Windows 10, version 1709, we introduced [Dynamic Lock](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#dynamic-lock), including an inbox method using Bluetooth to detect whether a user is present and lock or unlock the PC. Because of this, and because third party partners didn't adopt the CDF method, we're no longer developing CDF Dynamic Lock APIs.|
-|OneSync service|The OneSync service synchronizes data for the Mail, Calendar, and People apps. We've added a sync engine to the Outlook app that provides the same synchronization.|
-|Snipping Tool|The Snipping Tool is an application included in Windows 10 that is used to capture screenshots, either the full screen or a smaller, custom "snip" of the screen. In Windows 10, version 1809, we're [introducing a new universal app, Snip & Sketch](https://blogs.windows.com/windowsexperience/2018/05/03/announcing-windows-10-insider-preview-build-17661/#8xbvP8vMO0lF20AM.97), that provides the same screen snipping abilities, as well as additional features. You can launch Snip & Sketch directly and start a snip from there, or just press WIN + Shift + S. Snip & Sketch can also be launched from the “Screen snip” button in the Action Center. We're no longer developing the Snipping Tool as a separate app but are instead consolidating its functionality into Snip & Sketch.|
-
-
diff --git a/windows/deployment/planning/windows-10-1903-removed-features.md b/windows/deployment/planning/windows-10-1903-removed-features.md
deleted file mode 100644
index 7d8e437274..0000000000
--- a/windows/deployment/planning/windows-10-1903-removed-features.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Windows 10, version 1903 - Features that have been removed
-description: Learn about features that will be removed or deprecated in Windows 10, version 1903, or a future release
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
-author: greg-lindsay
-manager: laurawi
-ms.author: greglin
-ms.topic: article
----
-# Features removed or planned for replacement starting with Windows 10, version 1903
-
-> Applies to: Windows 10, version 1903
-
-Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10, version 1903. **The list below is subject to change and might not include every affected feature or functionality.**
-
-> [!NOTE]
-> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself.
-
-## Features we removed or will remove soon
-
-The following features and functionalities are removed from the installed product image for Windows 10, version 1903, or are planned for removal in an upcoming release. Applications or code that depend on these features won't function in this release unless you use another method.
-
-
-| Feature | Details |
-|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| XDDM-based remote display driver | Starting with this release the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote indirect display driver ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). |
-| Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. |
-
-## Features we’re no longer developing
-
-We're no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources.
-
-If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
-
-|Feature |Details|
-|-----------|---------------------|
-| Taskbar settings roaming| Roaming of taskbar settings is no longer being developed and we plan to disable this capability in a future release|
-|Wi-Fi WEP and TKIP|In this release a warning message will appear when connecting to Wi-Fi networks secured with WEP or TKIP, which are not as secure as those using WPA2 or WPA3. In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. |
-|Windows To Go|Windows To Go is no longer being developed.
The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.|
-|Print 3D app|Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.|
-
diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
new file mode 100644
index 0000000000..72439c1132
--- /dev/null
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -0,0 +1,66 @@
+---
+title: Windows 10 features we’re no longer developing
+description: Review the list of features that are no longer being developed in Windows 10
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+ms.topic: article
+---
+# Windows 10 features we’re no longer developing
+
+> Applies to: Windows 10
+
+Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 10. For information about features that have been removed, see [Features we removed](windows-10-removed-features.md).
+
+The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources.
+
+**The following list is subject to change and might not include every affected feature or functionality.**
+
+>If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
+
+|Feature | Details and mitigation | Announced in version |
+| ----------- | --------------------- | ---- |
+| Hyper-V vSwitch on LBFO | In a future release, the Hyper-V vSwitch will no longer have the capability to be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 1909 |
+| Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
+| My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 |
+| TSF1/TSF2 IME | TSF1 and TSF2 IME will be replaced by TSF3 IME in a future release. [Text Services Framework](https://docs.microsoft.com/windows/win32/tsf/what-is-text-services-framework) (TSF) enables language technologies. TSF IME are Windows components that you can add to enable typing text for Japanese, Simplified Chinese, Traditional Chinese, and Korean languages. | 1909 |
+| Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.
The recommended replacement for PSR is [Azure App Service](https://docs.microsoft.com/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 |
+| XDDM-based remote display driver | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information about implementing a remote indirect display driver, ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | 1903 |
+| Taskbar settings roaming | Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. | 1903 |
+| Wi-Fi WEP and TKIP | Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | 1903 |
+| Windows To Go | Windows To Go is no longer being developed.
The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| 1903 |
+| Print 3D app | Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| 1903 |
+|Companion device dynamic lock APIS|The companion device framework (CDF) APIs enable wearables and other devices to unlock a PC. In Windows 10, version 1709, we introduced [Dynamic Lock](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#dynamic-lock), including an inbox method using Bluetooth to detect whether a user is present and lock or unlock the PC. Because of this, and because third party partners didn't adopt the CDF method, we're no longer developing CDF Dynamic Lock APIs.| 1809 |
+|OneSync service|The OneSync service synchronizes data for the Mail, Calendar, and People apps. We've added a sync engine to the Outlook app that provides the same synchronization.| 1809 |
+|Snipping Tool|The Snipping Tool is an application included in Windows 10 that is used to capture screenshots, either the full screen or a smaller, custom "snip" of the screen. In Windows 10, version 1809, we're [introducing a new universal app, Snip & Sketch](https://blogs.windows.com/windowsexperience/2018/05/03/announcing-windows-10-insider-preview-build-17661/#8xbvP8vMO0lF20AM.97), that provides the same screen snipping abilities, as well as additional features. You can launch Snip & Sketch directly and start a snip from there, or just press WIN + Shift + S. Snip & Sketch can also be launched from the “Screen snip” button in the Action Center. We're no longer developing the Snipping Tool as a separate app but are instead consolidating its functionality into Snip & Sketch.| 1809 |
+|[Software Restriction Policies](https://docs.microsoft.com/windows-server/identity/software-restriction-policies/software-restriction-policies) in Group Policy|Instead of using the Software Restriction Policies through Group Policy, you can use [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/applocker/applocker-overview) or [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control) to control which apps users can access and what code can run in the kernel.| 1803 |
+|[Offline symbol packages](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-symbols) (Debug symbol MSIs)|We're no longer making the symbol packages available as a downloadable MSI. Instead, the [Microsoft Symbol Server is moving to be an Azure-based symbol store](https://blogs.msdn.microsoft.com/windbg/2017/10/18/update-on-microsofts-symbol-server/). If you need the Windows symbols, connect to the Microsoft Symbol Server to cache your symbols locally or use a manifest file with SymChk.exe on a computer with internet access.| 1803 |
+|Windows Help Viewer (WinHlp32.exe)|All Windows help information is [available online](https://support.microsoft.com/products/windows?os=windows-10). The Windows Help Viewer is no longer supported in Windows 10. If for any reason you see an error message about "help not supported," possibly when using a non-Microsoft application, read [this support article](https://support.microsoft.com/help/917607/error-opening-help-in-windows-based-programs-feature-not-included-or-h) for additional information and any next steps.| 1803 |
+|Contacts feature in File Explorer|We're no longer developing the Contacts feature or the corresponding [Windows Contacts API](https://msdn.microsoft.com/library/ff800913.aspx). Instead, you can use the People app in Windows 10 to maintain your contacts.| 1803 |
+|Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.| 1803 |
+|IPv4/6 Transition Technologies (6to4, ISATAP, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.| 1803 |
+|[Layered Service Providers](https://msdn.microsoft.com/library/windows/desktop/bb513664)|Layered Service Providers has not been developed since Windows 8 and Windows Server 2012. Use the [Windows Filtering Platform](https://msdn.microsoft.com/library/windows/desktop/aa366510) instead. When you upgrade from an older version of Windows, any layered service providers you're using aren't migrated; you'll need to re-install them after upgrading.| 1803 |
+|Business Scanning| This feature is also called Distributed Scan Management (DSM) **(Added 05/03/2018)**
The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| 1803 |
+|IIS 6 Management Compatibility* | We recommend that users use alternative scripting tools and a newer management console. | 1709 |
+|IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
+|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
+|RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 |
+|Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
+|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 |
+|System Image Backup (SIB) Solution | We recommend that users use full-disk backup solutions from other vendors. | 1709 |
+|TLS RC4 Ciphers |To be disabled by default. For more information, see the following Windows IT Center topic: [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)| 1709 |
+|Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |
+|Trusted Platform Module (TPM): TPM.msc and TPM Remote Management | To be replaced by a new user interface in a future release. | 1709 |
+|Trusted Platform Module (TPM) Remote Management |This functionality within TPM.msc will be migrated to a new user interface. | 1709 |
+|Windows Hello for Business deployment that uses System Center Configuration Manager |Windows Server 2016 Active Directory Federation Services – Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 |
+|Windows PowerShell 2.0 | Applications and components should be migrated to PowerShell 5.0+. | 1709 |
+|Apndatabase.xml | Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | 1703 |
+|Tile Data Layer | The [Tile Data Layer](https://docs.microsoft.com/windows/configuration/start-layout-troubleshoot#symptom-start-menu-issues-with-tile-data-layer-corruption) database stopped development in Windows 10, version 1703. | 1703 |
+|TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](https://docs.microsoft.com/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 |
+|TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](https://docs.microsoft.com/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 |
+|IPsec Task Offload| [IPsec Task Offload](https://docs.microsoft.com/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 |
diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md
index 03fd161f35..afbf7e0553 100644
--- a/windows/deployment/planning/windows-10-infrastructure-requirements.md
+++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md
@@ -1,6 +1,6 @@
---
title: Windows 10 infrastructure requirements (Windows 10)
-description: There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization.
+description: Review the specific infrastructure requirements to deploy and manage Windows 10, prior to significant Windows 10 deployments within your organization.
ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md
new file mode 100644
index 0000000000..3063058112
--- /dev/null
+++ b/windows/deployment/planning/windows-10-removed-features.md
@@ -0,0 +1,61 @@
+---
+title: Windows 10 - Features that have been removed
+description: Learn about features and functionality that has been removed or replaced in Windows 10
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+ms.topic: article
+---
+
+# Features and functionality removed in Windows 10
+
+> Applies to: Windows 10
+
+Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10. **The list below is subject to change and might not include every affected feature or functionality.**
+
+For information about features that might be removed in a future release, see [Windows 10 features we’re no longer developing](windows-10-deprecated-features.md)
+
+> [!NOTE]
+> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself.
+
+The following features and functionalities have been removed from the installed product image for Windows 10. Applications or code that depend on these features won't function in the release when it was removed, or in later releases.
+
+|Feature | Details and mitigation | Removed in version |
+| ----------- | --------------------- | ------ |
+| PNRP APIs| The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs. | 1909 |
+| Taskbar settings roaming | Roaming of taskbar settings is removed in this release. This feature was announced as no longer being developed in Windows 10, version 1903. | 1909 |
+| Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | 1903 |
+|Business Scanning, also called Distributed Scan Management (DSM)|We're removing this secure scanning and scanner management capability - there are no devices that support this feature.| 1809 |
+|[FontSmoothing setting](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-visualeffects-fontsmoothing) in unattend.xml|The FontSmoothing setting let you specify the font antialiasing strategy to use across the system. We've changed Windows 10 to use [ClearType](https://docs.microsoft.com/typography/cleartype/) by default, so we're removing this setting as it is no longer necessary. If you include this setting in the unattend.xml file, it'll be ignored.| 1809 |
+|Hologram app|We've replaced the Hologram app with the [Mixed Reality Viewer](https://support.microsoft.com/help/4041156/windows-10-mixed-reality-help). If you would like to create 3D word art, you can still do that in Paint 3D and view your art in VR or Hololens with the Mixed Reality Viewer.| 1809 |
+|limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.| 1809 |
+|Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.| 1809 |
+|Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| 1809 |
+|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC or to stream music from OneDrive. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| 1803 |
+|People - Suggestions will no longer include unsaved contacts for non-Microsoft accounts|Manually save the contact details for people you send mail to or get mail from.| 1803 |
+|Language control in the Control Panel| Use the Settings app to change your language settings.| 1803 |
+|HomeGroup|We are removing [HomeGroup](https://support.microsoft.com/help/17145) but not your ability to share printers, files, and folders.
When you update to Windows 10, version 1803, you won't see HomeGroup in File Explorer, the Control Panel, or Troubleshoot (**Settings > Update & Security > Troubleshoot**). Any printers, files, and folders that you shared using HomeGroup **will continue to be shared**.
Instead of using HomeGroup, you can now share printers, files and folders by using features that are built into Windows 10: - [Share your network printer](https://www.bing.com/search?q=share+printer+windows+10) - [Share files in File Explorer](https://support.microsoft.com/help/4027674/windows-10-share-files-in-file-explorer) | 1803 |
+|**Connect to suggested open hotspots** option in Wi-Fi settings |We previously [disabled the **Connect to suggested open hotspots** option](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) and are now removing it from the Wi-Fi settings page. You can manually connect to free wireless hotspots with **Network & Internet** settings, from the taskbar or Control Panel, or by using Wi-Fi Settings (for mobile devices).| 1803 |
+|XPS Viewer|We're changing the way you get XPS Viewer. In Windows 10, version 1709 and earlier versions, the app is included in the installation image. If you have XPS Viewer and you update to Windows 10, version 1803, there's no action required. You'll still have XPS Viewer.
However, if you install Windows 10, version 1803, on a new device (or as a clean installation), you may need to [install XPS Viewer from **Apps and Features** in the Settings app](https://docs.microsoft.com/windows/application-management/add-apps-and-features) or through [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). If you had XPS Viewer in Windows 10, version 1709, but manually removed it before updating, you'll need to manually reinstall it.| 1803 |
+|3D Builder app | No longer installed by default. Consider using Print 3D and Paint 3D in its place. However, 3D Builder is still available for download from the Windows Store.| 1709 |
+|Apndatabase.xml | For more information about the replacement database, see the following Hardware Dev Center articles: [MO Process to update COSA](/windows-hardware/drivers/mobilebroadband/planning-your-apn-database-submission) [COSA FAQ](/windows-hardware/drivers/mobilebroadband/cosa---faq) | 1709 |
+|Enhanced Mitigation Experience Toolkit (EMET) |Use of this feature will be blocked. Consider using [Exploit Protection](https://blogs.windows.com/windowsexperience/2017/06/28/) as a replacement. | 1709 |
+|Outlook Express | This legacy application will be removed due to lack of functionality. | 1709 |
+|Reader app | Functionality to be integrated into Microsoft Edge. | 1709 |
+|Reading List | Functionality to be integrated into Microsoft Edge. | 1709 |
+|Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
+|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 |
+|TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193).| 1709 |
+|Tile Data Layer |To be replaced by the Tile Store.| 1709 |
+|Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 |
+|By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 |
+|Interactive Service Detection Service| See [Interactive Services](https://docs.microsoft.com/windows/win32/services/interactive-services?redirectedfrom=MSDN) for guidance on how to keep software up to date. | 1703 |
+|Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 |
+|NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 |
+|Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 |
+|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md
index 57d74a1341..d162aa111d 100644
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ b/windows/deployment/planning/windows-to-go-overview.md
@@ -1,6 +1,6 @@
---
title: Windows To Go feature overview (Windows 10)
-description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
+description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive.
ms.assetid: 9df82b03-acba-442c-801d-56db241f8d42
ms.reviewer:
manager: laurawi
@@ -92,9 +92,9 @@ As of the date of publication, the following are the USB drives currently certif
> [!WARNING]
> Using a USB drive that has not been certified is not supported.
-- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714))
-- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717))
-- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718))
+- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://www.kingston.com/support/technical/products?model=dtws))
+- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://www.kingston.com/support/technical/products?model=dtws))
+- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://www.kingston.com/support/technical/products?model=dtws))
- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index dc4e379e29..c46b4cc2da 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -1,206 +1,114 @@
----
-title: Windows Updates using forward and reverse differentials
-description: A technique to produce compact software updates optimized for any origin and destination revision pair
-keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.author: greglin
-ms.date: 10/18/2018
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-
-# Windows Updates using forward and reverse differentials
-
-
-Windows 10 monthly quality updates are cumulative, containing all previously
-released fixes to ensure consistency and simplicity. For an operating system
-platform like Windows 10, which stays in support for multiple years, the size of
-monthly quality updates can quickly grow large, thus directly impacting network
-bandwidth consumption.
-
-Today, this problem is addressed by using express downloads, where differential
-downloads for every changed file in the update are generated based on selected
-historical revisions plus the base version. In this paper, we introduce a new
-technique to build compact software update packages that are applicable to any
-revision of the base version, and then describe how Windows 10 quality updates
-uses this technique.
-
-## General Terms
-
-The following general terms apply throughout this document:
-
-- *Base version*: A major software release with significant changes, such as
- Windows 10, version 1809 (Windows 10 Build 17763.1)
-
-- *Revision*: Minor releases in between the major version releases, such as
- KB4464330 (Windows 10 Build 17763.55)
-
-- *Baseless Patch Storage Files (Baseless PSF)*: Patch storage files that
- contain full binaries or files
-
-## Introduction
-
-In this paper, we introduce a new technique that can produce compact software
-updates optimized for any origin/destination revision pair. It does this by
-calculating forward the differential of a changed file from the base version and
-its reverse differential back to the base version. Both forward and reverse
-differentials are then packaged as an update and distributed to the endpoints
-running the software to be updated. The update package contents can be symbolized as follows:
-
-
-
-The endpoints that have the base version of the file (V0) hydrate the target
-revision (VN) by applying a simple transformation:
-
-
-
-The endpoints that have revision N of the file (VN), hydrate the target revision
-(VR) by applying the following set of transformations:
-
-
-
-The endpoints retain the reverse differentials for the software revision they
-are on, so that it can be used for hydrating and applying next revision update.
-
-By using a common baseline, this technique produces a single update package with
-numerous advantages:
-
-- Compact in size
-
-- Applicable to all baselines
-
-- Simple to build
-
-- Efficient to install
-
-- Redistributable
-
-Historically, download sizes of Windows 10 quality updates (Windows 10, version
-1803 and older supported versions of Windows 10) are optimized by using express
-download. Express download is optimized such that updating Windows 10 systems
-will download the minimum number of bytes. This is achieved by generating
-differentials for every updated file based on selected historical base revisions
-of the same file + its base or RTM version.
-
-For example, if the October monthly quality update has updated Notepad.exe,
-differentials for Notepad.exe file changes from September to October, August to
-October, July to October, June to October, and from the original feature release
-to October are generated. All these differentials are stored in a Patch Storage
-File (PSF, also referred to as “express download files”) and hosted or cached on
-Windows Update or other update management or distribution servers (for example,
-Windows Server Update Services (WSUS), System Center Configuration Manager, or a
-non-Microsoft update management or distribution server that supports express
-updates). A device leveraging express updates uses network protocol to determine
-optimal differentials, then downloads only what is needed from the update
-distribution endpoints.
-
-The flipside of express download is that the size of PSF files can be very large
-depending on the number of historical baselines against which differentials were
-calculated. Downloading and caching large PSF files to on-premises or remote
-update distribution servers is problematic for most organizations, hence they
-are unable to leverage express updates to keep their fleet of devices running
-Windows 10 up to date. Secondly, due to the complexity of generating
-differentials and size of the express files that need to be cached on update
-distribution servers, it is only feasible to generate express download files for
-the most common baselines, thus express updates are only applicable to selected
-baselines. Finally, calculation of optimal differentials is expensive in terms
-of system memory utilization, especially for low-cost systems, impacting their
-ability to download and apply an update seamlessly.
-
-In the following sections, we describe how Windows 10 quality updates will
-leverage this technique based on forward and reverse differentials for newer
-releases of Windows 10 and Windows Server to overcome the challenges with
-express downloads.
-
-## High-level Design
-
-### Update packaging
-
-Windows 10 quality update packages will contain forward differentials from
-quality update RTM baselines (∆RTM→N) and reverse differentials back to RTM
-(∆N→RTM) for each file that has changed since RTM. By using the RTM version as
-the baseline, we ensure that all devices will have an identical payload. Update
-package metadata, content manifests, and forward and reverse differentials will
-be packaged into a cabinet file (.cab). This .cab file, and the applicability
-logic, will also be wrapped in Microsoft Standalone Update (.msu) format.
-
-There can be cases where new files are added to the system during servicing.
