Merged PR 11722: 10/01 AM Publish

devices/hololens/hololens-insider.md

@@ -82,9 +82,9 @@ In order to switch to the Chinese or Japanese version of HoloLens, you’ll need
 6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile. 
 7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.) 
 8. Select **Install software** and follow the instructions to finish installing. 
-9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions. 
+9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions.
+10. After you complete setup, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. 
  
-When you’re done with setup, go to **Settings -> Update & Security -> Windows Insider Program** and check that you’re configured to receive the latest preview builds.  The Chinese/Japanese version of HoloLens will be kept up-to-date with the latest preview builds via the Windows Insider Program the same way the English version is. 
 
 ## Note for language support
 

devices/surface/microsoft-surface-data-eraser.md

@@ -26,6 +26,7 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
 
 Compatible Surface devices include:
 
+* Surface Go
 * Surface Book 2
 * Surface Pro with LTE Advanced (Model 1807)
 * Surface Pro (Model 1796)
@@ -60,7 +61,7 @@ Some scenarios where Microsoft Surface Data Eraser can be helpful include:
 
 To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to *create* the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool:
 
-1.  Run the DataEraserSetup.msi installation file that you downloaded from the Microsoft Download Center.
+1.  Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703).
 
 2.  Select the check box to accept the terms of the license agreement, and then click **Install**.
 
@@ -147,10 +148,16 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
 
 Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
 
+### Version 3.2.68.0
+This version of Microsoft Surface Data Eraser adds support for the following:
+
+- Surface Go
+
+
 ### Version 3.2.58.0
 This version of Microsoft Surface Data Eraser adds support for the following:
 
-- •	Additional storage devices (drives) for Surface Pro and Surface Laptop devices
+- Additional storage devices (drives) for Surface Pro and Surface Laptop devices
 
 
 ### Version 3.2.46.0

devices/surface/step-by-step-surface-deployment-accelerator.md

@@ -126,7 +126,26 @@ The following steps show you how to create a deployment share for Windows 10 th
     ![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window")
 
     *Figure 5. The Installation Progress window*
+>[!NOTE]
+>The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this:
 
+ ```
+In the following two PowerShell scripts:
+%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
+%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
+
+Edit the $BITSTransfer variable in the input parameters to $False as shown below:
+
+Param(
+    [Parameter(
+        Position=0,
+        Mandatory=$False,
+        HelpMessage="Download via BITS bool true/false"
+        )]
+        [string]$BITSTransfer = $False
+    )
+ ```
+ 
 8.  When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
 
 ### Optional: Create a deployment share without an Internet connection

devices/surface/surface-enterprise-management-mode.md

@@ -189,8 +189,23 @@ For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must
 >[!NOTE]
 >For organizations that use an offline root in their PKI infrastructure, Microsoft Surface UEFI Configurator must be run in an environment connected to the root CA to authenticate the SEMM certificate. The packages generated by Microsoft Surface UEFI Configurator can be transferred as files and therefore can be transferred outside the offline network environment with removable storage, such as a USB stick.
 
+## Version History
+
+### Version 2.14.136.0
+* Add support to Surface Go
+
+### Version 2.9.136.0
+* Add support to Surface Book 2
+* Add support to Surface Pro LTE
+* Accessibility improvements
+
+### Version 1.0.74.0
+* Add support to Surface Laptop
+* Add support to Surface Pro
+* Bug fixes and general improvement
+
 ## Related topics
 
 [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
 
-[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
+[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)

windows/configuration/kiosk-shelllauncher.md

@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 07/30/2018
+ms.date: 10/01/2018
 ---
 
 # Use Shell Launcher to create a Windows 10 kiosk
@@ -25,11 +25,19 @@ ms.date: 07/30/2018
 Using Shell Launcher, you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on.
 
 >[!NOTE]
+>Using the Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. 
+>
+>Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to:
+>- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools
+>- [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies
+>- [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm) - Enterprise management of device security policies
+>
 >You can also configure a kiosk device that runs a Windows desktop application by using the [Provision kiosk devices wizard](#wizard).
 
 >[!WARNING]
->- Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
->- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.  
+>Windows 10 doesn’t support setting a custom shell prior to the out-of-box-experience (OOBE). If you do, you won’t be able to deploy the resulting image.
+>
+>Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.  
 
 ### Requirements
 

windows/security/threat-protection/windows-defender-atp/overview.md

@@ -24,7 +24,7 @@ Topic | Description
 [Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization. 
 [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Windows Defender ATP so you can protect desktops, portable computers, and servers.
 [Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
-[Automated investigation and investigation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
+[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
 [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
 [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) |  Use a powerful search and query language to create custom queries and detection rules.
 [Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.

windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md

@@ -253,7 +253,7 @@ If the verification fails and your environment is using a proxy to connect to th
   For example, in Group Policy there should be no entries such as the following values:
 
   - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
-  - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
+  - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiVirus"/></Key>```
 -  After clearing the policy, run the onboarding steps again.
 
 - You can also check the following registry key values to verify that the policy is disabled: