Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into alhopper-mrmw-apps

browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md

@@ -2,12 +2,14 @@
 ms.localizationpriority: low
 ms.mktglfcycl: plan
 description: Learn about which version of the IEAK 11 you should run, based on your license agreement.
-author: eross-msft
+author: pashort
-ms.prod: ie11
+ms.author: shortpatti
+ms.manager: elizapo
+ms.prod: ie11, ieak11
 ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
 title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
-ms.date: 07/27/2017
+ms.date: 05/02/2018
 ---
 
 
@@ -45,7 +47,7 @@ You must pick a version of IEAK 11 to run during installation, either **Externa
 |Automatic configuration                   |Not available                             |
 |Proxy settings                            |Proxy settings                            |
 |Security and privacy settings             |Not available                             |
-|Not available                             |Add a root certificate                    |
+|Add a root certificate                    |Not available                             |
 |Programs                                  |Programs                                  |
 |Additional settings                       |Not available                             |
 |Wizard complete                           |Wizard complete                           |

devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md

@@ -45,13 +45,6 @@ You can enroll your Surface Hubs using bulk, manual, or automatic enrollment.
 
 Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory. 
 
-**To enable automatic enrollment for Microsoft Intune**
-1. In the [Azure classic portal](https://manage.windowsazure.com/), navigate to the **Active Directory** node and select your directory. 
-2. Click the **Applications** tab, then click **Microsoft Intune**.
-3. Under **Manage devices for these users**, click **Groups**. 
-4. Click **Select Groups**, then select the groups of users you want to automatically enroll into Intune. 
-5. Click the checkmark button, then click **Save**.
-
 For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).
 
 

education/windows/switch-to-pro-education.md

@@ -1,7 +1,7 @@
 ---
-title: Switch to Windows 10 Pro Education from Windows 10 Pro
+title: Change to Windows 10 Education from Windows 10 Pro
-description: Learn how IT Pros can opt into switching to Windows 10 Pro Education from Windows 10 Pro.
+description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro.
-keywords: switch, free switch, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro
+keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -9,20 +9,20 @@ ms.pagetype: edu
 ms.localizationpriority: high
 author: MikeBlodge
 ms.author: MikeBlodge
-ms.date: 10/30/2017
+ms.date: 04/30/2018
 ---
 
-# Switch to Windows 10 Pro Education from Windows 10 Pro
+# Change to Windows 10 Education from Windows 10 Pro
 Windows 10 Pro Education is a new offering in Windows 10, version 1607. This edition builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools by providing education-specific default settings.
 
-If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt-in to a free switch to Windows 10 Pro Education depending on your scenario.
+If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt-in to a free change to Windows 10 Pro Education depending on your scenario.
-- [Switch from Windows 10 Pro in S mode to Windows 10 Pro Education in S mode](https://www.microsoft.com/en-us/education/windows/s-mode-switch-to-edu)
+- [change from Windows 10 Pro in S mode to Windows 10 Pro Education in S mode](https://www.microsoft.com/en-us/education/windows/s-mode-change-to-edu)
-- [Switch from Windows 10 Pro to Windows 10 Pro Education](#switch-from-windows-10-pro-to-windows-10-pro-education)
+- [change from Windows 10 Pro to Windows 10 Pro Education](#change-from-windows-10-pro-to-windows-10-pro-education)
 
-To take advantage of this offering, make sure you meet the [requirements for switching](#requirements-for-switching). For academic customers who are eligible to switch to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance.
+To take advantage of this offering, make sure you meet the [requirements for changing](#requirements-for-changing). For academic customers who are eligible to change to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance.
 
-## Requirements for switching
+## Requirements for changing
-Before you switch to Windows 10 Pro Education, make sure you meet these requirements:
+Before you change to Windows 10 Pro Education, make sure you meet these requirements:
 - Devices must be running Windows 10 Pro, version 1607 or higher.
 - Devices must be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices).
 
@@ -37,129 +37,115 @@ You can [compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsFor
 
 For more info about Windows 10 default settings and recommendations for education customers, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 
-## Switch from Windows 10 Pro to Windows 10 Pro Education
+## change from Windows 10 Pro to Windows 10 Pro Education
 
-For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt-in to a free switch through the Microsoft Store for Education.
+For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt-in to a free change through the Microsoft Store for Education.
 
 In this scenario:
 
-- The IT admin of the tenant chooses to turn on the switch for all Azure AD joined devices.
+- The IT admin of the tenant chooses to turn on the change for all Azure AD joined devices.
-- Any device that joins the Azure AD will switch automatically to Windows 10 Pro Education.
+- Any device that joins the Azure AD will change automatically to Windows 10 Pro Education.
 - The IT admin has the option to automatically roll back to Windows 10 Pro, if desired. See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).
 
-See [Switch using Microsoft Store for Education](#switch-using-microsoft-store-for-education) for details on how to do this.
+See [change using Microsoft Store for Education](#change-using-microsoft-store-for-education) for details on how to do this.
 
-### Switch using Intune for Education
+### change using Intune for Education
 
 1. In Intune for Education, select **Groups** and then choose the group that you want to apply the MAK license key to. 
 
-    For example, to apply the switch for all teachers, select **All Teachers** and then select **Settings**.
+    For example, to apply the change for all teachers, select **All Teachers** and then select **Settings**.
     
 2. In the settings page, find **Edition upgrade** and then:
     1. Select the edition in the **Edition to upgrade to** field
     2. Enter the MAK license key in the **Product key** field 
    
-        **Figure 1** - Enter the details for the Windows edition switch
+        **Figure 1** - Enter the details for the Windows edition change
 
-        ![Enter the details for the Windows edition switch](images/i4e_editionupgrade.png)
+        ![Enter the details for the Windows edition change](images/i4e_editionupgrade.png)
 
-3. The switch will automatically be applied to the group you selected.
+3. The change will automatically be applied to the group you selected.
 
 
-### Switch using Windows Configuration Designer
+### change using Windows Configuration Designer
-You can use Windows Configuration Designer to create a provisioning package that you can use to switch the Windows edition for your device(s). [Install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) to create a provisioning package.
+You can use Windows Configuration Designer to create a provisioning package that you can use to change the Windows edition for your device(s). [Install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) to create a provisioning package.
 
 1. In Windows Configuration Designer, select **Provision desktop devices** to open the simple editor and create a provisioning package for Windows desktop editions.
-2. In the **Set up device** page, enter the MAK license key in the **Enter product key** field to switch to Windows 10 Pro Education.
+2. In the **Set up device** page, enter the MAK license key in the **Enter product key** field to change to Windows 10 Pro Education.
 
     **Figure 2** - Enter the license key 
 
-    ![Enter the license key to switch to Windows 10 Pro Education](images/wcd_productkey.png)
+    ![Enter the license key to change to Windows 10 Pro Education](images/wcd_productkey.png)
 
-3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to switch to Windows 10 Pro Education.
+3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to change to Windows 10 Pro Education.
 
     For more information about using Windows Configuration Designer, see [Set up student PCs to join domain](https://technet.microsoft.com/en-us/edu/windows/set-up-students-pcs-to-join-domain). 
 
 
-### Switch using the Activation page
+### change using the Activation page
 
-1. On the Windows device that you want to switch, open the **Settings** app.
+1. On the Windows device that you want to change, open the **Settings** app.
 2. Select **Update & security** > **Activation**, and then click **Change product key**.
 3. In the **Enter a product key** window, enter the MAK key for Windows 10 Pro Education and click **Next**.
 
 
 ## Education customers with Azure AD joined devices
 
-Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Education without using activation keys or reboots. When one of your users enters their Azure AD credentials associated with a Windows 10 Pro Education license, the operating system switches to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have an Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features.
+Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Education without using activation keys or reboots. When one of your users enters their Azure AD credentials associated with a Windows 10 Pro Education license, the operating system changees to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have an Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features.
 
-When you switch to Windows 10 Pro Education, you get the following benefits:
+When you change to Windows 10 Pro Education, you get the following benefits:
 
 - **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 or higher, or Windows 10 S mode, version 1703, can get Windows 10 Pro Education Current Branch (CB). This benefit does not include Long Term Service Branch (LTSB).
 - **Support from one to hundreds of users**. The Windows 10 Pro Education program does not have a limitation on the number of licenses an organization can have.
 - **Roll back options to Windows 10 Pro**
-    - When a user leaves the domain or you turn off the setting to automatically switch to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days). 
+    - When a user leaves the domain or you turn off the setting to automatically change to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days). 
     - For devices that originally had Windows 10 Pro edition installed, when a license expires or is transferred to another user, the Windows 10 Pro Education device seamlessly steps back down to Windows 10 Pro. 
 
     See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro) for more info.
 
 
-### Switch using Microsoft Store for Education
+### change using Microsoft Store for Education
-Once you enable the setting to switch to Windows 10 Pro Education, the switch will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you cannot select which users will receive the switch. The switch will only apply to Windows 10 Pro devices.
+Once you enable the setting to change to Windows 10 Pro Education, the change will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you cannot select which users will receive the change. The change will only apply to Windows 10 Pro devices.
 
-**To turn on the automatic switch to Windows 10 Pro Education**
+**To turn on the automatic change to Windows 10 Pro Education**
 
 1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your work or school account.
 
   If this is the first time you're signing into the Microsoft Store for Education, you'll be prompted to accept the Microsoft Store for Education Terms of Use.
 
 2. Click **Manage** from the top menu and then select the **Benefits tile**.
-3. In the **Benefits** tile, look for the **Switch to Windows 10 Pro Education for free** link and then click it.
+3. In the **Benefits** tile, look for the **change to Windows 10 Pro Education for free** link and then click it.
 
-    You will see the following page informing you that your school is eligible to switch free to Windows 10 Pro Education to Windows 10 Pro.
+4. In the **change all your devices to Windows 10 Pro Education for free** page, check box next to **I understand enabling this setting will change all domain-joined devices running Windows 10 Pro in my organization**.
-
-    **Figure 3** - Switch Windows 10 Pro to Windows 10 Pro Education
-
-    ![Eligible for free Windows 10 Pro to Windows 10 Pro Education switch](images/msfe_manage_benefits_switchtoproedu.png)
-
-4. In the **Switch all your devices to Windows 10 Pro Education for free** page, check box next to **I understand enabling this setting will switch all domain-joined devices running Windows 10 Pro in my organization**.
 
     **Figure 4** - Check the box to confirm
 
     ![Check the box to confirm](images/msfe_manage_benefits_checktoconfirm.png)
 
-5. Click **Switch all my devices**. 
+5. Click **change all my devices**. 
 
-    A confirmation window pops up to let you know that an email has been sent to you to enable the switch. 
+    A confirmation window pops up to let you know that an email has been sent to you to enable the change. 
 
 6. Close the confirmation window and check the email to proceed to the next step.
-7. In the email, click the link to **Switch to Windows 10 Pro Education**. Once you click the link, this will take you back to the Microsoft Store for Education portal.
+7. In the email, click the link to **change to Windows 10 Pro Education**. Once you click the link, this will take you back to the Microsoft Store for Education portal.
 
-    **Figure 5** - Click the link in the email to switch to Windows 10 Pro Education
+8. Click **change now** in the **changing your device to Windows 10 Pro Education for free** page in the Microsoft Store. 
 
-    ![Click the email link to switch to Windows 10 Pro Education](images/msfe_clickemaillink_switchtoproedu.png)
+    You will see a window that confirms you've successfully changeed all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro will automatically change the next time someone in your organization signs in to the device.
-
-8. Click **Switch now** in the **Switching your device to Windows 10 Pro Education for free** page in the Microsoft Store. 
-
-    You will see a window that confirms you've successfully switched all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro will automatically switch the next time someone in your organization signs in to the device.
 
 9. Click **Close** in the **Success** window.
 
-Enabling the automatic switch also triggers an email message notifying all global administrators in your organization about the switch. It also contains a link that enables any global administrators to cancel the switch if they choose. For more info about rolling back or canceling the switch, see [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).\
+Enabling the automatic change also triggers an email message notifying all global administrators in your organization about the change. It also contains a link that enables any global administrators to cancel the change if they choose. For more info about rolling back or canceling the change, see [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).
-
-**Figure 6** - Email notifying all global admins about the switch
-
-![Email notifying all global admins about the switch](images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png)
 
 
-## Explore the switch experience
+## Explore the change experience
 
-So what will users experience? How will they switch their devices?
+So what will users experience? How will they change their devices?
 
 ### For existing Azure AD joined devices
-Existing Azure AD domain joined devices will be switched to Windows 10 Pro Education the next time the user logs in. That's it! No additional steps are needed.
+Existing Azure AD domain joined devices will be changeed to Windows 10 Pro Education the next time the user logs in. That's it! No additional steps are needed.
 
 ### For new devices that are not Azure AD joined
-Now that you've turned on the setting to automatically switch to Windows 10 Pro Education, the users are ready to switch their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition.
+Now that you've turned on the setting to automatically change to Windows 10 Pro Education, the users are ready to change their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition.
 
 #### Step 1: Join users’ devices to Azure AD
 
@@ -232,19 +218,19 @@ If there are any problems with the Windows 10 Pro Education license or the acti
 
 ### Troubleshoot the user experience
 
-In some instances, users may experience problems with the Windows 10 Pro Education switch. The most common problems that users may experience are as follows:
+In some instances, users may experience problems with the Windows 10 Pro Education change. The most common problems that users may experience are as follows:
 
 -   The existing operating system (Windows 10 Pro, version 1607 or higher, or version 1703) is not activated.
--   The Windows 10 Pro Education switch has lapsed or has been removed.
+-   The Windows 10 Pro Education change has lapsed or has been removed.
 
 Use the following figures to help you troubleshoot when users experience these common problems:
 
-**Figure 13** - Illustrates a device in a healthy state, where the existing operating system is activated, and the Windows 10 Pro Education switch is active.
+**Figure 13** - Illustrates a device in a healthy state, where the existing operating system is activated, and the Windows 10 Pro Education change is active.
 
 <img src="images/win-10-pro-edu-activated-subscription-active.png" alt="Windows 10 activated and subscription active" /></br></br>
 
 
-**Figure 14** - Illustrates a device on which the existing operating system is not activated, but the Windows 10 Pro Education switch is active.
+**Figure 14** - Illustrates a device on which the existing operating system is not activated, but the Windows 10 Pro Education change is active.
 
 <img src="images/win-10-pro-edu-not-activated-subscription-active.png" alt="Windows 10 not activated and subscription active" /></br></br>
 
@@ -274,23 +260,23 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined
     A popup window will display the Windows 10 version number and detailed OS build information.
 
     > [!NOTE]
-    > If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be switched to Windows 10 Pro Education when a user signs in, even if the user has been assigned a license.
+    > If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be changeed to Windows 10 Pro Education when a user signs in, even if the user has been assigned a license.
 
 ### Roll back Windows 10 Pro Education to Windows 10 Pro
 
-If your organization has the Windows 10 Pro to Windows 10 Pro Education switch enabled, and you decide to roll back to Windows 10 Pro or to cancel the switch, you can do this by:
+If your organization has the Windows 10 Pro to Windows 10 Pro Education change enabled, and you decide to roll back to Windows 10 Pro or to cancel the change, you can do this by:
 
-- Logging into Microsoft Store for Education page and turning off the automatic switch.
+- Logging into Microsoft Store for Education page and turning off the automatic change.
-- Selecting the link to turn off the automatic switch from the notification email sent to all global administrators.
+- Selecting the link to turn off the automatic change from the notification email sent to all global administrators.
 
-Once the automatic switch to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were switched will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was switched may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a switch was enabled and then turned off will never see their device change from Windows 10 Pro.
+Once the automatic change to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were changeed will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was changeed may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a change was enabled and then turned off will never see their device change from Windows 10 Pro.
 
 > [!NOTE]  
-> Devices that were switched from  mode to Windows 10 Pro Education cannot roll back to Windows 10 Pro Education S mode.
+> Devices that were changeed from  mode to Windows 10 Pro Education cannot roll back to Windows 10 Pro Education S mode.
 
 **To roll back Windows 10 Pro Education to Windows 10 Pro**
 
-1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic switch.
+1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic change.
 2. Select **Manage > Benefits** and locate the section **Windows 10 Pro Education** and follow the link.
 3. In the **Revert to Windows 10 Pro** page, click **Revert to Windows 10 Pro**.
 
@@ -298,10 +284,10 @@ Once the automatic switch to Windows 10 Pro Education is turned off, the change
 
     ![Revert to Windows 10 Pro](images/msfe_manage_reverttowin10pro.png)
 
-4. You will be asked if you're sure that you want to turn off automatic switches to Windows 10 Pro Education. Click **Yes**.
+4. You will be asked if you're sure that you want to turn off automatic changees to Windows 10 Pro Education. Click **Yes**.
 5. Click **Close** in the **Success** page.
 
-    All global admins get a confirmation email that a request was made to roll back your organization to Windows 10 Pro. If you, or another global admin, decide later that you want to turn on automatic switches again, you can do this by selecting **Switch to Windows 10 Pro Education for free** from the **Manage > Benefits** in the Microsoft Store for Education.
+    All global admins get a confirmation email that a request was made to roll back your organization to Windows 10 Pro. If you, or another global admin, decide later that you want to turn on automatic changees again, you can do this by selecting **change to Windows 10 Pro Education for free** from the **Manage > Benefits** in the Microsoft Store for Education.
 
 
 ## Preparing for deployment of Windows 10 Pro Education licenses

windows/client-management/mdm/accountmanagement-csp.md

@@ -11,8 +11,6 @@ ms.date: 03/23/2018
 
 # AccountManagement CSP 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
 

windows/client-management/mdm/accountmanagement-ddf.md

@@ -11,9 +11,6 @@ ms.date: 03/23/2018
 
 # AccountManagement DDF file 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider.
 

windows/client-management/mdm/accounts-csp.md

@@ -11,8 +11,6 @@ ms.date: 04/17/2018
 
 # Accounts CSP 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and joint it to a local user group. This CSP was added in Windows 10, version 1803.
 

windows/client-management/mdm/accounts-ddf-file.md

@@ -11,8 +11,6 @@ ms.date: 04/17/2018
 
 # Accounts CSP 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **Accounts** configuration service provider.
 

windows/client-management/mdm/assignedaccess-csp.md

@@ -35,8 +35,11 @@ A JSON string that contains the user account name and Application User Model ID
 For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
 
 > [!Note]  
-> You cannot set both KioskModeApp and Configuration at the same time in the device in Windows 10, version 1709.  
+> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk.  
 >
+> Starting in Windows 10, version 1803 the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective.
+  
+> [!Note]
 > You cannot set both KioskModeApp and ShellLauncher at the same time on the device.
 
 Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md).
@@ -66,7 +69,9 @@ The supported operations are Add, Delete, Get and Replace. When there's no confi
 Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps). Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). 
 
 > [!Note]  
-> You cannot set both KioskModeApp and Configuration at the same time on the device in Windows 10, version 1709.  
+> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk.  
+>
+> Starting in Windows 10, version 1803 the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective.
 
 Enterprises can use this to easily configure and manage the curated lockdown experience. 
 

windows/client-management/mdm/assignedaccess-ddf.md

@@ -13,9 +13,6 @@ ms.date: 02/22/2018
 # AssignedAccess DDF
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 You can download the DDF files from the links below:

windows/client-management/mdm/bitlocker-csp.md

@@ -11,8 +11,6 @@ ms.date: 01/04/2018
 
 # BitLocker CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703.
 

windows/client-management/mdm/defender-csp.md

@@ -13,9 +13,6 @@ ms.date: 01/29/2018
 # Defender CSP
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
 
 The following image shows the Windows Defender configuration service provider in tree format.

windows/client-management/mdm/defender-ddf.md

@@ -13,9 +13,6 @@ ms.date: 01/29/20178
 # Defender DDF file
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 This topic shows the OMA DM device description framework (DDF) for the **Defender** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).

windows/client-management/mdm/dmclient-csp.md

@@ -13,9 +13,6 @@ ms.date: 11/01/2017
 # DMClient CSP
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment.
 
 The following diagram shows the DMClient configuration service provider in tree format.

windows/client-management/mdm/dmclient-ddf-file.md

@@ -13,9 +13,6 @@ ms.date: 12/05/2017
 # DMClient DDF file
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 This topic shows the OMA DM device description framework (DDF) for the **DMClient** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).

windows/client-management/mdm/enterprisemodernappmanagement-csp.md

@@ -13,9 +13,6 @@ ms.date: 03/01/2018
 # EnterpriseModernAppManagement CSP
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
 
 > [!Note]

windows/client-management/mdm/enterprisemodernappmanagement-ddf.md

@@ -13,9 +13,6 @@ ms.date: 03/01/2018
 # EnterpriseModernAppManagement DDF
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 This topic shows the OMA DM device description framework (DDF) for the **EnterpriseModernAppManagement** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).

windows/client-management/mdm/multisim-csp.md

@@ -11,8 +11,6 @@ ms.date: 03/22/2018
 
 # MultiSIM CSP 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The MultiSIM configuration service provider (CSP) is used by the enterprise to manage devices with dual SIM single active configuration. An enterprise can set policies on whether that user can switch between SIM slots, specify which slot is the default, and whether the slot is embedded. This CSP was added in Windows 10, version 1803.
 

windows/client-management/mdm/multisim-ddf.md

@@ -11,8 +11,6 @@ ms.date: 02/27/2018
 
 # MultiSIM CSP 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **MultiSIM** configuration service provider.
 

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -16,10 +16,6 @@ ms.date: 04/26/2018
 # What's new in MDM enrollment and management
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-
 This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
 
 For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](http://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
@@ -1202,7 +1198,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li> 
 <li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li> 
 <li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li> 
-<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li>
+<li>Notifications/DisallowCloudNotification</li> 
 <li>RestrictedGroups/ConfigureGroupMembership</li>
 <li>Search/AllowCortanaInAAD</li>
 <li>Search/DoNotUseWebResults</li>
@@ -1215,7 +1212,6 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode</li>
 <li>SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</li>
 <li>TaskScheduler/EnableXboxGameSaveTask</li>
-<li>TextInput/AllowHardwareKeyboardTextSuggestions</li>
 <li>TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode</li>
 <li>TextInput/ForceTouchKeyboardDockedState</li>
 <li>TextInput/TouchKeyboardDictationButtonAvailability</li>
@@ -1800,7 +1796,6 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Display/EnablePerProcessDpi</li>
 <li>Display/EnablePerProcessDpiForApps</li>
 <li>Experience/AllowWindowsSpotlightOnSettings</li>
-<li>TextInput/AllowHardwareKeyboardTextSuggestions</li>
 <li>TextInput/ForceTouchKeyboardDockedState</li>
 <li>TextInput/TouchKeyboardDictationButtonAvailability</li>
 <li>TextInput/TouchKeyboardEmojiButtonAvailability</li>

windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - AccountPoliciesAccountLockoutPolicy
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-applicationdefaults.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - ApplicationDefaults
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-applicationmanagement.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - ApplicationManagement
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-appruntime.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - AppRuntime
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-bluetooth.md

@@ -11,9 +11,6 @@ ms.date: 04/06/2018
 
 # Policy CSP - Bluetooth
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-browser.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - Browser
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-connectivity.md

@@ -11,9 +11,6 @@ ms.date: 03/14/2018
 
 # Policy CSP - Connectivity
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-controlpolicyconflict.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - ControlPolicyConflict
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-credentialsdelegation.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - CredentialsDelegation
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-deliveryoptimization.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - DeliveryOptimization
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-devicelock.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - DeviceLock
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-display.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - Display
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-experience.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - Experience
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-fileexplorer.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - FileExplorer
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-kioskbrowser.md

@@ -11,8 +11,6 @@ ms.date: 04/11/2018
 
 # Policy CSP - KioskBrowser
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user’s browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](https://docs.microsoft.com/en-us/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_). 
 

windows/client-management/mdm/policy-csp-lanmanworkstation.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - LanmanWorkstation
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md

@@ -11,9 +11,6 @@ ms.date: 04/06/2018
 
 # Policy CSP - LocalPoliciesSecurityOptions
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-mssecurityguide.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - MSSecurityGuide
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-msslegacy.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - MSSLegacy
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-notifications.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - Notifications
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-restrictedgroups.md

@@ -11,9 +11,6 @@ ms.date: 03/15/2018
 
 # Policy CSP - RestrictedGroups
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-search.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - Search
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-security.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - Security
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-settings.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - Settings
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-system.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - System
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-systemservices.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - SystemServices
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-taskscheduler.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - TaskScheduler
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-textinput.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - TextInput
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 
@@ -114,10 +111,10 @@ ms.date: 04/16/2018
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td></td>
 	<td></td>
 </tr>
@@ -134,14 +131,10 @@ ms.date: 04/16/2018
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803.  Specifies text prediction for hardware keyboard is always disabled. When this policy is set to 0, text prediction for hardware keyboard is always disabled.
+Added in Windows 10, version 1803.  Placeholder only. Do not use in production environment.
 
 <!--/Description-->
 <!--SupportedValues-->
-The following list shows the supported values:
-
--   0 – Text prediction for the hardware keyboard is disabled and the switch is unusable (user cannot activate the feature).
--   1 (default) – Text prediction for the hardware keyboard is enabled. User can change the setting.
 
 <!--/SupportedValues-->
 <!--/Policy-->

windows/client-management/mdm/policy-csp-update.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - Update
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-userrights.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - UserRights
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-windowsconnectionmanager.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - WindowsConnectionManager
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md

@@ -11,9 +11,6 @@ ms.date: 03/12/2018
 
 # Policy CSP - WindowsDefenderSecurityCenter
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/policy-csp-windowspowershell.md

@@ -11,9 +11,6 @@ ms.date: 04/16/2018
 
 # Policy CSP - WindowsPowerShell
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 
 <hr/>
 

windows/client-management/mdm/rootcacertificates-csp.md

@@ -12,8 +12,6 @@ ms.date: 03/06/2018
 
 # RootCATrustedCertificates CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates.
 

windows/client-management/mdm/rootcacertificates-ddf-file.md

@@ -12,8 +12,6 @@ ms.date: 03/07/2018
 
 # RootCATrustedCertificates DDF file
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 

windows/client-management/mdm/uefi-csp.md

@@ -12,9 +12,6 @@ ms.date: 02/01/2018
 # UEFI CSP
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1803.
 
 The following diagram shows the UEFI CSP in tree format.

windows/client-management/mdm/uefi-ddf.md

@@ -12,10 +12,6 @@ ms.date: 02/01/2018
 # UEFI DDF file
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-
 This topic shows the OMA DM device description framework (DDF) for the **Uefi** configuration service provider. 
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).

windows/client-management/windows-version-search.md

@@ -5,7 +5,7 @@ keywords: Long-Term Servicing Channel, LTSC, LTSB, Semi-Annual Channel, SAC, Win
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: MikeBlodge
+author: kaushika-msft
 ms.author: MikeBlodge
 ms.date: 04/30/2018
 ---
@@ -45,4 +45,4 @@ At the Command Prompt or PowerShell, type **"slmgr /dlv"**, and then press ENTER
 
 The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This build of Windows doesn’t contain many in-box applications, such as Microsoft Edge, Microsoft Store, Cortana (you do have some limited search capabilities), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. It’s important to remember that the LTSC model is primarily for specialized devices.
 
-In the Semi-Annual Channel, you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows 10 feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment.
+In the Semi-Annual Channel, you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows 10 feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment.

windows/configuration/change-history-for-configure-windows-10.md

@@ -15,6 +15,12 @@ ms.date: 04/30/2018
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## May 2018
+
+New or changed topic | Description
+--- | ---
+[Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Added note that Wi-Fi Sense is no longer available.
+
 ## RELEASE: Windows 10, version 1803
 
 The topics in this library have been updated for Windows 10, version 1803. The following new topics have been added:

windows/configuration/manage-wifi-sense-in-enterprise.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: mobile
 author: eross-msft
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 05/02/2018
 ---
 
 # Manage Wi-Fi Sense in your company
@@ -18,7 +18,8 @@ ms.date: 07/27/2017
 -   Windows 10
 -   Windows 10 Mobile
 
->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+>[!IMPORTANT] 
+>Beginning with Windows 10, version 1803, Wifi-Sense is no longer available. The following information only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details.
 
 Wi-Fi Sense learns about open Wi-Fi hotspots your Windows PC or Windows phone connects to by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it.
 

windows/deployment/planning/windows-10-1803-removed-features.md

@@ -49,4 +49,4 @@ If you have feedback about the proposed replacement of any of these features, yo
 |Contacts feature in File Explorer|We're no longer developing the Contacts feature or the corresponding [Windows Contacts API](https://msdn.microsoft.com/library/ff800913.aspx). Instead, you can use the People app in Windows 10 to maintain your contacts.|
 |Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.|
 |IPv4/6 Transition Technologies (6to4, ISATAP, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.|
-
+|[Layered Service Providers](https://msdn.microsoft.com/library/windows/desktop/bb513664)|Layered Service Providers have been deprecated since Windows 8 and Windows Server 2012. Use the [Windows Filtering Platform](https://msdn.microsoft.com/library/windows/desktop/aa366510) instead. Installed Layered Service Providers are not migrated when you upgrade to Windows 10, version 1803; you'll need to re-install them after upgrading.|

windows/deployment/update/waas-delivery-optimization.md

@@ -284,7 +284,7 @@ If you suspect this is the problem, try these steps:
 
 ### Clients aren't able to connect to peers offered by the cloud service
 
-If you suspect this is the problem, un a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps:
+If you suspect this is the problem, run a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps:
 
 1. Install Telnet by running **dism /online /Enable-Feature /FeatureName:TelnetClient** from an elevated command prompt.
 2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success.

windows/deployment/update/windows-analytics-get-started.md

@@ -70,7 +70,7 @@ The compatibility update scans your devices and enables application usage tracki
 
 | **Operating System** | **Updates** |
 |----------------------|-----------------------------------------------------------------------------|
-| Windows 10        | Windows 10 includes the compatibility update, so you will automatically have the latest compatibility update so long as you continue to keep your Windows 10 devices up-to-date with cummulative updates. <P>Note: Windows 10 LTSB is not supported by Upgrade Readiness. See [Upgrade readiness requirements](../upgrade/upgrade-readiness-requirements.md) for more information. |
+| Windows 10        | Windows 10 includes the compatibility update, so you will automatically have the latest compatibility update so long as you continue to keep your Windows 10 devices up-to-date with cummulative updates.  |
 | Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2976978>|
 | Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2952664>|
 

windows/deployment/upgrade/upgrade-readiness-deployment-script.md

@@ -203,11 +203,7 @@ The deployment script displays the following exit codes to let you know if it wa
         <td>25 - The function **SetIEDataOptIn** failed with unexpected exception.</td>
         <td>Check the logs for the exception message and HResult.</td>
     </tr>
-    <tr>
+        <tr>
-        <td>26 - The operating system is Server or LTSB SKU.</td>
-        <td> The script does not support Server or LTSB SKUs.</td>
-    </tr>
-    <tr>
         <td>27 - The script is not running under **System** account.</td>
         <td>The Upgrade Readiness configuration script must be run as **System**. </td>
     </tr>

windows/deployment/upgrade/upgrade-readiness-requirements.md

@@ -31,7 +31,7 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1
 Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
 The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed.  You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). 
 
-While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness.  See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC.
+While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC.
 
 ## Operations Management Suite
 

windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md

@@ -24,7 +24,7 @@ The recovery process included in this topic only works for desktop devices. WIP
 >[!IMPORTANT]
 >If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy. For more info about when to use a PKI and the general strategy you should use to deploy DRA certificates, see the [Security Watch Deploying EFS: Part 1](https://technet.microsoft.com/magazine/2007.02.securitywatch.aspx) article on TechNet. For more general info about EFS protection, see [Protecting Data by Using EFS to Encrypt Hard Drives](https://msdn.microsoft.com/library/cc875821.aspx).<br><br>If your DRA certificate has expired, you won’t be able to encrypt your files with it. To fix this, you'll need to create a new certificate, using the steps in this topic, and then deploy it through policy.
 
-**To manually create an EFS DRA certificate**
+## Manually create an EFS DRA certificate
 
 1.	On a computer without an EFS DRA certificate installed, open a command prompt with elevated rights, and then navigate to where you want to store the certificate.
 
@@ -46,7 +46,7 @@ The recovery process included in this topic only works for desktop devices. WIP
     >[!Note]
     >To add your EFS DRA certificate to your policy by using Microsoft Intune, see the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) topic. To add your EFS DRA certificate to your policy by using System Center Configuration Manager, see the [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) topic.
 
-**To verify your data recovery certificate is correctly set up on a WIP client computer**
+## Verify your data recovery certificate is correctly set up on a WIP client computer
 
 1. Find or create a file that's encrypted using Windows Information Protection. For example, you could open an app on your allowed app list, and then create and save a file so it’s encrypted by WIP. 
 
@@ -60,7 +60,7 @@ The recovery process included in this topic only works for desktop devices. WIP
 
 4.	Make sure that your data recovery certificate is listed in the **Recovery Certificates** list.
 
-**To recover your data using the EFS DRA certificate in a test environment**
+## Recover your data using the EFS DRA certificate in a test environment
 
 1.	Copy your WIP-encrypted file to a location where you have admin access.
 
@@ -72,60 +72,38 @@ The recovery process included in this topic only works for desktop devices. WIP
     
     Where *encryptedfile.extension* is the name of your encrypted file. For example, corporatedata.docx.
 
-**To quickly recover WIP-protected desktop data after unenrollment**
+## Recover WIP-protected after unenrollment
 
-It's possible that you might revoke data from an unenrolled device only to later want to restore it all. This can happen in the case of a missing device being returned or if an unenrolled employee enrolls again. If the employee enrolls again using the original user profile, and the revoked key store is still on the device, all of the revoked data can be restored at once, by following these steps.
+It's possible that you might revoke data from an unenrolled device only to later want to restore it all. This can happen in the case of a missing device being returned or if an unenrolled employee enrolls again. If the employee enrolls again using the original user profile, and the revoked key store is still on the device, all of the revoked data can be restored at once.
 
 >[!IMPORTANT]
 >To maintain control over your enterprise data, and to be able to revoke again in the future, you must only perform this process after the employee has re-enrolled the device. 
 
-1. Have your employee sign in to the unenrolled device, open a command prompt, and type:
+1. Have the employee sign in to the unenrolled device, open an elevated command prompt, and type:
-    
+   
-    <code>Robocopy “%localappdata%\Microsoft\EDP\Recovery” “<i>new_location</i>” /EFSRAW</code>
+   <code>Robocopy "%localappdata%\Microsoft\EDP\Recovery" "<i>new_location</i>" * /EFSRAW</code>
 
-    Where ”*new_location*" is in a different directory. This can be on the employee’s device or on a Windows 8 or Windows Server 2012 or newer server file share that can be accessed while you're logged in as a data recovery agent.
+   Where "*new_location*" is in a different directory. This can be on the employee’s device or on a shared folder on a computer that runs Windows 8 or Windows Server 2012 or newer and can be accessed while you're logged in as a data recovery agent.
+
+   To start Robocopy in S mode, open Task Manager. Click **File** > **Run new task**, type the command, and click **Create this task with administrative privileges**.
+   
+   ![Robocopy in S mode](images\robocopy-s-mode.png)
+
+   If the employee performed a clean installation and there is no user profile, you need to recover the keys from the System Volume folder in each drive. Type: 
+    
+   <code>Robocopy "<i>drive_letter</i>:\System Volume Information\EDP\Recovery\" "<i>new_location</i>" * /EFSRAW</code>
 