-These files will not have RTM baselines, thus forward and reverse differentials
-cannot be used. In these scenarios, null differentials will be used to handle
-servicing. Null differentials are the slightly compressed and optimized version
-of the full binaries. Update packages can have either
-forward or reverse differentials, or null differential of any given binary in
-them. The following image symbolizes the content of a Windows 10 quality update installer:
-
-
-
-### Hydration and installation
-
-Once the usual applicability checks are performed on the update package and are
-determined to be applicable, the Windows component servicing infrastructure will
-hydrate the full files during pre-installation and then proceed with the usual
-installation process.
-
-Below is a high-level sequence of activities that the component servicing
-infrastructure will run in a transaction to complete installation of the update:
-
-- Identify all files that are required to install the update.
-
-- Hydrate each of necessary files using current version (VN) of the file,
- reverse differential (VN--->RTM) of the file back to quality update RTM/base
- version and forward differential (VRTM--->R) from feature update RTM/base
- version to the target version. Also, use null differential hydration to
- hydrate null compressed files.
-
-- Stage the hydrated files (full file), forward differentials (under ‘f’
- folder) and reverse differentials (under ‘r’ folder) or null compressed
- files (under ‘n’ folder) in the component store (%windir%\\WinSxS folder).
-
-- Resolve any dependencies and install components.
-
-- Clean up older state (VN-1); the previous state VN is retained for
- uninstallation and restoration or repair.
-
-### **Resilient Hydration**
-
-To ensure resiliency against component store corruption or missing files that
-could occur due to susceptibility of certain types of hardware to file system
-corruption, a corruption repair service has been traditionally used to recover
-the component store automatically (“automatic corruption repair”) or on demand
-(“manual corruption repair”) using an online or local repair source. This
-service will continue to offer the ability to repair and recover content for
-hydration and successfully install an update, if needed.
-
-When corruption is detected during update operations, automatic corruption
-repair will start as usual and use the Baseless Patch Storage File published to
-Windows Update for each update to fix corrupted manifests, binary differentials,
-or hydrated or full files. Baseless patch storage files will contain reverse and
-forward differentials and full files for each updated component. Integrity of
-the repair files will be hash verified.
-
-Corruption repair will use the component manifest to detect missing files and
-get hashes for corruption detection. During update installation, new registry
-flags for each differential staged on the machine will be set. When automatic
-corruption repair runs, it will scan hydrated files using the manifest and
-differential files using the flags. If the differential cannot be found or
-verified, it will be added to the list of corruptions to repair.
-
-### Lazy automatic corruption repair
-
-“Lazy automatic corruption repair” runs during update operations to detect
-corrupted binaries and differentials. While applying an update, if hydration of
-any file fails, "lazy" automatic corruption repair automatically starts,
-identifies the corrupted binary or differential file, and then adds it to the
-corruption list. Later, the update operation continues as far as it can go, so
-that "lazy" automatic corruption repair can collect as many corrupted files to fix
-as possible. At the end of the hydration section, the update fails, and
-automatic corruption repair starts. Automatic corruption repair runs as usual
-and at the end of its operation, adds the corruption list generated by "lazy"
-automatic corruption repair on top of the new list to repair. Automatic
-corruption repair then repairs the files on the corruption list and installation
-of the update will succeed on the next attempt.
+---
+title: Windows Updates using forward and reverse differentials
+description: A technique to produce compact software updates optimized for any origin and destination revision pair
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer:
+manager: laurawi
+ms.topic: article
+---
+
+# Windows Updates using forward and reverse differentials
+
+Windows 10 monthly quality updates are cumulative, containing all previously
+released fixes to ensure consistency and simplicity. For an operating system
+platform like Windows 10, which stays in support for multiple years, the size of
+monthly quality updates can quickly grow large, thus directly impacting network
+bandwidth consumption.
+
+Today, this problem is addressed by using express downloads, where differential
+downloads for every changed file in the update are generated based on selected
+historical revisions plus the base version. In this paper, we introduce a new
+technique to build compact software update packages that are applicable to any
+revision of the base version, and then describe how Windows 10 quality updates
+uses this technique.
+
+## General Terms
+
+The following general terms apply throughout this document:
+
+- *Base version*: A major software release with significant changes, such as Windows 10, version 1809 (Windows 10 Build 17763.1)
+- *Revision*: Minor releases in between the major version releases, such as KB4464330 (Windows 10 Build 17763.55)
+- *Baseless Patch Storage Files (Baseless PSF)*: Patch storage files that contain full binaries or files
+
+## Introduction
+
+In this paper, we introduce a new technique that can produce compact software
+updates optimized for any origin/destination revision pair. It does this by
+calculating forward the differential of a changed file from the base version and
+its reverse differential back to the base version. Both forward and reverse
+differentials are then packaged as an update and distributed to the endpoints
+running the software to be updated. The update package contents can be symbolized as follows:
+
+
+
+The endpoints that have the base version of the file (V0) hydrate the target
+revision (VN) by applying a simple transformation:
+
+
+
+The endpoints that have revision N of the file (VN), hydrate the target revision
+(VR) by applying the following set of transformations:
+
+
+
+The endpoints retain the reverse differentials for the software revision they
+are on, so that it can be used for hydrating and applying next revision update.
+
+By using a common baseline, this technique produces a single update package with
+numerous advantages:
+
+- Compact in size
+- Applicable to all baselines
+- Simple to build
+- Efficient to install
+- Redistributable
+
+Historically, download sizes of Windows 10 quality updates (Windows 10, version 1803 and older supported versions of Windows 10) are optimized by using express download. Express download is optimized such that updating Windows 10 systems will download the minimum number of bytes. This is achieved by generating differentials for every updated file based on selected historical base revisions of the same file + its base or RTM version.
+
+For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as “express download files”) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), System Center Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device leveraging express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
+
+The flip side of express download is that the size of PSF files can be very large depending on the number of historical baselines against which differentials were calculated. Downloading and caching large PSF files to on-premises or remote update distribution servers is problematic for most organizations, hence they are unable to leverage express updates to keep their fleet of devices running Windows 10 up to date. Secondly, due to the complexity of generating differentials and size of the express files that need to be cached on update distribution servers, it is only feasible to generate express download files for the most common baselines, thus express updates are only applicable to selected baselines. Finally, calculation of optimal differentials is expensive in terms of system memory utilization, especially for low-cost systems, impacting their ability to download and apply an update seamlessly.
+
+In the following sections, we describe how Windows 10 quality updates will leverage this technique based on forward and reverse differentials for newer releases of Windows 10 and Windows Server to overcome the challenges with express downloads.
+
+## High-level Design
+
+### Update packaging
+
+Windows 10 quality update packages will contain forward differentials from quality update RTM baselines (∆RTM→N) and reverse differentials back to RTM (∆N→RTM) for each file that has changed since RTM. By using the RTM version as the baseline, we ensure that all devices will have an identical payload. Update package metadata, content manifests, and forward and reverse differentials will be packaged into a cabinet file (.cab). This .cab file, and the applicability logic, will also be wrapped in Microsoft Standalone Update (.msu) format.
+
+There can be cases where new files are added to the system during servicing. These files will not have RTM baselines, thus forward and reverse differentials cannot be used. In these scenarios, null differentials will be used to handle servicing. Null differentials are the slightly compressed and optimized version of the full binaries. Update packages can have either forward or reverse differentials, or null differential of any given binary in them. The following image symbolizes the content of a Windows 10 quality update installer:
+
+
+
+### Hydration and installation
+
+Once the usual applicability checks are performed on the update package and are determined to be applicable, the Windows component servicing infrastructure will hydrate the full files during pre-installation and then proceed with the usual installation process.
+
+Below is a high-level sequence of activities that the component servicing infrastructure will run in a transaction to complete installation of the update:
+
+- Identify all files that are required to install the update.
+- Hydrate each of necessary files using current version (VN) of the file, reverse differential (VN--->RTM) of the file back to quality update RTM/base version and forward differential (VRTM--->R) from feature update RTM/base version to the target version. Also, use null differential hydration to hydrate null compressed files.
+- Stage the hydrated files (full file), forward differentials (under ‘f’ folder) and reverse differentials (under ‘r’ folder) or null compressed files (under ‘n’ folder) in the component store (%windir%\\WinSxS folder).
+- Resolve any dependencies and install components.
+- Clean up older state (VN-1); the previous state VN is retained for uninstallation and restoration or repair.
+
+### **Resilient Hydration**
+
+To ensure resiliency against component store corruption or missing files that could occur due to susceptibility of certain types of hardware to file system corruption, a corruption repair service has been traditionally used to recover the component store automatically (“automatic corruption repair”) or on demand (“manual corruption repair”) using an online or local repair source. This service will continue to offer the ability to repair and recover content for
+hydration and successfully install an update, if needed.
+
+When corruption is detected during update operations, automatic corruption repair will start as usual and use the Baseless Patch Storage File published to Windows Update for each update to fix corrupted manifests, binary differentials, or hydrated or full files. Baseless patch storage files will contain reverse and forward differentials and full files for each updated component. Integrity of the repair files will be hash verified.
+
+Corruption repair will use the component manifest to detect missing files and get hashes for corruption detection. During update installation, new registry flags for each differential staged on the machine will be set. When automatic corruption repair runs, it will scan hydrated files using the manifest and differential files using the flags. If the differential cannot be found or verified, it will be added to the list of corruptions to repair.
+
+### Lazy automatic corruption repair
+
+“Lazy automatic corruption repair” runs during update operations to detect corrupted binaries and differentials. While applying an update, if hydration of any file fails, "lazy" automatic corruption repair automatically starts, identifies the corrupted binary or differential file, and then adds it to the corruption list. Later, the update operation continues as far as it can go, so that "lazy" automatic corruption repair can collect as many corrupted files to fix as possible. At the end of the hydration section, the update fails, and automatic corruption repair starts. Automatic corruption repair runs as usual and at the end of its operation, adds the corruption list generated by "lazy" automatic corruption repair on top of the new list to repair. Automatic corruption repair then repairs the files on the corruption list and installation of the update will succeed on the next attempt.
diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
index 20ecac8ae7..3534c08c5c 100644
--- a/windows/deployment/update/WIP4Biz-intro.md
+++ b/windows/deployment/update/WIP4Biz-intro.md
@@ -1,74 +1,69 @@
----
-title: Introduction to the Windows Insider Program for Business
-description: Introduction to the Windows Insider Program for Business and why IT Pros should join it
-keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, WiP4Biz, enterprise, rings, flight
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.audience: itpro
author: greg-lindsay
-ms.date: 03/01/2018
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-
-# Introduction to the Windows Insider Program for Business
-
-
-**Applies to**
-
-- Windows 10
-
-> **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
-For many IT Pros, it's valuable to have visibility into feature updates early--before they’re available in the Semi-Annual Channel. With Windows 10, feature flighting enables participants in the Windows Insider Preview program can consume and deploy preproduction code to test devices, gaining early visibility into the next build. This is better for your organization because you can test the early builds of Windows 10 to discover possible issues with the code or with device and app compatibility in your organization before the update is ever publicly available. We at Microsoft also appreciate it because Insiders can report issues back to us in time for us to make improvements in a release before it is more generally available.
-
-The Windows Insider Program for Business gives you the opportunity to:
-
-* Get early access to Windows Insider Preview Builds.
-* Provide feedback to Microsoft in real time by using the Feedback Hub app.
-* Sign in with corporate credentials (Azure Active Directory) and increase the visibility of your organization's feedback with Microsoft – especially on features that support your productivity and business needs.
-* Register your Azure Active Directory domain in the program, allowing you to cover all users within your organization with just one registration.
-* Starting with Windows 10, version 1709, enable, disable, defer, and pause the installation of preview builds through policies.
-* Track feedback provided through the Feedback Hub App across your organization.
-
-Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans, and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub App.
-
-The Windows Insider Program doesn't replace Semi-Annual Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft.
-
-
-[](images/WIP4Biz_deployment.png)
-Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments.
-
-
-## Explore new Windows 10 features in Insider Previews
-Windows 10 Insider Preview builds offer organizations a valuable and exciting opportunity to evaluate new Windows features well before general release. What’s more, by providing feedback to Microsoft on these features, you and other Insiders in your organization can help shape Windows for your specific business needs. Here’s how to get the most out of your feature exploration:
-
-|Objective |Feature exploration|
-|---------|---------|
-|Release channel |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.|
-|Users | Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices. |
-|Tasks | - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices) - Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications - Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features. |
-|Feedback | - Provide feedback via [Feedback Hub app](insiderhub://home/). This helps us make adjustments to features as quickly as possible. - Encourage users to sign into the Feedback Hub using their AAD work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.) - [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/en-us/how-to-feedback/) |
-
-## Validate Insider Preview builds
-Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. This activity can play an important role in your [Windows 10 deployment strategy](https://docs.microsoft.com/windows/deployment/update/waas-windows-insider-for-business). Early validation has several benefits:
-
-- Get a head start on your Windows validation process
-- Identify issues sooner to accelerate your Windows deployment
-- Engage Microsoft earlier for help with potential compatibility issues
-- Deploy Windows 10 Semi-Annual releases faster and more confidently
-- Maximize the 18-month support Window that comes with each Semi-Annual release.
-
-
-
-|Objective |Feature exploration|
-|---------|---------|
-|Release channel |**Slow Ring:** Insider Preview builds in the Slow Ring are released approximately once a month. They are more stable than Fast Ring releases, making them better suited for validation purposes. Slow Ring releases can be run on either secondary or primary production devices by skilled users.|
-|Users | Application and infrastructure validation: In addition to Insiders who might have participated in feature exploration, we also recommend including a small group of application users from each business department to ensure a representative sample.|
-|Tasks | Application and infrastructure validation: Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) and [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) pages for updates on current issues and fixes. |
-|Feedback | Application and infrastructure validation:Provide feedback in the Feedback Hub app and also inform app vendors of any significant issues. |
-|Guidance | Application and infrastructure validation: - [Use Upgrade Readiness to create an app inventory and identify mission-critical apps](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-identify-apps) - [Use Device Health to identify problem devices and device drivers](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) - [Windows 10 application compatibility](https://technet.microsoft.com/windows/mt703793)|
-
+---
+title: Introduction to the Windows Insider Program for Business
+description: Introduction to the Windows Insider Program for Business and why IT Pros should join
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, WiP4Biz, enterprise, rings, flight
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.localizationprioauthor: jaimeo
+ms.audience: itpro
+author: jaimeo
+ms.reviewer:
+manager: laurawi
+ms.topic: article
+---
+
+# Introduction to the Windows Insider Program for Business
+
+**Applies to**
+
+- Windows 10
+
+> **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+
+For many IT Pros, it's valuable to have visibility into feature updates early--before they’re available in the Semi-Annual Channel. With Windows 10, feature flighting enables participants in the Windows Insider Preview program can consume and deploy preproduction code to test devices, gaining early visibility into the next build. This is better for your organization because you can test the early builds of Windows 10 to discover possible issues with the code or with device and app compatibility in your organization before the update is ever publicly available. We at Microsoft also appreciate it because Insiders can report issues back to us in time for us to make improvements in a release before it is more generally available.
+
+The Windows Insider Program for Business gives you the opportunity to:
+
+* Get early access to Windows Insider Preview Builds.
+* Provide feedback to Microsoft in real time by using the Feedback Hub app.
+* Sign in with corporate credentials (Azure Active Directory) and increase the visibility of your organization's feedback with Microsoft – especially on features that support your productivity and business needs.
+* Register your Azure Active Directory domain in the program, allowing you to cover all users within your organization with just one registration.
+* Starting with Windows 10, version 1709, enable, disable, defer, and pause the installation of preview builds through policies.
+* Track feedback provided through the Feedback Hub App across your organization.
+
+Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans, and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub App.
+
+The Windows Insider Program doesn't replace Semi-Annual Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft.
+
+[](images/WIP4Biz_deployment.png)
+Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments.
+
+## Explore new Windows 10 features in Insider Previews
+Windows 10 Insider Preview builds offer organizations a valuable and exciting opportunity to evaluate new Windows features well before general release. What’s more, by providing feedback to Microsoft on these features, you and other Insiders in your organization can help shape Windows for your specific business needs. Here’s how to get the most out of your feature exploration:
+
+|Objective |Feature exploration|
+|---------|---------|
+|Release channel |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.|
+|Users | Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices. |
+|Tasks | - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices) - Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications - Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features. |
+|Feedback | - Provide feedback via [Feedback Hub app](insiderhub://home/). This helps us make adjustments to features as quickly as possible. - Encourage users to sign into the Feedback Hub using their AAD work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.) - [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/how-to-feedback/) |
+
+## Validate Insider Preview builds
+Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. This activity can play an important role in your [Windows 10 deployment strategy](https://docs.microsoft.com/windows/deployment/update/waas-windows-insider-for-business). Early validation has several benefits:
+
+- Get a head start on your Windows validation process
+- Identify issues sooner to accelerate your Windows deployment
+- Engage Microsoft earlier for help with potential compatibility issues
+- Deploy Windows 10 Semi-Annual releases faster and more confidently
+- Maximize the 18-month support Window that comes with each Semi-Annual release.
+
+|Objective |Feature exploration|
+|---------|---------|
+|Release channel |**Slow Ring:** Insider Preview builds in the Slow Ring are released approximately once a month. They are more stable than Fast Ring releases, making them better suited for validation purposes. Slow Ring releases can be run on either secondary or primary production devices by skilled users.|
+|Users | Application and infrastructure validation: In addition to Insiders who might have participated in feature exploration, we also recommend including a small group of application users from each business department to ensure a representative sample.|
+|Tasks | Application and infrastructure validation: Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) and [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) pages for updates on current issues and fixes. |
+|Feedback | Application and infrastructure validation:Provide feedback in the Feedback Hub app and also inform app vendors of any significant issues. |
+|Guidance | Application and infrastructure validation: - [Use Upgrade Readiness to create an app inventory and identify mission-critical apps](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-identify-apps) - [Use Device Health to identify problem devices and device drivers](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) - [Windows 10 application compatibility](https://technet.microsoft.com/windows/mt703793)|
\ No newline at end of file
diff --git a/windows/deployment/update/change-history-for-update-windows-10.md b/windows/deployment/update/change-history-for-update-windows-10.md
index 135d1670a5..99bb88d5a4 100644
--- a/windows/deployment/update/change-history-for-update-windows-10.md
+++ b/windows/deployment/update/change-history-for-update-windows-10.md
@@ -1,52 +1,52 @@
----
-title: Change history for Update Windows 10 (Windows 10)
-description: This topic lists new and updated topics in the Update Windows 10 documentation for Windows 10 and Windows 10 Mobile.
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.date: 09/18/2018
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-
-# Change history for Update Windows 10
-
-This topic lists new and updated topics in the [Update Windows 10](index.md) documentation for [Deploy and Update Windows 10](https://docs.microsoft.com/windows/deployment).
-
->If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
-
-## September 2018
-
-| New or changed topic | Description |
-| --- | --- |
-| [Get started with Windows Update](windows-update-overview.md) | New |
-
-
-## RELEASE: Windows 10, version 1709
-
-The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update).
-
-## September 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [Olympia Corp](olympia/olympia-enrollment-guidelines.md) | New |
-
-## July 2017
-
-All topics were updated to reflect the new [naming changes](waas-overview.md#naming-changes).
-
-## May 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [Manage additional Windows Update settings](waas-wu-settings.md) | New |
-
-## RELEASE: Windows 10, version 1703
-
-The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added:
-* [Windows Insider Program for Business](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-get-started)
-* [Windows Insider Program for Business](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-register)
+---
+title: Change history for Update Windows 10 (Windows 10)
+description: This topic lists new and updated topics in the Update Windows 10 documentation for Windows 10 and Windows 10 Mobile.
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.reviewer:
+manager: laurawi
+ms.topic: article
+---
+
+# Change history for Update Windows 10
+
+This topic lists new and updated topics in the [Update Windows 10](index.md) documentation for [Deploy and Update Windows 10](https://docs.microsoft.com/windows/deployment).
+
+>If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
+
+## September 2018
+
+| New or changed topic | Description |
+| --- | --- |
+| [Get started with Windows Update](windows-update-overview.md) | New |
+
+
+## RELEASE: Windows 10, version 1709
+
+The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update).
+
+## September 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Olympia Corp](olympia/olympia-enrollment-guidelines.md) | New |
+
+## July 2017
+
+All topics were updated to reflect the new [naming changes](waas-overview.md#naming-changes).
+
+## May 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Manage additional Windows Update settings](waas-wu-settings.md) | New |
+
+## RELEASE: Windows 10, version 1703
+
+The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added:
+* [Windows Insider Program for Business](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-get-started)
+* [Windows Insider Program for Business](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-register)
diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md
index eb1b10ab08..e716dce744 100644
--- a/windows/deployment/update/device-health-get-started.md
+++ b/windows/deployment/update/device-health-get-started.md
@@ -1,78 +1,81 @@
----
-title: Get started with Device Health
-description: Configure Device Health in Azure Monitor to monitor health (such as crashes and sign-in failures) for your Windows 10 devices.
-keywords: Device Health, oms, operations management suite, prerequisites, requirements, monitoring, crash, drivers, azure
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.date: 10/29/2018
-ms.reviewer:
-manager: laurawi
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.localizationpriority: medium
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Get started with Device Health
-
-This topic explains the steps necessary to configure your environment for Windows Analytics Device Health.
-
-- [Get started with Device Health](#get-started-with-device-health)
- - [Add the Device Health solution to your Azure subscription](#add-the-device-health-solution-to-your-azure-subscription)
- - [Enroll devices in Windows Analytics](#enroll-devices-in-windows-analytics)
- - [Use Device Health to monitor device crashes, app crashes, sign-in failures, and more](#use-device-health-to-monitor-device-crashes-app-crashes-sign-in-failures-and-more)
- - [Related topics](#related-topics)
-
-
-
-## Add the Device Health solution to your Azure subscription
-
-Device Health is offered as a *solution* which you link to a new or existing [Azure Monitor](https://azure.microsoft.com/services/monitor/) *workspace* within your Azure *subscription*. To configure this, follows these steps:
-
-1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
-
- >[!NOTE]
- > Device Health is included at no additional cost with Windows 10 [education and enterprise licensing](https://docs.microsoft.com/windows/deployment/update/device-health-monitor#device-health-licensing). An Azure subscription is required for managing and using Device Health, but no Azure charges are expected to accrue to the subscription as a result of using Device Health.
-
-2. In the Azure portal select **Create a resource**, search for "Device Health", and then select **Create** on the **Device Health** solution.
- 
-
- 
-3. Choose an existing workspace or create a new workspace to host the Device Health solution.
- 
- - If you are using other Windows Analytics solutions (Upgrade Readiness or Update Compliance) you should add Device Health to the same workspace.
- - If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
- - Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
- - For the resource group setting select **Create new** and use the same name you chose for your new workspace.
- - For the location setting, choose the Azure region where you would prefer the data to be stored.
- - For the pricing tier select **per GB**.
-4. Now that you have selected a workspace, you can go back to the Device Health blade and select **Create**.
- 
-5. Watch for a Notification (in the Azure portal) that "Deployment 'Microsoft.DeviceHealth' to resource group 'YourResourceGroupName' was successful." and then select **Go to resource** This might take several minutes to appear.
- 
- - Suggestion: Choose the **Pin to Dashboard** option to make it easy to navigate to your newly added Device Health solution.
- - Suggestion: If a "resource unavailable" error occurs when navigating to the solution, try again after one hour.
-
-## Enroll devices in Windows Analytics
-
-Once you've added Device Health to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Device Health there are two key steps for enrollment:
-1. Deploy your CommercialID (from Device Health Settings page) to your Windows 10 devices (typically using Group Policy or similar)
-2. Ensure the Windows Diagnostic Data setting on devices is set to Enhanced or Full (typically using Group Policy or similar). Note that the [Limit Enhanced](https://docs.microsoft.com/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields) policy can substantially reduce the amount of diagnostic data shared with Microsoft while still allowing Device Health to function.
-For full enrollment instructions and troubleshooting, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
-
-After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it may take 48-72 hours for the first data to appear in the solution. Until then, the Device Health tile will show "Performing Assessment."
-
-## Use Device Health to monitor device crashes, app crashes, sign-in failures, and more
-
-Once your devices are enrolled and data is flowing, you can move on to [Using Device Health](device-health-using.md).
-
->[!NOTE]
->You can remove the Device Health solution from your workspace if you no longer want to monitor your organization’s devices. Windows diagnostic data will continue to be shared with Microsoft as normal as per the diagnostic data sharing settings on the devices.
-
-## Related topics
-
-[Use Device Health to monitor frequency and causes of device crashes](device-health-using.md)
-For the latest information on Windows Analytics, including new features and usage tips, see the [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics)
+---
+title: Get started with Device Health
+description: Configure Device Health in Azure Monitor to monitor health (such as crashes and sign-in failures) for your Windows 10 devices.
+keywords: Device Health, oms, operations management suite, prerequisites, requirements, monitoring, crash, drivers, azure
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.reviewer:
+manager: laurawi
+ms.pagetype: deploy
+audience: itpro
+author: jaimeo
+ms.author: jaimeo
+ms.localizationpriority: medium
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Get started with Device Health
+
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement).
+
+This topic explains the steps necessary to configure your environment for Windows Analytics Device Health.
+
+- [Get started with Device Health](#get-started-with-device-health)
+ - [Add the Device Health solution to your Azure subscription](#add-the-device-health-solution-to-your-azure-subscription)
+ - [Enroll devices in Windows Analytics](#enroll-devices-in-windows-analytics)
+ - [Use Device Health to monitor device crashes, app crashes, sign-in failures, and more](#use-device-health-to-monitor-device-crashes-app-crashes-sign-in-failures-and-more)
+ - [Related topics](#related-topics)
+
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement).
+
+## Add the Device Health solution to your Azure subscription
+
+Device Health is offered as a *solution* which you link to a new or existing [Azure Monitor](https://azure.microsoft.com/services/monitor/) *workspace* within your Azure *subscription*. To configure this, follows these steps:
+
+1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
+
+ >[!NOTE]
+ > Device Health is included at no additional cost with Windows 10 [education and enterprise licensing](https://docs.microsoft.com/windows/deployment/update/device-health-monitor#device-health-licensing). An Azure subscription is required for managing and using Device Health, but no Azure charges are expected to accrue to the subscription as a result of using Device Health.
+
+2. In the Azure portal select **Create a resource**, search for "Device Health", and then select **Create** on the **Device Health** solution.
+ 
+
+ 
+3. Choose an existing workspace or create a new workspace to host the Device Health solution.
+ 
+ - If you are using other Windows Analytics solutions (Upgrade Readiness or Update Compliance) you should add Device Health to the same workspace.
+ - If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
+ - Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
+ - For the resource group setting select **Create new** and use the same name you chose for your new workspace.
+ - For the location setting, choose the Azure region where you would prefer the data to be stored.
+ - For the pricing tier select **per GB**.
+4. Now that you have selected a workspace, you can go back to the Device Health blade and select **Create**.
+ 
+5. Watch for a Notification (in the Azure portal) that "Deployment 'Microsoft.DeviceHealth' to resource group 'YourResourceGroupName' was successful." and then select **Go to resource** This might take several minutes to appear.
+ 
+ - Suggestion: Choose the **Pin to Dashboard** option to make it easy to navigate to your newly added Device Health solution.
+ - Suggestion: If a "resource unavailable" error occurs when navigating to the solution, try again after one hour.
+
+## Enroll devices in Windows Analytics
+
+Once you've added Device Health to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Device Health there are two key steps for enrollment:
+1. Deploy your CommercialID (from Device Health Settings page) to your Windows 10 devices (typically using Group Policy or similar)
+2. Ensure the Windows Diagnostic Data setting on devices is set to Enhanced or Full (typically using Group Policy or similar). Note that the [Limit Enhanced](https://docs.microsoft.com/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields) policy can substantially reduce the amount of diagnostic data shared with Microsoft while still allowing Device Health to function.
+For full enrollment instructions and troubleshooting, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
+
+After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it may take 48-72 hours for the first data to appear in the solution. Until then, the Device Health tile will show "Performing Assessment."
+
+## Use Device Health to monitor device crashes, app crashes, sign-in failures, and more
+
+Once your devices are enrolled and data is flowing, you can move on to [Using Device Health](device-health-using.md).
+
+>[!NOTE]
+>You can remove the Device Health solution from your workspace if you no longer want to monitor your organization’s devices. Windows diagnostic data will continue to be shared with Microsoft as normal as per the diagnostic data sharing settings on the devices.
+
+## Related topics
+
+[Use Device Health to monitor frequency and causes of device crashes](device-health-using.md)
+For the latest information on Windows Analytics, including new features and usage tips, see the [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics)
diff --git a/windows/deployment/update/device-health-monitor.md b/windows/deployment/update/device-health-monitor.md
index 027f6cd65b..7274c2a591 100644
--- a/windows/deployment/update/device-health-monitor.md
+++ b/windows/deployment/update/device-health-monitor.md
@@ -1,84 +1,88 @@
----
-title: Monitor the health of devices with Device Health
-ms.reviewer:
-manager: laurawi
-description: You can use Device Health in Azure Portal to monitor the frequency and causes of crashes and misbehaving apps on devices in your network.
-keywords: oms, operations management suite, wdav, health, log analytics
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.localizationpriority: medium
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Monitor the health of devices with Device Health
-
-## Introduction
-
-Device Health is the newest Windows Analytics solution that complements the existing Upgrade Readiness and Update Compliance solutions by providing IT with reports on some common problems the end users might experience so they can be proactively remediated, thus saving support calls and improving end-user productivity.
-
-Like Upgrade Readiness and Update Compliance, Device Health is a solution built in Azure Portal, a cloud-based monitoring and automation service that has a flexible servicing subscription based on data usage and retention. This release is free for customers to try and will not incur charges on your Azure Portal workspace for its use. For more information about Azure Portal, see [Windows Analytics in the Azure Portal](windows-analytics-azure-portal.md) .
-
-Device Health uses Windows diagnostic data that is part of all Windows 10 devices. If you have already employed Upgrade Readiness or Update Compliance solutions, all you need to do is select Device Health from the Azure Portal solution gallery and add it to your Azure Portal workspace. Device Health requires enhanced diagnostic data, so you might need to implement this policy if you've not already done so.
-
-
-Device Health provides the following:
-
-- Identification of devices that crash frequently, and therefore might need to be rebuilt or replaced
-- Identification of device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes
-- Notification of Windows Information Protection misconfigurations that send prompts to end users
-- No need for new complex customized infrastructure, thanks to cloud-connected access using Windows 10 diagnostic data
-
-See the following topics in this guide for detailed information about configuring and using the Device Health solution:
-
-- [Get started with Device Health](device-health-get-started.md): How to add Device Health to your environment.
-- [Using Device Health](device-health-using.md): How to begin using Device Health.
-
-An overview of the processes used by the Device Health solution is provided below.
-
-## Device Health licensing
-
-Use of Windows Analytics Device Health requires one of the following licenses:
-
-- Windows 10 Enterprise or Windows 10 Education per-device with active Software Assurance
-- Windows 10 Enterprise E3 or E5 per-device or per-user subscription (including Microsoft 365 F1, E3, or E5)
-- Windows 10 Education A3 or A5 (including Microsoft 365 Education A3 or A5)
-- Windows VDA E3 or E5 per-device or per-user subscription
-
-
-You don't have to install Windows 10 Enterprise on a per-device basis--you just need enough of the above licenses for the number of devices using Device Health.
-
-
-## Device Health architecture
-
-The Device Health architecture and data flow is summarized by the following five-step process:
-
-
-
-**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
-**(2)** Diagnostic data is analyzed by the Microsoft Telemetry Service.
-**(3)** Diagnostic data is pushed from the Microsoft Telemetry Service to your Azure Portal workspace.
-**(4)** Diagnostic data is available in the Device Health solution.
-**(5)** You are now able to proactively monitor Device Health issues in your environment.
-
-These steps are illustrated in following diagram:
-
- [](images/analytics-architecture.png)
-
->[!NOTE]
->This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
-
-
-
-
-## Related topics
-
-[Get started with Device Health](device-health-get-started.md)
-
-[Use Device Health to monitor frequency and causes of device crashes](device-health-using.md)
-
-For the latest information on Windows Analytics, including new features and usage tips, see the [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics)
+---
+title: Monitor the health of devices with Device Health
+ms.reviewer:
+manager: laurawi
+description: You can use Device Health in Azure Portal to monitor the frequency and causes of crashes and misbehaving apps on devices in your network.
+keywords: oms, operations management suite, wdav, health, log analytics
+ms.prod: w10
+ms.mktglfcycl: deploy
+
+ms.localizationpriority: medium
+ms.pagetype: deploy
+audience: itpro
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Monitor the health of devices with Device Health
+
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement).
+
+## Introduction
+
+Device Health is the newest Windows Analytics solution that complements the existing Upgrade Readiness and Update Compliance solutions by providing IT with reports on some common problems the end users might experience so they can be proactively remediated, thus saving support calls and improving end-user productivity.
+
+Like Upgrade Readiness and Update Compliance, Device Health is a solution built in Azure Portal, a cloud-based monitoring and automation service that has a flexible servicing subscription based on data usage and retention. This release is free for customers to try and will not incur charges on your Azure Portal workspace for its use. For more information about Azure Portal, see [Windows Analytics in the Azure Portal](windows-analytics-azure-portal.md) .
+
+Device Health uses Windows diagnostic data that is part of all Windows 10 devices. If you have already employed Upgrade Readiness or Update Compliance solutions, all you need to do is select Device Health from the Azure Portal solution gallery and add it to your Azure Portal workspace. Device Health requires enhanced diagnostic data, so you might need to implement this policy if you've not already done so.
+
+
+Device Health provides the following:
+
+- Identification of devices that crash frequently, and therefore might need to be rebuilt or replaced
+- Identification of device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes
+- Notification of Windows Information Protection misconfigurations that send prompts to end users
+- No need for new complex customized infrastructure, thanks to cloud-connected access using Windows 10 diagnostic data
+
+See the following topics in this guide for detailed information about configuring and using the Device Health solution:
+
+- [Get started with Device Health](device-health-get-started.md): How to add Device Health to your environment.
+- [Using Device Health](device-health-using.md): How to begin using Device Health.
+
+An overview of the processes used by the Device Health solution is provided below.
+
+## Device Health licensing
+
+Use of Windows Analytics Device Health requires one of the following licenses:
+
+- Windows 10 Enterprise or Windows 10 Education per-device with active Software Assurance
+- Windows 10 Enterprise E3 or E5 per-device or per-user subscription (including Microsoft 365 F1, E3, or E5)
+- Windows 10 Education A3 or A5 (including Microsoft 365 Education A3 or A5)
+- Windows VDA E3 or E5 per-device or per-user subscription
+
+
+You don't have to install Windows 10 Enterprise on a per-device basis--you just need enough of the above licenses for the number of devices using Device Health.
+
+
+## Device Health architecture
+
+The Device Health architecture and data flow is summarized by the following five-step process:
+
+
+
+**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
+**(2)** Diagnostic data is analyzed by the Microsoft Telemetry Service.
+**(3)** Diagnostic data is pushed from the Microsoft Telemetry Service to your Azure Portal workspace.
+**(4)** Diagnostic data is available in the Device Health solution.
+**(5)** You are now able to proactively monitor Device Health issues in your environment.
+
+These steps are illustrated in following diagram:
+
+ [](images/analytics-architecture.png)
+
+>[!NOTE]
+>This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
+
+
+
+
+## Related topics
+
+[Get started with Device Health](device-health-get-started.md)
+
+[Use Device Health to monitor frequency and causes of device crashes](device-health-using.md)
+
+For the latest information on Windows Analytics, including new features and usage tips, see the [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics)
diff --git a/windows/deployment/update/device-health-using.md b/windows/deployment/update/device-health-using.md
index d2d9086345..2bdfae2338 100644
--- a/windows/deployment/update/device-health-using.md
+++ b/windows/deployment/update/device-health-using.md
@@ -6,7 +6,7 @@ description: Explains how to begin using Device Health.
ms.prod: w10
ms.mktglfcycl: deploy
keywords: oms, operations management suite, wdav, health, log analytics
-ms.sitesec: library
+
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
@@ -17,6 +17,9 @@ ms.topic: article
# Using Device Health
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement).
+
This section describes how to use Device Health to monitor devices deployed on your network and troubleshoot the causes if they crash.
diff --git a/windows/deployment/update/feature-update-conclusion.md b/windows/deployment/update/feature-update-conclusion.md
index 7cd119e52b..5c72afc8c0 100644
--- a/windows/deployment/update/feature-update-conclusion.md
+++ b/windows/deployment/update/feature-update-conclusion.md
@@ -1,24 +1,24 @@
----
-title: Best practices for feature updates - conclusion
-description: Final thoughts about how to deploy feature updates
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.author: greglin
-ms.date: 07/09/2018
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Conclusion
-
-**Applies to**: Windows 10
-
-Mission critical devices that need to be online 24x7 pose unique challenges for the IT Pro looking to stay current with the latest Windows 10 feature update. Because these devices are online continually, providing mission critical services, with only a small window of time available to apply feature updates, specific procedures are required to effectively keep these devices current, with as little downtime as possible.
-
-Whether you have defined servicing windows at your disposal where feature updates can be installed automatically, or you require user initiated installs by a technician, this whitepaper provides guidelines for either approach. Improvements are continually being made to Windows 10 setup to reduce device offline time for feature updates. This whitepaper will be updated as enhancements become available to improve the overall servicing approach and experience.
-
+---
+title: Best practices for feature updates - conclusion
+description: Final thoughts about how to deploy feature updates
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer:
+manager: laurawi
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Conclusion
+
+**Applies to**: Windows 10
+
+Mission critical devices that need to be online 24x7 pose unique challenges for the IT Pro looking to stay current with the latest Windows 10 feature update. Because these devices are online continually, providing mission critical services, with only a small window of time available to apply feature updates, specific procedures are required to effectively keep these devices current, with as little downtime as possible.
+
+Whether you have defined servicing windows at your disposal where feature updates can be installed automatically, or you require user initiated installs by a technician, this whitepaper provides guidelines for either approach. Improvements are continually being made to Windows 10 setup to reduce device offline time for feature updates. This whitepaper will be updated as enhancements become available to improve the overall servicing approach and experience.
+
diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index 0fbe54bae5..da74aafced 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -1,261 +1,261 @@
----
-title: Best practices - deploy feature updates during maintenance windows
-description: Learn how to deploy feature updates during a maintenance window
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.author: greglin
-ms.date: 07/09/2018
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Deploy feature updates during maintenance windows
-
-**Applies to**: Windows 10
-
-Use the following information to deploy feature updates during a maintenance window.
-
-## Get ready to deploy feature updates
-
-### Step 1: Configure maintenance windows
-
-1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**.
-2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s).
-3. On the **Home** tab, in the **Properties** group, choose **Properties**.
-4. In the **Maintenance Windows** tab of the `` Properties dialog box, choose the New icon.
-5. Complete the `` Schedule dialog.
-6. Select from the Apply this schedule to drop-down list.
-7. Choose **OK** and then close the **\ Properties** dialog box.
-
-### Step 2: Review computer restart device settings
-
-If you’re not suppressing computer restarts and the feature update will be installed when no users are present, consider deploying a custom client settings policy to your feature update target collection to shorten the settings below or consider the total duration of these settings when defining your maintenance window duration.
-
-For example, by default, 90 minutes will be honored before the system is rebooted after the feature update install. If users will not be impacted by the user logoff or restart, there is no need to wait a full 90 minutes before rebooting the computer. If a delay and notification is needed, ensure that the maintenance window takes this into account along with the total time needed to install the feature update.
-
->[!NOTE]
-> The following settings must be shorter in duration than the shortest maintenance window applied to the computer.
->- **Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts (minutes).**
->- **Display a dialog box that the user cannot close, which displays the countdown interval before the user is logged off or the computer restarts (minutes).**
-
-### Step 3: Enable Peer Cache
-
-Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
-
-[Enable Configuration Manager client in full OS to share content](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update).
-
-### Step 4: Override the default Windows setup priority (Windows 10, version 1709 and later)
-
-If you’re deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
-
-%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
-
-```
-[SetupConfig]
-Priority=Normal
-```
-
-You can use the new [Run Scripts](https://docs.microsoft.com/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices.
