Merge pull request #191 from Justinha/VSTS8867491

Vsts8867491
2025-06-30 17:53:53 +00:00 · 2016-09-15 12:10:32 -07:00
parent fbb466ddac 5b0199d74e
commit 8009347ef6
12 changed files with 98 additions and 78 deletions
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@ -30,7 +30,7 @@ Initiating a reset will return the device to the last cumulative Windows update,
 -   Local admins on the device
 -   Configurations from MDM or the Settings app
-**To reset a Surface Hub**
+**To reset a Surface Hub from Settings**</br>
 1.	On your Surface Hub, open **Settings**. 
    ![Image showing Settings app for Surface Hub.](images/sh-settings.png)
@ -43,8 +43,18 @@ Initiating a reset will return the device to the last cumulative Windows update,
    ![Image showing Reset device option in Settings app for Surface Hub.](images/sh-settings-reset-device.png) 
 **To reset a Surface Hub from Windows Recovery Environment**</br>
 On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device will automatically reboot and try again. But if this operation fails repeatedly, the device will be automatically locked to protect user data. To unlock it, you must reset the device from [Windows Recovery Environment](https://technet.microsoft.com/en-us/library/cc765966(v=ws.10).aspx) (Windows RE).
 To reset a Surface Hub from Windows RE:
 1.  From the welcome screen, toggle the Surface Hub's power switch 3 times. Wait a few seconds between each toggle. See the [Surface Hub Site Readiness Guide](https://www.microsoft.com/surface/support/surface-hub/surface-hub-site-readiness-guide) for help with locating the power switch.
 2.  The device should automatically boot into Windows RE. Select **Advanced Repair**.
 3.  Select **Reset**.
 4.  If prompted, enter your device's BitLocker key.
 **Important Note**</br>
-Performing a device reset may take up to 6 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
+Performing a device reset may take up to 2 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
 After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again. 
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@ -12,6 +12,11 @@ author: jdeckerMS
 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
 ## September 2016
 | New or changed topic | Description|
 | --- | --- |
 | [Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)  | New. Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.  |
 ## RELEASE: Windows 10, version 1607
 The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
@ -21,29 +26,25 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 - [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
 - [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
 ## July 2016
 | New or changed topic | Description|
 | --- | --- |
-| [Windows 10 editions for education customers](windows-editions-for-education-customers.md)  | New |
+| [Windows 10 editions for education customers](windows-editions-for-education-customers.md)  | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. |
-|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New |
+|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use SCCM, Intune, and Group Policy to manage devices. |
 ## June 2016
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Get Minecraft Education Edition](get-minecraft-for-education.md) </br> [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md) </br> [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) | New |
+| [Get Minecraft Education Edition](get-minecraft-for-education.md) </br> [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md) </br> [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) | New. Learn how to get and distribute Minecraft: Education Edition. |
 ## May 2016
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New  |
+| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New. Learn how the Set up School PCs app works and how to use it.  |
-| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New  |
+| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New. Describes the changes that the Set up School PCs app makes to a PC.  |
-| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New |
+| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New. Learn how to set up and use the Take a Test app. |
 | [Chromebook migration guide](chromebook-migration-guide.md)  | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in November 2015 |
 | [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)  |  Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in May 2016 |
--- a/education/windows/create-tests-using-microsoft-forms.md
+++ b/education/windows/create-tests-using-microsoft-forms.md
@ -1,6 +1,6 @@
 ---
 title: Create tests using Microsoft Forms
-description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while complete a test.
+description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.
 keywords: school, Take a Test, Microsoft Forms
 ms.prod: w10
 ms.mktglfcycl: plan
--- a/windows/deploy/images/upgrade-analytics-namepub-rollup.PNG
+++ b/windows/deploy/images/upgrade-analytics-namepub-rollup.PNG
--- a/windows/deploy/images/upgrade-analytics-ready-for-windows-status-guidance-precedence.PNG
+++ b/windows/deploy/images/upgrade-analytics-ready-for-windows-status-guidance-precedence.PNG
--- a/windows/deploy/images/upgrade-analytics-ready-for-windows-status.PNG
+++ b/windows/deploy/images/upgrade-analytics-ready-for-windows-status.PNG
--- a/windows/deploy/upgrade-analytics-resolve-issues.md
+++ b/windows/deploy/upgrade-analytics-resolve-issues.md
@ -26,7 +26,7 @@ The blades in the **Resolve issues** section are:
 - Review applications with no known issues
 - Review drivers with known issues
-Here you can also see adoption status of applications for the [Ready for Windows website](https://www.readyforwindows.com/). The following sections cover each of the blades and the adoption status of applications in more detail.
+As you review applications with known issues, you can also see ISV support of applications for [Ready for Windows](https://www.readyforwindows.com/).
 ## Review applications with known issues
@ -73,14 +73,41 @@ For applications assessed as **Fix available**, review the table below for detai
 | Fix available      | Yes                               | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but won’t migrate.                                                                                    | Remove the application before upgrading and reinstall on the new operating system.<br>             |
 | Fix available      | Yes                               | Disk encryption blocking upgrade                         | The application’s encryption features are blocking the upgrade.                                                                                                    | Disable the encryption feature before upgrading and enable it again after upgrading.<br>           |
 ### ISV support for applications with Ready for Windows
 The [Ready for Windows (Preview) website](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installs and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/). 
 Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows, and corresponding guidance. If you query with RollupLevel="NamePublisher", then it is possible for each version of the application to have a different status for Ready for Windows. In this case, different values appear for Ready for Windows when RollupLevel=”NamePublisher”. 
 ![Name publisher rollup](images/upgrade-analytics-namepub-rollup.png)
 The following table lists possible values for **ReadyForWindows** and what they mean. For more informnation, see [What does the Adoption Status mean](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses).
 | Ready for Windows Status | Query rollup level | What this means | Guidance |
 |-------------------|--------------------------|-----------------|----------|
 |Supported version available    | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. |
 |  Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. | 
 | Adopted   | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. |
 | Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A |
 | Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check the Ready for Windows site for additional information.|
 |Supported version available | NamePublisher | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.|
 |Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check the Ready for Windows site to learn more. |Check the Ready for Windows site for adoption information for this application.|
 | Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available on the Ready for Windows site for other versions of the application. | N/A |
 Here is an example of an application with **Highly adopted** status:
 ![Upgrade analytics Ready for Windows status](images/upgrade-analytics-ready-for-windows-status.png)
 If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance.
 ![Upgrade analytics Ready for Windows status guidance precedence](images/upgrade-analytics-ready-for-windows-status-guidance-precedence.png)
 ## Review applications with no known issues
 Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
 <!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
 <img src="media/image7.png" width="197" height="336" />
 -->
 ![Review applications with no known issues](images/upgrade-analytics-apps-no-known-issues.png)
 Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
@ -101,10 +128,6 @@ To change an application's upgrade decision:
 Drivers that won’t migrate to the new operating system are listed, grouped by availability.
 <!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
 <img src="media/image8.png" width="197" height="316" />
 -->
 ![Review drivers with known issues](images/upgrade-analytics-drivers-known.png)
 Availability categories are explained in the table below.
@ -126,33 +149,3 @@ To change a driver’s upgrade decision:
 4.  Click **Save** when finished.
 ## Review adoption status of applications with Ready for Windows
 The [Ready for Windows (Preview) website](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installs and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/). 
 Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows, and corresponding guidance. The following table lists possible values for **ReadyForWindows** and what they mean.
 | Ready for Windows Status | What this means | Guidance |
 |--------------------------|-----------------|----------|
 |Supported version available    | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. |
 |  Highly adopted | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. | 
 | Adopted   | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. |
 | Insufficient Data | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A |
 | Contact software provider | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check the Ready for Windows site for additional information.|
 | Unknown | There is no Ready for Windows information available for this version of this application. Information may be available on the Ready for Windows site for other versions of the application. | N/A |
 ![Upgrade analytics Ready for Windows status](images/upgrade-analytics-ready-for-windows-status.png)
 If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance.
 ![Upgrade analytics Ready for Windows status guidance precedence](images/upgrade-analytics-ready-for-windows-status-guidance-precedence.png)
 If you query with RollupLevel="NamePublisher", then it is possible for each version of the application to have a different status for Ready for Windows. In this case, different values appear for Ready for Windows when RollupLevel=”NamePublisher”.
 | Ready for Windows Status | What this means | Guidance |
 |--------------------------|-----------------|----------|
 |Supported version available | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.|
 |Adoption status available | A Ready for Windows adoption status is available for one or more versions of this application. Please check the Ready for Windows site to learn more. |Check the Ready for Windows site for adoption information for this application.|
 |Unknown    | There is no Ready for Windows information available for this version of this application. Information may be available on the Ready for Windows site for other versions of the application. |N/A  |
 ![Name publisher rollup](images/upgrade-analytics-namepub-rollup.png)
--- a/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md
+++ b/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md
@ -16,7 +16,7 @@ author: brianlic-msft
 This topic provides a roadmap for planning and getting started on the Device Guard deployment process, with links to topics that provide additional detail. Planning for Device Guard deployment involves looking at both the end-user and the IT pro impact of your choices. Use the following steps to guide you.
-**Planning**
+## Planning
 1. **Review requirements, especially hardware requirements for VBS**. Review the virtualization-based security (VBS) features described in [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats). Then you can assess your end-user systems to see how many support the VBS features you are interested in, as described in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). 
@ -33,7 +33,7 @@ This topic provides a roadmap for planning and getting started on the Device Gua
 4.  **Identify LOB applications that are currently unsigned**. Although requiring signed code (through code integrity policies) protects against many threats, your organization might use unsigned LOB applications, for which the process of signing might be difficult. You might also have applications that are signed, but you want to add a secondary signature to them. If so, identify these applications, because you will need to create a catalog file for them. For a basic description of catalog files, see the table in [Introduction to Device Guard: virtualization-based security and code integrity policies](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md). For more background information about catalog files, see [Reviewing your applications: application signing and catalog files](requirements-and-deployment-planning-guidelines-for-device-guard.md#reviewing-your-applications-application-signing-and-catalog-files).