 2. Sign in to a different device with administrator credentials that have access to your organization's DRA certificate, and perform the file decryption and recovery by typing:
 
-    <code>cipher.exe /D "<i>new_location</i>"</code>
+   <code>cipher.exe /D "<i>new_location</i>"</code>
 
 3. Have your employee sign in to the unenrolled device, and type:
 
-    <code>Robocopy "<i>new_location</i>" “%localappdata%\Microsoft\EDP\Recovery\Input”</code>
+   <code>Robocopy "<i>new_location</i>" "%localappdata%\Microsoft\EDP\Recovery\Input"</code>
 
 4. Ask the employee to lock and unlock the device.
 
-    The Windows Credential service automatically recovers the employee’s previously revoked keys from the <code>Recovery\Input</code> location.
+   The Windows Credential service automatically recovers the employee’s previously revoked keys from the `Recovery\Input` location.
-
-**To quickly recover WIP-protected desktop data in a cloud-based environment**
-
-If you use a cloud environment in your organization, you may still want to restore an employee's data after revocation. While much of the process is the same as when you're not in a cloud environment, there are a couple of differences.
-
->[!IMPORTANT]
->To maintain control over your enterprise data, and to be able to revoke again in the future, you must only perform this process after the employee has re-enrolled the device. 
-
-1. Have your employee sign in to the device that has revoked data for you to restore, open the **Run** command (Windows logo key + R), and type one of the following commands:
-
-    - If the keys are still stored within the employee's profile, type: <code>Robocopy “%localappdata%\Microsoft\EDP\Recovery” “<i>new_location</i>” * /EFSRAW</code>
-
-    -or-
-
-    - If the employee performed a clean installation over the operating system and you need to recover the keys from the System Volume folder, type: <code>Robocopy “<i>drive_letter:</i>\System Volume Information\EDP\Recovery\” "<i>new_location</i>” * /EFSRAW></code>
-
-    >[!Important]
-    >The “*new_location*” must be in a different directory, either on the employee’s device or on a Windows 8 or Windows Server 2012 or newer server file share, which can be accessed while you're logged in as a data recovery agent.
-
-2. Sign in to a different device with administrator credentials that have access to your organization's DRA certificate private key, and perform the file decryption and recovery by typing:
-
-    <code>cipher.exe /D “<i>new_location</i>”</code>
-
-3. Have your employee sign in to the device again, open the **Run** command, and type:
-
-    <code>Robocopy “<i>new_location</i>” “%localappdata%\Microsoft\EDP\Recovery\Input”</code>
-
-4. Ask the employee to lock and unlock the device.
-
-    The Windows Credential service automatically recovers the employee’s previously revoked keys from the <code>Recovery\Input</code> location. All your company’s previously revoked files should be accessible to the employee again.
 
 ## Auto-recovery of encryption keys
 Starting with Windows 10, version 1709, WIP includes a data recovery feature that lets your employees auto-recover access to work files if the encryption key is lost and the files are no longer accessible. This typically happens if an employee reimages the operating system partition, removing the WIP key info, or if a device is reported as lost and you mistakenly target the wrong device for unenrollment.

windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md

@@ -19,9 +19,9 @@ Describes the best practices, location, values, and security considerations for
 
 ## Reference
 
-The **Domain member: Maximum machine account password age** policy setting determines the maximum allowable age for a machine account password.
+The **Domain member: Maximum machine account password age** policy setting determines when a domain member submits a password change.
 
-In Active Directory–based domains, each device has an account and password, just like every user. By default, the domain members automatically change their domain password every 30 days. Increasing this interval significantly, or setting it to **0** so that the device no longer change their passwords, gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts.
+In Active Directory–based domains, each device has an account and password, just like every user. By default, the domain members submit a password change every 30 days. Increasing this interval significantly, or setting it to **0** so that a device no longer submits a password change, gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts.
 
 ### Possible values
 
@@ -31,7 +31,7 @@ In Active Directory–based domains, each device has an account and password, ju
 ### Best practices
 
 1.  It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days.
-2.  Some organizations pre-build devices and then store them for later use or ship them to remote locations. If the machine's account has expired, it will no longer be able to authenticate with the domain. Devices that cannot authenticate with the domain must be removed from the domain and rejoined to it. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and configure the value for this policy setting to a larger number of days.
+2. If the machine's password has expired, it will no longer be able to authenticate with the domain. The easiest way to get authentication working again might require removing the device from the domain and then re-joining it. For this reason, some organizations create a special organizational unit (OU) for computers that are prebuilt and then stored for later use or shipped to remote locations, and change the value to more than 30 days.
 
 ### Location
 
@@ -64,8 +64,7 @@ This section describes how an attacker might exploit a feature or its configurat
 
 ### Vulnerability
 
-In Active Directory–based domains, each device has an account and password, just as every user does. By default, the domain members automatically change their domain password every 30 days. If you increase this interval significantly, or set it to 0 so that the computers no longer change their 
+By default, the domain members submit a password change every 30 days. If you increase this interval significantly, or set it to 0 so that the computers no longer submit a password change, an attacker has more time to undertake a brute-force attack to guess the password of one or more computer accounts.
-passwords, an attacker has more time to undertake a brute-force attack to guess the password of one or more computer accounts.
 
 ### Countermeasure
 

windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md

@@ -11,13 +11,9 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 05/02/2018
 ---
 
-
-
-
-
 # Enable the Block at First Sight feature
 
 **Applies to**
@@ -30,6 +26,7 @@ ms.date: 04/30/2018
 
 **Manageability available with**
 
+- Intune
 - Group Policy
 - Windows Defender Security Center app
 
@@ -54,12 +51,10 @@ You can also [customize the message displayed on users' desktops](https://docs.m
 
 When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. 
 
-In Windows 10, version 1803, the Block at first sight feature can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
+In Windows 10, version 1803, the Block at First Sight feature can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
 
 The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
 
- 
-
 If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe. 
 
 In many cases this process can reduce the response time for new malware from hours to seconds.
@@ -69,6 +64,23 @@ In many cases this process can reduce the response time for new malware from hou
 
 Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender AV deployments in enterprise networks.
 
+### Confirm Block at First Sight is enabled with Intune
+
+1. In Intune, navigate to **Device configuration - Profiles > *Profile name* > Device restrictions > Windows Defender Antivirus**.
+
+	> [!NOTE]
+	> The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type.
+
+2. Verify these settings are configured as follows:
+
+	- **Cloud-delivered protection**: **Enable**
+	- **File Blocking Level**: **High**
+	- **Time extension for file scanning by the cloud**: **50**
+	- **Prompt users before sample submission**: **Send all data without prompting**
+
+For more information about configuring Windows Defender AV device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
+
+For a list of Windows Defender AV device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus).
 
 
 ### Confirm Block at First Sight is enabled with Group Policy
@@ -113,7 +125,7 @@ The feature is automatically enabled as long as **Cloud-based protection** and *
 
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
 
-![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center app](images/defender/wdav-protection-settings-wdsc.png)
+ ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center app](images/defender/wdav-protection-settings-wdsc.png)
     
 3.	Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
 

windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md

@@ -54,6 +54,8 @@ Read the following blog posts for detailed protection stories involving cloud-pr
 
 Cloud-delivered protection is enabled by default. However, you may need to re-enable it if it has been disabled as part of previous organizational policies.
 