-
-```
-#Parameters
-Param(
- [string] $PriorityValue = "Normal"
- )
-
-#Variable for ini file path
-$iniFilePath = "$env:SystemDrive\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"
-
-#Variables for SetupConfig
-$iniSetupConfigSlogan = "[SetupConfig]"
-$iniSetupConfigKeyValuePair =@{"Priority"=$PriorityValue;}
-
-#Init SetupConfig content
-$iniSetupConfigContent = @"
-$iniSetupConfigSlogan
-"@
-
-#Build SetupConfig content with settings
-foreach ($k in $iniSetupConfigKeyValuePair.Keys)
-{
- $val = $iniSetupConfigKeyValuePair[$k]
-
- $iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
-}
-
-#Write content to file
-New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
-
-Disclaimer
-Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is
-provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without
-limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk
-arising out of the use or performance of the sample script and documentation remains with you. In no event shall
-Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable
-for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption,
-loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script
-or documentation, even if Microsoft has been advised of the possibility of such damages.
-```
-
->[!NOTE]
->If you elect not to override the default setup priority, you will need to increase the [maximum run time](https://docs.microsoft.com/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
-
-## Manually deploy feature updates
-
-The following sections provide the steps to manually deploy a feature update.
-
-### Step 1: Specify search criteria for feature updates
-There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy.
-
-1. In the Configuration Manager console, click **Software Library**.
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed.
-3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
- - In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update.
- - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, Required is greater than or equal to 1, and Language equals English.
-
-4. Save the search for future use.
-
-### Step 2: Download the content for the feature update(s)
-Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
-
-1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
-2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Download.
-
- The **Download Software Updates Wizard** opens.
-3. On the **Deployment Package** page, configure the following settings:
- **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
- - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters.
- - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
- - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
-
- >[!NOTE]
- >The deployment package source location that you specify cannot be used by another software deployment package.
-
- >[!IMPORTANT]
- >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files.
-
- >[!IMPORTANT]
- >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.
-
- Click **Next**.
-4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs).
-
- >[!NOTE]
- >The Distribution Points page is available only when you create a new software update deployment package.
-5. On the **Distribution Settings** page, specify the following settings:
-
- - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority.
- - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
- - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
- - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point.
- - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
- - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting.
-
- For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage).
- Click **Next**.
-6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:
-
- - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
- - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access.
-
- >[!NOTE]
- >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
-
- Click **Next**.
-7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page.
-8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates.
-9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close.
-
-#### To monitor content status
-1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
-2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
-3. Select the feature update package that you previously identified to download the feature updates.
-4. On the **Home** tab, in the Content group, click **View Status**.
-
-### Step 3: Deploy the feature update(s)
-After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
-
-1. In the Configuration Manager console, click **Software Library**.
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
-3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
-
- The **Deploy Software Updates Wizard** opens.
-4. On the General page, configure the following settings:
- - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \\**
- - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
- - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct.
- - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
- - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment.
-5. On the Deployment Settings page, configure the following settings:
-
- - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline.
-
- >[!IMPORTANT]
- > After you create the software update deployment, you cannot later change the type of deployment.
-
- >[!NOTE]
- >A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured.
-
- - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required.
-
- >[!WARNING]
- >Before you can use this option, computers and networks must be configured for Wake On LAN.
-
- - **Detail level**: Specify the level of detail for the state messages that are reported by client computers.
-6. On the Scheduling page, configure the following settings:
-
- - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
-
- >[!NOTE]
- >When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time.
-
- - **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients:
- - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation.
- - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment.
-
- >[!NOTE]
- >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page.
-
- - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links.
-
- >[!NOTE]
- >The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#computer-agent).
-7. On the User Experience page, configure the following settings:
- - **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**.
- - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](https://docs.microsoft.com/sccm/core/clients/manage/collections/use-maintenance-windows).
- - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
-
- >[!IMPORTANT]
- >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
- - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
-
- >[!NOTE]
- >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.
- - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window.
-8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page.
-
- >[!NOTE]
- >You can review recent software updates alerts from the Software Updates node in the Software Library workspace.
-9. On the Download Settings page, configure the following settings:
- - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
- - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
- - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache).
- - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
- - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
-
- >[!NOTE]
- >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
-10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
-11. Click **Next** to deploy the feature update(s).
-
-### Step 4: Monitor the deployment status
-After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
-
-1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
-2. Click the software update group or software update for which you want to monitor the deployment status.
-3. On the **Home** tab, in the **Deployment** group, click **View Status**.
+---
+title: Best practices - deploy feature updates during maintenance windows
+description: Learn how to deploy feature updates during a maintenance window
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer:
+manager: laurawi
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Deploy feature updates during maintenance windows
+
+**Applies to**: Windows 10
+
+Use the following information to deploy feature updates during a maintenance window.
+
+## Get ready to deploy feature updates
+
+### Step 1: Configure maintenance windows
+
+1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**.
+2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s).
+3. On the **Home** tab, in the **Properties** group, choose **Properties**.
+4. In the **Maintenance Windows** tab of the `` Properties dialog box, choose the New icon.
+5. Complete the `` Schedule dialog.
+6. Select from the Apply this schedule to drop-down list.
+7. Choose **OK** and then close the **\ Properties** dialog box.
+
+### Step 2: Review computer restart device settings
+
+If you’re not suppressing computer restarts and the feature update will be installed when no users are present, consider deploying a custom client settings policy to your feature update target collection to shorten the settings below or consider the total duration of these settings when defining your maintenance window duration.
+
+For example, by default, 90 minutes will be honored before the system is rebooted after the feature update install. If users will not be impacted by the user logoff or restart, there is no need to wait a full 90 minutes before rebooting the computer. If a delay and notification is needed, ensure that the maintenance window takes this into account along with the total time needed to install the feature update.
+
+>[!NOTE]
+> The following settings must be shorter in duration than the shortest maintenance window applied to the computer.
+>- **Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts (minutes).**
+>- **Display a dialog box that the user cannot close, which displays the countdown interval before the user is logged off or the computer restarts (minutes).**
+
+### Step 3: Enable Peer Cache
+
+Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
+
+[Enable Configuration Manager client in full OS to share content](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update).
+
+### Step 4: Override the default Windows setup priority (Windows 10, version 1709 and later)
+
+If you’re deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
+
+%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
+
+```
+[SetupConfig]
+Priority=Normal
+```
+
+You can use the new [Run Scripts](https://docs.microsoft.com/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices.
+
+```
+#Parameters
+Param(
+ [string] $PriorityValue = "Normal"
+ )
+
+#Variable for ini file path
+$iniFilePath = "$env:SystemDrive\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"
+
+#Variables for SetupConfig
+$iniSetupConfigSlogan = "[SetupConfig]"
+$iniSetupConfigKeyValuePair =@{"Priority"=$PriorityValue;}
+
+#Init SetupConfig content
+$iniSetupConfigContent = @"
+$iniSetupConfigSlogan
+"@
+
+#Build SetupConfig content with settings
+foreach ($k in $iniSetupConfigKeyValuePair.Keys)
+{
+ $val = $iniSetupConfigKeyValuePair[$k]
+
+ $iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
+}
+
+#Write content to file
+New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
+
+Disclaimer
+Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is
+provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without
+limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk
+arising out of the use or performance of the sample script and documentation remains with you. In no event shall
+Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable
+for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption,
+loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script
+or documentation, even if Microsoft has been advised of the possibility of such damages.
+```
+
+>[!NOTE]
+>If you elect not to override the default setup priority, you will need to increase the [maximum run time](https://docs.microsoft.com/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
+
+## Manually deploy feature updates
+
+The following sections provide the steps to manually deploy a feature update.
+
+### Step 1: Specify search criteria for feature updates
+There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy.
+
+1. In the Configuration Manager console, click **Software Library**.
+2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed.
+3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
+ - In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update.
+ - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, Required is greater than or equal to 1, and Language equals English.
+
+4. Save the search for future use.
+
+### Step 2: Download the content for the feature update(s)
+Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
+
+1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
+2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Download.
+
+ The **Download Software Updates Wizard** opens.
+3. On the **Deployment Package** page, configure the following settings:
+ **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
+ - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters.
+ - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
+ - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
+
+ >[!NOTE]
+ >The deployment package source location that you specify cannot be used by another software deployment package.
+
+ >[!IMPORTANT]
+ >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files.
+
+ >[!IMPORTANT]
+ >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.
+
+ Click **Next**.
+4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs).
+
+ >[!NOTE]
+ >The Distribution Points page is available only when you create a new software update deployment package.
+5. On the **Distribution Settings** page, specify the following settings:
+
+ - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority.
+ - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
+ - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
+ - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point.
+ - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
+ - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting.
+
+ For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage).
+ Click **Next**.
+6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:
+
+ - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
+ - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access.
+
+ >[!NOTE]
+ >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
+
+ Click **Next**.
+7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page.
+8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates.
+9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close.
+
+#### To monitor content status
+1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
+2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
+3. Select the feature update package that you previously identified to download the feature updates.
+4. On the **Home** tab, in the Content group, click **View Status**.
+
+### Step 3: Deploy the feature update(s)
+After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
+
+1. In the Configuration Manager console, click **Software Library**.
+2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
+3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
+
+ The **Deploy Software Updates Wizard** opens.
+4. On the General page, configure the following settings:
+ - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \\**
+ - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
+ - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct.
+ - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
+ - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment.
+5. On the Deployment Settings page, configure the following settings:
+
+ - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline.
+
+ >[!IMPORTANT]
+ > After you create the software update deployment, you cannot later change the type of deployment.
+
+ >[!NOTE]
+ >A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured.
+
+ - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required.
+
+ >[!WARNING]
+ >Before you can use this option, computers and networks must be configured for Wake On LAN.
+
+ - **Detail level**: Specify the level of detail for the state messages that are reported by client computers.
+6. On the Scheduling page, configure the following settings:
+
+ - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
+
+ >[!NOTE]
+ >When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time.
+
+ - **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients:
+ - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation.
+ - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment.
+
+ >[!NOTE]
+ >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page.
+
+ - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links.
+
+ >[!NOTE]
+ >The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#computer-agent).
+7. On the User Experience page, configure the following settings:
+ - **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**.
+ - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](https://docs.microsoft.com/sccm/core/clients/manage/collections/use-maintenance-windows).
+ - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
+
+ >[!IMPORTANT]
+ >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
+ - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
+
+ >[!NOTE]
+ >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.
+ - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window.
+8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page.
+
+ >[!NOTE]
+ >You can review recent software updates alerts from the Software Updates node in the Software Library workspace.
+9. On the Download Settings page, configure the following settings:
+ - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
+ - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
+ - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache).
+ - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
+ - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
+
+ >[!NOTE]
+ >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
+10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
+11. Click **Next** to deploy the feature update(s).
+
+### Step 4: Monitor the deployment status
+After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
+
+1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
+2. Click the software update group or software update for which you want to monitor the deployment status.
+3. On the **Home** tab, in the **Deployment** group, click **View Status**.
diff --git a/windows/deployment/update/feature-update-mission-critical.md b/windows/deployment/update/feature-update-mission-critical.md
index 61469bed82..37ed550405 100644
--- a/windows/deployment/update/feature-update-mission-critical.md
+++ b/windows/deployment/update/feature-update-mission-critical.md
@@ -1,43 +1,44 @@
----
-title: Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
-description: Learn how to deploy feature updates to your mission critical devices
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.author: greglin
-ms.date: 07/10/2018
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
-
-**Applies to**: Windows 10
-
-Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren’t the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the System Center Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
-
-For simplicity, we will outline the steps to deploy a feature update manually. If you prefer an automated approach, please see [Using Windows 10 servicing plans to deploy Windows 10 feature updates](waas-manage-updates-configuration-manager.md#use-windows-10-servicing-plans-to-deploy-windows-10-feature-updates).
-
-Devices and shared workstations that are online and available 24 hours a day, 7 days a week, can be serviced via one of two primary methods:
-
-- **Service during maintenance windows** – Devices that have established maintenance windows will need to have feature updates scheduled to fit within these windows.
-- **Service only when manually initiated** – Devices that need physical verification of the availability to update will need to have updates manually initiated by a technician.
-
-You can use Configuration Manager to deploy feature updates to Windows 10 devices in two ways. The first option is to use the software updates feature. The second option is to use a task sequence to deploy feature updates. There are times when deploying a Windows 10 feature update requires the use of a task sequence—for example:
-
-- **Upgrade to the next LTSC release.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade.
-- **Additional required tasks.** When deploying a feature update requires additional steps (e.g., suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments.
-- **Language pack installs.** When deploying a feature update requires the installation of additional language packs, you can use task sequences to orchestrate the installation. Software updates do not have the ability to natively install language packs.
-
-If you need to leverage a task sequence to deploy feature updates, please see [Using a task sequence to deploy Windows 10 updates](waas-manage-updates-configuration-manager.md#use-a-task-sequence-to-deploy-windows-10-updates) for more information. If you find that your requirement for a task sequence is based solely on the need to run additional tasks preformed pre-install or pre-commit, please see the new [run custom actions](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) functionality first introduced with Windows 10, version 1803. You may be able to leverage this functionality with the software updates deployment method.
-
-Use the following information:
-
-
-- [Deploy feature updates during maintenance windows](feature-update-maintenance-window.md)
-- [Deploy feature updates for user-initiated installations](feature-update-user-install.md)
-- [Conclusion](feature-update-conclusion.md)
+---
+title: Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
+description: Learn how to deploy feature updates to your mission critical devices
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.date: 07/10/2018
+ms.reviewer:
+manager: laurawi
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
+
+**Applies to**: Windows 10
+
+Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren’t the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the System Center Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
+
+For simplicity, we will outline the steps to deploy a feature update manually. If you prefer an automated approach, please see [Using Windows 10 servicing plans to deploy Windows 10 feature updates](waas-manage-updates-configuration-manager.md#use-windows-10-servicing-plans-to-deploy-windows-10-feature-updates).
+
+Devices and shared workstations that are online and available 24 hours a day, 7 days a week, can be serviced via one of two primary methods:
+
+- **Service during maintenance windows** – Devices that have established maintenance windows will need to have feature updates scheduled to fit within these windows.
+- **Service only when manually initiated** – Devices that need physical verification of the availability to update will need to have updates manually initiated by a technician.
+
+You can use Configuration Manager to deploy feature updates to Windows 10 devices in two ways. The first option is to use the software updates feature. The second option is to use a task sequence to deploy feature updates. There are times when deploying a Windows 10 feature update requires the use of a task sequence—for example:
+
+- **Upgrade to the next LTSC release.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade.
+- **Additional required tasks.** When deploying a feature update requires additional steps (e.g., suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments.
+- **Language pack installs.** When deploying a feature update requires the installation of additional language packs, you can use task sequences to orchestrate the installation. Software updates do not have the ability to natively install language packs.
+
+If you need to leverage a task sequence to deploy feature updates, please see [Using a task sequence to deploy Windows 10 updates](waas-manage-updates-configuration-manager.md#use-a-task-sequence-to-deploy-windows-10-updates) for more information. If you find that your requirement for a task sequence is based solely on the need to run additional tasks preformed pre-install or pre-commit, please see the new [run custom actions](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) functionality first introduced with Windows 10, version 1803. You may be able to leverage this functionality with the software updates deployment method.
+
+Use the following information:
+
+
+- [Deploy feature updates during maintenance windows](feature-update-maintenance-window.md)
+- [Deploy feature updates for user-initiated installations](feature-update-user-install.md)
+- [Conclusion](feature-update-conclusion.md)
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index 8b7e286eab..e22be01edd 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -3,11 +3,10 @@ title: Best practices - deploy feature updates for user-initiated installations
description: Learn how to manually deploy feature updates
ms.prod: w10
ms.mktglfcycl: manage
-ms.sitesec: library
audience: itpro
-author: greg-lindsay
+author: jaimeo
ms.localizationpriority: medium
-ms.author: greglin
+ms.author: jaimeo
ms.date: 07/10/2018
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index 8e8e208b29..9dbe7740b3 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -3,11 +3,11 @@ title: Windows 10 - How to make FoD and language packs available when you're usi
description: Learn how to make FoD and language packs available when you're using WSUS/SCCM
ms.prod: w10
ms.mktglfcycl: manage
-ms.sitesec: library
+
ms.pagetype: article
-ms.author: greglin
+ms.author: jaimeo
audience: itpro
-author: greg-lindsay
+author: jaimeo
ms.localizationpriority: medium
ms.date: 03/13/2019
ms.reviewer:
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index e71e615d1f..ac597ae387 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,146 +1,146 @@
----
-title: How Windows Update works
-description: Learn how Windows Update works, including architecture and troubleshooting
-ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.author: greglin
-ms.date: 09/18/2018
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# How does Windows Update work?
-
-> Applies to: Windows 10
-
-The Windows Update workflow has four core areas of functionality:
-
-### Scan
-
-1. Orchestrator schedules the scan.
-2. Orchestrator verifies admin approvals and policies for download.
-
-
-### Download
-1. Orchestrator initiates downloads.
-2. Windows Update downloads manifest files and provides them to the arbiter.
-3. The arbiter evaluates the manifest and tells the Windows Update client to download files.
-4. Windows Update client downloads files in a temporary folder.
-5. The arbiter stages the downloaded files.
-
-
-### Install
-1. Orchestrator initiates the installation.
-2. The arbiter calls the installer to install the package.
-
-
-### Commit
-1. Orchestrator initiates a restart.
-2. The arbiter finalizes before the restart.
-
-
-## How updating works
-During the updating process, the Windows Update Orchestrator operates in the background to scan, download, and install updates. It does this automatically, according to your settings, and in a silent manner that doesn’t disrupt your computer usage.
-
-## Scanning updates
-
-
-The Windows Update Orchestrator on your PC checks the Microsoft Update server or your WSUS endpoint for new updates at random intervals. The randomization ensures that the Windows Update server isn't overloaded with requests all at the same time. The Update Orchestrator searches only for updates that have been added since the last time updates were searched, allowing it to find updates quickly and efficiently.
-
-When checking for updates, the Windows Update Orchestrator evaluates whether the update is appropriate for your computer using guidelines defined by the publisher of the update, for example, Microsoft Office including enterprise group policies.
-
-Make sure you're familiar with the following terminology related to Windows Update scan:
-
-|Term|Definition|
-|----|----------|
-|Update|We use this term to mean a lot of different things, but in this context it's the actual patch or change.|
-|Bundle update|An update that contains 1-N child updates; doesn't contain payload itself.|
-|Child update|Leaf update that's bundled by another update; contains payload.|
-|Detectoid update|A special 'update' that contains "IsInstalled" applicability rule only and no payload. Used for prereq evaluation.|
-|Category update|A special 'detectoid' that has always true IsInstalled rule. Used for grouping updates and for client to filter updates. |
-|Full scan|Scan with empty datastore.|
-|Delta scan|Scan with updates from previous scan already cached in datastore.|
-|Online scan|Scan that hits network and goes against server on cloud. |
-|Offline scan|Scan that doesn't hit network and goes against local datastore. Only useful if online scan has been performed before. |
-|CatScan|Category scan where caller can specify a categoryId to get updates published under the categoryId.|
-|AppCatScan|Category scan where caller can specify an AppCategoryId to get apps published under the appCategoryId.|
-|Software sync|Part of the scan that looks at software updates only (OS and apps).|
-|Driver sync|Part of the scan that looks at Driver updates only. This is run after Software sync and is optional.|
-|ProductSync|Attributes based sync, where client provides a list of device, product and caller attributes ahead of time to allow service to evaluate applicability in the cloud. |
-
-### How Windows Update scanning works
-
-Windows Update takes the following sets of actions when it runs a scan.
-
-#### Starts the scan for updates
-When users start scanning in Windows Update through the Settings panel, the following occurs:
-
-- The scan first generates a “ComApi” message. The caller (Windows Defender Antivirus) tells the WU engine to scan for updates.
-- "Agent" messages: queueing the scan, then actually starting the work:
- - Updates are identified by the different IDs ("Id = 10", "Id = 11") and from the different thread ID numbers.
- - Windows Update uses the thread ID filtering to concentrate on one particular task.
-
- 
-
-#### Identifies service IDs
-
-- Service IDs indicate which update source is being scanned.
- Note The next screen shot shows Microsoft Update and the Flighting service.
-
-- The Windows Update engine treats every service as a separate entity, even though multiple services may contain the same updates.
- 
-- Common service IDs
-
- > [!IMPORTANT]
- > ServiceId here identifies a client abstraction, not any specific service in the cloud. No assumption should be made of which server a serviceId is pointing to, it's totally controlled by the SLS responses.
-
-|Service|ServiceId|
-|-------|---------|
-|Unspecified / Default|WU, MU or WSUS 00000000-0000-0000-0000-000000000000 |
-|WU|9482F4B4-E343-43B6-B170-9A65BC822C77|
-|MU|7971f918-a847-4430-9279-4a52d1efe18d|
-|Store|855E8A7C-ECB4-4CA3-B045-1DFA50104289|
-|OS Flighting|8B24B027-1DEE-BABB-9A95-3517DFB9C552|
-|WSUS or SCCM|Via ServerSelection::ssManagedServer 3DA21691-E39D-4da6-8A4B-B43877BCB1B7 |
-|Offline scan service|Via IUpdateServiceManager::AddScanPackageService|
-
-#### Finds network faults
-Common update failure is caused due to network issues. To find the root of the issue:
-
-- Look for "ProtocolTalker" messages to see client-server sync network traffic.
-- "SOAP faults" can be either client- or server-side issues; read the message.
-- The WU client uses SLS (Service Locator Service) to discover the configurations and endpoints of Microsoft network update sources – WU, MU, Flighting.
-
- > [!NOTE]
- > Warning messages for SLS can be ignored if the search is against WSUS/SCCM.
-
-- On sites that only use WSUS/SCCM, the SLS may be blocked at the firewall. In this case the SLS request will fail, and can’t scan against Windows Update or Microsoft Update but can still scan against WSUS/SCCM, since it’s locally configured.
- 
-
-## Downloading updates
-
-
-Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does this in the background without interrupting your normal use of the computer.
-
-To ensure that your other downloads aren’t affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization (DO) technology which downloads updates and reduces bandwidth consumption.
-
-For more information see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md).
-
-## Installing updates
-
-
-When an update is applicable, the "Arbiter" and metadata are downloaded. Depending on your Windows Update settings, when downloading is complete, the Arbiter will gather details from the device, and compare that with the downloaded metadata to create an "action list".
-
-The action list describes all the files needed from WU, and what the install agent (such as CBS or Setup) should do with them. The action list is provided to the install agent along with the payload to begin the installation.
-
-## Committing Updates
-
-
-When the option to automatically install updates is configured, the Windows Update Orchestrator, in most cases, automatically restarts the PC for you after installing the updates. This is necessary because your PC may be insecure, or not fully updated, until a restart is completed. You can use Group Policy settings, mobile device management (MDM), or the registry (not recommended) to configure when devices will restart after a Windows 10 update is installed.
-
-For more information see [Manage device restarts after updates](waas-restart.md).
+---
+title: How Windows Update works
+description: Learn how Windows Update works, including architecture and troubleshooting.
+ms.prod: w10
+ms.mktglfcycl:
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer:
+manager: laurawi
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# How does Windows Update work?
+
+> Applies to: Windows 10
+
+The Windows Update workflow has four core areas of functionality:
+
+### Scan
+
+1. Orchestrator schedules the scan.
+2. Orchestrator verifies admin approvals and policies for download.
+
+
+### Download
+1. Orchestrator initiates downloads.
+2. Windows Update downloads manifest files and provides them to the arbiter.
+3. The arbiter evaluates the manifest and tells the Windows Update client to download files.
+4. Windows Update client downloads files in a temporary folder.
+5. The arbiter stages the downloaded files.
+
+
+### Install
+1. Orchestrator initiates the installation.
+2. The arbiter calls the installer to install the package.
+
+
+### Commit
+1. Orchestrator initiates a restart.
+2. The arbiter finalizes before the restart.
+
+
+## How updating works
+During the updating process, the Windows Update Orchestrator operates in the background to scan, download, and install updates. It does this automatically, according to your settings, and in a silent manner that doesn’t disrupt your computer usage.
+
+## Scanning updates
+
+
+The Windows Update Orchestrator on your PC checks the Microsoft Update server or your WSUS endpoint for new updates at random intervals. The randomization ensures that the Windows Update server isn't overloaded with requests all at the same time. The Update Orchestrator searches only for updates that have been added since the last time updates were searched, allowing it to find updates quickly and efficiently.
+
+When checking for updates, the Windows Update Orchestrator evaluates whether the update is appropriate for your computer using guidelines defined by the publisher of the update, for example, Microsoft Office including enterprise group policies.
+
+Make sure you're familiar with the following terminology related to Windows Update scan:
+
+|Term|Definition|
+|----|----------|
+|Update|We use this term to mean a lot of different things, but in this context it's the actual patch or change.|
+|Bundle update|An update that contains 1-N child updates; doesn't contain payload itself.|
+|Child update|Leaf update that's bundled by another update; contains payload.|
+|Detectoid update|A special 'update' that contains "IsInstalled" applicability rule only and no payload. Used for prereq evaluation.|
+|Category update|A special 'detectoid' that has always true IsInstalled rule. Used for grouping updates and for client to filter updates. |
+|Full scan|Scan with empty datastore.|
+|Delta scan|Scan with updates from previous scan already cached in datastore.|
+|Online scan|Scan that hits network and goes against server on cloud. |
+|Offline scan|Scan that doesn't hit network and goes against local datastore. Only useful if online scan has been performed before. |
+|CatScan|Category scan where caller can specify a categoryId to get updates published under the categoryId.|
+|AppCatScan|Category scan where caller can specify an AppCategoryId to get apps published under the appCategoryId.|
+|Software sync|Part of the scan that looks at software updates only (OS and apps).|
+|Driver sync|Part of the scan that looks at Driver updates only. This is run after Software sync and is optional.|
+|ProductSync|Attributes based sync, where client provides a list of device, product and caller attributes ahead of time to allow service to evaluate applicability in the cloud. |
+
+### How Windows Update scanning works
+
+Windows Update takes the following sets of actions when it runs a scan.
+
+#### Starts the scan for updates
+When users start scanning in Windows Update through the Settings panel, the following occurs:
+
+- The scan first generates a “ComApi” message. The caller (Windows Defender Antivirus) tells the WU engine to scan for updates.
+- "Agent" messages: queueing the scan, then actually starting the work:
+ - Updates are identified by the different IDs ("Id = 10", "Id = 11") and from the different thread ID numbers.
+ - Windows Update uses the thread ID filtering to concentrate on one particular task.
+
+ 
+
+#### Identifies service IDs
+
+- Service IDs indicate which update source is being scanned.
+ Note The next screen shot shows Microsoft Update and the Flighting service.
+
+- The Windows Update engine treats every service as a separate entity, even though multiple services may contain the same updates.
+ 
+- Common service IDs
+
+ > [!IMPORTANT]
+ > ServiceId here identifies a client abstraction, not any specific service in the cloud. No assumption should be made of which server a serviceId is pointing to, it's totally controlled by the SLS responses.
+
+|Service|ServiceId|
+|-------|---------|
+|Unspecified / Default|WU, MU or WSUS 00000000-0000-0000-0000-000000000000 |
+|WU|9482F4B4-E343-43B6-B170-9A65BC822C77|
+|MU|7971f918-a847-4430-9279-4a52d1efe18d|
+|Store|855E8A7C-ECB4-4CA3-B045-1DFA50104289|
+|OS Flighting|8B24B027-1DEE-BABB-9A95-3517DFB9C552|
+|WSUS or SCCM|Via ServerSelection::ssManagedServer 3DA21691-E39D-4da6-8A4B-B43877BCB1B7 |
+|Offline scan service|Via IUpdateServiceManager::AddScanPackageService|
+
+#### Finds network faults
+Common update failure is caused due to network issues. To find the root of the issue:
+
+- Look for "ProtocolTalker" messages to see client-server sync network traffic.
+- "SOAP faults" can be either client- or server-side issues; read the message.
+- The WU client uses SLS (Service Locator Service) to discover the configurations and endpoints of Microsoft network update sources – WU, MU, Flighting.
+
+ > [!NOTE]
+ > Warning messages for SLS can be ignored if the search is against WSUS/SCCM.
+
+- On sites that only use WSUS/SCCM, the SLS may be blocked at the firewall. In this case the SLS request will fail, and can’t scan against Windows Update or Microsoft Update but can still scan against WSUS/SCCM, since it’s locally configured.
+ 
+
+## Downloading updates
+
+
+Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does this in the background without interrupting your normal use of the computer.
+
+To ensure that your other downloads aren’t affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization (DO) technology which downloads updates and reduces bandwidth consumption.
+
+For more information see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md).
+
+## Installing updates
+
+
+When an update is applicable, the "Arbiter" and metadata are downloaded. Depending on your Windows Update settings, when downloading is complete, the Arbiter will gather details from the device, and compare that with the downloaded metadata to create an "action list".
+
+The action list describes all the files needed from WU, and what the install agent (such as CBS or Setup) should do with them. The action list is provided to the install agent along with the payload to begin the installation.
+
+## Committing Updates
+
+
+When the option to automatically install updates is configured, the Windows Update Orchestrator, in most cases, automatically restarts the PC for you after installing the updates. This is necessary because your PC may be insecure, or not fully updated, until a restart is completed. You can use Group Policy settings, mobile device management (MDM), or the registry (not recommended) to configure when devices will restart after a Windows 10 update is installed.
+
+For more information see [Manage device restarts after updates](waas-restart.md).
diff --git a/windows/deployment/update/images/UC_commercialID.png b/windows/deployment/update/images/UC_commercialID.png
new file mode 100644
index 0000000000..6896be03e6
Binary files /dev/null and b/windows/deployment/update/images/UC_commercialID.png differ
diff --git a/windows/deployment/update/images/UC_commercialID_GP.png b/windows/deployment/update/images/UC_commercialID_GP.png
new file mode 100644
index 0000000000..95d92cf6df
Binary files /dev/null and b/windows/deployment/update/images/UC_commercialID_GP.png differ
diff --git a/windows/deployment/update/images/UC_telemetrylevel.png b/windows/deployment/update/images/UC_telemetrylevel.png
new file mode 100644
index 0000000000..a11e68a5f8
Binary files /dev/null and b/windows/deployment/update/images/UC_telemetrylevel.png differ
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index 210ebcaf84..d08ff458c4 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -3,8 +3,7 @@ title: Update Windows 10 in enterprise deployments (Windows 10)
description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows 10.
ms.prod: w10
ms.mktglfcycl: manage
-ms.sitesec: library
-author: Jaimeo
+author: jaimeo
manager: laurawi
ms.localizationpriority: high
ms.author: jaimeo
@@ -36,7 +35,7 @@ Windows as a service provides a new way to think about building, deploying, and
| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
| [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy. |
| [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates. |
-| [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md) | Explains how to assign devices to the Semi-Annual Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
+| [Assign devices to servicing branches for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-servicing-channels-windows-10-updates) | Explains how to assign devices to the Semi-Annual Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization. |
| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution. |
| [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index 4f38f8583c..adb1e56155 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -1,131 +1,136 @@
----
-title: Olympia Corp enrollment guidelines
-description: Olympia Corp enrollment guidelines
-ms.author: greglin
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-audience: itpro
author: greg-lindsay
-ms.reviewer:
-manager: laurawi
-keywords: insider, trial, enterprise, lab, corporation, test
----
-
-# Olympia Corp
-
-## What is Windows Insider Lab for Enterprise and Olympia Corp?
-
-Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release enterprise privacy and security features. To get the complete experience of these enterprise features, Olympia Corp, a virtual corporation has been set up to reflect the IT infrastructure of real world business. Selected customers are invited to join Olympia Corp and try these features.
-
-As an Olympia user, you will have an opportunity to:
-
-- Use various enterprise features like Windows Information Protection (WIP), Advanced Threat Protection (ATP), windows Defender Application Guard (WDAG), and Application Virtualization (APP-V).
-- Learn how Microsoft is preparing for GDPR, as well as enabling enterprise customers to prepare for their own readiness.
-- Validate and test pre-release software in your environment.
-- Provide feedback.
-- Interact with engineering team members through a variety of communication channels.
-
->[!Note]
->Enterprise features might have reduced or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the enterprise features at any time without notice.
-
-For more information about Olympia Corp, see [https://olympia.windows.com/Info/FAQ](https://olympia.windows.com/Info/FAQ).
-
-To request an Olympia Corp account, fill out the survey at [https://aka.ms/RegisterOlympia](https://aka.ms/RegisterOlympia).
-
-## Enrollment guidelines
-
-Welcome to Olympia Corp. Here are the steps needed to enroll.
-
-As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Enterprise from Windows 10 Pro. This upgrade is optional. Since certain features such as Windows Defender Application Guard are only available on Windows 10 Enterprise, we recommend you to upgrade.
-
-Choose one of the following two enrollment options:
-
-- To set up an AAD-registered device, [follow these steps](#enrollment-keep-current-edition). In this case, you log onto the device by using an existing (non-Olympia) account.
-
-- If you are running Windows 10 Pro, we recommend that you upgrade to Windows 10 Enterprise by following these steps to [set up an Azure Active Directory-joined device](#enrollment-upgrade-to-enterprise). In this case, you will be able to log on to the device with your Olympia account.
-
-
-
-### Set up an Azure Active Directory-REGISTERED Windows 10 device
-
-This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Set up Azure Active Directory registered Windows 10 devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-registered-devices-windows10-setup) for additional information.
-
-1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
-
- 
-
-2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
-
-3. Click **Connect** and enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
-
- 
-
-4. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
-
- > [!NOTE]
- > Passwords should contain 8-16 characters, including at least one special character or number.
-
- 
-
-5. Read the **Terms and Conditions**. Click **Accept** to participate in the program.
-
-6. If this is the first time you are logging in, fill in the additional information to help you retrieve your account details.
-
-7. Create a PIN for signing into your Olympia corporate account.
-
-8. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
-
- > [!NOTE]
- > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
-
-9. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
-
-
-
-### Set up Azure Active Directory-JOINED Windows 10 device
-
-- This method will upgrade your Windows 10 Pro license to Enterprise and create a new account. See [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup) for more information.
-
-1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
-
- 
-
-2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
-
-3. Click **Connect**, then click **Join this device to Azure Active Directory**.
-
- 
-
-4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
-
- 
-
-5. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
-
- > [!NOTE]
- > Passwords should contain 8-16 characters, including at least one special character or number.
-
- 
-
-6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
-
-7. If this is the first time you are signing in, fill in the additional information to help you retrieve your account details.
-
-8. Create a PIN for signing into your Olympia corporate account.
-
-9. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
-
-10. Restart your device.
-
-11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your device will upgrade to Windows 10 Enterprise.
-
-12. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
-
- > [!NOTE]
- > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
-
-13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
-
->[!NOTE]
-> Your Windows 10 Enterprise license will not be renewed if your device is not connected to Olympia.
-
+---
+title: Olympia Corp enrollment guidelines
+description: Olympia Corp enrollment guidelines
+ms.author: jaimeo
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.reviewer:
+manager: laurawi
+keywords: insider, trial, enterprise, lab, corporation, test
+---
+
+# Olympia Corp
+
+## What is Windows Insider Lab for Enterprise and Olympia Corp?
+
+Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release enterprise privacy and security features. To get the complete experience of these enterprise features, Olympia Corp, a virtual corporation has been set up to reflect the IT infrastructure of real world business. Selected customers are invited to join Olympia Corp and try these features.
+
+As an Olympia user, you will have an opportunity to:
+
+- Use various enterprise features like Windows Information Protection (WIP), Advanced Threat Protection (ATP), windows Defender Application Guard (WDAG), and Application Virtualization (APP-V).
+- Learn how Microsoft is preparing for GDPR, as well as enabling enterprise customers to prepare for their own readiness.
+- Validate and test pre-release software in your environment.
+- Provide feedback.
+- Interact with engineering team members through a variety of communication channels.
+
+>[!Note]
+>Enterprise features might have reduced or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the enterprise features at any time without notice.
+
+For more information about Olympia Corp, see [https://olympia.windows.com/Info/FAQ](https://olympia.windows.com/Info/FAQ).
+
+To request an Olympia Corp account, fill out the survey at [https://aka.ms/RegisterOlympia](https://aka.ms/RegisterOlympia).
+
+## Enrollment guidelines
+
+Welcome to Olympia Corp. Here are the steps needed to enroll.
+
+As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Enterprise from Windows 10 Pro. This upgrade is optional. Since certain features such as Windows Defender Application Guard are only available on Windows 10 Enterprise, we recommend you to upgrade.
+
+Choose one of the following two enrollment options:
+
+- To set up an AAD-registered device, [follow these steps](#enrollment-keep-current-edition). In this case, you log onto the device by using an existing (non-Olympia) account.
+
+- If you are running Windows 10 Pro, we recommend that you upgrade to Windows 10 Enterprise by following these steps to [set up an Azure Active Directory-joined device](#enrollment-upgrade-to-enterprise). In this case, you will be able to log on to the device with your Olympia account.
+
+
+
+### Set up an Azure Active Directory-REGISTERED Windows 10 device
+
+This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Set up Azure Active Directory registered Windows 10 devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-registered-devices-windows10-setup) for additional information.
+
+1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
+
+ 
+
+2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
+
+3. Click **Connect** and enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
+
+ 
+
+4. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
+
+ > [!NOTE]
+ > Passwords should contain 8-16 characters, including at least one special character or number.
+
+ 
+
+5. Read the **Terms and Conditions**. Click **Accept** to participate in the program.
+
+6. If this is the first time you are logging in, fill in the additional information to help you retrieve your account details.
+
+7. Create a PIN for signing into your Olympia corporate account.
+
+8. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
+
+ > [!NOTE]
+ > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
+
+9. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
+
+
+
+### Set up Azure Active Directory-JOINED Windows 10 device
+
+- This method will upgrade your Windows 10 Pro license to Enterprise and create a new account. See [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup) for more information.
+
+ > [!NOTE]
+ > Make sure that you save your Pro license key before upgrading to the Enterprise edition. If the device gets disconnected from Olympia, you can use the Pro key to reactivate the license manually in the unlikely event that the license fails to downgrade back to Pro automatically. To reactivate manually, see [Upgrade by manually entering a product key](https://docs.microsoft.com/windows/deployment/upgrade/windows-10-edition-upgrades#upgrade-by-manually-entering-a-product-key).
+
+1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
+
+ 
+
+2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
+
+3. Click **Connect**, then click **Join this device to Azure Active Directory**.
+
+ 
+
+4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
+
+ 
+
+5. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
+
+ > [!NOTE]
+ > Passwords should contain 8-16 characters, including at least one special character or number.
+
+ 
+
+6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
+
+7. If this is the first time you are signing in, fill in the additional information to help you retrieve your account details.
+
+8. Create a PIN for signing into your Olympia corporate account.
+
+9. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
+
+10. Restart your device.
+
+11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your device will upgrade to Windows 10 Enterprise.
+
+12. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
+
+ > [!NOTE]
+ > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
+
+13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
+
+>[!NOTE]
+> Your Windows 10 Enterprise license will not be renewed if your device is not connected to Olympia.
+
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 1f23ccbc44..49d29f4d8a 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -1,56 +1,57 @@
----
-title: Servicing stack updates (Windows 10)
-description: Servicing stack updates improve the code that installs the other updates.
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.author: greglin
-ms.date: 11/29/2018
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Servicing stack updates
-
-
-**Applies to**
-
-- Windows 10, Windows 8.1, Windows 8, Windows 7
-
-## What is a servicing stack update?
-Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.
-
-## Why should servicing stack updates be installed and kept up to date?
-
-Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
-
-## When are they released?
-
-Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical."
-
->[!NOTE]
->You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001).
-
-## What's the difference between a servicing stack update and a cumulative update?
-
-Both Windows 10 and Windows Server use the cumulative update mechanism, in which many fixes to improve the quality and security of Windows are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates.
-
-Servicing stack updates must ship separately from the cumulative updates because they modify the component that installs Windows updates. The servicing stack is released separately because the servicing stack itself requires an update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update.
-
-
-## Is there any special guidance?
-
-Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
-
-Typically, the improvements are reliability and performance improvements that do not require any specific special guidance. If there is any significant impact, it will be present in the release notes.
-
-## Installation notes
-
-* Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system.
-* Installing servicing stack update does not require restarting the device, so installation should not be disruptive.
-* Servicing stack update releases are specific to the operating system version (build number), much like quality updates.
-* Search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001).
+---
+title: Servicing stack updates (Windows 10)
+description: Servicing stack updates improve the code that installs the other updates.
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer:
+manager: laurawi
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Servicing stack updates
+
+
+**Applies to**
+
+- Windows 10, Windows 8.1, Windows 8, Windows 7
+
+## What is a servicing stack update?
+Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.
+
+## Why should servicing stack updates be installed and kept up to date?
+
+Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
+
+## When are they released?
+
+Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical."
+
+>[!NOTE]
+>You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001).
+
+## What's the difference between a servicing stack update and a cumulative update?
+
+Both Windows 10 and Windows Server use the cumulative update mechanism, in which many fixes to improve the quality and security of Windows are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates.
+
+Servicing stack updates must ship separately from the cumulative updates because they modify the component that installs Windows updates. The servicing stack is released separately because the servicing stack itself requires an update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update.
+
+
+## Is there any special guidance?
+
+Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
+
+Typically, the improvements are reliability and performance improvements that do not require any specific special guidance. If there is any significant impact, it will be present in the release notes.
+
+## Installation notes
+
+* Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system.
+* Installing servicing stack update does not require restarting the device, so installation should not be disruptive.
+* Servicing stack update releases are specific to the operating system version (build number), much like quality updates.
+* Search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001).
+* Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine.
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index a637aea0a8..612c44e92a 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -5,7 +5,6 @@ manager: laurawi
description: new Delivery Optimization data displayed in Update Compliance
ms.prod: w10
ms.mktglfcycl: deploy
-ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: jaimeo
@@ -17,14 +16,8 @@ ms.topic: article
---
# Delivery Optimization in Update Compliance
-The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
-
-
-> [!IMPORTANT]
-> There is a known issue with the way device configuration is displayed for Delivery Optimization. Some devices running Windows 10, versions 1809 or 1903 report the Delivery Optimization DownloadMode configuration value as the sequential value in the list of possible configurations rather than the actual configured value. For example, a device that is configured as HTTP + Group (2), will be shown as HTTP + Internet (3) in Update Compliance.
->
->**This issue is now fixed by installing the 2019-07 cumulative update appropriate for the device.**
+The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
## Delivery Optimization Status
@@ -34,11 +27,9 @@ The Delivery Optimization Status section includes three blades:
- The **Content Distribution (%)** blade shows the percentage of bandwidth savings for each category
- The **Content Distribution (GB)** blade shows the total amount of data seen from each content type broken down by the download source (peers vs non-peers).
-
-
## Device Configuration blade
-Devices can be set to use different download modes; these download modes determine in what situations Delivery Optimization will use peer-to-peer distribution to accomplish the downloads. The top section shows the number of devices configured to use peer-to-peer distribution in *Peering On* compared to *Peering Off* modes. The table shows a breakdown of the various download mode configurations seen in your environment. For more information about the different configuration options, see [Set up Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md) for recommendations for different scenarios or [Delivery Optimization reference](waas-delivery-optimization-reference.md#download-mode) for complete details of this setting.
+Devices can be set to use different download modes; these download modes determine in what situations Delivery Optimization will use peer-to-peer distribution to accomplish the downloads. The top section shows the number of devices configured to use peer-to-peer distribution in *Peering On* compared to *Peering Off* modes. The table shows a breakdown of the various download mode configurations seen in your environment. For more information about the different configuration options, see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md).
## Content Distribution (%) blade
The first of two blades showing information on content breakdown, this blade shows a ring chart summarizing **Bandwidth Savings %**, which is the percentage of data received from peer sources out of the total data downloaded (for any device that used peer-to-peer distribution).
@@ -52,4 +43,3 @@ The download sources that could be included are:
- LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network
- Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the “Group” download mode is used)
- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates.
-
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index 8d6fa2501e..2d3216901c 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -1,49 +1,50 @@
----
-title: Update Compliance - Feature Update Status report
-ms.reviewer:
-manager: laurawi
-description: an overview of the Feature Update Status report
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Feature Update Status
-
-
-
-The Feature Update Status section provides information about the status of [feature updates](waas-quick-start.md#definitions) across all devices. This section tile in the [Overview Blade](update-compliance-using.md#overview-blade) gives a percentage of devices that are on the latest applicable feature update; [Servicing Channel](waas-overview.md#servicing-channels) is considered in determining applicability. Within this section are two blades; one providing a holistic view of feature updates, the other containing three **Deployment Status** tiles, each charged with tracking the deployment for a different [Servicing Channel](waas-overview.md#servicing-channels).
-
-## Overall Feature Update Status
-
-The Overall Feature Update Status blade breaks down how many devices are up-to-date or not, with a special callout for how many devices are running a build that is not supported (for a full list of feature updates, check out the [Windows 10 Release Information](https://technet.microsoft.com/windows/release-info.aspx) page). The table beneath the visualization breaks devices down by Servicing Channel and operating system version, then defining whether this combination is *up-to-date*, *not up-to-date* or *out of support*. Finally, the table provides a count of devices that fall into this category.
-
-## Deployment Status by Servicing Channel
-
-To effectively track deployment, **Deployment Status Blades** are divided into each Servicing Channel chosen for the device. This is because Deployment for each channel will happen at different periods in time and feature updates are targeted separately for each channel. Within each Deployment Status tile, devices are aggregated on their feature update distribution, and the columns list the states each device is in.
-
-Refer to the following list for what each state means:
-* **Installed** devices are devices that have completed installation for the given update.
-* When a device is counted as **In Progress**, it has begun the feature update installation.
-* Devices that are **scheduled next 7 days** are all devices that were deferred from installing the Feature update using [Windows Update for Business Settings](waas-manage-updates-wufb.md) and are set to begin installation in the next 7 days.
-* Devices that have failed the given feature update installation are counted as **Update failed**.
-* If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. Devices not using Windows Update are the most likely devices to fall into this category.
-
-## Compatibility holds
-
-Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device’s upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release.
-
-To learn how compatibility holds are reflected in the experience, see [Update compliance perspectives](update-compliance-perspectives.md#deployment-status).
-
-### Opting out of compatibility hold
-
-Microsoft will release a device from a compatibility hold when it has determined it can safely and smoothly install a feature update, but you are ultimately in control of your devices and can opt out if desired. To opt out, set the registry key **HKLM\Software\Microsoft\Windows NT\CurrentVersion\502505fe-762c-4e80-911e-0c3fa4c63fb0** to a name of **DataRequireGatedScanForFeatureUpdates** and a value of **0**.
-
-
-Setting this registry key to **0** will force the device to opt out from *all* compatibility holds. Any other value, or deleting the key, will resume compatibility protection on the device.
-
+---
+title: Update Compliance - Feature Update Status report
+ms.reviewer:
+manager: laurawi
+description: an overview of the Feature Update Status report
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Feature Update Status
+
+
+
+The Feature Update Status section provides information about the status of [feature updates](waas-quick-start.md#definitions) across all devices. This section tile in the [Overview Blade](update-compliance-using.md#overview-blade) gives a percentage of devices that are on the latest applicable feature update; [Servicing Channel](waas-overview.md#servicing-channels) is considered in determining applicability. Within this section are two blades; one providing a holistic view of feature updates, the other containing three **Deployment Status** tiles, each charged with tracking the deployment for a different [Servicing Channel](waas-overview.md#servicing-channels).
+
+## Overall Feature Update Status
+
+The Overall Feature Update Status blade breaks down how many devices are up-to-date or not, with a special callout for how many devices are running a build that is not supported (for a full list of feature updates, check out the [Windows 10 Release Information](https://technet.microsoft.com/windows/release-info.aspx) page). The table beneath the visualization breaks devices down by Servicing Channel and operating system version, then defining whether this combination is *up-to-date*, *not up-to-date* or *out of support*. Finally, the table provides a count of devices that fall into this category.
+
+## Deployment Status by Servicing Channel
+
+To effectively track deployment, **Deployment Status Blades** are divided into each Servicing Channel chosen for the device. This is because Deployment for each channel will happen at different periods in time and feature updates are targeted separately for each channel. Within each Deployment Status tile, devices are aggregated on their feature update distribution, and the columns list the states each device is in.
+
+Refer to the following list for what each state means:
+* **Installed** devices are devices that have completed installation for the given update.
+* When a device is counted as **In Progress**, it has begun the feature update installation.
+* Devices that are **scheduled next 7 days** are all devices that were deferred from installing the Feature update using [Windows Update for Business Settings](waas-manage-updates-wufb.md) and are set to begin installation in the next 7 days.
+* Devices that have failed the given feature update installation are counted as **Update failed**.
+* If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. Devices not using Windows Update are the most likely devices to fall into this category.
+
+## Compatibility holds
+
+Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device’s upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release.
+
+To learn how compatibility holds are reflected in the experience, see [Update compliance perspectives](update-compliance-perspectives.md#deployment-status).
+
+### Opting out of compatibility hold
+
+Microsoft will release a device from a compatibility hold when it has determined it can safely and smoothly install a feature update, but you are ultimately in control of your devices and can opt out if desired. To opt out, set the registry key **HKLM\Software\Microsoft\Windows NT\CurrentVersion\502505fe-762c-4e80-911e-0c3fa4c63fb0** to a name of **DataRequireGatedScanForFeatureUpdates** and a value of **0**.
+
+
+Setting this registry key to **0** will force the device to opt out from *all* compatibility holds. Any other value, or deleting the key, will resume compatibility protection on the device.
+
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 8a005eb69d..5e81c8e5a0 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -1,75 +1,128 @@
----
-title: Get started with Update Compliance (Windows 10)
-ms.reviewer:
-manager: laurawi
-description: Configure Update Compliance in Azure Portal to see the status of updates and antimalware protection on devices in your network.
-keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.localizationpriority: medium
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Get started with Update Compliance
-This topic explains the steps necessary to configure your environment for Windows Analytics: Update Compliance.
-
-Steps are provided in sections that follow the recommended setup process:
-
-1. Ensure you meet the [Update Compliance prerequisites](#update-compliance-prerequisites).
-2. [Add Update Compliance to your Azure subscription](#add-update-compliance-to-your-azure-subscription).
-3. [Enroll devices in Windows Analytics](#enroll-devices-in-windows-analytics).
-4. [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates, Windows Defender Antivirus status, and Delivery Optimization.
-
-## Update Compliance prerequisites
-Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
-1. Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
-2. Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
-3. Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device.
-4. To show device names for versions of Windows 10 starting with 1803 in Windows Analytics you must opt in. For details about this, see the "AllowDeviceNameinTelemetry (in Windows 10)" entry in the table in the [Distributing policies at scale](windows-analytics-get-started.md#deploying-windows-analytics-at-scale) section of [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
-5. To use the Windows Defender Status, devices must be E3-licensed and have Cloud Protection enabled. E5-licensed devices will not appear here. For E5 devices, you should use [Windows Defender ATP](https://docs.microsoft.com/sccm/protect/deploy-use/windows-defender-advanced-threat-protection) instead. For more information on Windows 10 Enterprise licensing, see [Windows 10 Enterprise: FAQ for IT Professionals](https://docs.microsoft.com/windows/deployment/planning/windows-10-enterprise-faq-itpro).
-
-## Add Update Compliance to your Azure subscription
-Update Compliance is offered as a solution which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
-
-1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
-
-> [!NOTE]
-> Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance.
-
-2. In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below.
-
-
-
-3. Select **Update Compliance** and a blade will appear summarizing the solution’s offerings. At the bottom, select **Create** to begin adding the solution to Azure.
-
-
-
-4. Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution.
- - If you already have another Windows Analytics solution, you should use the same workspace.
- - If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
- - Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
- - For the resource group setting select **Create new** and use the same name you chose for your new workspace.
- - For the location setting, choose the Azure region where you would prefer the data to be stored.
- - For the pricing tier select **per GB**.
-
-
-
-5. The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**.
-
-
-
-6. Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**.
-
-
-
-## Enroll devices in Windows Analytics
-Once you've added Update Compliance to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Update Compliance there are two key steps for enrollment:
-1. Deploy your Commercial ID (from the Update Compliance Settings page) to your Windows 10 devices (typically by using Group Policy, [Mobile Device Management](https://docs.microsoft.com/windows/client-management/windows-10-mobile-and-mdm), [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/understand/introduction) or similar).
-2. Ensure the Windows Diagnostic Data setting on devices is set to at least Basic (typically using Group Policy or similar). For full enrollment instructions and troubleshooting, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
-
-After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it might take 48-72 hours for the first data to appear in the solution. Until then, Update Compliance will indicate it is still assessing devices.
+---
+title: Get started with Update Compliance (Windows 10)
+ms.reviewer:
+manager: laurawi
+description: Configure Update Compliance in Azure Portal to see the status of updates and antimalware protection on devices in your network.
+keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+author: jaimeo
+ms.author: jaimeo
+ms.localizationpriority: medium
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Get started with Update Compliance
+This topic explains the steps necessary to configure your environment for Update Compliance.
+
+Steps are provided in sections that follow the recommended setup process:
+
+1. Ensure you meet the [Update Compliance prerequisites](#update-compliance-prerequisites).
+2. [Add Update Compliance to your Azure subscription](#add-update-compliance-to-your-azure-subscription).
+3. [Enroll devices in Update Compliance](#enroll-devices-in-update-compliance).
+4. [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and get Delivery Optimization insights.
+
+## Update Compliance prerequisites
+Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
+1. Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
+2. Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
+3. Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device.
+4. For Windows 10 1803+, device names will not appear in Update Compliance unless you opt in. The steps to accomplish this is outlined in the [Enroll devices in Update Compliance](#enroll-devices-in-update-compliance) section.
+
+## Add Update Compliance to your Azure subscription
+Update Compliance is offered as a solution which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
+
+1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
+
+> [!NOTE]
+> Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance.
+
+2. In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below.
+
+
+
+3. Select **Update Compliance** and a blade will appear summarizing the solution’s offerings. At the bottom, select **Create** to begin adding the solution to Azure.
+
+
+
+4. Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution.
+ - [Desktop Analytics](https://docs.microsoft.com/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance.
+ - If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
+ - Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
+ - For the resource group setting select **Create new** and use the same name you chose for your new workspace.
+ - For the location setting, choose the Azure region where you would prefer the data to be stored.
+ - For the pricing tier select **per GB**.
+
+
+
+5. The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**.
+
+
+
+6. Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**.
+
+
+
+## Enroll devices in Update Compliance
+Once you've added Update Compliance to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Update Compliance there are three key steps to ensure successful enrollment:
+
+### Deploy your Commercial ID to devices
+A Commercial ID is a globally-unique identifier assigned to a specific Log Analytics workspace. This is used to identify devices as part of your environment.
+
+To find your Commercial ID within Azure:
+1. Navigate to the **Solutions** tab for your workspace, and then select the **WaaSUpdateInsights** solution.
+2. From there, select the Update Compliance Settings page on the navbar.
+3. Your Commercial ID is available in the settings page.
+
+
+
+>**Important**
+>
+>Regenerate your Commercial ID only if your Original ID key can no longer be used or if you want to completely reset your workspace. Regenerating your Commercial ID cannot be undone and will result in you losing data for all devices that have the current Commercial ID until the new Commercial ID is deployed to devices.
+
+#### Deploying Commercial ID using Group Policy
+Commercial ID can be deployed using Group Policy. The Group Policy for Commercial ID is under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure the Commercial ID**.
+
+
+
+#### Deploying Commercial ID using MDM
+Commercial ID can be deployed through a [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) policy beginning with Windows 10, version 1607. Commercial ID is under the [DMClient configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).
+
+### Ensure endpoints are whitelisted
+To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to whitelist the following endpoints. You may need security group approval to do this.
+
+| **Endpoint** | **Function** |
+|---------------------------------------------------------|-----------|
+| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. |
+| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
+| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. |
+| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
+| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting in the event of certain Feature Update deployment failures. |
+| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. |
+| `https://login.live.com` | This endpoint is optional but allows for the Update Compliance service to more reliably identify and process devices. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. |
+
+### Set diagnostic data levels
+Update Compliance requires that devices are configured to send Microsoft at least the Basic level of diagnostic data in order to function. For more information on Windows diagnostic data, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
+
+#### Configuring Telemetry level using Group Policy
+You can set Allow Telemetry through Group Policy, this setting is in the same place as the Commercial ID policy, under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Allow Telemetry**. Update Compliance requires at least Basic (level 1) to function.
+
+
+
+#### Configuring Telemetry level using MDM
+Telemetry level can additionally be configured through a [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) policy. Allow Telemetry is under the [Policy Configuration Service Provider](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) as [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry).
+
+### Enabling Device Name in telemetry
+Beginning with Windows 10, version 1803, Device Name is no longer collected as part of normal Windows Diagnostic Data and must explicitly be allowed to be sent to Microsoft. If devices do not have this policy enabled, their device name will appear as '#' instead.
+
+#### Allow Device Name in Telemetry with Group Policy
+Allow Device Name in Telemetry is under the same node as Commercial ID and Allow Telemetry policies in Group Policy, listed as **Allow device name to be sent in Windows diagnostic data**.
+
+#### Allow Device Name in Telemetry with MDM
+Allow Device Name in Telemetry is under the [Policy Configuration Service Provider](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) as [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry).
+
+>[!NOTE]
+>After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it might take 48-72 hours for the first data to appear in the solution. Until then, Update Compliance will indicate it is still assessing devices.
\ No newline at end of file
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
index 1ece514b2e..8996c05986 100644
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@@ -1,57 +1,60 @@
----
-title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10)
-ms.reviewer:
-manager: laurawi
-description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network.
-keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.localizationpriority: medium
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Monitor Windows Updates with Update Compliance
-
-## Introduction
-
-Update Compliance is a [Windows Analytics solution](windows-analytics-overview.md) that enables organizations to:
-
-* Monitor Windows 10 Professional, Education, and Enterprise security, quality, and feature updates.
-* View a report of device and update issues related to compliance that need attention.
-* See the status of Windows Defender Antivirus signatures and threats.
-* Check bandwidth savings incurred across multiple content types by using [Delivery Optimization](waas-delivery-optimization.md).
-
-Update Compliance is offered through the Azure portal, and is available free for devices that meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
-
-Update Compliance uses Windows 10 and Windows Defender Antivirus diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, Windows Defender Antivirus data, and Delivery Optimization usage data, and then sends this data to a secure cloud to be stored for analysis and usage in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal).
-
-See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
-
-- [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
-- [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
-
-## Update Compliance architecture
-
-The Update Compliance architecture and data flow is summarized by the following four-step process:
-
-1. User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
-2. Diagnostic data is analyzed by the Update Compliance Data Service.
-3. Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.
-4. Diagnostic data is available in the Update Compliance solution.
-
-
->[!NOTE]
->This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
-
-
-
-
-## Related topics
-
-[Get started with Update Compliance](update-compliance-get-started.md)
-[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
+---
+title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10)
+ms.reviewer:
+manager: laurawi
+description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network.
+keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+author: jaimeo
+ms.author: jaimeo
+ms.localizationpriority: medium
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Monitor Windows Updates with Update Compliance
+
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement).
+
+
+## Introduction
+
+Update Compliance is a [Windows Analytics solution](windows-analytics-overview.md) that enables organizations to:
+
+* Monitor security, quality, and feature updates for Windows 10 Professional, Education, and Enterprise editions.
+* View a report of device and update issues related to compliance that need attention.
+* Check bandwidth savings incurred across multiple content types by using [Delivery Optimization](waas-delivery-optimization.md).
+
+Update Compliance is offered through the Azure portal, and is included as part of Windows 10 licenses listed in the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
+
+Update Compliance uses Windows 10 and Windows Defender Antivirus diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, Windows Defender Antivirus data, and Delivery Optimization usage data, and then sends this data to a secure cloud to be stored for analysis and usage in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal).
+
+See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
+
+- [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
+- [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
+
+## Update Compliance architecture
+
+The Update Compliance architecture and data flow follows this process:
+
+1. User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
+2. Diagnostic data is analyzed by the Update Compliance Data Service.