-**Getting started on the deployment process**
+## Getting started on the deployment process
 1.  **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal CA. If you choose to use an internal CA, you will need to create a code signing certificate. For more information, see [Optional: Create a code signing certificate for code integrity policies](optional-create-a-code-signing-certificate-for-code-integrity-policies.md).
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@ -23,7 +23,7 @@ The TPM Services Group Policy settings are located at:
 **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
 | Setting | Windows 10, version 1607 | Windows 10, version 1511 and Windows 10, version 1507 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
-| - | - | - | - | - | - |
+| - | - | - | - | - | - | - |
 | [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | | X| X| X| X| X| 
 | [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| X| 
 | [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| X| 
@ -32,21 +32,28 @@ The TPM Services Group Policy settings are located at:
 | [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X| X|||  
 | [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X| X|||  
 | [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X| X||||
- 
+
 ### <a href="" id="bkmk-tpmgp-addsbu"></a>Turn on TPM backup to Active Directory Domain Services
 This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of TPM owner information.
->**Note:**  This policy setting applies to the Windows operating systems listed in the [version table](#bkmk-version-table).
+>[!NOTE]  
- 
+>This policy setting applies to the Windows operating systems listed in the [version table](#bkmk-version-table).
 TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can be run only by the TPM owner. This hash authorizes the TPM to run these commands.
->**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md). This functionality is discontinued starting with Windows 10, version 1607.
+>[!IMPORTANT]  
 >To back up TPM owner information from a computer running Windows 10, version 1507, Windows 10, version 1511, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md). This functionality is discontinued starting with Windows 10, version 1607.
 If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
 If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS.
 >[!NOTE]  
 > The **Turn on TPM backup to Active Directory Domain Services** is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
 ### <a href="" id="bkmk-tpmgp-clbtc"></a>Configure the list of blocked TPM commands
 This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands that are blocked by Windows.
--- a/windows/manage/appv-application-publishing-and-client-interaction.md
+++ b/windows/manage/appv-application-publishing-and-client-interaction.md
@ -500,7 +500,7 @@ App-V registry roaming falls into two scenarios, as shown in the following table
 <td align="left"><p>When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:</p>
 <ul>
 <li><p>HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE</p></li>
-<li><p>HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE</p></li>
+<li><p>HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE</p></li>
 </ul>
 <p>The locations are enabled for roaming based on the operating system settings.</p></td>
 </tr>
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@ -168,11 +168,18 @@ For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server
 - Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Automatic Root Certificates Update**
    -and-
 1. Navigate to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Public Key Policies**.
 2. Double-click **Certificate Path Validation Settings**.
 3. On the **Network Retrieval** tab, select the **Define these policy settings** check box.
 4. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box, and then click **OK**.
    -or-
 - Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
-    -or-
+    -and-
 1. Navigate to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Public Key Policies**.
 2. Double-click **Certificate Path Validation Settings**.
@ -183,6 +190,9 @@ On Windows Server 2016 Nano Server:
 - Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
 >[!NOTE]  
 >CRL and OCSP network traffic is currently whitelisted and will still show up in network traces.  CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
 ### <a href="" id="bkmk-cortana"></a>2. Cortana and Search
 Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683).
@ -609,7 +619,7 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Window
    -or-
-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Turn off the SmartScreen Filter**.
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Configure SmartScreen Filter**.
    Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **File Explorer** &gt; **Configure Windows SmartScreen**.
@ -943,6 +953,10 @@ To turn off **Let apps automatically share and sync info with wireless devices t
 -   Turn off the feature in the UI.
     -or-
 -   Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps sync with devices**
 To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
 -   Turn off the feature in the UI.
@ -1035,13 +1049,15 @@ To turn off **Let apps run in the background**:
 -   Turn off the feature in the UI for each app.
    -   Set the **Select a setting** box to **Force Deny**.
 ### <a href="" id="bkmk-spp"></a>17. Software Protection Platform
 Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
 For Windows 10:
- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Activation**
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client AVS Validation**
    -or-
@ -1049,7 +1065,7 @@ For Windows 10:
 For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Core:
- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Activation**
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client AVS Validation**
 The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@ -283,17 +283,10 @@ Alternatively, you can turn on Shell Launcher using the Deployment Image Servici
 1.  Open a command prompt as an administrator.
 2.  Enter the following command.
-    <span codelanguage=""></span>
+
-    <table>
+    ```
-    <colgroup>
+    Dism /online /Enable-Feature /all /FeatureName:Client-EmbeddedShellLauncher
-    <col width="100%" />
+    ```
    </colgroup>
    <tbody>
    <tr class="odd">
    <td align="left"><pre><code>Dism /online /Enable-Feature /FeatureName:Client-EmbeddedShellLauncher</code></pre></td>
    </tr>
    </tbody>
    </table>
 **To set your custom shell**