+Organizations running Windows 10 E5, version 1803 can also take advantage of emergency dynamic intelligence updates, which provide near real-time protection from emerging threats. When you turn cloud-delivered protection on, we can deliver a fix for a malware issue via the cloud within minutes instead of waiting for the next update.
+
 >[!TIP]
 >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 

windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md

@@ -52,7 +52,7 @@ Some of the highlights of Windows Defender AV include:
 ## What's new in Windows 10, version 1803
 
 - The [Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
-- The [Virus & threat protection area in the Windows Defender Security Center](windows-defender-security-center-antivirus.md) now includes a section for Ransomware protection. It includes Controlled folder access settings and ransomware recovery settings.
+- The [Virus & threat protection area in the Windows Defender Security Center](windows-defender-security-center-antivirus.md) now includes a section for Ransomware protection. It includes Controlled folder access settings and Ransomware recovery settings.
 
 
 ## What's new in Windows 10, version 1703

windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md

@@ -87,9 +87,9 @@ This section describes how to perform some of the most common tasks when reviewi
 
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
 
-3. Click **Quick scan**.
+3. Click **Scan now**.
 
-4. Click **Advanced scan** to specify different types of scans, such as a full scan.
+4. Click **Run a new advanced scan** to specify different types of scans, such as a full scan.
 
 <a id="definition-version"></a>
 **Review the definition update version and download the latest updates in the Windows Defender Security Center app**
@@ -97,7 +97,7 @@ This section describes how to perform some of the most common tasks when reviewi
 
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
 
-3. Click **Protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version.
+3. Click **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version.
 
 ![Definition version number information](images/defender/wdav-wdsc-defs.png)
 
@@ -138,7 +138,7 @@ This section describes how to perform some of the most common tasks when reviewi
  
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
  
-3. Click **Scan history**.
+3. Click **Threat history**.
  
 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**).
  

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -164,7 +164,7 @@
 ### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
 ### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
 ### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
-### [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+## [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md)
 
 ###General
 #### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md

@@ -36,7 +36,8 @@ The Automated investigations list shows all the investigations that have been in
 
 ## Understand the Automated investigation flow
 ### How the Automated investigation starts
-Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) an Automated investigation starts. 
+Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) that resides on a machine that has a *supported operating system for Automated investigation then an Automated investigation can start.
+*Currently only Windows 10 version 1803 (spring creators update) and above are supported operating systems for Autoamted Investigation
 
 The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.
 

windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 04/24/2018
+ms.date: 05/01/2018
 ---
 
 # Configure alert notifications in Windows Defender ATP
@@ -38,44 +38,30 @@ You can also add or remove recipients of the email notification. New recipients
 
 The email notification includes basic information about the alert and a link to the portal where you can do further investigation.
 
-## Create rules for alert notifications
+## Set up email notifications for alerts
-You can create rules that determine the machines and alert severities to send email notifications for and the notification recipients.
+The email notifications feature is turned off by default. Turn it on to start receiving email notifications.
 
+1. On the navigation pane, select **Settings** > **Alert notifications**.
+2. Toggle the setting between **On** and **Off**.
+3.	Select the alert severity level that you’d like your recipients to receive:
+      - **High** – Select this level to send notifications for high-severity alerts.
+      - **Medium** – Select this level to send notifications for medium-severity alerts.
+      - **Low** - Select this level to send notifications for low-severity alerts.
+      - **Informational** - Select this level to send notification for alerts that might not be considered harmful but good to keep track of.
+4.	In **Email recipients to notify on new alerts**, type the email address then select the + sign.
+5.	Click **Save preferences** when you’ve completed adding all the recipients.
 
-1. In the navigation pane, select **Settings** > **General** > **Alert notifications**.
+Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email.
-
-2. Click **Add notification rule**.
-
-3.	Specify the General information:
-    - **Rule name**
-    - **Machines** - Choose whether to notify recipients for all alerts on all machines or on selected machine group. If you choose to only send on a selected machine group, make sure that the machine group has been created. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
-    - **Alert severity** - Choose the alert severity level
-
-4. Click **Next**.
-	
-5. Enter the recipient's email address then click **Add recipient**. You can add multiple email addresses.
-
-6. Check that email recipients are able to receive the email notifications by selecting **Send test email**.
-
-7. Click **Save notification rule**.
 
 Here's an example email notification:
 
 ![Image of example email notification](images/atp-example-email-notification.png)
 
-## Edit a notification rule
+## Remove email recipients
-1. Select the notification rule you'd like to edit.
 
-2. Update the General and Recipient tab information.
+1. Select the trash bin icon beside the email address you’d like to remove.
+2. Click **Save preferences**.
 
-3. CLick **Save notification rule**.
-
-
-## Delete notification rule
-
-1. Select the notification rule you'd like to delete.
-
-2. Click **Delete**.
 
 ## Troubleshoot email notifications for alerts
 This section lists various issues that you may encounter when using email notifications for alerts.

windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md

@@ -63,6 +63,14 @@ When a rule is triggered, a notification will be displayed from the Action Cente
 
 You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Attack surface reduction would impact your organization if it were enabled.
 
+## Requirements
+
+Attack surface reduction requires Windows 10 Enterprise E5 and Windows Defender AV real-time protection.
+
+Windows 10 version | Windows Defender Antivirus
+- | -
+Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
+
 ## Attack surface reduction rules
 
 Windows 10, version 1803 has five new Attack surface reduction rules:
@@ -192,17 +200,6 @@ With this rule, admins can prevent unsigned or untrusted executable files from r
 - Executable files (such as .exe, .dll, or .scr) 
 - Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
 
-## Requirements
-
-The following requirements must be met before Attack surface reduction will work:
-
-Windows 10 version | Windows Defender Antivirus
-- | -
-Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
-
-
-
-
 ## Review Attack surface reduction events in Windows Event Viewer
 
 You can review the Windows event log to see events that are created when an Attack surface reduction rule is triggered (or audited):

windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md

@@ -61,11 +61,9 @@ As with other features of Windows Defender Exploit Guard, you can use [audit mod
 
 ## Requirements
 
-The following requirements must be met before Controlled folder access will work:
-
 Windows 10 version | Windows Defender Antivirus
 -|-
-Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
+Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
 
 
 ## Review Controlled folder access events in Windows Event Viewer

windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md

@@ -67,10 +67,8 @@ You can use the Windows Defender Security Center app or Group Policy to add and
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**:
 
-    ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png)
-    
 3.	Under the **Controlled folder access** section, click **Protected folders**
 
 4. Click **Add a protected folder** and follow the prompts to add apps.
@@ -134,10 +132,8 @@ When you add an app, you have to specify the app's location. Only the app in tha
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**.
 
-    ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png)
-    
 3.	Under the **Controlled folder access** section, click **Allow an app through Controlled folder access**
 
 4. Click **Add an allowed app** and follow the prompts to add apps.

windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md

@@ -127,10 +127,8 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection** label:
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
-
+      
-    ![App & browser control screen in the Windows Defender Security Center](images/wdsc-exp-prot.png)
-        
 3.	Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here:
     - **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
     - **Off by default** - The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
@@ -154,11 +152,8 @@ Exporting the configuration as an XML file allows you to copy the configuration
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection settings** at the bottom of the screen:
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings** at the bottom of the screen.
 