+3. Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.
+4. Diagnostic data is available in the Update Compliance solution.
+
+
+>[!NOTE]
+>This process assumes that Windows diagnostic data is enabled and data sharing is enabled as outlined in the enrollment section of [Get started with Update Compliance](update-compliance-get-started.md).
+
+
+
+
+## Related topics
+
+[Get started with Update Compliance](update-compliance-get-started.md)
+[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
\ No newline at end of file
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index be35a79469..a4b940a236 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -1,46 +1,47 @@
----
-title: Update Compliance - Need Attention! report
-ms.reviewer:
-manager: laurawi
-description: an overview of the Update Compliance Need Attention! report
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Needs attention!
-
-
-The **Needs attention!** section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but do not fit within any other main section.
-
->[!NOTE]
->The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
-
-The different issues are broken down by Device Issues and Update Issues:
-
-## Device Issues
-
-* **Missing multiple security updates:** This issue occurs when a device is behind by two or more security updates. These devices might be more vulnerable and should be investigated and updated.
-* **Out of support OS Version:** This issue occurs when a device has fallen out of support due to the version of Windows 10 it is running. When a device has fallen out of support, it will no longer receive important security updates, and might be vulnerable. These devices should be updated to a supported version of Windows 10.
-
-## Update Issues
-
-* **Failed:** This issue occurs when an error halts the process of downloading and applying an update on a device. Some of these errors might be transient, but should be investigated further to be sure.
-* **Cancelled**: This issue occurs when a user cancels the update process.
-* **Rollback**: This issue occurs when a fatal error occurs during a feature update, and the device is rolled back to the previous version.
-* **Uninstalled**: This issue occurs when a feature update is uninstalled from a device by a user or an administrator. Note that this might not be a problem if the uninstallation was intentional, but is highlighted as it might need attention.
-* **Progress stalled:** This issue occurs when an update is in progress, but has not completed over a period of 10 days.
-
-Selecting any of the issues will take you to a [Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
-
->[!NOTE]
->This blade also has a link to the [Setup Diagnostic Tool](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag), a standalone tool you can use to obtain details about why a Windows 10 feature update was unsuccessful.
-
-## List of Queries
-
-The **List of Queries** blade is in the **Needs Attention** section of Update Compliance. This blade contains a list of queries with a description and a link to the query. These queries contain important meta-information that did not fit within any specific section or were listed to serve as a good starting point for modification into custom queries.
+---
+title: Update Compliance - Need Attention! report
+ms.reviewer:
+manager: laurawi
+description: an overview of the Update Compliance Need Attention! report
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Needs attention!
+
+
+The **Needs attention!** section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but do not fit within any other main section.
+
+>[!NOTE]
+>The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
+
+The different issues are broken down by Device Issues and Update Issues:
+
+## Device Issues
+
+* **Missing multiple security updates:** This issue occurs when a device is behind by two or more security updates. These devices might be more vulnerable and should be investigated and updated.
+* **Out of support OS Version:** This issue occurs when a device has fallen out of support due to the version of Windows 10 it is running. When a device has fallen out of support, it will no longer receive important security updates, and might be vulnerable. These devices should be updated to a supported version of Windows 10.
+
+## Update Issues
+
+* **Failed:** This issue occurs when an error halts the process of downloading and applying an update on a device. Some of these errors might be transient, but should be investigated further to be sure.
+* **Cancelled**: This issue occurs when a user cancels the update process.
+* **Rollback**: This issue occurs when a fatal error occurs during a feature update, and the device is rolled back to the previous version.
+* **Uninstalled**: This issue occurs when a feature update is uninstalled from a device by a user or an administrator. Note that this might not be a problem if the uninstallation was intentional, but is highlighted as it might need attention.
+* **Progress stalled:** This issue occurs when an update is in progress, but has not completed over a period of 10 days.
+
+Selecting any of the issues will take you to a [Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
+
+>[!NOTE]
+>This blade also has a link to the [Setup Diagnostic Tool](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag), a standalone tool you can use to obtain details about why a Windows 10 feature update was unsuccessful.
+
+## List of Queries
+
+The **List of Queries** blade is in the **Needs Attention** section of Update Compliance. This blade contains a list of queries with a description and a link to the query. These queries contain important meta-information that did not fit within any specific section or were listed to serve as a good starting point for modification into custom queries.
diff --git a/windows/deployment/update/update-compliance-perspectives.md b/windows/deployment/update/update-compliance-perspectives.md
index 4af9e5897a..b38df5c5af 100644
--- a/windows/deployment/update/update-compliance-perspectives.md
+++ b/windows/deployment/update/update-compliance-perspectives.md
@@ -1,65 +1,66 @@
----
-title: Update Compliance - Perspectives
-ms.reviewer:
-manager: laurawi
-description: an overview of Update Compliance Perspectives
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Perspectives
-
-
-
-Perspectives are elaborations on specific queries hand-crafted by developers which data views that provide deeper insight into your data. Perspectives are loaded whenever clicking into more detailed views from both the Security Update Status section and Feature Update Status section of Update Compliance.
-
-There is only one perspective framework; it is for **Update Deployment Status**. The same framework is utilized for both feature and quality updates.
-
-The first blade is the **Build Summary** blade. This blade summarizes the most important aspects of the given build being queried, listing the total number of devices, the total number of update failures for the build, and a breakdown of the different errors encountered.
-
-The second blade is the **Deferral Configurations** blade, breaking down Windows Update for Business deferral settings (if any).
-
-## Deployment status
-
-The third blade is the **Deployment Status** blade. This defines how many days it has been since the queried version has been released, and breaks down the various states in the update funnel each device has reported to be in. The possible states are as follows:
-
-| State | Description |
-| --- | --- |
-| Update Completed | When a device has finished the update process and is on the queried update, it will display here as Update completed. |
-| In Progress | Devices that report they are “In Progress” are one of the various stages of installing an update; these stages are reported in the Detailed Deployment Status blade. |
-| Deferred | When a device’s Windows Update for Business deferral policy dictates that the update is not yet applicable due to deferral, it will report as such in this blade. |
-| Progress stalled | Devices that report as “Progress stalled” have been stuck at “In progress” for more than 7 days. |
-| Cancelled | The update was cancelled. |
-| Blocked | There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update. |
-| Unknown | Devices that do not report detailed information on the status of their updates will report Unknown. This is most likely devices that do not use Windows Update for deployment. |
-| Update paused | These devices have Windows Update for Business pause enabled, preventing this update from being installed. |
-| Failed | A device is unable to install an update. This failure could be linked to a serious error in the update installation process or, in some cases, a [compatibility hold](update-compliance-feature-update-status.md#compatibility-holds). |
-
-## Detailed deployment status
-
-The final blade is the **Detailed Deployment Status** blade. This blade breaks down the detailed stage of deployment a device is in, beyond the generalized terms defined in Deployment Status. The following are the possible stages a device can report:
-
-| State | Description |
-| --- | --- |
-| Update deferred | When a device’s Windows Update for Business policy dictates the update is deferred. |
-| Update paused | The device’s Windows Update for Business policy dictates the update is paused from being offered. |
-| Update offered | The device has been offered the update, but has not begun downloading it. |
-| Pre-Download tasks passed | The device has finished all necessary tasks prior to downloading the update. |
-| Compatibility hold | The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds) |
-| Download Started | The update has begun downloading on the device. |
-| Download Succeeded | The update has successfully completed downloading. |
-| Pre-Install Tasks Passed | Tasks that must be completed prior to installing the update have been completed. |
-| Install Started | Installation of the update has begun. |
-| Reboot Required | The device has finished installing the update, and a reboot is required before the update can be completed.
-| Reboot Pending | The device has a scheduled reboot to apply the update. |
-| Reboot Initiated | The scheduled reboot has been initiated. |
-| Update Completed/Commit | The update has successfully installed. |
-
->[!NOTE]
->Interacting with any rows in the perspective view will automatically apply the given value to the query and execute it with the new parameter, narrowing the perspective to devices that satisfy that criteria. For example, clicking “Not configured (-1)” devices in Deferral Configurations will filter the query to only contain devices that do not have a deferral configuration. These filters can also be applied to queries via the filter sidebar.
+---
+title: Update Compliance - Perspectives
+ms.reviewer:
+manager: laurawi
+description: an overview of Update Compliance Perspectives
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Perspectives
+
+
+
+Perspectives are elaborations on specific queries hand-crafted by developers which data views that provide deeper insight into your data. Perspectives are loaded whenever clicking into more detailed views from both the Security Update Status section and Feature Update Status section of Update Compliance.
+
+There is only one perspective framework; it is for **Update Deployment Status**. The same framework is utilized for both feature and quality updates.
+
+The first blade is the **Build Summary** blade. This blade summarizes the most important aspects of the given build being queried, listing the total number of devices, the total number of update failures for the build, and a breakdown of the different errors encountered.
+
+The second blade is the **Deferral Configurations** blade, breaking down Windows Update for Business deferral settings (if any).
+
+## Deployment status
+
+The third blade is the **Deployment Status** blade. This defines how many days it has been since the queried version has been released, and breaks down the various states in the update funnel each device has reported to be in. The possible states are as follows:
+
+| State | Description |
+| --- | --- |
+| Update Completed | When a device has finished the update process and is on the queried update, it will display here as Update completed. |
+| In Progress | Devices that report they are “In Progress” are one of the various stages of installing an update; these stages are reported in the Detailed Deployment Status blade. |
+| Deferred | When a device’s Windows Update for Business deferral policy dictates that the update is not yet applicable due to deferral, it will report as such in this blade. |
+| Progress stalled | Devices that report as “Progress stalled” have been stuck at “In progress” for more than 7 days. |
+| Cancelled | The update was cancelled. |
+| Blocked | There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update. |
+| Unknown | Devices that do not report detailed information on the status of their updates will report Unknown. This is most likely devices that do not use Windows Update for deployment. |
+| Update paused | These devices have Windows Update for Business pause enabled, preventing this update from being installed. |
+| Failed | A device is unable to install an update. This failure could be linked to a serious error in the update installation process or, in some cases, a [compatibility hold](update-compliance-feature-update-status.md#compatibility-holds). |
+
+## Detailed deployment status
+
+The final blade is the **Detailed Deployment Status** blade. This blade breaks down the detailed stage of deployment a device is in, beyond the generalized terms defined in Deployment Status. The following are the possible stages a device can report:
+
+| State | Description |
+| --- | --- |
+| Update deferred | When a device’s Windows Update for Business policy dictates the update is deferred. |
+| Update paused | The device’s Windows Update for Business policy dictates the update is paused from being offered. |
+| Update offered | The device has been offered the update, but has not begun downloading it. |
+| Pre-Download tasks passed | The device has finished all necessary tasks prior to downloading the update. |
+| Compatibility hold | The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds) |
+| Download Started | The update has begun downloading on the device. |
+| Download Succeeded | The update has successfully completed downloading. |
+| Pre-Install Tasks Passed | Tasks that must be completed prior to installing the update have been completed. |
+| Install Started | Installation of the update has begun. |
+| Reboot Required | The device has finished installing the update, and a reboot is required before the update can be completed.
+| Reboot Pending | The device has a scheduled reboot to apply the update. |
+| Reboot Initiated | The scheduled reboot has been initiated. |
+| Update Completed/Commit | The update has successfully installed. |
+
+>[!NOTE]
+>Interacting with any rows in the perspective view will automatically apply the given value to the query and execute it with the new parameter, narrowing the perspective to devices that satisfy that criteria. For example, clicking “Not configured (-1)” devices in Deferral Configurations will filter the query to only contain devices that do not have a deferral configuration. These filters can also be applied to queries via the filter sidebar.
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
index d299981e93..fa252c9db1 100644
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ b/windows/deployment/update/update-compliance-security-update-status.md
@@ -5,7 +5,6 @@ manager: laurawi
description: an overview of the Security Update Status report
ms.prod: w10
ms.mktglfcycl: deploy
-ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 501c1bcb57..3f9b6fbcbb 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -1,94 +1,93 @@
----
-title: Using Update Compliance (Windows 10)
-ms.reviewer:
-manager: laurawi
-description: Explains how to begin usihg Update Compliance.
-keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.localizationpriority: medium
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Use Update Compliance
-
-In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Windows Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md).
-
-
-Update Compliance:
-- Provides detailed deployment data for Windows 10 security, quality, and feature updates.
-- Reports when devices have issues related to updates that need attention.
-- Shows Windows Defender AV status information for devices that use it and meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
-- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](waas-delivery-optimization.md).
-- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
-
-## The Update Compliance tile
-After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you’ll see this tile:
-
-
-
-When the solution is added, data is not immediately available. Data will begin to be collected after data is sent up that belongs to the Commercial ID associated with the device. This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). After Microsoft has collected and processed any device data associated with your Commercial ID, the tile will be replaced with the following summary:
-
-
-
-The summary details the total number of devices that Microsoft has received data from with your Commercial ID. It also provides the number of devices that need attention if any. Finally, it details the last point at which your Update Compliance workspace was refreshed.
-
-## The Update Compliance workspace
-
-
-
-When you select this tile, you will be redirected to the Update Compliance workspace. The workspace is organized with the Overview blade providing a hub from which to navigate to different reports of your devices' data.
-
-### Overview blade
-
-
-
-Update Compliance’s overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
-* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
-* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability.
-* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus.
-
-The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency).
-
-The following is a breakdown of the different sections available in Update Compliance:
-* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows 10 updates.
-* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows 10 it is running. Selecting this section provides blades that summarize the overall status of security updates across all devices and a summary of their deployment progress towards the latest two security updates.
-* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows 10 in your environment.
-* [Windows Defender AV Status](update-compliance-wd-av-status.md) - This section lists the percentage of devices running Windows Defender Antivirus that are not sufficiently protected. Selecting this section provides a summary of signature and threat status across all devices that are running Windows Defender Antivirus. This section is not applicable to devices not running Windows Defender Antivirus or devices that do not meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites) to be assessed.
-* [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types.
-
-
-## Update Compliance data latency
-Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. The process that follows is as follows:
-
-Update Compliance is refreshed every 12 hours. This means that every 12 hours all data that has been gathered over the last 12-hour interval is pushed to Log Analytics. However, the rate that each data type is sent and how long it takes to be ready for Update Compliance varies, roughly outlined below.
-
-| Data Type | Refresh Rate | Data Latency |
-|--|--|--|
-|WaaSUpdateStatus | Once per day |4 hours |
-|WaaSInsiderStatus| Once per day |4 hours |
-|WaaSDeploymentStatus|Every update event (Download, install, etc.)|24-36 hours |
-|WDAVStatus|On signature update|24 hours |
-|WDAVThreat|On threat detection|24 hours |
-|WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours |
-|WUDOStatus|Once per day|12 hours |
-
-This means you should generally expect to see new data every 24-36 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours (if it misses the 36th hour refresh, it would be in the 48th, so the data will be present in the 48th hour refresh).
-
-## Using Log Analytics
-
-Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance.
-
-See below for a few topics related to Log Analytics:
-* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure’s excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
-* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-dashboards).
-* [Gain an overview of Log Analytics’ alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
-
-## Related topics
-
-[Get started with Update Compliance](update-compliance-get-started.md)
+---
+title: Using Update Compliance (Windows 10)
+ms.reviewer:
+manager: laurawi
+description: Explains how to begin using Update Compliance.
+keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+author: jaimeo
+ms.author: jaimeo
+ms.localizationpriority: medium
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Use Update Compliance
+
+In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Windows Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md).
+
+
+Update Compliance:
+- Provides detailed deployment data for Windows 10 security, quality, and feature updates.
+- Reports when devices have issues related to updates that need attention.
+- Shows Windows Defender AV status information for devices that use it and meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
+- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](waas-delivery-optimization.md).
+- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
+
+## The Update Compliance tile
+After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you’ll see this tile:
+
+
+
+When the solution is added, data is not immediately available. Data will begin to be collected after data is sent up that belongs to the Commercial ID associated with the device. This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance). After Microsoft has collected and processed any device data associated with your Commercial ID, the tile will be replaced with the following summary:
+
+
+
+The summary details the total number of devices that Microsoft has received data from with your Commercial ID. It also provides the number of devices that need attention if any. Finally, it details the last point at which your Update Compliance workspace was refreshed.
+
+## The Update Compliance workspace
+
+
+
+When you select this tile, you will be redirected to the Update Compliance workspace. The workspace is organized with the Overview blade providing a hub from which to navigate to different reports of your devices' data.
+
+### Overview blade
+
+
+
+Update Compliance’s overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
+* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
+* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability.
+* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus.
+
+The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency).
+
+The following is a breakdown of the different sections available in Update Compliance:
+* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows 10 updates.
+* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows 10 it is running. Selecting this section provides blades that summarize the overall status of security updates across all devices and a summary of their deployment progress towards the latest two security updates.
+* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows 10 in your environment.
+* [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types.
+
+
+## Update Compliance data latency
+Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. The process that follows is as follows:
+
+Update Compliance is refreshed every 12 hours. This means that every 12 hours all data that has been gathered over the last 12-hour interval is pushed to Log Analytics. However, the rate at which each type of data is sent from the device and how long it takes to be ready for Update Compliance varies, roughly outlined below.
+
+| Data Type | Data upload rate from device | Data Latency |
+|--|--|--|
+|WaaSUpdateStatus | Once per day |4 hours |
+|WaaSInsiderStatus| Once per day |4 hours |
+|WaaSDeploymentStatus|Every update event (Download, install, etc.)|24-36 hours |
+|WDAVStatus|On signature update|24 hours |
+|WDAVThreat|On threat detection|24 hours |
+|WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours |
+|WUDOStatus|Once per day|12 hours |
+
+This means you should generally expect to see new data device data every 24 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours (if it misses the 36th hour refresh, it would be in the 48th, so the data will be present in the 48th hour refresh).
+
+## Using Log Analytics
+
+Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance.
+
+See below for a few topics related to Log Analytics:
+* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure’s excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
+* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-dashboards).
+* [Gain an overview of Log Analytics’ alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
+
+## Related topics
+
+[Get started with Update Compliance](update-compliance-get-started.md)
\ No newline at end of file
diff --git a/windows/deployment/update/update-compliance-wd-av-status.md b/windows/deployment/update/update-compliance-wd-av-status.md
index 74250033ff..edc9156531 100644
--- a/windows/deployment/update/update-compliance-wd-av-status.md
+++ b/windows/deployment/update/update-compliance-wd-av-status.md
@@ -1,42 +1,43 @@
----
-title: Update Compliance - Windows Defender AV Status report
-ms.reviewer:
-manager: laurawi
-description: an overview of the Windows Defender AV Status report
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Windows Defender AV Status
-
-
-
-The Windows Defender AV Status section deals with data concerning signature and threat status for devices that use Windows Defender Antivirus. The section tile in the [Overview Blade](update-compliance-using.md#overview-blade) provides the percentage of devices with insufficient protection – this percentage only considers devices using Windows Defender Antivirus.
-
->[!NOTE]
->Update Compliance's Windows Defender Antivirus status is compatible with E3, B, F1, VL Professional and below licenses. Devices with an E5 license are not shown here; devices with an E5 license can be monitored using the [Windows Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection). If you'd like to learn more about Windows 10 licensing, see the [Windows 10 product licensing options](https://www.microsoft.com/Licensing/product-licensing/windows10.aspx).
-
-# Windows Defender AV Status sections
-The **Protection Status** blade gives a count for devices that have either out-of-date signatures or real-time protection turned off. Below, it gives a more detailed breakdown of the two issues. Selecting any of these statuses will navigate you to a Log Search view containing the query.
-
-The **Threat Status** blade shows, among devices that have encountered threats, how many were and were not remediated successfully. It also provides a detailed count. Selecting either of these will take you to the respective query in Log Search for further investigation.
-
-Here are some important terms to consider when using the Windows Defender AV Status section of Update Compliance:
-* **Signature out of date** devices are devices with a signature older than 14 days.
-* **No real-time protection** devices are devices that are using Windows Defender AV but have turned off real-time protection.
-* **Recently disappeared** devices are devices that were previously seen by Windows Defender AV and are no longer seen in the past 7 days.
-* **Remediation failed** devices are devices where Windows Defender AV failed to remediate the threat. This could be due to a number of reasons, including a full disk, network error, operation aborted, etc. Manual intervention might be needed from IT team.
-* **Not assessed** devices are devices where either a non-Microsoft AV solution is used or it has been more than 7 days since the device recently disappeared.
-
-## Windows Defender data latency
-Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days.
-
-## Related topics
-
-- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)
+---
+title: Update Compliance - Windows Defender AV Status report
+ms.reviewer:
+manager: laurawi
+description: an overview of the Windows Defender AV Status report
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Windows Defender AV Status
+
+
+
+The Windows Defender AV Status section deals with data concerning signature and threat status for devices that use Windows Defender Antivirus. The section tile in the [Overview Blade](update-compliance-using.md#overview-blade) provides the percentage of devices with insufficient protection – this percentage only considers devices using Windows Defender Antivirus.
+
+>[!NOTE]
+>Update Compliance's Windows Defender Antivirus status is compatible with E3, B, F1, VL Professional and below licenses. Devices with an E5 license are not shown here; devices with an E5 license can be monitored using the [Windows Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection). If you'd like to learn more about Windows 10 licensing, see the [Windows 10 product licensing options](https://www.microsoft.com/Licensing/product-licensing/windows10.aspx).
+
+## Windows Defender AV Status sections
+The **Protection Status** blade gives a count for devices that have either out-of-date signatures or real-time protection turned off. Below, it gives a more detailed breakdown of the two issues. Selecting any of these statuses will navigate you to a Log Search view containing the query.
+
+The **Threat Status** blade shows, among devices that have encountered threats, how many were and were not remediated successfully. It also provides a detailed count. Selecting either of these will take you to the respective query in Log Search for further investigation.
+
+Here are some important terms to consider when using the Windows Defender AV Status section of Update Compliance:
+* **Signature out of date** devices are devices with a signature older than 14 days.
+* **No real-time protection** devices are devices that are using Windows Defender AV but have turned off real-time protection.
+* **Recently disappeared** devices are devices that were previously seen by Windows Defender AV and are no longer seen in the past 7 days.
+* **Remediation failed** devices are devices where Windows Defender AV failed to remediate the threat. This could be due to a number of reasons, including a full disk, network error, operation aborted, etc. Manual intervention might be needed from IT team.
+* **Not assessed** devices are devices where either a non-Microsoft AV solution is used or it has been more than 7 days since the device recently disappeared.
+
+## Windows Defender data latency
+Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days.
+
+## Related topics
+
+- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 6e8a4ba345..aee88e8e01 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -3,11 +3,9 @@ title: Configure BranchCache for Windows 10 updates (Windows 10)
description: Use BranchCache to optimize network bandwidth during update deployment.
ms.prod: w10
ms.mktglfcycl: manage
-ms.sitesec: library
-author: greg-lindsay
+author: jaimeo
ms.localizationpriority: medium
-ms.author: greglin
-ms.date: 07/27/2017
+ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index c6b56e8162..ae41811326 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -5,7 +5,7 @@ manager: laurawi
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
ms.prod: w10
ms.mktglfcycl: deploy
-ms.sitesec: library
+
audience: itpro
author: jaimeo
ms.localizationpriority: medium
@@ -125,9 +125,9 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha
## Configure when devices receive Quality Updates
-Quality Updates are typically published on the first Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality Updates following their availability. You can defer receiving these Quality Updates for a period of up to 35 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
+Quality updates are typically published on the first Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
-You can set your system to receive updates for other Microsoft products—known as Microsoft Updates (such as Microsoft Office, Visual Studio)—along with Windows Updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft Updates will follow the same deferral and pause rules as all other Quality Updates.
+You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
>[!IMPORTANT]
>This policy defers both Feature and Quality Updates on Windows 10 Mobile Enterprise.
@@ -146,7 +146,7 @@ You can set your system to receive updates for other Microsoft products—known
## Pause quality updates
-You can also pause a system from receiving Quality Updates for a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality Updates. Following this scan, you can then pause quality Updates for the device again.
+You can also pause a system from receiving quality updates for a period of up to 35 days from when the value is set. After 35 days have passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality updates. Following this scan, you can then pause quality updates for the device again.
Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
@@ -201,9 +201,9 @@ The policy settings to **Select when Feature Updates are received** allows you t
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
* MDM: **Update/BranchReadinessLevel**
-## Exclude drivers from Quality Updates
+## Exclude drivers from quality updates
-Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy will not apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to Feature Updates, where drivers might be dynamically installed to ensure the Feature Update process can complete.
+Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy will not apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to feature updates, where drivers might be dynamically installed to ensure the feature update process can complete.
**Policy settings to exclude drivers**
diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md
index fec88b2720..e7d8d21550 100644
--- a/windows/deployment/update/waas-delivery-optimization-reference.md
+++ b/windows/deployment/update/waas-delivery-optimization-reference.md
@@ -6,11 +6,11 @@ description: Reference of all Delivery Optimization settings and descriptions of
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
ms.prod: w10
ms.mktglfcycl: deploy
-ms.sitesec: library
+
audience: itpro
-author: greg-lindsay
+author: jaimeo
ms.localizationpriority: medium
-ms.author: greglin
+ms.author: jaimeo
ms.collection: M365-modern-desktop
ms.topic: article
---
@@ -132,7 +132,8 @@ Starting in Windows 10, version 1803, set this policy to restrict peer selection
- 1 = AD Site
- 2 = Authenticated domain SID
- 3 = DHCP Option ID (with this option, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID)
-- 4 = DNS Suffix
+- 4 = DNS Suffix
+- 5 = Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
When set, the Group ID is assigned automatically from the selected source. If you set this policy, the GroupID policy will be ignored. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-4, the policy is ignored.
diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md
index f21112405f..61a6af8b7c 100644
--- a/windows/deployment/update/waas-delivery-optimization-setup.md
+++ b/windows/deployment/update/waas-delivery-optimization-setup.md
@@ -1,190 +1,191 @@
----
-title: Set up Delivery Optimization
-ms.reviewer:
-manager: laurawi
-description: Delivery Optimization is a new peer-to-peer distribution method in Windows 10
-keywords: oms, operations management suite, wdav, updates, downloads, log analytics
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Set up Delivery Optimization for Windows 10 updates
-
-**Applies to**
-
-- Windows 10
-
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
-## Recommended Delivery Optimization settings
-
-Delivery Optimization offers a great many settings to fine-tune its behavior (see [Delivery Optimization reference](waas-delivery-optimization-reference.md) for a comprehensive list), but for the most efficient performance, there are just a few key parameters that will have the greates impact if particular situations exist in your deployment:
-
-- Does your topology include multiple breakouts to the internet (i.e., a "hybrid WAN") or are there only a few connections to the internet, so that all requests appear to come from a single external IP address (a "hub and spoke" topology)?
-- If you use boundary groups in your topology, how many devices are present in a given group?
-- What percentage of your devices are mobile?
-- Do your devices have a lot of free space on their drives?
-- Do you have a lab scenario with many devices on AC power?
-
->[!NOTE]
->These scenarios (and the recommended settings for each) are not mutually exclusive. It's possible that your deployment might involve more than one of these scenarios, in which case you can employ the related settings in any combination as needed. In all cases, however, "download mode" is the most important one to set.
-
-Quick-reference table:
-
-| Use case | Policy | Recommended value | Reason |
-| --- | --- | --- | --- |
-| Hub & spoke topology | Download mode | 1 or 2 | Automatic grouping of peers to match your topology |
-| Sites with > 30 devices | Minimum file size to cache | 10 MB (or 1 MB) | Leverage peers-to-peer capability in more downloads |
-| Large number of mobile devices | Allow uploads on battery power | 60% | Increase # of devices that can upload while limiting battery drain |
-| Labs with AC-powered devices | Content Expiration | 7 (up to 30) days | Leverage devices that can upload more for a longer period |
-
-
-### Hybrid WAN scenario
-
-For this scenario, grouping devices by domain allows devices to be included in peer downloads and uploads across VLANs. **Set Download Mode to 2 - Group**. The default group is the authenticated domain or Active Directory site. If your domain-based group is too wide, or your Active Directory sites aren’t aligned with your site network topology, then you should consider additional options for dynamically creating groups, for example by using the GroupIDSrc parameter.
-
-
-
-
-To do this in Group Policy go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
-
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set DODownloadMode to 1 or 2.
-
-### Hub and spoke topology with boundary groups
-
-The default download mode setting is **1**; this means all devices breaking out to the internet using the same public IP will be considered as a single peer group. To prevent peer-to-peer activity across groups, you should set the download mode to **2**. If you have already defined Active Directory sites per hub or branch office, then you don't need to do anything else. If you're not using Active Directory sites, you should set *RestrictPeerSelectionBy* policies to restrict the activity to the subnet or set a different source for Groups by using the GroupIDSrc parameter. See [Select a method to restrict peer selection](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection).
-
-
-
-To do this in Group Policy go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
-
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DODownloadMode** to **2**.
-
-
-### Large number of mobile devices
-
-If you have a mobile workforce with a great many mobile devices, set Delivery Optimization to allow uploads on battery power, while limiting the use to prevent battery drain. A setting for **DOMinBatteryPercentageAllowedToUpload** of 60% is a good starting point, though you might want to adjust it later.
-
-To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Allow uploads while the device is on battery while under set Battery level** to 60.
-
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DOMinBatteryPercentageAllowedToUpload** to 60.
-
-### Plentiful free space and large numbers of devices
-
-Many devices now come with large internal drives. You can set Delivery Optimization to take better advantage of this space (especially if you have large numbers of devices) by changing the minimum file size to cache. If you have more than 30 devices in your local network or group, change it from the default 50 MB to 10 MB. If you have more than 100 devices (and are running Windows 10, version 1803 or later), set this value to 1 MB.
-
-[//]: # (default of 50 aimed at consumer)
-
-To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Minimum Peer Caching Content File Size** to 100 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
-
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DOMinFileSizeToCache** to 100 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
-
-### Lab scenario
-
-In a lab situation, you typically have a large number of devices that are plugged in and have a lot of free disk space. By increasing the content expiration interval, you can take advantage of these devices, using them as excellent upload sources in order to upload much more content over a longer period.
-
-To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Max Cache Age** to **6048000** (7 days) or more (up to 30 days).
-
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set DOMaxCacheAge to 7 or more (up to 30 days).
-
-[//]: # (material about "preferred" devices; remove MinQos/MaxCacheAge; table format?)
-
-
-## Monitor Delivery Optimization
-[//]: # (How to tell if it’s working? What values are reasonable; which are not? If not, which way to adjust and how? -- check PercentPeerCaching for files > minimum >= 50%)
-
-### Windows PowerShell cmdlets
-
-**Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization.
-
-#### Analyze usage
-
-`Get-DeliveryOptimizationStatus` returns a real-time snapshot of all current Delivery Optimization jobs.
-
-| Key | Value |
-| --- | --- |
-| File ID | A GUID that identifies the file being processed |
-| Priority | Priority of the download; values are **foreground** or **background** |
-| FileSize | Size of the file |
-| TotalBytesDownloaded | The number of bytes from any source downloaded so far |
-| PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP |
-| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
-| BytesfromHTTP | Total number of bytes received over HTTP |
-| DownloadDuration | Total download time in seconds |
-| Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but is not uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
-| NumPeers | Indicates the total number of peers returned from the service. |
-| PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. |
-| ExpireOn | The target expiration date and time for the file. |
-| Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). |
-
-`Get-DeliveryOptimizationPerfSnap` returns a list of key performance data:
-
-- Number of files downloaded
-- Number of files uploaded
-- Total bytes downloaded
-- Total bytes uploaded
-- Average transfer size (download); that is, the number bytes downloaded divided by the number of files
-- Average transfer size (upload); the number of bytes uploaded divided by the number of files
-- Peer efficiency; same as PercentPeerCaching
-
-Using the `-Verbose` option returns additional information:
-
-- Bytes from peers (per type)
-- Bytes from CDN (the number of bytes received over HTTP)
-- Average number of peer connections per download
-
-Starting in Window 10, version 1903, `get-DeliveryOptimizationPerfSnap` has a new option `-CacheSummary` which provides a summary of the cache status.
-
-Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
-
-#### Manage the Delivery Optimization cache
-
-**Starting in Windows 10, version 1903:**
-
-`set-DeliveryOptimizationStatus -ExpireOn [date time]` extends the expiration of all files in the cache. You can set the expiration immediately for all files that are in the "caching" state. For files in progress ("downloading"), the expiration is applied once the download is complete. You can set the expiration up to one year from the current date and time.
-
-`set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache.
-
-You can now "pin" files to keep them persistent in the cache. You can only do this with files that are downloaded in modes 1, 2, or 3.
-
-`set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation.
-
-`set-DeliveryOptimizationStatus -Pin [False] -File ID [FileID]` "unpins" a file, so that it will be deleted when the expiration date and time are rreached. The file is included in the cache quota calculation.
-
-`delete-DeliveryOptimizationCache` lets you clear files from the cache and remove all persisted data related to them. You can use these options with this cmdlet:
-
-- `-FileID` specifies a particular file to delete.
-- `-IncludePinnedFiles` deletes all files that are pinned.
-- `-Force` deletes the cache with no prompts.
-
-
-#### Work with Delivery Optimization logs
-
-**Starting in Windows 10, version 1803:**
-
-`Get-DeliveryOptimizationLog [-Path ] [-Flush]`
-
-If `Path` is not specified, this cmdlet reads all logs from the dosvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops dosvc before reading logs.
-
-Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content
- --
- --
- --
- --
- --
- --
- --
- --
- --
- --
-
- **Figure 2. The “Who owns this PC?” page in initial Windows 10 setup**
-
-2. On the **Choose how you’ll connect** page, select **Join Azure AD**, and then click **Next**, as illustrated in **Figure 3**.
-
- 
-
- **Figure 3. The “Choose how you’ll connect” page in initial Windows 10 setup**
-
-3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 4**.
-
- 
-
- **Figure 4. The “Let’s get you signed in” page in initial Windows 10 setup**
-
-Now the device is Azure AD joined to the company’s subscription.
-
-**To join a device to Azure AD when the device already has Windows 10 Pro, version 1703 installed and set up**
-
->[!IMPORTANT]
->Make sure that the user you're signing in with is **not** a BUILTIN/Administrator. That user cannot use the `+ Connect` button to join a work or school account.
-
-1. Go to **Settings > Accounts > Access work or school**, as illustrated in **Figure 5**.
-
- 
-
- **Figure 5. Connect to work or school configuration in Settings**
-
-2. In **Set up a work or school account**, click **Join this device to Azure Active Directory**, as illustrated in **Figure 6**.
-
- 
-
- **Figure 6. Set up a work or school account**
-
-3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 7**.
-
- 
-
- **Figure 7. The “Let’s get you signed in” dialog box**
-
-Now the device is Azure AD joined to the company’s subscription.
-
-### Step 2: Pro edition activation
-
->[!IMPORTANT]
->If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
->If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**.
-
-
-
-Figure 7a - Windows 10 Pro activation in Settings
-
-Windows 10 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only).
-
-
-### Step 3: Sign in using Azure AD account
-
-Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
-
-
-
-**Figure 8. Sign in by using Azure AD account**
-
-### Step 4: Verify that Enterprise edition is enabled
-
-You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings > Update & Security > Activation**, as illustrated in **Figure 9**.
-
-
-
-
-**Figure 9 - Windows 10 Enterprise subscription in Settings**
-
-
-If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
-
->[!NOTE]
->If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
->Name: Windows(R), Professional edition
->Description: Windows(R) Operating System, RETAIL channel
->Partial Product Key: 3V66T
-
-## Virtual Desktop Access (VDA)
-
-Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx).
-
-Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Enterprise Subscription Activation](vda-subscription-activation.md).
-
-## Troubleshoot the user experience
-
-In some instances, users may experience problems with the Windows 10 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
-
-- The existing Windows 10 Pro, version 1703 or 1709 operating system is not activated. This problem does not apply to Windows 10, version 1803 or later.
-
-- The Windows 10 Enterprise E3 or E5 subscription has lapsed or has been removed.
-
-Use the following figures to help you troubleshoot when users experience these common problems:
-
-- [Figure 9](#win-10-activated-subscription-active) (above) illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active.
-
-- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro is not activated, but the Windows 10 Enterprise subscription is active.
-
-- [Figure 11](#subscription-not-active) (below) illustrates a device on which Windows 10 Pro is activated, but the Windows 10 Enterprise subscription is lapsed or removed.
-
-- [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed.
-
-
-
-
-Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings
-
-
-
-
-Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings
-
-
-
-
-Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings
-
-
-### Review requirements on devices
-
-Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
-
-**To determine if a device is Azure Active Directory joined:**
-
-1. Open a command prompt and type **dsregcmd /status**.
-
-2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
-
-**To determine the version of Windows 10:**
-
-- At a command prompt, type:
- **winver**
-
- A popup window will display the Windows 10 version number and detailed OS build information.
-
- If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal.
+---
+title: Deploy Windows 10 Enterprise licenses
+ms.reviewer:
+manager: laurawi
+ms.audience: itpro
+ms.author: greglin
+description: Steps to deploy Windows 10 Enterprise licenses for Windows 10 Enterprise E3 or E5 Subscription Activation, or for Windows 10 Enterprise E3 in CSP
+keywords: upgrade, update, task sequence, deploy
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: mdt
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Deploy Windows 10 Enterprise licenses
+
+This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD).
+
+>[!NOTE]
+>* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
+>* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
+>* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
+
+## Firmware-embedded activation key
+
+To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt
+
+```
+(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey
+```
+
+If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device does not have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
+
+## Enabling Subscription Activation with an existing EA
+
+If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
+
+1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:
+2. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
+3. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
+4. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
+5. The admin can now assign subscription licenses to users.
+
+>Use the following process if you need to update contact information and retrigger activation in order to resend the activation email:
+
+1. Sign in to the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
+2. Click on **Subscriptions**.
+3. Click on **Online Services Agreement List**.
+4. Enter your agreement number, and then click **Search**.
+5. Click the **Service Name**.
+6. In the **Subscription Contact** section, click the name listed under **Last Name**.
+7. Update the contact information, then click **Update Contact Details**. This will trigger a new email.
+
+Also in this article:
+- [Explore the upgrade experience](#explore-the-upgrade-experience): How to upgrade devices using the deployed licenses.
+- [Troubleshoot the user experience](#troubleshoot-the-user-experience): Examples of some license activation issues that can be encountered, and how to resolve them.
+
+## Active Directory synchronization with Azure AD
+
+You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
+
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+
+**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
+
+
+
+**Figure 1. On-premises AD DS integrated with Azure AD**
+
+For more information about integrating on-premises AD DS domains with Azure AD, see the following resources:
+
+- [Integrating your on-premises identities with Azure Active Directory](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/)
+- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
+
+>[!NOTE]
+>If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
+
+## Preparing for deployment: reviewing requirements
+
+Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
+
+## Assigning licenses to users
+
+Upon acquisition of Windows 10 subscription has been completed (Windows 10 Business, E3 or E5), customers will receive an email that will provide guidance on how to use Windows as an online service:
+
+
+
+The following methods are available to assign licenses:
+
+1. When you have the required Azure AD subscription, [group-based licensing](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-whatis-azure-portal) is the preferred method to assign Enterprise E3 or E5 licenses to users.
+2. You can sign in to portal.office.com and manually assign licenses:
+
+ 
+
+3. You can assign licenses by uploading a spreadsheet.
+4. A per-user [PowerShell scripted method](https://social.technet.microsoft.com/wiki/contents/articles/15905.how-to-use-powershell-to-automatically-assign-licenses-to-your-office-365-users.aspx) of assigning licenses is available.
+5. Organizations can use synchronized [AD groups](https://ronnydejong.com/2015/03/04/assign-ems-licenses-based-on-local-active-directory-group-membership/) to automatically assign licenses.
+
+## Explore the upgrade experience
+
+Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10 Enterprise. What will the users experience? How will they upgrade their devices?
+
+### Step 1: Join Windows 10 Pro devices to Azure AD
+
+Users can join a Windows 10 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703.
+
+**To join a device to Azure AD the first time the device is started**
+
+1. During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then click **Next**, as illustrated in **Figure 2**.