-    ![Screenshot showing the Exploit protection label highlighted in the Windows Defender Security Center App & browser settings section](images/wdsc-exp-prot.png)
-
-    
 3.	Go to the **Program settings** section and choose the app you want to apply mitigations to:
 
     1. If the app you want to configure is already listed, click it and then click **Edit**

windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

@@ -64,13 +64,10 @@ For further details on how audit mode works, and when you might want to use it,
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**.
 
-    ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png)
+3.	Set the switch for **Controlled folder access** to **On**.
-    
-3.	Set the switch for the feature to **On**
 
-    ![Screenshot of the CFA feature switched to On](images/cfa-on.png)
 
 ### Use Group Policy to enable Controlled folder access
 

windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md

@@ -63,11 +63,11 @@ Exploit protection works best with [Windows Defender Advanced Threat Protection]
 
 ## Requirements
 
-The following requirements must be met before Exploit protection will work:
+Exploit protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
 
 Windows 10 version | Windows Defender Advanced Threat Protection
 -|-
-Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
+Windows 10 version 1709 or later | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
 
 
  ## Review Exploit protection events in Windows Event Viewer

windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md

@@ -56,11 +56,11 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua
 
 ## Requirements
 
-The following requirements must be met before Network protection will work:
+Network protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
 
 Windows 10 version | Windows Defender Antivirus
 - | -
-Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
+Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
 
 
 ## Review Network protection events in Windows Event Viewer

windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 12/12/2017
+ms.date: 04/30/2018
 ---
 
 
@@ -21,7 +21,7 @@ ms.date: 12/12/2017
 
 **Applies to:**
 
-- Windows 10, version 1709
+- Windows 10, version 1709 and later
 
 
 
@@ -38,6 +38,10 @@ There are four features in Windows Defender EG:
 - [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV.
 - [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Windows Defender AV.
 
+Windows 10, version 1803 provides additional protections:
+
+- New Attack surface reduction rules
+- Controlled folder access can now block disk sectors
 
 You can evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action:
 - [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
@@ -59,7 +63,15 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e
 
 ## Requirements
 
-Each of the features in Windows Defender EG have slightly different requirements:
+This section covers requirements for each feature in Windows Defender EG. 
+
+| Symbol | Support |
+|--------|---------|
+| ![not supported](./images/ball_empty.png) | Not supported |
+| ![supported](./images/ball_50.png) | Supported |
+| ![supported, enhanced](./images/ball_75.png) | Includes advanced exploit protection for the kernel mode via [HVCI](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) |
+| ![supported, full reporting](./images/ball_full.png) | Includes automated reporting into the Windows Defender ATP console|
+
 
 | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
 | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
@@ -68,20 +80,14 @@ Each of the features in Windows Defender EG have slightly different requirements
 | Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
 | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
 
-> [!NOTE]
+The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus. 
-> ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).<br/>
-> ![supported, full reporting](./images/ball_full.png) On Windows 10 E5, includes automated reporting into the Windows Defender ATP console.
 
-
+| Feature | Real-time protection |
-| Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
 |-----------------| ------------------------------------ |
 | Exploit protection | No requirement |
-| Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
+| Attack surface reduction | Must be enabled |
-| Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
+| Network protection | Must be enabled |
-| Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
+| Controlled folder access | Must be enabled |
-
-> [!NOTE]
-> Each feature's requirements are further described in the individual topics in this library.
 
  ## In this library
 

windows/security/threat-protection/windows-defender-security-center/TOC.md

@@ -3,9 +3,13 @@
 
 ## [Customize the Windows Defender Security Center app for your organization](wdsc-customize-contact-information.md)
 ## [Hide Windows Defender Security Center app notifications](wdsc-hide-notifications.md)
+## [Manage Windows Defender Security Center in Windows 10 in S mode](wdsc-windows-10-in-s-mode.md)
 ## [Virus and threat protection](wdsc-virus-threat-protection.md)
-## [Device performance and health](wdsc-device-performance-health.md)
+## [Account protection](wdsc-account-protection.md)
 ## [Firewall and network protection](wdsc-firewall-network-protection.md)
 ## [App and browser control](wdsc-app-browser-control.md)
+## [Device security](wdsc-device-security.md)
+## [Device performance and health](wdsc-device-performance-health.md)
 ## [Family options](wdsc-family-options.md)
 
+

windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md

@@ -22,7 +22,11 @@ ms.date: 04/30/2018
 - Windows 10, version 1703 and later
 
 
-The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack. IT administrators and IT pros can get more information and documentation about configuration from the following:
+The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products.
+
+In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack.
+
+IT administrators and IT pros can get more information and documentation about configuration from the following:
 
 - [Windows Defender Antivirus in the Windows Defender Security Center app](../windows-defender-antivirus/windows-defender-security-center-antivirus.md)
 - [Windows Defender Antivirus documentation library](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)

windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md

@@ -34,7 +34,7 @@ The Windows Defender Security Center interface is a little different in Windows
 
 ![Screen shot of the Windows Defender Security Center app Virus & threat protection area in Windows 10 in S mode](images/security-center-virus-and-threat-protection-windows-10-in-s-mode.png)
 
-For more information about Windows 10 in S mode, including how to switch out of S mode, see Windows 10 Pro in S mode.
+For more information about Windows 10 in S mode, including how to switch out of S mode, see [Windows 10 Pro/Enterprise in S mode](https://docs.microsoft.com/en-us/windows/deployment/windows-10-pro-in-s-mode).
 
 ##Managing Windows Defender Security Center settings with Intune
 

windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md

@@ -75,12 +75,15 @@ You can find more information about each section, including options for configur
 
 
 ## Open the Windows Defender Security Center app
-- Right-click the icon in the notification area on the taskbar and click **Open**.
+- Click the icon in the notification area on the taskbar.
 
     ![Screen shot of the icon for the Windows Defender Security Center app on the Windows task bar](images/security-center-taskbar.png)
 - Search the Start menu for **Windows Defender Security Center**.
 
     ![Screen shot of the Start menu showing the results of a search for the Windows Defender Security Center app, the first option with a large shield symbol is selected](images/security-center-start-menu.png)
+- Open an area from Windows **Settings**.
+
+    ![Screen shot of Windows Settings showing the different areas available in the Windows Defender Security Center](images/settings-windows-defender-security-center-areas.png)
 
 
 > [!NOTE]

windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md

@@ -28,8 +28,6 @@ Starting with Windows 10, version 1703 your employees can use Windows Defender S
 **To use Windows Defender Security Center to set up Windows Defender SmartScreen on a device**
 1. Open the Windows Defender Security Center app, and then click **App & browser control**.
 
-    ![Windows Defender Security Center](images/windows-defender-security-center.png)
-
 2. In the **App & browser control** screen, choose from the following options:
 
     - In the **Check apps and files** area:

windows/whats-new/whats-new-windows-10-version-1803.md

@@ -85,7 +85,7 @@ The following new DISM commands have been added to manage feature updates:
     DISM /Online /Set-OSUninstallWindow 
         – Sets the number of days after upgrade during which uninstall can be performed.
 
-For more information, see [DISM operating system uninstall command-line options](https://review.docs.microsoft.com/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options).
+For more information, see [DISM operating system uninstall command-line options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options).
 
 ### Windows Setup